Ordering guide

Cisco public

Cisco DNA Software for SD-WAN

and Routing

Cisco SD-WAN and Routing subscription gives the flexibility to consume the latest technology, either on the Cloud or
On-Premises across the entire routing stack. The Cisco DNA subscription license tiers include 3Y and 5Y term options. All
available tiers include Cisco Software Support Service.

Cisco DNA Subscription PID nomenclature To begin ordering Cisco DNA Software Subscriptions for SD-WAN and
Routing, please follow the below steps:
The Cisco DNA Subscription Product part codes have a built-in structure
that indicates the following: Step 1: Platforms

• Management options Step 2: Software type

• Bandwidth entitlement
Step 3: C
 isco DNA Software Subscription
• Subscription tier
• Subscription term Step 4: S
 mart account and Virtual account

Structure of Product ID for Cisco DNA subscription Step 5: Services

Note: If you are ordering the Cisco hardware along with Cisco Software Subscriptions,
DNA C(P) 50M E(A/P) 3Y follow through Step-1 to Step-5. If you are ordering Cisco Software Subscriptions for
already existing hardware, start from Step-3 through Step-5
Cisco DNA Subscription Product ID Term: 3Y = 3Years, 5Y = 5Years

Management: Subscription Tier:

C = Cloud Managed Bandwidth: E = Essentials
P = On-Premise Managed (eg: 50M = 50Mbps, Aggregate of 100Mbps) A = Advantage
P = Premier

© 2020 Cisco
© 2020and/or
Ciscoitsand/or
affiliates. All rightsAll
its affiliates. reserved.
rights reserved.
Ordering guide
Cisco public

Contents Step 1: Platforms

Select the platform most appropriate for your WAN. Cisco offers a variety of hardware, virtual and cloud
Step 1: Platforms
options, as shown in Table 1.
Table 1. WAN platform summary
Step 2: Software Type
Fixed chassis Branch Routers Cisco 1000 Series Integrated Services Routers
Step 3: C
 isco DNA Software
Subscription Cisco vEdge Router (vEdge-100 and vEdge-1000)

Modular chassis Branch Routers Cisco 4000 Series Integrated Services Routers
Step 4: S
 mart account and
Virtual account Cisco vEdge Router (vEdge-2000 and
vEdge-5000)
Step 5: Services Aggregation Services Routers Cisco 1000 Series Aggregation Services Routers

Universal CPE Routers Cisco 5000 Series Enterprise Network

Compute System

Virtualized Routers Cisco Cloud Services Router 1000v

The platforms in Table-1 above can be ordered either for Cisco SD-WAN deployment or for Traditional
Routing along with Cisco DNA Software Subscriptions.

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

Table-2 below shows all the Cisco DNA bundles that can be specifically ordered for Cisco SD-WAN deployments.
Table 2. Platform Product IDs for Cisco SD-WAN DNA Bundles

Product Family Product IDs Cisco DNA Subscription Part Number

Cisco ISR1000 Series C1111-8P-DNA

C1111-8PLTEEA-DNA
C1111-8PLTELA-DNA
C1111-4P-DNA
C1111-4PLTEEA-DNA
C1111-4PLTELA-DNA

Cisco ISR1100 Series ISR1100-4G

ISR1100-4GLTEGB
ISR1100-4GLTENA
ISR1100-6G

Cisco ISR4000 Series ISR4221X-DNA1

ISR4321-DNA
ISR4331-DNA
ISR4351-DNA
ISR4431-DNA
ISR4451-DNA Bundled with Cisco DNA Software Subscription
ISR4461-DNA1

Cisco VEDGE Series VEDGE-100B-AC-K9

VEDGE-100M-AC-K9
VEDGE-100M-AT-K9
VEDGE-100M-SP-K9
VEDGE-100M-NA-K9
VEDGE-100M-VZ-K9
VEDGE-100M-NT-K9
VEDGE-100M-GB-K9
VEDGE-1000-AC-K9
VEDGE-2000-AC-K9
VEDGE-5000-AC-K9

Cisco ASR1000 Series ASR1001-X-DNA

ASR1001-HX-DNA
ASR1002-HX-DNA

Cisco ENCS-5000 Series NFV-BRANCH-MLB

1
ISR4421X-DNA and ISR4461-DNA bundle is targeted for second half of CY2020, however both these platforms are orderable as ala-carte hardware + L-LIC-DNA-ADD

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

The platforms in Table-3 below can be ordered as a la-carte, either for Cisco SD-WAN deployment or for Traditional Routing along with Cisco DNA Software
Subscriptions through L-LIC-DNA-ADD
Table 3. Cisco WAN platform Product IDs supported with Cisco DNA Software Subscriptions

Product Family Product IDs Cisco DNA Subscription Part Number

Cisco ISR1000 Series • C1101-4P, C1101-4PLTEP, C1101-4PLTEPW*

• C1109-4PLTE2P, C1109-4PLTE2PW*
• C1109-2PLTEGB, C1109-2PLTEUS, C1109-2PLTEVZ
• C1111-4P, C1111-4PLTEEA, C1111-4PLTELA
• C1116-4P, C1116-4PLTEEA, C1116-4PLTEW*
• C1117-4P, C1117-4PM, C1117-4PLTEEA, C1117-4PLTELA,
C1117-4PMLTEEA
• C1121-4P, C1121-4PLTEP, C1121-8P, C1121X-8P, C1121-8PLTEP,
C1121X-8PLTEP, C1121X-8PLTEPW*, C1121-8PLTEPW*
Order Cisco DNA Software
• C1111-8P, C1111X-8P, C1111-8PLTEEA, C1111-8PLTELA, C1111-8PW*,
Subscription through
C1111-8PLTEEAW*, C1111-8PLTELAW*
• C1113-8PLTEEA, C1113-8PMLTEEA L-LIC-DNA-ADD
• C1161X-8P, C1161X-8PLTEP, C1161-8P
• C1127-8PLTEP, C1127-8PMLTEP, C1127X-8PLTEP, C1127X-8PMLTEP

