Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account
Cisco DNA Software SD-WAN and Routing Matrix

Cisco DNA Software for SD-WAN Feature Matrix

Cisco DNA Essentials Cisco DNA Advantage Cisco DNA Premier
License type 3- or 5-year term subscription License type Includes Cisco DNA Essentials 3-, 5-, or 7-year term subscription Includes Cisco DNA Essentials and Cisco DNA Advantage 3- or 5-year term subscription
Management options CLI, Web UI vManage CLI, Web UI vManage CLI, Web UI vManage
Cisco DNA Essentials
License type 3- or 5-year term subscription
Management options CLI, Web UI vManage
Cisco DNA Advantage
License type Includes Cisco DNA Essentials 3-, 5-, or 7-year term subscription
Management options CLI, Web UI vManage
Cisco DNA Premier
License type Includes Cisco DNA Essentials and Cisco DNA Advantage 3- or 5-year term subscription
Management options CLI, Web UI vManage
  < >

Cisco DNA for SD-WAN subscription features

  < >

Cisco DNA for SD-WAN subscription features

Cisco DNA for SD-WAN perpetual features

 

Network Essentials Perpetual software with base routing and security capabilities, bundled with Cisco DNA Essentials subscription license

Network Advantage Perpetual software with full routing, security, voice, and AppX capabilities, bundled with Cisco DNA Advantage and Cisco DNA Premier subscription licenses

Cisco SD-WAN functionality is a pure subscription-based product offering. Upon expiration of your Cisco DNA Subscription for SD-WAN, you are no longer licensed to access the SD-WAN feature set.

Repurposing eligible hardware platforms from SD-WAN to traditional routing deployments is possible. Network Essentials and Network Advantage perpetual licenses are included on eligible hardware platforms with every Cisco DNA for SD-WAN subscription. The Cisco vEdge router family is not compatible with Network Essentials and Network Advantage, and therefore is not eligible for Network Essentials and Network Advantage licenses.

For a full listing of the traditional routing capabilities of the Network Essentials and Network Advantage perpetual licenses, please see the Cisco DNA for Routing perpetual license feature matrix below.

1 Unlimited overlays for on-premise deployments only.

2 With Cisco DNA software licenses, customers receive embedded SWSS, which covers 24x7x365 Cisco Technical Assistance Center (TAC) support and software release updates. This is valid only for the Cisco DNA software subscription stacks (Cisco DNA Essentials, Advantage, and Premier).

For full hardware support, including the network stack (Network Essentials/Advantage), customers will require Smart Net Total Care for 24x7x365 Cisco TAC support, proactive security and product alerts, and product lifecycle management. An additional option for hardware support is Solution Support for your multivendor Cisco solution environment.

3 For quantities of Cisco Umbrella SIG Essentials and Cisco Secure Malware Analytics licenses included with the Cisco DNA Premier subscription, please see https://www.cisco.com/c/en/us/products/collateral/software/dna-subscription-routing/nb-06-dnasw-rout-sub-aag-ctp-en.html.

Cisco DNA Software for Routing Feature Matrix

Cisco DNA Essentials Cisco DNA Advantage
License type 3- or 5-year term subscription License type Includes Cisco DNA Essentials 3-, 5-, or 7-year term subscription
Management options Cisco DNA Center, CLI, Web UI Cisco DNA Center, CLI, Web UI
Cisco DNA Essentials
License type 3- or 5-year term subscription
Management options Cisco DNA Center, CLI, Web UI
Cisco DNA Advantage
License type Includes Cisco DNA Essentials 3-, 5-, or 7-year term subscription
Management options Cisco DNA Center, CLI, Web UI
  < >

Cisco DNA for Routing subscription features

Cisco DNA for Routing perpetual features

 

Network Essentials Perpetual software with base routing and security capabilities, bundled with Cisco DNA Essentials subscription license

Network AdvantagePerpetual software with full routing, security, voice, and AppX capabilities, bundled with Cisco DNA Advantage subscription license

  >

1 With Cisco DNA software licenses, customers receive embedded SWSS, which covers 24x7x365 Cisco Technical Assistance Center (TAC) support and software release updates. This is valid only for the Cisco DNA software subscription stacks (Cisco DNA Essentials, Advantage, and Premier).

