Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account
Cisco DNA Software SD-WAN and Routing Matrix
Cisco DNA Essentials Cisco DNA Advantage Cisco DNA Premier
License type 3- or 5-year term subscription License type Includes Cisco DNA Essentials 3-, 5-, or 7-year term subscription Includes Cisco DNA Essentials and Cisco DNA Advantage 3- or 5-year term subscription
Management options CLI, Web UI vManage CLI, Web UI vManage CLI, Web UI vManage
Network Essentials
License type Perpetual software with typical routing capabilities, bundled with Cisco DNA Essentials subscription license
Management options CLI, Web UI
Network Advantage
License type Perpetual software with full routing capabilities, bundled with Cisco DNA Advantage or Premier license
Management options CLI, Web UI
Cisco DNA Essentials
License type 3- or 5-year term subscription
Management options CLI, Web UI, Cisco DNA Center, vManage
Cisco DNA Advantage
License type Includes Cisco DNA Essentials, 3- or 5-year term subscription
Management options CLI, Web UI, Cisco DNA Center, vManage
Cisco DNA Premier
License type Includes Cisco DNA Advantage, 3- or 5-year term subscription
Management options CLI, Web UI, Cisco DNA Center, vManage
  < >

Cisco DNA for SD-WAN subscription features

Roll over each feature for more information.

  < >

Cisco DNA for SD-WAN subscription features

Roll over each feature for more information.

Cisco DNA for SD-WAN perpetual features

Roll over each feature for more information.

Network Essentials Perpetual software with base routing capabilities, bundled with Cisco DNA Essentials subscription license

Network Advantage Perpetual software with full routing capabilities, bundled with Cisco DNA Advantage and Cisco DNA Premier subscription licenses

Network Essentials and Network Advantage perpetual licenses are included with every Cisco DNA for SD-WAN and Routing subscription; however, SD-WAN functionality is a pure subscription-based product offering.

To enable the traditional routing capabilities of Network Essentials and Network Advantage on compatible hardware upon expiration of a Cisco DNA for SD-WAN and Routing subscription, a complimentary image update to Cisco IOS® XE is required. Compatible hardware includes the Cisco ISR, ASR, and ENCS families of routers.

The Cisco vEdge router family is not compatible with Network Essentials and Network Advantage. To enable use of Network Essentials and Network Advantage perpetual licenses assigned to vEdge routers, the Cisco DNA for SD-WAN and Routing subscription must first be transferred to compatible hardware prior to subscription expiration.

For a full listing of the traditional routing capabilities of the Network Essentials and Network Advantage perpetual licenses, please see the Cisco DNA for Routing perpetual license feature matrix below.

1 With Cisco DNA software licenses, customers receive embedded SWSS, which covers 24x7x365 Cisco Technical Assistance Center (TAC) support, software release updates, advanced support analytics, and designated service management. This is valid only for the Cisco DNA software subscription stacks (Cisco DNA Essentials, Advantage, and Premier).

For full hardware support, including the network stack (Network Essentials/Advantage), customers will require Smart Net Total Care for 24x7x365 Cisco TAC support, proactive security and product alerts, and product lifecycle management. An additional option for hardware support is Solution Support for your multivendor Cisco solution environment.

2 For quantities of Cisco Umbrella SIG Essentials and Cisco Threat Grid licenses included with the Cisco DNA Premier subscription, please see https://www.cisco.com/c/en/us/products/collateral/software/dna-subscription-routing/nb-06-dna-sw-rout-sub-aag-ctp-en.html.

Cisco DNA Essentials Cisco DNA Advantage
License type 3- or 5-year term subscription License type Includes Cisco DNA Essentials 3-, 5-, or 7-year term subscription
Management options CLI, Web UI CLI, Web UI
Network Essentials
License type Perpetual software with typical routing capabilities, bundled with Cisco DNA Essentials subscription license
Management options CLI, Web UI
Network Advantage
License type Perpetual software with full routing capabilities, bundled with Cisco DNA Advantage or Premier license
Management options CLI, Web UI
Cisco DNA Essentials
License type 3- or 5-year term subscription
Management options CLI, Web UI, Cisco DNA Center, vManage
Cisco DNA Advantage
License type Includes Cisco DNA Essentials, 3- or 5-year term subscription
Management options CLI, Web UI, Cisco DNA Center, vManage
Cisco DNA Premier
License type Includes Cisco DNA Advantage, 3- or 5-year term subscription
Management options CLI, Web UI, Cisco DNA Center, vManage
  < >

Cisco DNA for Routing subscription features

Roll over each feature for more information.

