Cloud or on-premises management, flexible topology including hub/spoke, full mesh and partial mesh, app- and SLA-based routing policy, VNF lifecycle management, DSL, 4G LTE, and multilink router interfaces, NTP client, zero-touch provisioning and onboarding, global and site topology.

Static and dynamic routing (BGP, OSPF), routing protocol redistribution (EIGRP, OSPF, BGP), EIGRP (service side), route maps, BFD PMTU, CoS marking (802.1P), static and service side NAT, NAT pool support for DIA, NAT using loopback interface address, HQoS, per-tunnel QoS, Ethernet subinterface QoS, WAN loopback support, OMP redistribution, service VPN redistribution, mapping BGP communities to OMP tags, match and set communities during BGP to OMP redistribution (localized and centralized policy), secondary IP address support on SVI (interface VLAN), TLOC extension, DHCP options support, BFD for BGP/OSPF/EIGRP - CLI template, NTP server support, DIA Tracker: Interface tracker for DIA, ability to track static route on service VPN, per-class/DSCP BFD for AAR, ACL matching ICMP, enhanced policy-based routing (CLI template), jumbo frames (1GE interface), custom app support (for application aware routing), SD-AVC, flexible Netflow, EVPN, MACSec Support.

Dual stack support (for transport), inbound and outbound filtering, support for NAT64 devices (DIA), dual-stack service-side interface support (Gigabit, subinterface, SVI, loopback), unicast addressing (link-local, unique-local, and global), anycast addressing, QoS, QoS policer, QoS DSCP rewrite (inbound and outbound), IP name server, ICMP redirects, VRRP, DHCP relay agent, SSH, traceroute, SNMP logging server.

Cloud OnRamp for Multicloud (GCP, AWS, Azure) – Site to Cloud connectivity, Cloud OnRamp for SaaS, monitoring capabilities for Multicloud and SaaS via Cisco Catalyst SD-WAN Manager, SD-WAN Application Intelligence Engine (SAIE).

3^rd party cloud security providers, Cisco Catalyst SD-WAN auto-register and IPsec auto-tunnel to Cisco Umbrella®, Cisco Umbrella DNS monitoring (visibility only), Cisco Umbrella app discovery.

Cisco AMP, geo location-based filtering, interface zone support, high speed logging, URL filtering, TLS/SSL proxy support with Cisco Catalyst SD-WAN, FQDN support, enterprise certificate support, ACL, pairwise key support for IPsec, SSH login with key, syslog over TLS, enterprise firewall with Talos® powered IPS and application controls, RADIUS, Micro and Micro Segmentation (ICE/SGT), Cisco Secure Malware Analytics support⁵.

DNS (including local bypass), basic path optimization with FEC and packet duplication, AppQoE: TCP optimization, ZBFW – multiple prefix list, rule-set support, microtenancy: RBAC by VPN, policy based routing to SIG, weighted load-balancing for multiple SIG tunnels.

CUBE (IP to IP)

Software support services that also offer license portability and ongoing innovation in the subscription software stack, including 24-hour TAC support.

Success Tracks and/or Solution Support.

Per-VPN QoS, adaptive QOS support, dynamic on-demand tunnel support, Hierarchical Cisco Catalyst SD-WAN.

IGMPv3, PIM SSM, auto RP, app-aware routing policy support for multicast.

Cisco Catalyst SD-WAN Manager (design, deploy, monitor) for virtualized platforms, service insertion - tracker support, AppQoE – multiple service nodes.

Cloud OnRamp for SaaS with Cisco Catalyst SD-WAN Analytics³ and telemetry, Cloud OnRamp for Multicloud – Site to Site and Cloud to Cloud connectivity via mid-mile with Cloud Interconnect/Cloud Backbone, M365 Informed Network Routing, automated service stitching, Cloud OnRamp for Colocation, Cisco Catalyst SD-WAN Analytics³, Predictive Path Recommendations (powered by ThousandEyes WAN Insights).

Cisco AMP and SSL proxy, URL filtering, TLS/SSL proxy support with SD-WAN, FQDN support, Cisco Umbrella auto-registration, Cisco Umbrella app discovery, enterprise certificate support.

Integrated border for campus (SD-Access), integration with Cisco ACI® for application SLA.

