Data sheet

Cisco public

Cisco 4000 Family Integrated

Services Router

© 2024 Cisco and/or its affiliates. All rights reserved. Page 1 of 28

-
 Contents
Product overview 3
Features and benefits 3
Platform architecture 6
Managing your Cisco ISR 4000 Family ISRs 7
Product specifications 9
Services plane: Enabling the Branch-in-a-Box 16
Software Subscription through Cisco DNA Licensing 17
Enterprise NFV on ISR4000 18
Support for DC Power 18
Product Performance and Scalability 18
ISR 4000 Interfaces and Modules Support 19
Cisco Catalyst SD-WAN with the ISR4000 Series 19
Cisco Security Solutions for the ISR4000 Series 20
Reducing Operational Costs using Cisco ISR 21
Cisco IOS Software Licensing and Packaging 22
Ordering information 25
Integrated Services Router Migration Options 25
Warranty information 25
Product sustainability 26
Cisco and Partner Services for the branch office 26
Cisco Capital 27
For more information 27
Document history 28

© 2024 Cisco and/or its affiliates. All rights reserved. Page 2 of 28

-
 Cisco® 4000 Family Integrated Services Routers (ISRs) form a Software Defined WAN
platform that delivers the performance, security, and convergence capabilities that
today’s branch offices need.

Product overview
The Cisco 4000 Family Integrated Services Router (ISR) revolutionizes WAN communications in the
enterprise branch. With new levels of built-in intelligent network capabilities and convergence, it
specifically addresses the growing need for application-aware networking in distributed enterprise sites.
These locations tend to have lean IT resources. But they often also have a growing need for direct
communication with both private data centers and public clouds across diverse links, including
Multiprotocol Label Switching (MPLS), VPNs and the Internet.

The Cisco 4000 Family Integrated Services Router (ISR) contains the following platforms:

ISR4461, 4451, 4431, 4351, 4331, 4331-DC, 4321, 4221 & 4221X.

Cisco 4000 Series Integrated Services Routers

Features and benefits

Cisco 4000 Family ISRs provide you with Cisco® Catalyst Software Defined WAN (SD-WAN) software
features and a converged branch infrastructure. Along with superior throughput, these capabilities form the
building blocks of next-generation branch-office WAN solutions.
Cisco Catalyst Software Defined WAN

Cisco Catalyst SD-WAN is a set of intelligent software services that allow you to reliably and securely
connect users, devices, and branch office locations across a diverse set of WAN transport links. Cisco
Catalyst SD-WAN enabled routers like the ISR 4000 dynamically route traffic across the “best” link based
on up-to-the-minute application and network conditions for great application experiences. You get tight
control over application performance, bandwidth usage, data privacy, and availability of your WAN links -
control that you need as your branches conduct greater volumes of mission-critical business.
Cisco converged branch infrastructure

The Cisco 4000 Series ISRs consolidate many must-have IT functions, including network, compute, and
storage resources. The high-performance, integrated routers run multiple concurrent services, including
encryption, traffic management, and WAN optimization, without slowing your data throughput. And you can
activate new services on demand through a simple licensing change.

© 2024 Cisco and/or its affiliates. All rights reserved. Page 3 of 28

-
 Cisco intent based networking and Digital Network Architecture (Cisco DNA)

The last few years has seen a rapid transformation and adoption of digital technologies. This puts pressure
on the on the network teams supporting this changing infrastructure - especially when provisioning,
managing, monitoring and troubleshooting these diverse devices. Additionally, innovations such as Cisco
Catalyst SD-WAN, Network Function Virtualization (NFV), Open APIs and Cloud Management show great
promise in transforming IT networks. This transformation raises further questions and challenges for the IT
teams.

The Cisco Digital Network Architecture (Cisco DNA) is an open, extensible, software-driven architecture
that provides for faster innovation, helping to generate deeper insights, and deliver exceptional
experiences across many different applications. Cisco DNA relies on intent-based networking, a
revolutionary approach in networking that helps organizations automate, simplify, and secure the network.

The intent-based Cisco DNA network is:

● Informed by Context: Interprets every byte of data that flows across it, resulting in better security,
more customized experiences, and faster operations.
● Powered by Intent: Translates your intent into the right network configuration, making it possible to
manage and provision multiple devices and things in minutes.
● Driven by Intuition: Continually learns from the massive amounts of data flowing through it and
turns that data into actionable insight. Helps you solve issues before they become problems and
learn from every incident.

Cisco Catalyst Center provides a centralized management dashboard across your entire network — the
branch, campus, data center, and cloud. Rather than relying on box-by-box management, you can design,
provision, and set policy end-to-end from the single Cisco Catalyst Center interface. This allows you to
respond to organizational needs faster and to simplify day-to-day operations. Cisco Catalyst SD-WAN
Analytics, Assurance and Cisco Network Data Platform (NDP) help you get the most from your network by
continuously collecting and putting insights into action. Cisco DNA is open, extensible, and programmable
at every layer. It integrates Cisco and third-party technology, open APIs, and a developer platform, to
support a rich ecosystem of network-enabled applications.

Table 1 breaks out many of the features and benefits of the Cisco 4000 Family that create a Catalyst SD-
WAN and a converged branch infrastructure.

Table 1. Cisco 4000 Family ISR general feature highlights

Business Requirement(s) Feature/Solution

Performance ● Concurrent software services at speeds up to 10 Gbps (ISR4461). Backplane

architecture supports high-bandwidth module-to-module communication at
● Throughput speeds up to 10 Gbps.
● Service reliability ● A distributed multicore architecture with the industry’s first internal services
plane.
● Remote installation of application-aware services, which run identically to their
counterparts in dedicated appliances.

Lower WAN expenditures ● Embedded Cisco Catalyst SD-WAN solution for creating lower-cost,
business-class Internet connections.

© 2024 Cisco and/or its affiliates. All rights reserved. Page 4 of 28

-
 Business Requirement(s) Feature/Solution

Pay-as-you-grow ● Router capacity can be increased with a remote performance-on-demand

license upgrade (no hardware upgrade) for exceptional savings.
● Performance upgrade model
● Investment protection
● CapEx budget management

Superior and secure user application ● ISR-AX “Application Experience” software bundle with advanced routing and
experiences network monitoring services.
● Dynamic Multipoint VPN (DMVPN), zone-based firewalls, Intrusion Prevention
(Snort and Umbrella Branch) and Content Management using Cisco Cloud
Web security and OpenDNS protecting data, providing authentication
credentials, and transmissions not backhauled through the data center.
● Secure boot feature performs hardware-based authentication of the
bootloader software to prevent malicious or unintended software from booting
on the system.
● Code signing verifies digital signatures of executables prior to loading to
prevent execution of altered or corrupted code.
● Hardware authentication protects against hardware counterfeiting by using an
on-board tamper-proof silicon, including field replaceable modules. If
authentication fails, the module is not allowed to boot.