Cisco ISR4000 Series • ISR4221/K9, ISR4221X/K9

• ISR4321/K9, ISR4331/K9, ISR4351/K9
• ISR4431/K9, ISR4451-X/K9, ISR4461/K9
Cisco ENCS-5000 Series • ENCS5104-200/K9, ENCS5104-400/K9, ENCS5104-64/K9
• ENCS5406/K9, ENCS5408/K9, ENCS5412/K9

Cisco ASR1000 Series • ASR1001-X, ASR1001-HX

• ASR1002-X, ASR1002-HX

W* - Refer to the ISR1000 ordering guide for more information on various Wireless-domain SKU’s: https://www.cisco.com/c/en/us/products/collateral/routers/1000-series-integrated-services-
routers-isr/guide-c07-740009.html

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

The platforms in Table-4 below lists the Software WAN platforms that can be deployed on Private or Public cloud and can be ordered only using
L-LIC-DNA-ADD
Table 4. Software WAN platform Product IDs for new deployments

Product Family Cisco DNA Subscription Product IDs Platform Selection

Cisco CSR 1000V L-LIC-DNA-ADD Choose CSR1KV-DNA

Cisco vEdge Cloud L-LIC-DNA-ADD Choose VEDGE-CLOUD-DNA

Step 2: Software Type

Cisco delivers consistent and rich Routing and Security features across multiple operating systems that run on all the platforms
mentioned in Step-1. Below are three types of Cisco operating systems to choose from:
• Cisco IOS XE for traditional WAN deployments managed through Cisco DNA Center console
• Cisco IOS XE SD-WAN for SD-WAN deployments managed through Cisco vManage console
• Viptela OS* for SD-WAN deployments managed through Cisco vManage console
*All vEdge devices and ISR 1100-4G/6G devices run on this image, which is not an IOS-XE image. This Viptela OS on VEDGE and 1100-4G/6G devices is factory pre-installed and currently not
user-selectable

Understanding the Cisco DNA and Cisco IOS product part codes
The Cisco IOS and subscription product part codes have a built-in structure as described below.
Structure of product ID for Cisco IOS XE image

Image for ISR4300 Series

Software for ISR

SISR4300UK9-169
Universal Image: Single Image for all Licenses
K9: Products that use Encryption for Management
IOS Version

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

Structure of product ID for IOS XE SD-WAN image

CM = SDWAN Image
Image for ISR4300 Series

Software for ISR SISR4300UCMK9-169

Universal Image: Single Image for all Licenses
K9: Products that use Encryption for Management
IOS Version

Selecting a Cisco IOS type for the router (Cisco IOS XE-SDWAN)
For any router with a Cisco DNA Bundle (for example, ISR4331-DNA or ASR1001-HX-DNA), the choice of Cisco IOS type is limited only to
Cisco IOS XE-SDWAN (which will be pre-installed at factory) and is chosen as below:

• Choose the desired Cisco DNA bundle and select Cisco IOS type under the Option class “IOS Software and Version Type”
• Choose from available IOS XE SD-WAN image versions under the Option subclass “SD-WAN Image with Payload Encryption”

Selecting a Cisco IOS type for the router (Cisco IOS XE-SDWAN)
For any ISR/ASR series router (for example, ISR4331/K9 or ASR1001-X), the Cisco IOS type is chosen as below:
• The customer selects the Cisco IOS type under the Option class “IOS Software and Version Type”
• If the customer prefers the IOS XE SD-WAN image, they will choose from the available versions under the Option subclass “SDWAN Image with
Payload Encryption.”

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

• If the customer prefers the Cisco IOS XE image, they will choose from the available versions under the Option subclass “Image with Payload Encryption”
or “Image with No Payload Encryption”

Step 3: Cisco DNA Software Subscription

Cisco DNA Software Subscription offer is constructed with four important elements:
A. Management option C. Subscription tier
B. Bandwidth entitlement D. Subscription term

Management option:
Cisco SD-WAN and Routing subscriptions offer maximum flexibility through cloud or on-premises management options. Cloud management through the
vManage console is the recommended option for customers wishing to simplify WAN deployments, accelerate digital transformation, and move toward
intent-based networking.
Table 5. Management options

Management Option Description

Cloud management Provides simplicity of management with Cisco vManage Cloud management software part numbers follow the
DNA-C-<>-<>-<> construct (For eg: DNA-C-25M-E-3Y)

On-premises management Manages WAN using Cisco DNA Center or vManage on-premises. On-premises management software part
numbers follow the DNA-P-<>-<>-<> construct (For eg: DNA-P-25M-E-3Y). Cisco DNA Center requires an additional
appliance purchase

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

Cisco DNA licenses for WAN provide you flexibility to move from on-premises to cloud management, and across hardware and software platforms. There is
no charge for porting licenses within the same bandwidth tier. Device family classifications for Cisco ONE Software are available in the Cisco ONE Software
Device Tiering Guide.

Bandwidth entitlement (Entitled throughput when selecting Bandwidth)

Cisco offers WAN and SD-WAN with multitude of bandwidth options so that you can purchase what’s best for your business and networking needs. The key
takeaway from the figure below is that Cisco uses two bandwidth nomenclatures. Nominal and Aggregate. Nominal bandwidth is what the Product ID is based
on. Aggregate bandwidth is double the nominal bandwidth. This is aligned with how service providers sell WAN bandwidth.

So let’s work through the example in the figure below. Aggregate all of your bandwidth together. Upstream. Downstream. Across all circuits. That’s your
Aggregate bandwidth. In this example it’s 143 Mb/s. Now divide that by two to get to a Nominal bandwidth to determine which PID is needed. In this case,
you need a PID that can handle greater than 71.5 Mb/s. That’s the 100 Mb/s PID.