For full hardware support, including the network stack (Network Essentials/Advantage), customers will require Smart Net Total Care for 24x7x365 Cisco TAC support, proactive security and product alerts, and product lifecycle management. An additional option for hardware support is Solution Support for your multivendor Cisco solution environment.

2 No SSL VPN support except on Catalyst 8000V Edge Software.

3 Requires purchase of additional licenses.

4 In a BNG or iWAG deployment, these features require a separate and distinct Broadband Feature License apart from the Cisco DNA subscription license.

Cloud or on-premises management, flexible topology including hub/spoke, full mesh and partial mesh, app- and SLA-based routing policy, VNF lifecycle management, DSL, 4G LTE, and multilink router interfaces, NTP client, zero-touch provisioning and onboarding.

Static and dynamic routing (BGP, OSPF), routing protocol redistribution (EIGRP, OSPF, BGP), EIGRP (service side), route maps, BFD PMTU, CoS marking (802.1P), static and service side NAT, NAT pool support for DIA, NAT using loopback interface address, HQoS, per-tunnel QoS, Ethernet subinterface QoS, WAN loopback support, OMP redistribution, service VPN redistribution, mapping BGP communities to OMP tags, match and set communities during BGP to OMP redistribution (localized and centralized policy), secondary IP address support on SVI (interface VLAN), TLOC extension, DHCP options support, BFD for BGP/OSPF/EIGRP - CLI template, NTP server support, DIA Tracker: Interface tracker for DIA, ability to track static route on service VPN, per-class/DSCP BFD for AAR, ACL matching ICMP, enhanced policy-based routing (CLI template), jumbo frames (1GE interface), custom app support (for application aware routing), SD-AVC, flexible Netflow.

Dual stack support (for transport), inbound and outbound filtering, support for NAT64 devices (DIA), dual-stack service-side interface support (Gigabit, subinterface, SVI, loopback), unicast addressing (link-local, unique-local, and global), anycast addressing, QoS, QoS policer, QoS DSCP rewrite (inbound and outbound), IP name server, ICMP redirects, VRRP, DHCP relay agent, SSH, traceroute, SNMP logging server.

Cloud OnRamp for Multicloud (GCP, AWS, Azure) – Site to Cloud connectivity, Cloud OnRamp for SaaS, monitoring capabilities for Multicloud and SaaS via vManage.

3rd party cloud security providers, SD-WAN auto-register and IPsec auto-tunnel to Cisco Umbrella®, Cisco Umbrella DNS monitoring (visibility only), Cisco Umbrella app discovery.

Cisco AMP, geo location-based filtering, interface zone support, high speed logging, URL filtering, TLS/SSL proxy support with SD-WAN, FQDN support, enterprise certificate support, ACL, pairwise key support for IPsec, SSH login with key, syslog over TLS, enterprise firewall with Talos® powered IPS and application controls, RADIUS.

DNS (including local bypass), basic path optimization with FEC and packet duplication, AppQoE: TCP optimization, ZBFW – multiple prefix list, rule-set support, microtenancy: RBAC by VPN, policy based routing to SIG, weighted load-balancing for multiple SIG tunnels.

Software support services that also offer license portability and ongoing innovation in the subscription software stack, including 24-hour TAC support.

24-hour hardware and network software stack support provided by TAC.

Per-VPN QoS, adaptive QOS support, dynamic on-demand tunnel support, Hierarchical SD-WAN.

IGMPv3, PIM SSM, auto RP, app-aware routing policy support for multicast.

vManage (design, deploy, monitor) for virtualized platforms, service insertion - tracker support, AppQoE – multiple service nodes.

Cloud OnRamp for SaaS with vAnalytics and telemetry, Cloud OnRamp for Multicloud – Site to Site and Cloud to Cloud connectivity via mid-mile with Cloud Interconnect/Cloud Backbone, SD-WAN Application Intelligence Engine (SAIE), vAnalytics, M365 Informed Network Routing, automated service stitching, Cloud OnRamp for Colocation.

Cisco AMP and SSL proxy, URL filtering, TLS/SSL proxy support with SD-WAN, FQDN support, Cisco Umbrella auto-registration, Cisco Umbrella app discovery, enterprise certificate support.

Integrated border for campus (SD-Access), integration with Cisco ACI® for application SLA.