Cisco DNA for Routing perpetual features

Roll over each feature for more information.

 

Network Essentials Perpetual software with base routing capabilities, bundled with Cisco DNA Essentials subscription license

Network AdvantagePerpetual software with full routing capabilities, bundled with Cisco DNA Advantage subscription license

  < >

1 With Cisco DNA software licenses, customers receive embedded SWSS, which covers 24x7x365 Cisco Technical Assistance Center (TAC) support, software release updates, advanced support analytics, and designated service management. This is valid only for the Cisco DNA software subscription stacks (Cisco DNA Essentials, Advantage, and Premier).

For full hardware support, including the network stack (Network Essentials/Advantage), customers will require Smart Net Total Care for 24x7x365 Cisco TAC support, proactive security and product alerts, and product lifecycle management. An additional option for hardware support is Solution Support for your multivendor Cisco solution environment.

2 Requires purchase of additional licenses.

3 No SSL VPN support

Cloud or on-premises management, flexible topology including hub/spoke, full mesh and partial mesh, appand SLA-based routing policy, VNF lifecycle management, DSL, 4G LTE, and multilink router interfaces, NTP client, zero-touch provisioning and onboarding.

Static routing, dynamic routing (BGP, OSPF), route maps, BFD PMTU, CoS marking (802.1P), HQoS, static NAT, Ethernet subinterface QoS, WAN loopback support, EIGRP (service side), routing protocol redistribution (EIGRP, OSPF, BGP), OMP redistribution, service VPN redistribution, secondary IP address support on SVI (interface VLAN), TLOC extension, DHCP options support.

Dual stack support (for transport), inbound filtering, outbound filtering, OMP redistribution, service VPN redistribution, support for NAT64 devices (DIA), dual-stack service-side interface support (Gigabit, subinterface, SVI, loopback), unicast addressing (link-local, unique-local, and global), anycast addressing, QoS, QoS policer, QoS DSCP rewrite (inbound and outbound), IP name server, ICMP redirects, VRRP, DHCP relay agent, SSH, traceroute, SNMP, logging server.

ACL, pairwise key support for IPsec, SSH login with key, syslog over TLS, enterprise firewall with Talos® powered IPS and application controls, per-tunnel QoS, SD-WAN auto-register and IPsec auto-tunnel to Cisco Umbrella®, Cisco Umbrella DNS monitoring (visibility only), RADIUS.

DNS (including local bypass), basic path optimization with FEC and packet duplication, multicast support for SD-WAN, AppQoE: TCP optimization, NBAR2.

Software support services that also offer license portability and ongoing innovation in the subscription software stack, including 24-hour TAC support.

24-hour hardware and network software stack support provided by TAC.

MPLS BGP support (service side), map multiple BGP communities to OMP tags, multiple BGP community tags, NAT pool support for DIA, NAT using loopback interface address.

IGMPv3, PIM SSM, auto RP, static RP.

Microtenancy: RBAC by VPN, SD-WAN per-tunnel QoS, vManage support for virtualization.

Cloud OnRamp for IaaS and SaaS, CloudExpress, automated service stitching, Encrypted Traffic Analytics, vAnalytics.

Cisco AMP and SSL proxy, URL filtering, TLS/SSL proxy support with SD-WAN, FQDN support, Cisco Umbrella auto-registration, Cisco Umbrella app discovery, enterprise certificate support.

Integrated border for campus (SD-Access), integration with Cisco ACI® for application SLA.

FXO, FXS, and FXS/DID interface support, SIP trunk to Cisco® Unified Communications Manager support, voice module and SRST integration support, voice configuration and policy definition.

Web caching, DRE (including SSL proxy), per-tunnel QoS.