IT consolidation, space savings, and ● Single converged branch platform integrates routing, switching, virtual server,
improved Total Cost of Ownership storage, security, unified communications, WAN optimization, and
(TCO) performance management tools.

Business continuity and increased ● ISR 4400 Series models (4461, 4451, and 4431 ISRs) support dual integrated
resiliency power supplies for backup. The entire ISR 4000 Family supports optional
power supply capable of delivering additional PoE power to endpoints.
● Modular network interfaces with diverse connection options for load-
balancing and network resiliency.
● Modular interfaces with online removal and insertion (OIR) for module
upgrades without network disruption.
● Cisco Unified Survivable Remote Site Telephony (SRST), which serves as a
resiliency complement to Cisco Hosted Collaboration Solution (HCS), a Cisco
cloud-based UC service.
● Support for multiple, diverse access links: T1/E1, T3/E3, Serial, xDSL, Gigabit
and Ten-Gigabit Ethernet.

Lower telephony costs with VoIP and ● High-performance analog/digital gateway, allowing VoIP over less expensive
rich media experiences Session Initiation Protocol (SIP) trunks.
● Integrated IP PBX (Cisco Unified Communications Express) and Session
Border Controller (Cisco Unified Border Element, or CUBE).

Easier manageability and support
● Single, universal software image for all features and performance-on-demand
licensing flexibility.
● No additional services and support needed for compute and storage.
● Supported by Cisco and third-party management tools, with programmability
and automation.

© 2024 Cisco and/or its affiliates. All rights reserved. Page 5 of 28

-
 Platform architecture
Table 2 lists the primary hardware architectural features and benefits of the Cisco 4000 Family. The routers
run modular Cisco IOS XE Software, widely deployed in the world’s most demanding networks. The
software’s comprehensive portfolio of services spans multiple technology areas, including security, WAN
optimization, app and network Quality of Service (QoS), and embedded management.

Table 2. Architectural highlights

Architectural Features Benefits/Description

Multicore processors ● High-performance multicore processors support high-speed WAN connections. The
data plane uses an emulated Flow Processor (FP) that delivers Application-Specific
Integrated Circuit (ASIC)-like performance that does not degrade as services are
added.

Embedded IP Security (IPsec) ● Increases scalability. When combined with an optional Cisco IOS XE Software
VPN hardware acceleration Security license, enables WAN link security and VPN services.

Integrated Gigabit Ethernet ● The Cisco 4000 Family provides up to six built-in Ethernet ports for WAN or LAN.
ports ● Depending on platform, Ethernet ports can support Small Form-Factor Pluggable
(SFP)-based connectivity as well as RJ-45 connections, enabling fiber or copper
connectivity.
● Optionally, depending on the platform, up to 30W PoE+ can be enabled on two of
the built-in front panel Gigabit Ethernet interfaces to provide power to external
devices such as 4G/LTE/5G Cellular Gateways.
● An additional dedicated Gigabit Ethernet port is provided for device management 1.

USB-based console access ● A mini type-B USB console port1 supports management connectivity when
traditional serial ports are not available.
● Traditional console and auxiliary ports are also available2.

Optional integrated power ● An optional upgrade to the internal power supply provides inline power (802.3af-
supply for distribution of PoE compliant PoE or 802.3at-compliant PoE+) to optional integrated switch modules.
● Redundant PoE conversion modules provide an additional layer of fault tolerance.

Optional integrated Redundant ● For the ISR 4400 Series, power redundancy is available by installing an optional
Power Supply (RPS) power supply, protecting the network from power failures.
● Optional PoE boost mode increases total PoE capacity to up to 1000W.

Cisco Enhanced Services ● Each service-module slot offers high data-throughput capability of up to 10 Gbps
Module (SM-X) toward the system and up to 1 Gbps to other module slots.
● Support for both single- and double-wide service modules provides flexibility in
deployment options.
● An SM-X slot can be converted into a Network Interface Module (NIM) slot using an
optional carrier card.
● Service modules support Online Insertion and Removal (OIR), avoiding network
disruption when installing new or replacement modules 1.

1
Not supported on ISR4221
2
ISR4221 supports shared Console & Auxiliary ports

© 2024 Cisco and/or its affiliates. All rights reserved. Page 6 of 28

-
 Architectural Features Benefits/Description

Cisco Network Interface ● Up to three integrated NIM slots on the Cisco 4000 Family allow for flexible
Modules (NIMs)3 configurations.
● Each NIM slot offers options of up to two 2Gbps connections. One towards the route
processor and one for direct module to module communication. The ISR 4221 has
only one 1Gbps connection to the Route Processor.
● NIMs support OIR.
● Special NIMs add support Solid-State Drives (SSDs) and Hard Disk Drives (HDDs)1.

Cisco Integrated Services Card
(ISC) slot on motherboard
● Integrated Services Card natively supports the new Cisco High-Density Packet Voice
Digital Signal Processor Modules (PVDM4s), providing greater-density rich-media
voice.
● Each Integrated Services Card slot connects to the system architecture through an
up-to 2-Gbps link.
● Future modules can be hosted on the Integrated Services Card slot, improving
system functions.

Flash memory support ● A single flash memory slot is available to support high-speed storage densities,
upgradable to up to 32 GB. The ISR4221 ships with a fixed quantity of 8GB of flash
memory.
● Two USB type A 2.0 ports provide capabilities for convenient storage1.

DRAM ● For the ISR 4400 Series, the default control-plane memory is 4 GB, upgradable to 16
GB to provide additional scalability for control-plane features. Data-plane memory is
2 GB, non-upgradable.
● For the ISR 4300 Series, the default memory is 4 GB, upgradable to 16 GB (only 8GB
for 4321) to provide additional scalability.
● The ISR 4200 Series comes in two versions: ISR4221- 4GB fixed DRAM and
ISR4221X – 8GB fixed DRAM.

NEBS (Network Equipment ● The ISR 4461 is NEBS certified to maintain reliable operations in harsh and
Building System) demanding environments. A NEBS kit is orderable with dual 650W-DC reverse-
airflow power supplies and a reverse airflow fan assembly.

Managing your Cisco ISR 4000 Family ISRs

The Cisco network management applications listed at the top of Table 3 are standalone products that can
be purchased or downloaded to manage your Cisco network devices. The applications are built specifically
for the different operational phases; select those that best fit your needs. Those management capabilities
listed under the “Cisco IOS Software XE Embedded Management” heading are directly integrated into the
routers’ software operating system.