What causes some confusion is highly asymmetrical usage. In this example, if you look at the sum of the downstream bandwidth, you’ll see that it alone is
over 100 Mb/s. One might think that the 100 Mb/s license would not be enough. But it is. The 100 Mb/s PID enables 200 Mb/s of aggregate bandwidth,
which can be used in any upload / download ratio.

10Mbps Up 6Mbps Up 20Mbps Up

10Mbps Down 22Mbps Down 75Mbps Down

Upstream Downstream Aggregate Bandwidth Level

10 + 6 + 20 10 + 22 + 75 143 Mb/s
MPLS LTE Internet

Aggregate Bandwidth Level Nominal Bandwidth License

143 Mb/s 2 (Product ID)

1 2 3

Upstream Downstream 100 Mb/s Bandwidth License (PID)

36 Mb/s 107 Mb/s 200 Mb/s Bandwidth Entitlement

Aligned with how service providers sell WAN bandwidth

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

Table 6 below gives the range of Bandwidth entitlement and Subscription term options available with Cisco DNA Software Subscriptions
Table 6. Cisco DNA Cloud and On Premise Software subscription Product IDs

Product IDs Bandwidth Options Term Options Example PID

DNA-C-<BW>-E-<Term> BW = Term = DNA-C-10M-E-3Y

• 10M (Agg 20Mbps) • 3Y DNA-C-10M-E-5Y
DNA-P-<BW>-E-<Term> • 5Y DNA-P-10M-E-3Y
• 15M (Agg 30Mbps)
DNA-P-10M-E-5Y
• 25M (Agg 50Mbps)
DNA-C-<BW>-A-<Term> • 50M (Agg 100Mbps) Term = DNA-C-25M-A-3Y
• 3Y DNA-C-25M-A-5Y
DNA-P-<BW>-A-<Term> • 100M (Agg 200Mbps)
• 5Y DNA-P-25M-A-3Y
• 250M (Agg 500Mbps) DNA-P-25M-A-5Y
• 7Y
• 500M (Agg 1Gbps)
• 1G (Agg 2Gbps)
DNA-C-<BW>-P-<Term> • 2.5G (Agg 5Gbps) Term = DNA-C-50M-P-3Y
• 3Y DNA-C-50M-P-5Y
DNA-P-<BW>-P-<Term> • 5G (Agg 10Gbps)
• 5Y DNA-P-50M-P-3Y
• 10G (Agg 20Gbps) DNA-P-50M-P-5Y

Note: The numbers in the Product IDs column are not aggregated throughput number.

Subscription tiers:
Three software subscription tiers offer feature combinations tailored to your needs. Depending on the platform and deployment needs, the following offers
can be chosen across all the platforms mentioned in Step-1

• Cisco DNA Premier: Product ID format is DNA-<>-<>-P-<> (eg: DNA-C-25M-P-3Y)

• Cisco DNA Advantage: Product ID format is DNA-<>-<>-A-<> (eg: DNA-C-25M-A-3Y)
• Cisco DNA Essentials: Product ID format is DNA-<>-<>-E-<> (eg: DNA-C-25M-E-3Y)
Note: The Cisco 1000 and 4000 Series ISRs include Network Essentials or Network Advantage stack, depending on the tier purchased. ASR 1000 Series include Network Advantage only. Cisco
DNA Essentials includes Network Essentials as the perpetual element. Cisco DNA Premier and Cisco DNA Advantage include Network Advantage as the perpetual element. The perpetual element is
subscription neutral, meaning that it will continue to work regardless of the subscription term.

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

Subscription term:
With any of the Cisco Software Subscription offers, there is a choice of 3Y and 5Y Subscription terms

• 3Year, 5Year Cisco DNA Essentials: Product ID format is DNA-<>-<>-E-3Y/5Y.

• 3Year, 5Year and 7Year Cisco DNA Advantage: Product ID format is DNA-<>-<>-A-3Y/5Y/7Y*
• 3Year, 5Year Cisco DNA Premier: Product ID format is DNA-<>-<>-P-3Y/5Y.
*7Y term option is only available for Cisco DNA Advantage subscriptions, and is not eligible for Enterprise Agreement (EA)

Ordering Cisco Software Subscription:

Step-1: Select the Cisco Router of your choice :

A. If you are choosing a Cisco DNA Bundle (For eg: ISR4331-DNA OR any platform from Table-2 in Step-1:Platforms Section), you can complete the
ordering process along with built-in Cisco DNA subscription SKUs. You can skip STEP-2.
B. If you are choosing an ala-carte Router hardware platform (For eg: ISR4221/K9 or ASR1002-X), complete the ala-carte ordering process by selecting
the suitable Cisco IOS type, Network Modules and add L-LIC-DNA-ADD SKU at the end.
-- When purchasing a new router, if the intended use is to deploy the subscription through Cisco DNA Center, no additional Technology Package license
needs to be purchased (exception: ASR 1000 platforms require selection of IP Base, which acts as the OS). All necessary feature licenses required for
a subscription are included when Cisco DNA Essentials or Cisco DNA Advantage licenses are procured (through Step-2).
-- Similarly, all Performance or Boost licenses are included when Cisco DNA Essentials or Cisco DNA Advantage licenses are procured (through Step-2).
-- Refer to “Working with L-LIC-DNA-ADD” section in Step-2 below for completing the Cisco DNA Software subscriptions ordering
Step-2: Select the L-LIC-DNA-ADD SKU:

Working with L-LIC-DNA-ADD

Customers may seek to add a Cisco DNA or SD-WAN subscription to

• A router that has already been deployed in the field

• A router that the customer intends to purchase that does not have a Cisco DNA bundle associated with it (for example, ISR4221/K9, ISR4461/K9 or
ASR1001-X, but NOT platform bundles such as ISR4321-SEC/K9, ISR4351-AX/ K9 etc)
• A Software WAN router that is intended to be deployed on either Private or Public Cloud

In these scenarios, the customer will configure the router and the subscription independently. The customer configures the router (for example, the ISR4321/
K9, ISR4351, or ASR1002-X) and selects the relevant Cisco IOS type as described in the section “Step-2: Software”. Finally, the customer chooses
L-LIC-DNA-ADD, which provides various subscription options for each platform family as described below.