FXO, FXS, and FXS/DID interface support, SIP trunk to Cisco® Unified Communications Manager support, voice module and SRST integration support, voice configuration and policy definition, support for T1/E1 PRI for UC, DSP farm support.

DRE and LZ (including SSL proxy).

Receive detailed reporting with full URL addresses, user and network identity and ability to allow or block actions, plus the external IP address. Also permits content filtering by category or specific URLs to block destinations.

Provides app discovery, details, and risk information, plus the ability to block the use of offensive or inappropriate cloud applications in the work environment. Apply granular controls to block specific user activities (e.g., file uploads to Box and Dropbox, attachments to Gmail, posts or shares on Facebook, Twitter, etc.).

Prevent the download of specific file types via policy. Block risky files (executables that may cause instability or risk data leaks) or block media and video files (bandwidth hogs, possible copyright issues).

Advanced antivirus and antimalware protection powered by Cisco Talos threat intelligence. Cisco’s AMP engine searches billions of events per day and blocks over 20 billion threats each day.

Advanced file sandboxing using static and dynamic threat intelligence to detect and report on malicious files that make it through Cisco’s AMP inspection.

Provides visibility and control for Internet traffic across all ports and protocols, IPsec tunnel support for secure traffic routing to cloud infrastructure, automated reporting logs, and customizable IP, port, and protocol policies displayed in a secure dashboard.

Cisco AnyConnect® protects your employees even when they are off the VPN. Enjoy seamless protection against malware, phishing, and command-andcontrol callbacks wherever your users go.

Inventory, discovery, topology, software image management, site management, network settings, credential update, integrity verification, template programmer, predefined reports, Plug and Play application.

Router deployment: day-0 and day-2 changes, NFV provisioning on ENCS and Cisco UCS® E-Series, Cisco VNF – ISRv, vASA, and vWAAS.

Dashboards, overall health, network health, client health, topology, pre-canned reports, custom thresholds.

Basic router monitoring, Basic WAAS monitoring, Basic ENFV monitoring (ENCS, UCSE, vRouter, vWAAS).

Application visibility (name, throughput).

Software support services that also offer license portability and ongoing innovation in the subscription software stack, including 24-hour TAC support.

Application policy, software image management (SMU–patching), SD Bonjour, custom reporting, Encrypted Traffic Analytics (ETA), reporting (Tableau).

IWAN application, security at the edge, VNF management (third party and applications).

360 pages, health score, time travel, targeted insights, neighbor topology, path trace, KPIs, baselining, trends, custom reports (AppX, SD-Access, Wi-Fi KPIs, etc.), compliance, global insights integrations (Cisco® Unified Communications Manager, Skype for Business, ETA/SW, Tableau, etc.), router 360, ENFV 360, router underlay insights, ENFV insights.

App health (router, switch, NAM based), app 360, app performance in client/device 360s (jitter, loss, latency), SD-AVC.

RIP, OSPF, BGP, EIGRP, IS-IS, IGRP (routing protocols), On-Demand Routing (ODR), NSF awareness, Point-to-Point Protocol (PPP), Multi-Link PPP (MLP).

NetFlow, Flexible NetFlow (FnF), IPFIX, performance monitoring, Flexible Packet Matching (FPM), Bidirectional Forwarding (BFD), LLDP, ACL, ARP, DHCP, BDI, Cisco Discovery Protocol, Control Plane Policing (CoPP), NAT, DNS, Dynamic DNS, NTPv4, TR-069, TR069-CWMP, TCP-ECN, Window, MSS, etc., Stream Control Transmission Protocol (SCTP), 802.1P, 802.1Q, LACP, PAgP, EtherChannel, box-to-box HA, FHRP, GLBP (global load balancing), NAT, PAT – IPv4/v6, Reverse Path Forwarding (URPF), Switch Port Analyzer (SPAN), Encapsulated Remote SPAN (ERSPAN), carrier grade NAT 4.

NETCONF/YANG support, Zero Touch Support (PnP/ZTP), EEM Support, RESTCONF, TACACS+, AAA, GNMI, gRPC.

Zone-based firewall, IPS/Snort, Public Key Infrastructure (PKI), ACL, trustworthy system, Challenge Handshake (CHAP) and Password Authentication (PAP), Certificate Authority (CA).

MACsec Key Agreement Protocol, LAN MACsec (128-bit), WAN MACSec (125-/256-bit).