3
Unified Communications (UC) and UC based NIM’s are not supported

© 2024 Cisco and/or its affiliates. All rights reserved. Page 7 of 28

-
 Table 3. Cisco network management applications

Operational Phase Management Task by Description

Application

Device staging and WebUI ● A GUI-based device-management tool for Cisco IOS and
configuration Cisco IOS XE Software-based access routers. This tool
simplifies routing, firewall, VPN, unified communications,
and WAN and LAN configuration through easy-to-use
wizards.

Network-wide deployment,
configuration, monitoring,
and troubleshooting
Cisco Catalyst Center
● Offers comprehensive lifecycle management of wired and
wireless access, campus, and branch-office networks,
rich visibility into end-user connectivity, and application
performance assurance.
● Provides wired lifecycle functions such as inventory,
configuration, and image management; automated
deployment; compliance reporting; integrated best
practices; and reporting.

Staging, deployment, and Cisco Configuration Engine ● A secure network management product that provides
changes to configuration zero-touch image and configuration distribution through
and image files centralized, template-based management.

Context-aware security Cisco Prime Security ● Management tool for configuring and managing context-
configuration and monitoring Manager aware security. The application supports both single- and
multi-device manager form factors.
● Provides the ability to write and enforce the granular
context-aware security policies.

Cisco Wide Area Application Cisco WAAS Central ● The management tool for the WAAS1 4, (WAN
Service (WAAS) Manager optimization and application acceleration) integrated
management service. It provides a centralized mechanism for
configuring WAAS features, reporting, and monitoring.

Table 4. Cisco IOS XE Software Embedded Management Capabilities

Feature Description

Cisco IOS Embedded Event Manager ● A distributed and customized approach to event detection and recovery.
(EEM) ● Offers the ability to monitor events and take informational, corrective, or any
desired EEM action when the monitored events occur or when a threshold is
reached.

Cisco IOS XE IP Service-Level ● Helps assure the performance of new business-critical IP applications as well
Agreements (IP SLAs) as IP services that use data and voice in an IP network.

SNMP, Remote Monitoring (RMON), ● Network monitoring and accounting tools.

syslog, NetFlow, IP Flow Information
Export (IPFix)

4
It is suggested to use AppNav with an External WAAS device for the ISR4221

© 2024 Cisco and/or its affiliates. All rights reserved. Page 8 of 28

-
 Product specifications
Table 5 lists the general product specifications for the Cisco 4000 Family routers.

Table 5. Specifications of Cisco 4000 Family integrated services routers

Technical Cisco 4461 Cisco 4451 Cisco 4431 Cisco 4351 Cisco 4331/ Cisco 4321 Cisco
Specifications 4331-DC 4221(X)

Aggregate 1.5Gbps 1 Gbps 500 Mbps 200 Mbps 100 Mbps 50 Mbps 35Mbps
Throughput
(Default)

Aggregate 3Gbps 2 Gbps 1 Gbps 400 Mbps 300 Mbps 100 Mbps 75 Mbps
Throughput
(Performance
License)

Aggregate CEF Over 7Gbps Over 4Gbps Over 4Gbps Over 2Gbps Over 2Gbps 1.5Gbps 1.2Gbps
Only5 Throughput
(Boost License)

Total onboard 4 4 4 3 3 2 2
WAN or LAN
10/100/1000
ports

Total onboard 2 - - - - - -
WAN or LAN
10Gbps ports

RJ-45-based 4 4 4 3 2 2 2
ports

SFP-based ports 4 4 4 3 2 1 1

Enhanced 3 2 0 2 1 0 0
service-module
slots

Doublewide 2 1 (assumes no 0 1 (assumes no 0 0 0

service-module singlewide singlewide SM-
slots SM-X X modules
modules installed)
installed)

NIM slots 3 3 3 3 2 2 2

OIR (all I/O Yes Yes Yes Yes Yes Yes No

modules)

Onboard ISC slot 1 1 1 1 1 1 No

5
Using onboard Gigabit Ethernet Interfaces

© 2024 Cisco and/or its affiliates. All rights reserved. Page 9 of 28

-
 Technical Cisco 4461 Cisco 4451 Cisco 4431 Cisco 4351 Cisco 4331/ Cisco 4321 Cisco
Specifications 4331-DC 4221(X)

Default memory NA NA NA 4 GB 4 GB 4 GB 4GB

double-data-rate
3 (DDR3) error- 8GB (4221X)
correction-code
(ECC) DRAM
(Combined
control/services/
data planes)

Maximum NA NA NA 16 GB 16 GB 8 GB 4GB
memory DDR3
ECC DRAM 8GB (4221X)
(Combined
control/services/
data planes)

Default memory 4 GB 2 GB 2 GB NA NA NA NA
DDR3 ECC DRAM
(data plane)

Maximum 4 GB 2 GB 2 GB NA NA NA NA
memory DDR3
ECC DRAM (data
plane)

Default memory 8 GB 4 GB 4 GB NA NA NA NA
DDR3 ECC DRAM
(control/services
plane)

Maximum 32 GB 16 GB 16 GB NA NA NA NA
memory DDR3
ECC DRAM
(control/services
plane)

Default flash 8 GB 8 GB 8 GB 4 GB 4 GB 4 GB 8GB

memory

Maximum flash 32 GB 32 GB 32 GB 16 GB 16 GB 8 GB 8GB

memory

External USB 2.0 2 2 2 2 1 1 1

slots (type A)

USB console port 1 1 1 1 1 1 0

-type B mini (up
to 115.2 kbps)

Serial console 1 1 1 1 1 1 1 (combo

port - RJ45 (up to CON/AUX port)
115.2 kbps)

Serial auxiliary 1 1 1 1 1 1 1 (combo

port - RJ45 (up to CON/AUX port)
115.2 kbps)

© 2024 Cisco and/or its affiliates. All rights reserved. Page 10 of 28

-
 Technical Cisco 4461 Cisco 4451 Cisco 4431 Cisco 4351 Cisco 4331/ Cisco 4321 Cisco
Specifications 4331-DC 4221(X)

Power-supply Internal: AC, Internal: AC, Internal: AC, Internal: AC, Internal: AC External: AC External AC
options DC and PoE DC and PoE DC, and PoE DC and PoE and PoE, DC* and PoE only
(*4331-DC)

Redundant Internal: AC, Internal: AC, Internal: AC, N/A N/A N/A NA
power supply DC and PoE DC and PoE DC, and PoE

Power Specifications

AC input voltage 100 to 240 100 to 240 100 to 240 100 to 240 100 to 240 100 to 240 100 to 240
VAC VAC VAC VAC VAC VAC VAC
autoranging autoranging autoranging autoranging autoranging autoranging autoranging