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

If the choice is a cloud platform or a subscription on existing hardware, the product ID shown in Table 7 is applicable.
Table 7. WAN platform Product ID for cloud or existing deployments

Product ID Description

L-LIC-DNA-ADD Cisco DNA subscription license for routing

Once you have selected the above product ID, select the platform for which you need to order the Cisco DNA Subscription (See Table 8 below)
Table 8. Platform licenses for L-LIC-DNA-ADD for cloud or existing deployments

Platform License Part Number Description

ENCS 5000 ENCS5400-DNA 5400 ENCS platform for Cisco DNA

ENCS5100-DNA 5100 ENCS platform for Cisco DNA

vEdge Cisco DNA VEDGE-100B-DNA vEdge 100B platform for Cisco DNA

VEDGE-100M-DNA vEdge 100M platform for Cisco DNA

VEDGE-1000-DNA vEdge 1000 platform for Cisco DNA

VEDGE-2000-DNA vEdge 2000 platform for Cisco DNA

VEDGE-5000-DNA vEdge 5000 platform for Cisco DNA

VEDGE-CLOUD-DNA vEdge Cloud platform for Cisco DNA

ISR 1000 C1100-8P-DNA 1100 ISR 8-port platform for Cisco DNA

C1100-4P-DNA ISR1100 4-Port platform for Cisco DNA

C1100SV-8P-DNA ISR1100 SV 8 Port 1121, 1126, 1127, 1161 platforms for DNA

ISR 1100 (Viptela OS) ISR1100-4G-DNA ISR1100 platform for Cisco DNA for ISR1100-4G

ISR1100-6G-DNA ISR1100 platform for Cisco DNA for ISR1100-6G

ISR1100-4GLTE-DNA ISR1100 4GLTE Platfrom Selection for SDWAN

ISR 4220 ISR4220-DNA 4200 ISR platform for Cisco DNA

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

Platform License Part Number Description

ISR 4300 ISR4300-DNA 4300 ISR platform for Cisco DNA

ISR 4400 ISR4400-DNA 4400 ISR platform for Cisco DNA
ASR 1001X ASR1001HX-DNA ASR 1001-X platform for Cisco DNA
ASR 1001HX ASR1001HX-DNA ASR 1001-HX platform for Cisco DNA
ASR 1002X ASR1002X-DNA ASR 1002-X platform for Cisco DNA
ASR 1002HX ASR1002HX-DNA ASR 1002-HX platform for Cisco DNA
ASR 1000 ESP 40 ASR1K-ESP-40-DNA ASR 1000 Series platform with ESP40 for Cisco DNA (no SD-WAN support)
ASR 1000 ESP 100 ASR1K-ESP-100-DNA ASR 1000 Series platform with ESP100 for Cisco DNA (no SD-WAN support)
ASR 1000 ESP 200 ASR1K-ESP-200-DNA ASR 1000 Series platform with ESP200 for Cisco DNA (no SD-WAN support)

CSR 1000V CSR1KV-DNA CSR 1000V Cisco DNA subscription

• Select the SKU for the subscription L-LIC-DNA-ADD

• Select the platform family (under Option Class: Platform License) against which the subscription is expected to be purchased (For example: Select
“VEDGE DNA Selection” for any vEdge and “ISR DNA Selection” for ISR1100-4G/6G and ISR1000/4000 devices)
PLATFORM LICENSE

ENCS 5000
Example of Virtual Router
VEDGE CISCO DNA
Platform Family
ISR1100

ISR4220

ISR4300

ISR4400
Example of Physical Router
ASR1001X
Platform Family
ASR1002HX

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

• The warnings indicate the supported bandwidths for the chosen platform family

• Select the intended subscription reason for SD-WAN or for Cisco DNA Center deployment. This helps Cisco manufacturing prepare the infrastructure for
cloud or for on-premises deployment
-- When selecting SDWAN-ONPREM, the intended reason is for on-premises implementation of SD-WAN functionality
-- When selecting SDWAN-CLOUD, the intended reason is for cloud implementation and management of SD-WAN functionality
-- When selecting DNACENTER-ONPREM the intended reason is for on-premises implementation and management using Cisco DNA Center functionality

• Select the appropriate bandwidth for the product family chosen. Refer to Table-9 for the appropriate Bandwidth selections

Table 9 below lists the bandwidths available for each platform. For example, for the 4331 ISR, you can choose from 25M, 50M, 100M and 250M
Table 9. Cisco DNA Subscription Bandwidth tiers by platform

Cisco DNA Software Applicability Matrix

SD 10 15 25 50 100 250 500 1 2.5 5 10

Platform License type
WAN Mbps Mbps Mbps Mbps Mbps Mbps Mbps Gbps Gbps Gbps Gbps

ISR ISR1000-4P Cisco DNA Premier

1000 Cisco DNA Advantage
Cisco DNA Essentials
ISR1000-8P Cisco DNA Premier
Cisco DNA Advantage
Cisco DNA Essentials
ISR1100-4G Cisco DNA Premier
(Viptela OS) Cisco DNA Advantage
Cisco DNA Essentials
ISR1100-6G Cisco DNA Premier
(Viptela OS) Cisco DNA Advantage
Cisco DNA Essentials