Non-secure TDM/PSTN SIP trunk with digital cards (T1/E1) and analog cards (FXO/FXS), non-secure DSP farm services (media termination point, transcoder and conference bridge), SIP SRST⁵.

DRE and LZ (including SSL proxy).

Receive detailed reporting with full URL addresses, user and network identity and ability to allow or block actions, plus the external IP address. Also permits content filtering by category or specific URLs to block destinations.

Provides app discovery, details, and risk information, plus the ability to block the use of offensive or inappropriate cloud applications in the work environment. Apply granular controls to block specific user activities (e.g., file uploads to Box and Dropbox, attachments to Gmail, posts or shares on Facebook, Twitter, etc.).

Prevent the download of specific file types via policy. Block risky files (executables that may cause instability or risk data leaks) or block media and video files (bandwidth hogs, possible copyright issues).

Advanced antivirus and antimalware protection powered by Cisco Talos threat intelligence. Cisco’s AMP engine searches billions of events per day and blocks over 20 billion threats each day.

Advanced file sandboxing using static and dynamic threat intelligence to detect and report on malicious files that make it through Cisco’s AMP inspection.

Provides visibility and control for Internet traffic across all ports and protocols, IPsec tunnel support for secure traffic routing to cloud infrastructure, automated reporting logs, and customizable IP, port, and protocol policies displayed in a secure dashboard.

Cisco AnyConnect® protects your employees even when they are off the VPN. Enjoy seamless protection against malware, phishing, and command-andcontrol callbacks wherever your users go.

Inventory, discovery, topology, software image management, site management, network settings, credential update, integrity verification, template programmer, predefined reports, Plug and Play application.

Router deployment: day-0 and day-2 changes, NFV provisioning on ENCS and Cisco UCS® E-Series, Cisco VNF – ISRv, vASA, and vWAAS.

Dashboards, overall health, network health, client health, topology, pre-canned reports, custom thresholds.

Basic router monitoring, basic WAAS monitoring, basic ENFV monitoring (ENCS, UCSE, vRouter, vWAAS).

Application visibility (name, throughput).

Software support services that also offer license portability and ongoing innovation in the subscription software stack, including 24-hour TAC support.

Application policy, software image management (SMU–patching), SD Bonjour, custom reporting, Encrypted Traffic Analytics (ETA), reporting (Tableau).

IWAN application, security at the edge, VNF management (third party and applications).

360 pages, health score, time travel, targeted insights, neighbor topology, path trace, KPIs, baselining, trends, custom reports (AppX, SD-Access, Wi-Fi KPIs, etc.), compliance, global insights integrations (Cisco® Unified Communications Manager, Skype for Business, ETA/SW, Tableau, etc.), router 360, ENFV 360, router underlay insights, ENFV insights.

App health (router, switch, NAM based), app 360, app performance in client/device 360s (jitter, loss, latency).

RIP, OSPF, BGP, EIGRP, IS-IS, IGRP (routing protocols), On-Demand Routing (ODR), NSF awareness, Point-to-Point Protocol (PPP), Multi-Link PPP (MLP), EVPN, Segment Routing.

NetFlow, Flexible NetFlow (FnF), IPFIX, performance monitoring, Flexible Packet Matching (FPM), Bidirectional Forwarding (BFD), LLDP, ACL, ARP, DHCP, BDI, Cisco Discovery Protocol, Control Plane Policing (CoPP), NAT, DNS, Dynamic DNS, NTPv4, TR-069, TR069-CWMP, TCP-ECN, Window, MSS, etc., Stream Control Transmission Protocol (SCTP), 802.1P, 802.1Q, LACP, PAgP, EtherChannel, box-to-box HA, FHRP, GLBP (global load balancing), NAT, PAT – IPv4/v6, Reverse Path Forwarding (URPF), Switch Port Analyzer (SPAN), Encapsulated Remote SPAN (ERSPAN), Connectivity Fault Management (CFM-802.1ag), carrier grade NAT⁴.

NETCONF/YANG support, Zero Touch Support (PnP/ZTP), EEM Support, RESTCONF, TACACS+, AAA, GNMI, gRPC.