DC Input Voltage (4331-DC)

Input Voltage 48 – 60V 48 – 60V 48 – 60V NA 24 – 60V NA NA

Input Current 12A Max 12A Max 12A Max NA 14 - 5A NA NA

AC input 47 to 63 Hz 47 to 63 Hz 47 to 63 Hz 47 to 63 Hz 47 to 63 Hz 47 to 63 Hz 47 to 63 Hz
frequency

AC input current 7.1 to 3.0A 7.1 to 3.0A 3 to 1.3A 7.1 to 3.0A 3 to 1.3A 1.5 to 0.6A 1.5 to 0.6A
range, AC power
supply
(maximum)

AC input surge 60 A peak <50 A 60 A peak and 60 A peak and 60 A peak and 90 A peak and 90 A peak and
current and less than less than 5 less than 12 less than 5 less than 3 less than 3
5 Arms per Arms per half Arms per half Arms per half Arms per half Arms per half
half cycle cycle cycle cycle cycle cycle

Typical power 158 65 48 42 36 24

(no modules)
(watts)

Maximum power 1000W (no 450 (no PoE) 250 (no PoE) 430 250 125 90
with AC power PoE)
supply (watts)

Maximum power 437 (no PoE) 437 (no PoE) 437 (no PoE) 437 (no PoE) 250 (no PoE)
with DC power
supply (watts) 4331-DC: PoE
not supported

Maximum power 1000 with 1000 with PoE 500 with PoE 990 530 260 NA (No PoE
with PoE power PoE redundant redundant Support)
supply (platform redundant 4331-DC: PoE
only) (watts) 1450 with PoE 1000 with PoE not supported
1450 with boost no boost no
PoE boost no redundancy redundancy
redundancy

Maximum 500 W with 500 W with 250 W with 500 250 120 NA (No PoE
endpoint PoE optional optional optional Support)
power available redundancy redundancy redundancy 4331-DC: PoE
from PoE power not supported
supply (watts)

© 2024 Cisco and/or its affiliates. All rights reserved. Page 11 of 28

-
 Technical Cisco 4461 Cisco 4451 Cisco 4431 Cisco 4351 Cisco 4331/ Cisco 4321 Cisco
Specifications 4331-DC 4221(X)

Maximum 950 W no 950 W no 500 W no N/A N/A N/A NA (No PoE

endpoint PoE redundancy redundancy redundancy Support)
power capacity
with PoE boost
(watts)

Sizes and Weights

Dimensions 3.5 x 17.25 x 3.5 x 17.25 x 1.73 x 17.25 x 3.5 x 17.25 x 1.75 x 17.25 x 1.75 x 14.55 x 1.72 x 12.7 x
(H x W x D) 18.5 in 18.5 in 19.97 in 18.5 in 17.25 in 11.60 in 10"

(88.9 x (88.9 x 438.15 (43.9 x 438.15 (88.9 x 438.15 (44.45 x (44.55 x 369.57 (43.7 x 322.6 x
438.15 x x 469.9 mm) x 507.2 mm) x 469.9 mm) 438.15 x x 294.64 mm) 254 mm)
469.9 mm) 438.15 mm)

External Power N/A N/A N/A N/A N/A 2.95 x 1.18 x 37 x 73 x 152
Supply 6.10 in mm (Phihong
Dimensions mfg PN:
(H x W x D) (75 x 30 x 155 AA90U-120A-
mm) R)

36.5 x 67 x 155
mm (Delta mfg
PN: ADP90GR
BA)

Shipping Box 9.75 x 22.25 9.75 x 22.25 x 7.88 x 22.25 x 9.75 x 22.25 x 7.125 x 22.75 x 7.0 x 21.5 x 4.13 x 18.25 x
Dimensions x 26 in 26 in 28.75 in 26 in 22.5 in 16.125 in 12.94"
(H x W x D)
(24.76 x (24.76 x 56.51 (200.2 x 565.1 (24.76 x 56.51 (180.98 x (177.8 x 546.1 (104.9 x 463.6
56.51 x x 66.04 mm) x 730.25 mm) x 66.04 mm) 577.85 x 571.5 x 409.6 mm) x 328.7 mm)
66.04 mm) mm)

Rack height 3 Rack Units 2 Rack Units 1 Rack Units 2 Rack Units 1 Rack Unit 1 Rack Unit 1 Rack Unit
(3RU) (2RU) (1RU) (2RU) (1RU) (1RU) (1RU)

Rack-mount Included Included Included Included Included Included Optional

19in. (48.3 cm)
EIA

Rack-mount Optional Optional Optional Optional Optional N/A NA

23in. (58.4 cm)
EIA

Wall-mount No No Yes No Yes Mounting holes Yes

under chassis

Weight with 1, 28.8 lb (13.1 N/A 28.8 lb (13.1 N/A N/A NA

450-WAC power kg) kg)
supply (no
modules)

Weight with 1 30.6 lb (13.9 N/A 29.0 lb (13.2 N/A N/A NA

1,000-WAC kg) kg)
power supply+ 1
PoE power
module (no other
modules)

© 2024 Cisco and/or its affiliates. All rights reserved. Page 12 of 28

-
 Technical Cisco 4461 Cisco 4451 Cisco 4431 Cisco 4351 Cisco 4331/ Cisco 4321 Cisco
Specifications 4331-DC 4221(X)

Weight with AC N/A 18.5 lb (8.4 kg) N/A 13.5 lb (6.2 kg) 7.7 lb (3.5 kg) + 7.1 lb (3.22kg)
PS (no modules) 1.2 lb (0.66 kg)
external PS

Weight with DC 28.8lb 28.8lb (13.1kg) 28.8lb (13.1kg) 13.5 lb (6.2 kg)
PS (no modules) (13.1kg)
(4431-DC)

Weight with AC N/A 18.6 lb (8.4 kg) N/A 14.1 lb (6.4 kg) N/A NA
PS with POE (no
modules)

Typical weight 42.7 lb (19.4 22.4 lb (10.2 37.7 lb (17.1 16.1 lb (7.3 kg) 9.14 lb (4.2 kg) 8.11 lb
(fully loaded with kg) kg) kg) + 1.2 lb (0.66 (3.68kg)
modules) kg) external PS

Packaging 6.4 lb (2.9 kg) 5.9 lb (2.7 kg) 6.4 lb (2.9 kg) 4.6 lb (2.1 kg) 2.2 lb (1 kg) 1.28 lb
Weight (0.58kg)

Airflow I/O side to I/O side to I/O side to I/O side to I/O side to Right I/O side I/O side to
bezel side bezel side bezel side bezel side bezel side to Left I/O side bezel side

MTBF (Hours) 480770 480770 512970 566310 587250 593270 593270

Environmental Specifications

Operating Conditions

Temperature 32 to 104°F 32 to 104°F 32 to 104°F 32 to 104°F 32 to 104°F 32 to 104°F 32 to 104°F

(0 to 40°C) (0 to 40°C) (0 to 40°C)
(0 to 40°C) (0 to 40°C) (0 to 40°C) (0 to 40°C)

Altitude 0 – 6,560 ft. 0 – 6,560 ft. 0 – 6,560 ft. 0 – 6,560 ft. 0 – 6,560 ft. 0 – 6,560 ft. 0 – 6,560 ft.