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

SD 10 15 25 50 100 250 500 1 2.5 5 10

Platform License type
WAN Mbps Mbps Mbps Mbps Mbps Mbps Mbps Gbps Gbps Gbps Gbps

ISR ISR 4221 Cisco DNA Premier

4000 Cisco DNA Advantage
Cisco DNA Essentials
ISR 4321 Cisco DNA Premier
Cisco DNA Advantage
Cisco DNA Essentials
ISR 4331 Cisco DNA Premier
Cisco DNA Advantage
Cisco DNA Essentials
ISR 4351 Cisco DNA Premier
Cisco DNA Advantage
Cisco DNA Essentials
ISR 4431 Cisco DNA Premier
Cisco DNA Advantage
Cisco DNA Essentials
ISR 4451 Cisco DNA Premier
Cisco DNA Advantage
Cisco DNA Essentials
ISR 4461 Cisco DNA Premier
Cisco DNA Advantage
Cisco DNA Essentials
CSR Cisco DNA Premier
1000V Cisco DNA Advantage
Cisco DNA Essentials
ENCS ENCS Cisco DNA Premier
5104 Cisco DNA Advantage
Cisco DNA Essentials
ENCS Cisco DNA Premier
5412 Cisco DNA Advantage
5408 Cisco DNA Essentials
5406
© 2020 Cisco and/or its affiliates. All rights reserved.
Ordering guide
Cisco public

SD 10 15 25 50 100 250 500 1 2.5 5 10

Platform License type
WAN Mbps Mbps Mbps Mbps Mbps Mbps Mbps Gbps Gbps Gbps Gbps

ASR ASR Cisco DNA Premier

1000* 1001-X Cisco DNA Advantage
Cisco DNA Essentials
ASR Cisco DNA Premier
1002-X Cisco DNA Advantage
Cisco DNA Essentials
ASR Cisco DNA Premier
1001-HX Cisco DNA Advantage
Cisco DNA Essentials
ASR Cisco DNA Premier
1002-HX Cisco DNA Advantage
Cisco DNA Essentials
ASR 1000 Cisco DNA Premier
ESP 40 Cisco DNA Advantage
Cisco DNA Essentials
ASR 1000 Cisco DNA Premier
ESP 100 ** Cisco DNA Advantage
Cisco DNA Essentials
ASR 1000 Cisco DNA Premier
ESP 200 Cisco DNA Advantage
Cisco DNA Essentials
vEdge vEdge 100B Cisco DNA Premier
Cisco DNA Advantage
Cisco DNA Essentials
vEdge Cisco DNA Premier
100M Cisco DNA Advantage
Cisco DNA Essentials

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

SD 10 15 25 50 100 250 500 1 2.5 5 10

Platform License type
WAN Mbps Mbps Mbps Mbps Mbps Mbps Mbps Gbps Gbps Gbps Gbps

vEdge vEdge 1000 Cisco DNA Premier

Cisco DNA Advantage
Cisco DNA Essentials
vEdge 2000 Cisco DNA Premier
Cisco DNA Advantage
Cisco DNA Essentials
vEdge 5000 Cisco DNA Premier
Cisco DNA Advantage
Cisco DNA Essentials
vEdge- Cisco DNA Premier
Cloud* Cisco DNA Advantage
Cisco DNA Essentials

*Only fixed chassis of ASR1000 family supports Cisco SD-WAN DNA subscriptions

Ordering Enforced Encryption (HSEC) License

Federal regulations mandate that all encrypted traffic greater than 250Mbps be provisioned through a separate license – the HSEC License. The HSEC
License is required purely for increasing the crypto throughput and tunnel scale, irrespective of SD-WAN or Traditional routing deployments. The following
examples demonstrate how the HSEC licenses maybe provisioned for different scenarios.

Scenario 1: Purchasing subscription in conjunction with the platform using the Cisco DNA bundles (eg: ISR4331-DNA, C1111-8P-DNA)
Scenario 2: Purchasing subscription for an existing Router using the L-LIC-DNA-ADD top level SKU (eg: ISR4221/K9, C1117-4P and a subscription using
L-LIC-DNA-ADD)

In Scenario 1, the HSEC license is auto included with each Cisco DNA bundle where the chosen subscription exceeds 250Mbps.

In Scenario 2, the customer is entitled to a HSEC license at $0 where the chosen subscription throughput exceeds 250Mbps. The entitled HSEC maybe
procured by choosing the appropriate product SKU.

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

Cisco SD-WAN Security applicability matrix

The core security features—Enterprise Firewall with Application awareness and DNS Security Monitoring—are supported in all platforms listed in the Cisco SD-
WAN applicability matrix. (Note that vEdge routers support only zone-based firewall.)

The following advanced security features require a minimum of 8-GB memory and 8-GB boot flash on all platforms:
1. Intrusion prevention system
2. URL filtering
3. Advanced Malware Protection (AMP and ThreatGrid)

Platforms/Features Ent FW Ent FW App IPS URL AMP and DNS/weblayer security
Awareness Filtering TG

vEdge - (100, 1000, 2000 and 5000) Y N/A N/A N/A N/A Y

CSR 1000V Y Y Y Y Y Y

ISRv (ENCS) Y Y Y Y Y Y
ISR 4000 (4461, 4451, 4431, 4351, 4331,
4321, 4221x) Y Y Y Y Y Y

ISR 1100 (ISR1100-4G, ISR1100-6G) Y N/A N/A N/A N/A Y

ISR 1000X (1111X, 1121X,
1126X,1127X,1161X) Y Y Y Y Y Y

ASR1K (1001-HX, 1002-HX, 1001-X, 1002-X) Y Y N/A N/A N/A Y

Notes:
1. CSR 1000V supports URL Filtering, AMP and DNS Security only in on-premise deployment. The Cisco ISRv and Cisco CSR 1000V need four vCPU and a minimum of 8GB RAM and 8GB bootflash.
2. URL filtering is supported with cloud lookup only with 8GB. 16GB is required for on-box URL database download and lookup.