Cloud OnRamp for Colocation.

Receive detailed reporting with full URL addresses, user and network identity and ability to allow or block actions, plus the external IP address. Also permits content filtering by category or specific URLs to block destinations.

Provides app discovery, details, and risk information, plus the ability to block the use of offensive or inappropriate cloud applications in the work environment. Apply granular controls to block specific user activities (e.g., file uploads to Box and Dropbox, attachments to Gmail, posts or shares on Facebook, Twitter, etc.).

Prevent the download of specific file types via policy. Block risky files (executables that may cause instability or risk data leaks) or block media and video files (bandwidth hogs, possible copyright issues).

Advanced antivirus and antimalware protection powered by Cisco Talos threat intelligence. Cisco’s AMP engine searches billions of events per day and blocks over 20 billion threats each day.

Advanced file sandboxing using static and dynamic threat intelligence to detect and report on malicious files that make it through Cisco’s AMP inspection.

Provides visibility and control for Internet traffic across all ports and protocols, IPsec tunnel support for secure traffic routing to cloud infrastructure, automated reporting logs, and customizable IP, port, and protocol policies displayed in a secure dashboard.

Cisco AnyConnect® protects your employees even when they are off the VPN. Enjoy seamless protection against malware, phishing, and commandand-control callbacks wherever your users go.

Inventory, discovery, topology, software image management, site management, network settings, credential update, integrity verification, template programmer, predefined reports, Plug and Play application.

Router deployment: day-0 and day-2 changes, NFV provisioning on ENCS and Cisco UCS® E-Series, Cisco VNF – ISRv, vASA, and vWAAS.

Dashboards, overall health, network health, client health, topology, pre-canned reports, custom thresholds.

Basic router monitoring, Basic WAAS monitoring, Basic ENFV monitoring (ENCS, UCSE, vRouter, vWAAS).

Application visibility (name, throughput).

Software support services that also offer license portability and ongoing innovation in the subscription software stack, including 24-hour TAC support.

Application policy, software image management (SMU–patching), SD Bonjour, custom reporting, Encrypted Traffic Analytics (ETA), reporting (Tableau).

IWAN application, security at the edge, VNF management (third party and applications).

360 pages, health score, time travel, targeted insights, neighbor topology, path trace, KPIs, baselining, trends, custom reports (AppX, SD-Access, Wi-Fi KPIs, etc.), compliance, global insights integrations (Cisco® Unified Communications Manager, Skype for Business, ETA/SW, Tableau, etc.), router 360, ENFV 360, router underlay insights, ENFV insights

App health (router, switch, NAM based), app 360, app performance in client/device 360s (jitter, loss, latency), SD-AVC.

RIP, OSPF, BGP, EIGRP, IS-IS, IGRP (routing protocols), On-Demand Routing (ODR), NSF awareness, Point-to-Point Protocol (PPP), Multi-Link PPP (MLP), PPPoE.

NetFlow, Flexible NetFlow (FnF), IPFIX, performance monitoring, Flexible Packet Matching (FPM), Bidirectional Forwarding (BFD), LLDP, ACL, ARP, DHCP, BDI, Cisco Discovery Protocol, COPP, NAT, DNS, Dynamic DNS, NTPv4, TR-069, TR069-CWMP, TCP-ECN, Window, MSS, etc., Stream Control Transmission Protocol (SCTP), 802.1P, 802.1Q, LACP, PAgP, EtherChannel, box-to-box HA, FHRP, GLBP (global load balancing), NAT, PAT – IPv4/v6, Reverse Path Forwarding (URPF), Switch Port Analyzer (SPAN), Encapsulated Remote SPAN (ERSPAN).

NETCONF/YANG support, Zero Touch Support (PnP/ZTP).

Zone-based firewall, IPS/Snort), Public Key Infrastructure (PKI), ACL, trustworthy system, Challenge Handshake (CHAP) and Password Authentication (PAP), Certificate Authority (CA).

MACsec Key Agreement Protocol, LAN MACsec (128-bit), WAN MACSec (125-/256-bit).

IPsec (point to point), DMVPN, GET VPN, Easy VPN.