IPsec (point to point), DMVPN, GET VPN, FlexVPN.

MQC including classification, policing, re-marking, scheduling; HQoS, Application Visibility and Control (AVC), NBAR2 (standard protocol packs), IPSLA (Initiator), Deep Packet Inspection.

TACACS+, NETCONF, AAA, RESTCONF, gRPC, YANG.

Bi-Di PIM, IGMP, Protocol Independent Multicast (PIM), CGMP, AutoRP, Bootstrap Router (BSR), mroute, MLD (v1, v2), extending SSM support (PIM-SSM, IGMPv3 with SSM), SSM-Mapping, Multicast Source Discovery Protocol (MSDP).

PPP over Ethernet (PPPoE), PPPoA (PPP over ATM) for DSL support, L2TPv2.

Easy Virtual Network (EVN), vRF-Lite, Multi-VRF.

GRE tunnel, IPv6 over v4 and IPv4 over v6 tunnels, per-tunnel QoS.

VRF support, Cisco TrustSec® (SGT, SGACL, SGX).

IPSLA responder, echo, jitter, path (ICMP, UDP, and multicast), TCP connect, HTTP, FTP, DHCP.

802.1X feature support, RADIUS integration, TACACS/ TACACS+ support, SHA-1, SHA-2, MD5.

Cisco Unified Border Element (CUBE)/Session Border Controller (SBC) support.

24-hour hardware and network software stack support provided by TAC.

Connectivity Fault Management (CFM-802.1ag), Operations and Admin Management (OAM - 802.3ah), Unidirectional Link Routing (UDLR), guest shell support, application hosting (app hosting on containers).

Cisco Umbrella® connector support, URL filtering support.

Policy-Based Routing (PBR), Performance Routing (PfR/ OER), Application Visibility and Control (SD-AVC), Application Layer Gateway (ALG), NBAR2 (standard and custom protocol packs).

ISDN BRI, X.25 and XOT support, basic CLNS functionality.

Radio-Aware Routing (RAR, PPPoE based-RFC 5578), mobile IP, Proxy Mobile IP (PMIP), network positioning system.

Pragmatic General Multicast (PGM), Router Group Management Protocol (RGMP), multicast service reflection, multicast VPN.

E-OAM (op, admin, maint), E-CFM (connectivity fault management), Ethernet local management Interface (ELMI), Ethernet Virtual Circuit (EVC), Ethernet flow point.

MPLS Layer 2 and Layer 3 VPN, Layer 2 VPN Pseudowire (PW), Ethernet over MPLS (EoMPLS), Any Transport over MPLS (AToM), MPLS Traffic Engineering (TE), Label Distribution Protocol (LDP), Virtual Private LAN Services (VPLS, H-VPLS) , EVPN, Segment Routing.

ISATAP tunnels, 6RD tunnels, Layer 2 Tunnel Protocol v3 (L2TPv3)4, LAC4, LNS4, Layer 2 Protocol Tunneling (L2PT), Virtual Private Data Networks (VPDN)4, Layer 2 forwarding, Ethernet over GRE (EoGRE) 4.

VoIP (UDP jitter, RTP, H323, MOS), video ops, TWAMP, monitor, schedule, disc (for LSP), Y.1731, MPLS OAM

Web Cache Routing Protocol (WCCP), object tracking.

Overlay Transport Virtualization (OTV), VRF-Aware Software Infrastructure (VASI), VXLAN.

Call Admission Control (CAC), voice module support (FXO/FXS for T1 and E1/MultiFunction (MFT)), dialer support, RADIUS, RFC4040 based clear channel codec signaling with SIP, Resource Reservation Protoco( RSVP), RTP Control Protocol (RTCP), Service Advertisement Framework (SAF), SIP for VoIP, Secure Real-Time Transport Protocol (SRTP), Voice over Frame Relay (VoFR) (FRF.11)), VoIP, transcoding, V.150, MGCP.

Communications Manager Express (CME), Cisco Unified Communications Manager, Survivable Remote Site Telephony (SRST), Interactive Voice Response (IVR).

Encrypted Traffic Analytics (ETA), Cisco SD Bonjour (mDNS), Embedded Packet Capture (EPC), Cisco In-Service Software Upgrade (ISSU), Software Maintenance Upgrade (SMU), Locator ID Separator ID (LISP).