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

Step 4: Smart account and Virtual account
An end-user smart account and virtual account are mandatory for the Cisco
SD-WAN ordering process. Cisco SD-WAN requires a unique identifier to
auto-provision hardware devices for end customers. Since Smart Accounts
and Virtual Accounts are both unique and partner-enabled, they provide a
convenient mechanism for provisioning the Cisco SD-WAN solution. (Note:
SD-WAN will be provisioned on Cisco routers using Smart Accounts.)
-- Don’t use email addresses in the Virtual Account name. A Virtual
Account name can have A-Z, a-z, 0-9, and _. Virtual Account names
can be a maximum of 32 characters
-- The Virtual Account name is the Org ID. The Org ID is used in the
certificate Org Name
-- Example Virtual Account format: For an MSP tenant,
<END-CUSTOMER>_PROD

For the Cisco SD-WAN solution, Virtual Accounts are aligned to a
customer overlay and the devices that should be associated with the overlay.
Failure to provide a Virtual Account during ordering will result in a delay in
device provisioning.
Each Smart Account can have multiple Virtual Accounts. If the customer
has two customer overlays, they would have two different Virtual Accounts.
Managed Services Providers (MSPs) will create a Smart Account and be the
Smart Account owner. The MSP would then need to create a Virtual Account
for every end customer (or tenant), assuming that each end customer has a
specific overlay.
• Step 3: Go to CCW and start ordering
-- https://apps.cisco.com/ccw/cpc/estimate/create
-- Ensure that the Smart Account and Virtual Account details are
populated via “Assign Smart Account”
When ordering in Cisco Commerce Workspace (CCW), the end customer’s
Smart Account and Virtual Account can be added at the line level or at the
header level and applied to all applicable Smart items on the order.

• Step 1: Create a Smart Account (one-time operation)

-- Go to https://software.cisco.com/software/company/smartaccounts/
home#accountcreation-account
-- Don’t use email addresses in the Smart Account name. A Smart
Account name can have A-Z, a-z, 0-9, and _
-- Example Smart Account format: <MSP>_SD-WAN or
<Customer-Name>_SD-WAN
• Step 2: Create Virtual Accounts (one is needed for every tenant)
-- Go to Manage Smart Accounts at https://software.cisco.com/#module/
accountdetails
Partners who have placed the order using a holding account can add the
-- Click “New Virtual Account”
end customer’s Smart Account and Virtual Account details after order
submission. Please click here for a training video on reassigning an order
from a partner holding account to the end customer’s smart account.

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public
The end customer’s email address is essential for Cisco SD-WAN orders.
In the case of cloud deployments, details on vManage will be sent to this
email address.
Step 5: Services
Cisco Customer Experience Technical Services for SD-WAN
We recommend that Cisco SD-WAN customers purchase Cisco Solution
Support for both hardware and SD-WAN license support.
© 2020 Cisco and/or its affiliates. All rights reserved.
Cisco Embedded Support is included with the purchase of the Cisco SD-
WAN software subscription. Cisco Embedded Support provides access to
Cisco technical support online or by phone.
Cisco Embedded Support includes:
• Access to support and troubleshooting via online tools and web case
submission. Case severity or escalation guidelines are not applicable
• Cisco Technical Assistance Center (TAC) access 24 hours per day, 7 days
per week to assist by telephone, or web case submission and online tools
with application software use and troubleshooting issues
• Entitlement to maintenance releases and software updates for SD-WAN
software only. The Support for the hardware platform OS, along with OS
updates, is covered by the support contract on the hardware.
• Access to www.cisco.com This system provides the customer with
helpful technical and general information on Cisco products, as well as
access to Cisco’s online Software Center library
No additional products or fees are required to receive these services with a
software subscription. Hardware support must be purchased separately and
is not covered as part of the embedded SW support contract.
Recommended: Cisco Solution Support with Smart Net Total Care
• Cisco Solution Support is an essential element of Cisco DNA as it helps
customers maintain its performance, reliability, and return on investment
Solution Support provides:
• Centralized support from a primary point of contact
• Priority access and response from a solution expert
• Addresses Cisco and Solution Support Partner products
• Coordination between Cisco and Solution Support Partner product
support teams
• Accountability for issue management and resolution
When purchased on the hardware, it also covers any issues encountered
with the Cisco SD-WAN software hosted on that hardware platform Refer
to the service description for more detailed information regarding Cisco
Solution Support.
• Cisco Solution Support with Cisco Smart Net Total Care® Service
You can learn more about Cisco Solution Support at
www.cisco.com/go/solutionsupport.
Ordering guide
Cisco public

Steps for ordering a WAN subscription on the Cisco Enterprise Network Compute System (ENCS)
In this section we will go over the subscription ordering process for the ENCS. The Enterprise NFV solution is ordered through term-based subscription
licenses that may be purchased with a 3- or 5-year duration. At the time of ordering, you may choose a Cisco DNA Licensing for SD-WAN and Routing start
date that is independent of the hardware ship date.

The ordering process for routing subscriptions on the ENCS hardware is structured using a multiline bundle. This bundle provides the flexibility to choose the
appropriate software stack and the corresponding hardware stack to run it on.