(China) (0 – 2,000 (0 – 2,000 m) (0 – 2,000 m) (0 – 2,000 m) (0 – 2,000 m) (0 – 2,000 m) (0 – 2,000 m)

m)

Altitude 0 – 10,000 0 – 10,000 ft. 0 – 10,000 ft. 0 – 10,000 ft. 0 – 10,000 ft. 0 – 10,000 ft. 0 – 10,000 ft.
ft.
(Rest of the (0 – 3,050 m) (0 – 3,050 m) (0 – 3,050 m) (0 – 3,050 m) (0 – 3,050 m) (0 – 3,050 m)
world) (0 – 3,050
m)

Short Term NA NA NA NA 32° to 131° NA NA

Temperature
upto 6560ft per (0° to 55° C)
NEBS GR-63- (for ISR4331-
CORE DC version)

Relative humidity 5% to 85% 5% to 85% 5% to 85% 5% to 85% 5% to 85% 5% to 85% 5% to 85%

Short-term 5% to 90%, 5% to 90%, 5% to 90%, not 5% to 90%, not 5% to 90%, not 5% to 90%, not 5% to 90%, not
humidity not to not to exceed to exceed to exceed to exceed to exceed to exceed
exceed 0.024 kg 0.024 kg 0.024 kg 0.024 kg 0.024 kg 0.024 kg
0.024 kg water/kg of water/kg of dry water/kg of dry water/kg of dry water/kg of dry water/kg of dry
water/kg of dry air air air air air air
dry air

© 2024 Cisco and/or its affiliates. All rights reserved. Page 13 of 28

-
 Technical Cisco 4461 Cisco 4451 Cisco 4431 Cisco 4351 Cisco 4331/ Cisco 4321 Cisco
Specifications 4331-DC 4221(X)

Acoustics: 50.6/73.1 50.6/73.1 dBA 54.3/79.1 dBA 50.6/73.1 dBA 52.8/74.8 dBA 24.2/51.9 dBA 28.5/53 dBA
dBA
Sound pressure
(Typical/
maximum)

Acoustics: Z 58.2/78.8 dBA 57.2/80.8 dBA 58.2/78.8 dBA 61.2/81.6 dBA 31.9/59.9 dBA 41/68 dBA
Sound power
(Typical/
maximum)

Nonoperating Conditions

Temperature -40 to 158°F -40 to 158°F -40 to 158°F -40 to 158°F -40 to 158°F -40 to 158°F -40 to 158°F
(-40 to (-40 to 70°C) (-40 to 70°C) (-40 to 70°C) (-40 to 70°C) (-40 to 70°C) (-40 to 70°C)
70°C)

Relative humidity 5% to 95% 5% to 95% 5% to 95% 5% to 95% 5% to 95% 5% to 95% 5% to 95%

Altitude 15,584 ft 15,584 ft 15,584 ft 15,584 ft 15,584 ft 15,584 ft 15,584 ft

(4750m) (4750m) (4750m) (4750m) (4750m) (4750m) (4750m)

Regulatory and Compliance

Safety UL 60950-1 UL 60950-1 UL 60950-1 UL 60950-1 UL 60950-1 UL 60950-1 UL 60950-1

CAN/CSA CAN/CSA CAN/CSA CAN/CSA CAN/CSA CAN/CSA CAN/CSA

C22.2 No. C22.2 No. C22.2 No. C22.2 No. C22.2 No. C22.2 No. C22.2 No.
60950-1 60950-1 60950-1 60950-1 60950-1 60950-1 60950-1

EN 60950-1 EN 60950-1 EN 60950-1 EN 60950-1 EN 60950-1 EN 60950-1 EN 60950-1

AS/NZS AS/NZS AS/NZS AS/NZS AS/NZS AS/NZS AS/NZS

60950-1 60950-1 60950-1 60950-1 60950-1 60950-1 60950-1

IEC 60950-1 IEC 60950-1 IEC 60950-1 IEC 60950-1 IEC 60950-1 IEC 60950-1 IEC 60950-1

EMC 47 CFR, Part 47 CFR, Part 47 CFR, Part 15 47 CFR, Part 15 47 CFR, Part 15 ICES-003 Class ICES-003 Class
15 15 A A
ICES-003 Class ICES-003 Class ICES-003 Class
ICES-003 ICES-003 A A A EN55032 Class EN55032 Class
Class A Class A A A
EN55032 Class EN55032 Class EN55032 Class
EN55032 EN55032 A A A CISPR32 Class CISPR32 Class
Class A Class A A A
CISPR32 Class CISPR32 Class CISPR32 Class
CISPR32 CISPR32 A A A AS/NZS CISPR AS/NZS CISPR
Class A Class A 32 Class A 32 Class A
AS/NZS CISPR AS/NZS CISPR AS/NZS CISPR
AS/NZS AS/NZS 32 Class A 32 Class A 32 Class A VCCI V-3 VCCI V-3
CISPR 32 CISPR 32
Class A Class A VCCI V-3 VCCI V-3 VCCI V-3 CNS 13438 CNS 13438

VCCI V-3 VCCI V-3 CNS 13438 CNS 13438 CNS 13438 EN 300-386 EN 300-386

CNS 13438 CNS 13438 EN 300-386 EN 300-386 EN 300-386 EN 61000 EN 61000

(Immunity) (Immunity)
EN 300-386 EN 300-386 EN 61000 EN 61000 EN 61000
(Immunity) (Immunity) (Immunity) EN 55024, EN 55024,
EN 61000 EN 61000 CISPR 24 CISPR 24
(Immunity) (Immunity) EN 55024, EN 55024, EN 55024,
CISPR 24 CISPR 24 CISPR 24 KN22, KN24 KN22, KN24
EN 55024, EN 55024,
CISPR 24 CISPR 24 KN22, KN24 KN22, KN24 KN22, KN24

© 2024 Cisco and/or its affiliates. All rights reserved. Page 14 of 28

-
 Technical Cisco 4461 Cisco 4451 Cisco 4431 Cisco 4351 Cisco 4331/ Cisco 4321 Cisco
Specifications 4331-DC 4221(X)