MQC including classification, policing, re-marking, scheduling; HQoS, Application Visibility and Control (AVC), NBAR, IPSLA (Initiator), Deep Packet Inspection.

TACACS+, NETCONF, AAA, RESTCONF, gRPC, YANG.

Bi-Di PIM, IGMP, Protocol Independent Multicast (PIM), CGMP, AutoRP, Bootstrap Router (BSR), mroute, MLD (v1, v2), extending SSM support (PIM-SSM, IGMPv3 with SSM), SSM-Mapping, Multicast Source Discovery Protocol (MSDP).

PPP over Ethernet (PPPoE), PPPoA (PPP over ATM) for DSL support.

Easy Virtual Network (EVN), vRF-Lite, Multi-VRF.

GRE tunnel, Ethernet over GRE (EoGRE), IPv6 over v4 and IPv4 over v6 tunnels, anycast, per-tunnel QoS.

VRF support, Cisco TrustSec® (SGT, SGACL, SGX).

IPSLA responder, echo, jitter, path (ICMP, UDP, and multicast), TCP connect, HTTP, FTP, DHCP.

802.1X feature support, RADIUS integration, TACACS/ TACACS+ support, SHA-1, SHA-2, MD5.

Cisco Unified Border Element (CUBE)/Session Border Controller (SBC) support.

24-hour hardware and network software stack support provided by TAC.

Connectivity Fault Management (CFM-802.1ag), Operations and Admin Management (OAM - 802.3ah), Control Plane Policing (CoPP), Unidirectional Link Routing (UDLR), guest shell support.

Cisco Umbrella® connector support, URL filtering support, Application Layer Gateways (ALG).

Policy-Based Routing (PBR), Performance Routing (PfR/ OER), Application Visibility and Control (SD-AVC).

ISDN BRI, X.25 and XOT support, basic CLNS functionality.

Radio-Aware Routing (RAR, PPPoE based-RFC 5578), mobile IP, Proxy Mobile IP (PMIP), network positioning system.

Pragmatic General Multicast (PGM), Router Group Management Protocol (RGMP), multicast service reflection, multicast VPN.

E-OAM (op, admin, maint), E-CFM (connectivity fault management), Ethernet local management Interface (ELMI), Ethernet Virtual Circuit (EVC).

MPLS Layer 2 and Layer 3 VPN, Layer 2 VPN Pseudowire (PW), Ethernet over MPLS (EoMPLS), Any Transport over MPLS (AToM), MPLS Traffic Engineering (TE), Label Distribution Protocol (LDP), Virtual Private LAN Services (VPLS, H-VPLS).

ISATAP tunnels, 6RD tunnels, Layer 2 Tunnel Protocol (L2TP), LAC, LNS, Layer 2 Protocol Tunneling (L2PT), Virtual Private Data Networks (VPDN), Layer 2 forwarding, PPTP.

VoIP (UDP jitter, RTP, H323, MOS), video ops, TWAMP, monitor, schedule, disc (for LSP), Y.1731, MPLS.

Web Cache Routing Protocol (WCCP), object tracking.

Overlay Transport Virtualization (OTV), VRF-Aware Software Infrastructure (VASI), application hosting (app hosting on containers), EEM support, Ethernet flow point.

Call Admission Control (CAC), voice module support (FXO/FXS for T1 and E1/MultiFunction (MFT)), dialer support, RADIUS, RFC4040 based clear channel codec signaling with SIP, Resource Reservation Protoco( RSVP), RTP Control Protocol (RTCP), Service Advertisement Framework (SAF), SIP for VoIP, Secure Real-Time Transport Protocol (SRTP), Voice over Frame Relay (VoFR) (FRF.11)), VoIP, transcoding, V.150, MGCP.

Communications Manager Express (CME), Cisco Unified Communications Manager, Survivable Remote Site Telephony (SRST), Interactive Voice Response (IVR).

Encrypted Traffic Analytics (ETA), Cisco SD Bonjour (mDNS), Embedded Packet Capture (EPC), Cisco In-Service Software Upgrade (ISSU), Software Maintenance Upgrade (SMU), Locator ID Separator ID (LISP).