To order the SD-Branch solution, use the NFV-BRANCH-MLB top-level part number, as shown in Table 10.
Table 10. Enterprise NFV solution top-level Product ID

Product ID Description

NFV-BRANCH-MLB NFV multiline bundle for software and hardware options

NFV-BRANCH-MLB is the top-level multiline part number and can be used as the starting point for both the software subscription licenses and the Cisco
ENCS hardware options. Table 11 covers the sub options under NFV-BRANCH-MLB.
Table 11. Sub options under NFV-BRANCH-MLB

Product IDs Description

Software licenses

L-LIC-DNA-ADD Software subscription licenses

Hardware

ENCS5412/K9 5412 Enterprise Network Compute System (12-core, 1.5 GHz Intel® CPU, 16 GB DRAM)

ENCS5408/K9 5408 Enterprise Network Compute System (8-core, 2.0 GHz Intel CPU, 16 GB DRAM)

ENCS5406/K9 5406 Enterprise Network Compute System (6-core, 1.9 GHz Intel CPU, 16 GB DRAM)

ENCS5104-400/K9 5104 Enterprise Network Compute System (4-core, 3.4 GHz AMD CPU, 16 GB DRAM, 400G SSD)

ENCS5104-200/K9 5104 Enterprise Network Compute System (4-core, 3.4 GHz AMD CPU, 16 GB DRAM, 200G SSD)

ENCS5104-64/K9 5104 Enterprise Network Compute System (4-core, 3.4 GHz AMD CPU, 16 GB DRAM, 64G SSD)

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

Ordering software subscription licenses for the Cisco 5000
Series ENCS
L-LIC-DNA-ADD is a container for all of the term subscription licenses for
the 5000 Series ENCS solution. These software licenses are common to all
ENCS platforms. The ENCS platforms have been grouped together under the
Hardware category.
The WAN licenses include choices along four main dimensions: preferred
choice of management, performance, term, and feature tiers.
For ENCS deployments, choosing on-premises or cloud SKUs will entitle the
end user to Cisco DNA Center licenses, as the instantiation of virtual network
functions on the ENCS is orchestrated via Cisco DNA Center.
The ordering tool does not verify the VNF requirements at this time. For the
purposes of sizing in this document, the terms “core,” “vCPU,” and “physical
CPU core” are considered equivalent.
Software selection choices on the ENCS
Software subscription licenses are ordered via L-LIC-DNA-ADD, as described
in the previous section. On the ENCS hardware you will have to select either
the ISRv (non-SD-WAN) or ISRv XE SD-WAN image binary and version.
Note:
1. Selecting this instance does not license the VNF. This ensures only that the right code is
loaded onto the hardware

Performance options on the ENCS range from 25 Mbps to 500 Mbps. 2. ISRv XE SD-WAN is supported on all 5400 ENCS platforms

This selection maps to the Cisco Integrated Services Virtual Router (ISRv) Table 13 lists the supported ENCS platforms.
and IOS XE SD-WAN throughput licenses. When using L-LIC-DNA-ADD,
Table 13. Hardware platforms supported on the ISRv 16.9 – SD-WAN XE
you must choose the platform license. The platform license determines
the throughputs supported on the underlying hardware. Table 12 lists the
Model Description
throughput licenses supported on the ENCS platforms.
Table 12. Throughputs supported on the ENCS platforms ENCS 5412/K9 5412 Enterprise Network Compute System
(12-core, 1.5 GHz Intel CPU, 16 GB DRAM)
Platform Throughputs supported
ENCS 5408/K9 5408 Enterprise Network Compute System
5400ENCS 25, 50, 100, 250 and 500 Mbps (8-core, 2.0 GHz Intel CPU, 16 GB DRAM)

5100ENCS 25, 50, 100 and 250 Mbps

ENCS5406/K9 5406 Enterprise Network Compute System
(6-core, 1.9 GHz Intel CPU, 16 GB DRAM)
Ordering ENCS hardware options
Table 15 lists the various hardware options available for the Enterprise NFV
solution for deployment at the branches or remote sites. The hardware NIMs on the ENCS with ISRv 16.9.1 XE SD-WAN
platform requirements must be derived from the software components that A limited number of network interface modules (NIMs) are supported on the
it hosts. Its resources must not only exceed the sum of the individual VNF ENCS when using ISRv XE SD-WAN 16.9 on the ENCS. Table 14 lists the
requirements, but also leave room for future growth. While each hardware modules supported on the 5400 ENCS.
platform is unique in its own way, each has three basic common resources –
CPU cores, memory, and disk capacity – that must be considered individually.

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

Table 14. NIMs supported with ISRv XE SD-WAN 16.9 on the 5400 ENCS Further, additional NIMs are supported with ISRv 16.9 (non-SD-WAN), as
shown in Table 16.
Type of Interface NIMs
Table 16. NIMs supported with ISRv 16.9 on the 5400 ENCS
4G-LTE NIM-LTEA-EA
Type of Interface NIMs NIM-4G-
NIM-LTEA-LA
4G-LTE LTE-NA NIM-4G-
T1/E1 NIM-1MFT-T1/E1
LTE-VZ NIM-4G-
NIM-2MFT-T1/E1
NIM-4MFT-T1/E1 LTE-GA NIM-
NIM-8MFT-T1/E1 4G-LTE-ST
NIM-4G-LTE-LA
ISRv 16.9.1 (non-SD-WAN) is supported on all ENCS platforms. Table 15
lists the supported ENCS platforms. NIM-LTEA-EA
Table 15. Hardware platforms supported on the ISRv 16.9.1 NIM-LTEA-LA

Model Description T1/E1 NIM-1MFT-T1/E1

NIM-2MFT-T1/E1
ENCS 5412/K9 5412 Enterprise Network Compute System
(12-core, 1.5 GHz Intel CPU, 16 GB DRAM) NIM-4MFT-T1/E1
NIM-8MFT-T1/E1
ENCS 5408/K9 5408 Enterprise Network Compute System
NIM-1CE1T1-PRI
(8-core, 2.0 GHz Intel CPU, 16 GB DRAM)
NIM-2CE1T1-PRI
ENCS 5406/K9 5406 Enterprise Network Compute System
NIM-8CE1T1-PRI
(6-core, 1.9 GHz Intel CPU, 16 GB DRAM)