KN22, KN24 KN22, KN24 EN 50121-1

EN61000-6-4

EN 50121-4

Telecom T1 T1 TIA-968-B TIA-968-B TIA-968-B TIA-968-B TIA-968-B

IC CS- IC CS- CS-03 CS-03 CS-03 CS-03 CS-03

03:2004 03:2004
ANSI T1.101 ANSI T1.101 ANSI T1.101 ANSI T1.101 ANSI T1.101
TIA-968- TIA-968-
B:2009 B:2009 ITU-T G.823, ITU-T G.823, ITU-T G.823, ITU-T G.823, ITU-T G.823,
G.824 G.824 G.824 G.824 G.824
HKTA HKTA
2028:2010 2028:2010 IEEE 802.3 IEEE 802.3 IEEE 802.3 IEEE 802.3 IEEE 802.3

HKTA HKTA RTTE Directive RTTE Directive RTTE Directive RTTE Directive RTTE Directive
2017:2010 2017:2010 Homologation Homologation Homologation Homologation Homologation
HKTA 2015: HKTA 2015: requirements requirements requirements requirements requirements
2006 2006 vary by country vary by country vary by country vary by country vary by country
and interface and interface and interface and interface and interface
G.703:2001 G.703:2001 type. For type. For type. For type. For type. For
specific country specific country specific country specific country specific country
ID0002:2007 ID0002:2007 information, information, information, information, information,
IS6100:2004 IS6100:2004 refer to the refer to the refer to the refer to the refer to the
online online online online online
DSPR Gray DSPR Gray approvals data approvals data approvals data approvals data approvals data
Book:2000 Book:2000 base at: base at: base at: base at: base at:
https://www.cis https://www.ci https://www.ci https://www.cis https://www.ci
DSPR DSPR cofax.com/. scofax.com/ scofax.com/ cofax.com/ scofax.com/
Technical Technical
Condition: Condition:
2004 2004

E1 E1

AS/ACIF AS/ACIF
S016: 2001 S016: 2001

AS/ACIF AS/ACIF
S038: 2001 S038: 2001

G.703:2001 G.703:2001

TBR 4:1995 TBR 4:1995

TBR 12:1993 TBR 12:1993

TBR 13:1996 TBR 13:1996

RRA 2009- RRA 2009-38

38
(RRL 2005-
(RRL 2005- 96)
96)
IDA TS
IDA TS DLCN:2011
DLCN:2011
IDA TS ISDN
IDA TS ISDN PRA:2005
PRA:2005
IS6100: 2004
IS6100: 2004
PTC 220:2008
PTC
220:2008 Ethernet

© 2024 Cisco and/or its affiliates. All rights reserved. Page 15 of 28

-
 Technical Cisco 4461 Cisco 4451 Cisco 4431 Cisco 4351 Cisco 4331/ Cisco 4321 Cisco
Specifications 4331-DC 4221(X)

Ethernet IEEE 802.3

IEEE 802.3 ANSA X3.263

ANSA
X3.263

Cisco IOS XE Software

Protocols IPv4, IPv6, static routes, Routing Information Protocol Versions 1 and 2 (RIP and RIPv2), Open Shortest Path First
(OSPF), Enhanced IGRP (EIGRP), Border Gateway Protocol (BGP), BGP Router Reflector, Intermediate System-to-
Intermediate System (IS-IS), Multicast Internet Group Management Protocol Version 3 (IGMPv3), Protocol
Independent Multicast sparse mode (PIM SM), PIM Source Specific Multicast (SSM), RSVP, CDP, ERSPAN, IPSLA, Call
Home, EEM, IKE, ACL, EVC, DHCP, FR, DNS, LISP, OTV6, HSRP, RADIUS, AAA, AVC, Distance Vector Multicast
Routing Protocol (DVMRP), IPv4-to-IPv6 Multicast, MPLS, Layer 2 and Layer 3 VPN, IP sec, Layer 2 Tunneling
Protocol Version 3 (L2TPv3), Bidirectional Forwarding Detection (BFD), IEEE802.1ag, and IEEE802.3ah

Encapsulations Generic routing encapsulation (GRE), Ethernet, 802.1q VLAN, Point-to-Point Protocol (PPP), Multilink Point-to-Point
Protocol (MLPPP), Frame Relay, Multilink Frame Relay (MLFR) (FR.15 and FR.16), High-Level Data Link Control
(HDLC), Serial (RS-232, RS-449, X.21, V.35, and EIA-530), and PPP over Ethernet (PPPoE)

Traffic QoS, Class-Based Weighted Fair Queuing (CBWFQ), Weighted Random Early Detection (WRED), Hierarchical QoS,
management Policy-Based Routing (PBR) and NBAR.

Cryptographic Encryption: DES, 3DES, AES-128 or AES-256 (in CBC and GCM modes); Authentication: RSA (748/1024/2048 bit),
Algorithms ECDSA (256/384 bit); Integrity: MD5, SHA, SHA-256, SHA-384, SHA-512

Services plane: Enabling the Branch-in-a-Box

All Cisco ISR 4000 routers contain processing cores built-in as standard to allow full-featured services to
run on-board. This includes the full-featured Cisco WAAS engine that provides application acceleration
and highly responsive virtual desktop experience. The technology is known as Cisco Service Containers
and it uses a standard hypervisor to allow x64 based applications to run.

The 4000 series routers can be fitted with Solid State Drives (SSD) and server cards for local storage and
computing capability. The Cisco UCS-E server cards are available with 8-core Intel Xeon processors with
up to 48GB of high speed DDR3 memory and three drives built in offering RAID 0, 1 and 5. This immense
amount of compute power can eliminate the need for any dedicated servers at branch sites. UCS-E cards
can be configured and managed using VMware vCenter and pooled with Data Center compute resources.