Zone-based firewall, IPS/Snort, Public Key Infrastructure (PKI), ACL, trustworthy system, Challenge Handshake (CHAP) and Password Authentication (PAP), Certificate Authority (CA).

MACsec Key Agreement Protocol, LAN MACsec (128-bit), WAN MACSec (125-/256-bit).

IPsec (point to point), DMVPN, GET VPN, FlexVPN.

MQC including classification, policing, re-marking, scheduling; HQoS, Application Visibility and Control (AVC/SD-AVC), NBAR2 (standard protocol packs), IPSLA (Initiator), Deep Packet Inspection, Policy-Based Routing (PBR).

TACACS+, NETCONF, AAA, RESTCONF, gRPC, YANG.

Bi-Di PIM, IGMP, Protocol Independent Multicast (PIM), mVPN, Multicast Segment Routing, CGMP, AutoRP, Bootstrap Router (BSR), mroute, MLD (v1, v2), extending SSM support (PIM-SSM, IGMPv3 with SSM), SSM-Mapping, Multicast Source Discovery Protocol (MSDP).

PPP over Ethernet (PPPoE), PPPoA (PPP over ATM) for DSL support, L2TPv2.

Easy Virtual Network (EVN), vRF-Lite, Multi-VRF.

GRE tunnel, IPv6 over v4 and IPv4 over v6 tunnels, per-tunnel QoS.

VRF support, Cisco TrustSec® (SGT, SGACL, SGX).

IPSLA responder, echo, jitter, path (ICMP, UDP, and multicast), TCP connect, HTTP, FTP, DHCP.

802.1X feature support, RADIUS integration, TACACS/ TACACS+ support, SHA-1, SHA-2, MD5.

CUBE (IP to IP)

Success Tracks and/or Solution Support.

Operations and Admin Management (OAM - 802.3ah), Unidirectional Link Routing (UDLR), guest shell support, application hosting (app hosting on containers).

Cisco Umbrella® connector support, URL filtering support.

Performance Routing (PfR/ OER), Application Layer Gateway (ALG), NBAR2 (standard and custom protocol packs).

ISDN BRI, X.25 and XOT support, basic CLNS functionality.

Radio-Aware Routing (RAR, PPPoE based-RFC 5578), mobile IP, Proxy Mobile IP (PMIP), network positioning system.

Pragmatic General Multicast (PGM), Router Group Management Protocol (RGMP), multicast service reflection, multicast VPN.

E-OAM (op, admin, maint), E-CFM (connectivity fault management), Ethernet local management Interface (ELMI), Ethernet Virtual Circuit (EVC), Ethernet flow point.

MPLS Layer 2 and Layer 3 VPN, Layer 2 VPN Pseudowire (PW), Ethernet over MPLS (EoMPLS), Any Transport over MPLS (AToM), MPLS Traffic Engineering (TE), Label Distribution Protocol (LDP), Virtual Private LAN Services (VPLS, H-VPLS) , EVPN, Segment Routing.

ISATAP tunnels, 6RD tunnels, Layer 2 Tunnel Protocol v3 (L2TPv3)⁴, LAC⁴, LNS⁴, Layer 2 Protocol Tunneling (L2PT), Virtual Private Data Networks (VPDN)⁴, Layer 2 forwarding, Ethernet over GRE (EoGRE) ⁴.

VoIP (UDP jitter, RTP, H323, MOS), video ops, TWAMP, monitor, schedule, disc (for LSP), Y.1731, MPLS OAM

Web Cache Routing Protocol (WCCP), object tracking.

Overlay Transport Virtualization (OTV), VRF-Aware Software Infrastructure (VASI), VXLAN.

Analog cards (FXO/FXS/BRI/E&M) and digital cards (E1/T1), call control (SIP, SIP line "WxC and CUCM", STCAPP, MGCP), DSP farm services (media termination point, transcoder and conference), SRST³, CME³.

Communications Manager Express (CME), Cisco Unified Communications Manager, Survivable Remote Site Telephony (SRST), Interactive Voice Response (IVR).

Encrypted Traffic Analytics (ETA), Cisco SD Bonjour (mDNS), Embedded Packet Capture (EPC), Cisco In-Service Software Upgrade (ISSU), Software Maintenance Upgrade (SMU), Locator ID Separator ID (LISP).