ENCS 5104-400/K9 5104 Enterprise Network Compute System

(4-core, 3.4 GHz AMD CPU, 16 GB DRAM,
400G SSD)

ENCS 5104-200/K9 5104 Enterprise Network Compute System

(4-core, 3.4 GHz AMD CPU, 16 GB DRAM,
200G SSD)

ENCS5104-64/K9 5104 Enterprise Network Compute System

(4-core, 3.4 GHz AMD CPU, 16 GB DRAM,
64G SSD)

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

APPENDIX-A: Cisco SD-WAN Subscription Opt-out

All Cisco DNA bundled routers have to be ordered with a mandatory subscription attach. However, there can be exceptions as mentioned below:

• Customer has a valid Enterprise License Agreement (EA)

• Managed Service Providers (MSPs) who would opt for MSLA construct
In order to accommodate such type of orders, there is an option for “Opting out of DNA Subscriptions” by selecting the appropriate DNA-OPTOUT SKU
under all the Cisco DNA Bundled routers, and can be chosen as shown below:

• Under the Cisco DNA hardware bundle, select the Option class “DNA OPT OUT” and select one of the below appropriate opt-out SKU’s

PID Description

DNA-SDWAN-EA Subscription: Enterprise Agreement Use Only

DNA-SDWAN-MSLA Subscription: MSLA Use Only

APPENDIX-B: Modules supported in SD-WAN on the 4000 Series ISRs

The following modules are supported for the 4000 Series ISRs:

NIM-1GE-CU-SFP NIM-8MFT-T1/E1 NIM-LTEA-LA UCS-E160S-M3/K9

NIM-2GE-CU-SFP NIM-ES2-4 NIM-VAB-A UCS-E180D-M3/K9

NIM-1MFT-T1/E1 NIM-ES2-8 , NIM-ES2-8-P NIM-VAB-M UCS-E1120D-M3/K9

NIM-2MFT-T1/E1 NIM-1T SM-X-4X1G-1X10G UCS-EN140N-M2/K9

NIM-4MFT-T1/E1 NIM-LTEA-EA SM-X-6X1G

The following crypto modules are required for the ASR 1000 Series routers:

• ASR1001HX-IPSECHW, for the ASR 1001-HX

• ASR1002HX-IPSECHW, for the ASR 1002-HX

© 2020 Cisco and/or its affiliates. All rights reserved.

Ordering guide
Cisco public

APPENDIX-C: Cisco DNA ordering and license management on the 4000 Series ISRs
When the customer wishes to subscribe to a Cisco DNA Center and orders.

• Cisco DNA Essentials, Advantage, or Premier with bandwidth less than or equal to the factory default2 of the platform, no performance license need to be
ordered for the platform
• Cisco DNA Essentials, Advantage, or Premier with bandwidth greater than the factory default but less than the bandwidth provided by the High-
Performance license³ of the platform, a performance license is automatically added at the time of order and the customer does not need to order it.
Additionally, if the bandwidth (post-encryption) is greater than 250 Mbps, the HSEC license for the relevant platform is automatically added
• Cisco DNA Essentials, Advantage, or Premier with bandwidth greater than the High-Performance license4 of the platform, but less than or equal to the
maximum subscription bandwidth permitted for the platform, a BOOST license is automatically added to the order and the customer does not need to
order it. Additionally, if the bandwidth (post-encryption) is greater than 250 Mbps, the HSEC license for the relevant platform is automatically added.
• Cisco DNA Essentials, Advantage, or Premier with bandwidth, no additional Technology Packages need to be ordered
• Unified Communications is now packaged into the Cisco DNA Essentials and Cisco DNA Advantage. Voice Optimization is supported in Essentials
whereas Rich voice services and integration with SRST /FXO/FXS are the prime focus on the Cisco DNA Advantage package

When the customer wishes to subscribe to Cisco DNA for Enterprise Routing and SD-WAN and orders.
• Cisco DNA Essentials, Advantage, or Premier with bandwidth less than or equal to the factory default⁵ of the platform, no performance license need to be
ordered for the platform. No IP Base license or Technology Packages (or add-on licenses) need to be purchased
• Cisco DNA Essentials, Advantage, or Premier with bandwidth greater than the factory default but less than the bandwidth provided by the High-
Performance license6 of the platform, a performance license is automatically added at the time of order and the customer does not need to order it.
Additionally, if the bandwidth (post-encryption) is greater than 250 Mbps, the HSEC license for the relevant platform is automatically added. No IP Base
license or Technology Packages (or add-on licenses) need to be purchased
• Cisco DNA Essentials, Advantage, or Premier with bandwidth greater than the High-Performance license7 of the platform, but less than or equal to the
maximum subscription bandwidth permitted for the platform, a BOOST license is automatically added to the order and the customer does not need to
order it. Additionally, if the bandwidth (post-encryption) is greater than 250 Mbps, the HSEC license for the relevant platform is automatically added. No IP
Base license or Technology Packages (or add-on licenses) need to be purchased

2
For platform positioning, please refer to https://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/white-paper-c11-734550.html
(Table 1) ISR 4000 Performance Levels.
4
The 4331 ISR provides up to 250 Mbps of encrypted performance per direction (incoming and outgoing), aggregating to 500 Mbps of platform performance.
6
As an example, for the 4331 ISR, the High-Performance license allows a customer to go up to a bandwidth of not more than 300 Mbps. Hence (as an SD-WAN subscription license provides a
customer with an entitlement for the purchased bandwidth in each direction), the 4331 ISR supports a bandwidth of 100 Mbps (allowing for 100 Mbps up and 100 Mbps down).
7
The SD-WAN software on the 4331 ISR can provide for 250 Mbps of performance in each direction.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C07-740642-08  08/20