6
Supported only on the 4451 for Bandwidths <100Mbps

© 2024 Cisco and/or its affiliates. All rights reserved. Page 16 of 28

-
 Software Subscription through Cisco DNA Licensing
The ISR4000 series supports software-based subscription using Cisco DNA based licensing. Two Cisco
DNA software subscription licenses are available for the WAN portfolio: Cisco DNA Essentials and Cisco
DNA Advantage.
Cisco DNA SD-WAN and Routing licenses

There are two Cisco DNA SD-WAN and Routing licenses available:

● Cisco DNA Essentials (Subscription) + Network Essentials (Perpetual)

● Cisco DNA Advantage (Subscription) + Network Advantage (Perpetual)

Cisco DNA Essentials offers:

● A maximum of 10 User VPNs + 1 Management VPN

● Cisco Catalyst SD-WAN Manager for centralized management (cloud or on-premises)
● Flexible topology (hub and spoke, partial mesh, full mesh)
● Application-based policies (including application-aware routing policies)
● Essential Cisco Catalyst SD-WAN security services including

◦ L3/L4/App-Aware Firewall

◦ Snort IPS/IDS with Talos signature updates

◦ URL-filtering

◦ Cisco Advanced Malware Protection (AMP)

◦ Cisco Umbrella cloud-app discovery

◦ SD-WAN Application Intelligence Engine (SAIE)

● Essential Cloud Networking

◦ Multicloud: GCP, AWS, Azure

◦ SaaS: All applications

● DNS monitoring and connector for Cisco Umbrella
● Basic path optimization capabilities including Forward Error Correction (FEC)
● Dynamic routing protocols (OSPF/BGP)

© 2024 Cisco and/or its affiliates. All rights reserved. Page 17 of 28

-
 Cisco DNA Advantage adds:

● Unlimited segmentation
● Cisco Catalyst SD-WAN Analytics
● Predictive Path Recommendations (PPR), powered by ThousandEyes WAN Insights
● Advanced Cloud OnRamp for Multicloud and SaaS (all applications and telemetry)
● Automated Service Stitching

For more information on Cisco DNA for SD-WAN and Routing subscriptions, please refer to
https://www.cisco.com/site/us/en/products/networking/wan-software/dna-subscription-wan/index.html.

For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.

Enterprise NFV on ISR4000

Built to reduce costs without compromising vital network services, the UCS E-Series router-integrated
branch blade servers provide support for a Virtualization-ready and Application-centric platform that can
be seamlessly integrated on the ISR4000 platform. Customers can now install virtualized applications on
the ISR4000 routers through the Cisco® Enterprise NFV Infrastructure Software (NFVIS) – a virtualization
infrastructure that integrates full VM lifecycle management, monitoring, device programmability, and
service chaining in a single, installable package. For more information on Enterprise NFV and NFVIS, please
refer to the link at https://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-
functions-virtualization-nfv/index.html#~stickynav=2.

Support for DC Power

ISR4000 platforms support both DC and AC power supplies as options. Specifically, the ISR 4331 has two
separate product SKU’s – the ISR4331/K9 and the ISR4331-DC/K9 which support AC and DC power
respectively, The ISR4400 can independently support an AC or a DC power supply on the same chassis.
While the 4300 supports between 24V and 60Vdc, the 4400 supports between 48V and 60Vdc. The 4331
provides for up to 250W of power rating while the 4400 provides up to 437W. ISR4461 also supports dual
650W DC reverse-air power supplies which are included in the NEBS installation kit.

It is important to note that when DC power supplies are installed on the router, PoE based modules may
not be used.

More details about the DC power supplies and its capabilities can be found at the below url
https://www.cisco.com/c/en/us/td/docs/routers/access/4400/hardware/installation/guide4400-
4300/C4400_isr/FRUs_Modules.html#49534.

Product Performance and Scalability

The Cisco 4000 Family is built on a multicore CPU architecture. It runs modular Cisco IOS XE Software,
which allows the platform to use to full advantage a distributed multicore architecture. The architecture of
the Cisco 4000 separates control- and data-plane operations and integrates an industry-first services
plane. This design delivers full-featured integrated services up to Layer 7 at high performance with the
ability to deliver application-aware network services while maintaining a stable platform and a high level of
performance during periods of heavy network traffic.

© 2024 Cisco and/or its affiliates. All rights reserved. Page 18 of 28

-
 The ISR 4000 consists of 3 series of Routers – the ISR 4400 series, the 4300 series and ISR 4200 series
whose performance levels are represented by the chart below.

ISR 4000 performance levels by series

ISR 4000 Interfaces and Modules Support

The Cisco 4000 Series Integrated Services Routers (ISRs) are modular routers with LAN and WAN
connectivity. The routers provide for Network Interface Module (NIM) slots and enhanced Service Module
(SM-X) slots offering a rich set of modules, such as LAN, WAN and wireless interfaces plus a range of
compute engines for embedded services.

For the complete list of supported modules on the ISR4000 Series refer to the Interfaces and Modules
sheet at https://www.cisco.com/c/en/us/products/routers/4000-series-integrated-services-routers-
isr/relevant-interfaces-and-modules.html.

Cisco Catalyst SD-WAN with the ISR4000 Series

The ISR 4000 series is optimized for Cisco Catalyst SD-WAN. For enterprises this means that business
critical applications run faster, with more reliability and reduced Operational Expenditure (OpEx). Cisco
Catalyst SD-WAN achieves this by giving all branches and data centers the ability to monitor, control, move
and report on streams of application data, such as specific web (HTTP) traffic for example. The ISR 4000
series has deep packet inspection capability and can accurately identify and control thousands of different
applications including custom in-house enterprise applications.

The benefits are immense:

1. Business-critical applications no longer have to contend each other or with traffic that should be served
on best effort basis.

2. The Enterprise network becomes more reliable because multiple paths can be used.

3. Costs are greatly reduced because dual MPLS links can be replaced with a mix of MPLS and Internet.

© 2024 Cisco and/or its affiliates. All rights reserved. Page 19 of 28

-
 4. The time to bring up new remote sites is dramatically reduced because Catalyst SD-WAN supports
rapidly deployed DSL and 3G/4G LTE connections as easily as MPLS.

5. Security is assured across these connections using a zero-touch secure VPN technology used by
governments and finance organizations worldwide.
From a platform perspective, the ISR 4000 series has

1. Separated control and data planes for Denial of Service (DoS) attack prevention and Intrusion Prevention
System (IPS) and firewall capability built-in.

2. SaaS applications can have content locally cached. The caching is automatic and peers directly with
Akamai technology to obtain intelligence.

3. Application performance speed is greatly increased using in-built application acceleration technology
that can locally cache at a byte-level.

Cisco Catalyst SD-WAN implementation on the ISR4000 is managed at the end device either from the
Cloud, or On-Premise, through ascending levels of Cisco DNA throughput-based subscription licenses.
Cisco DNA Essentials and Advantage subscription licenses enable all customers to seamlessly transition
between On-Premise and Cloud management as needed. The Cisco DNA subscription license tiers are
structured to support the growth in business needs and simplify the journey to intent-based networking for
the WAN.

For more information on Cisco DNA Subscriptions for SD-WAN and Routing, please refer to
https://www.cisco.com/site/us/en/products/networking/wan-software/dna-subscription-wan/index.html.

Cisco Security Solutions for the ISR4000 Series

Cisco WAN MACsec

Cisco routers support a wide-range of ever enhancing security features on the ISR4000 routers. Cisco
WAN MACsec is supported on the ISR4000 series routers using the NIM 2GE-CU-SFP module. WAN
MACsec provides a line-rate network encryption solution over Layer 2 Ethernet transport services and can
be leveraged outside campus networks, whether it be over Metro Ethernet transport or Data Center
Interconnect (DCI) links. MACsec also secures WAN connections that are leveraging Ethernet as the link-
layer media.
Cisco Secure Network Analytics

Cisco Secure Network Analytics provides enterprise-wide network visibility to detect and respond to
threats in real- time. The solution continuously analyzes network activities to create a baseline of normal
network behavior. It then uses this baseline, along with non–signature-based advanced analytics that
include behavioral modeling and machine learning algorithms, as well as global threat intelligence to
identify anomalies and detect and respond to threats in real- time. Secure Network Analytics can quickly
and with high confidence detect threats such as Command-and-Control (C&C) attacks, ransomware,
Distributed-Denial-of-Service (DDoS) attacks, illicit cryptomining, unknown malware, and insider threats.
With an agentless solution, you get comprehensive threat monitoring across the entire network traffic, even
if it’s encrypted. For more information and platform support refer to
https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch/datasheet-c78-739398.html.

© 2024 Cisco and/or its affiliates. All rights reserved. Page 20 of 28

-
 Cisco Snort IPS and Cisco Umbrella Branch

Cisco® Snort® IPS for Cisco 4000 Series Integrated Services Routers (ISRs) offers a lightweight threat
defense solution that uses industry-recognized Snort open-source Intrusion Prevention System (IPS)
technology. It is perfect for customers who are looking for a cost-effective solution that provides one box
for both advanced routing capabilities and integrated threat defense security to help comply with regulatory
requirements.

Cisco Umbrella Branch is a cloud-delivered security service for the Cisco Integrated Services Router (ISR).
It provides the first layer of defense against threats at branch offices. And it offers the simplest, fastest way
to protect every device on your branch network. You gain visibility and enforcement at the DNS layer, so
you can block requests to malicious domains and IPs before a connection is ever made.

When enabling MACsec, you will need to procure the Security and HSEC licenses to stay within the limits
of federal export control regulations. When customers wish to enable Cisco Secure Network Analytics, the
Security (SEC) license needs to be enabled. Enabling Snort needs a Security (SEC) license and a signature
subscription license. Enabling Cisco Umbrella Branch needs an Umbrella Branch license and a subscription
license.

Reducing Operational Costs using Cisco ISR

Support for Data Modelling

Enterprises and Service Providers wish to drive down the operational cost (opex) of their networks and
increase the agility and speed with which they deliver new services furthered by investments in Software
Defined Networking (SDN) and Network Function Virtualization (NFV). Cisco routers provide support for
Netconf and YANG data-modelling with increasing model coverage in successive releases.
Software Maintenance Upgrades (SMU)

The ISR4000 routers now support Software Maintenance Upgrades (SMU) 7. An SMU is a package that can
be installed on a system to provide a patch fix or security resolution to a released image, is provided on a
per release and per component basis, and is specific to the platform. An SMU is an independent and self-
sufficient package and does not have any prerequisites or dependencies. Please refer to
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/xe-16-6/config-mgmt-
xe-16-6-book/cm-smu.html for additional details.
Network Plug and Play

Network Plug and Play helps automate the onboarding of new devices on your network by applying
configuration settings without manual intervention. With the ease of a centrally managed controller, it
reduces the time a new device takes to join your network and become functional. For more information on
Plug and Play (PnP), please refer to https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Plug-
and-Play/release/notes/pnp-connect-release-notes.html.

7
Supported from IOS-XE16.6.1 for all ISR4000 and ASR1000 series routers

© 2024 Cisco and/or its affiliates. All rights reserved. Page 21 of 28

-
 Cisco IOS Software Licensing and Packaging
Universal IOS XE and XE-SDWAN Image

A single Cisco IOS XE Universal image encompassing all functions is delivered with the platform. Advanced
features can be enabled by simply activating a software license on the Universal image. Technology
packages and feature licenses, enabled through right-to-use licenses, simplify software delivery and
decrease the operational costs of deploying new features.

Starting with Cisco IOS XE Release 17.2.1, you can install and deploy both Routing (Autonomous Mode)
and Catalyst SD-WAN (Controller Mode) functionality on ISR4000 platforms. This feature supports the use
of a single universalk9 image to deploy Cisco IOS XE in dual persona modes on all supported devices. This
universalk9 image supports booting up in two modes - Autonomous mode (for regular IOS XE Routing
features) and controlled mode (for Catalyst SD-WAN features).

When ordering an ISR router with a Cisco DNA Subscription, a customer may choose either Autonomous
Mode (AUTO) for regular routing and Controller mode (CTRL) for Catalyst SD-WAN deployments. A license
in Autonomous Mode is perpetual and doesn’t require renewal, whereas a license in Controller Mode is
term based and does require renewal upon expiry of the purchased license term. Refer to the Cisco DNA
Ordering Guide at https://www.cisco.com/c/en/us/products/collateral/software/dna-subscription-
routing/guide-c07-740642.html.

Also present is the High Security (HSEC) license, which removes the curtailment enforced by the U.S.
government export restrictions on the encrypted tunnel count and encrypted throughput. The HSEC license
is a separately required license for a feature to have full crypto functionality. Without the HSEC license, only
1000 secure tunnels and 2508 Mbps of crypto bandwidth would be available.

For additional information and details about Cisco IOS Software licensing and packaging on the Cisco 4000
Family, please visit
https://www.cisco.com/c/en/us/td/docs/routers/access/4400/software/configuration/guide/isr4400swcfg.
pdf.

IOS-XE provides support for both perpetual and subscription licensing. Subscription Licensing with support
for Cisco Catalyst Center is offered using Cisco DNA Essentials or Cisco DNA Advantage. Please refer to
the Cisco DNA Ordering Guide at: https://www.cisco.com/c/en/us/products/collateral/software/dna-
subscription-routing/guide-c07-740642.html.

Software Defined Networks may be provisioned through the two major licenses on the Cisco 4000 Family;
these licenses can be activated through the Cisco software activation process identified at
https://www.cisco.com/go/sa using the Cisco Catalyst Center or through the Cisco Catalyst SD-WAN
Manager management portal. The XE-SDWAN image provides for its own licensing schema through Cisco
DNA Licensing.

For more information on Cisco DNA Subscriptions for SD-WAN and Routing, please refer to
https://www.cisco.com/site/us/en/products/networking/wan-software/dna-subscription-wan/index.html.

8
The change to 250Mbps was achieved in the IOS-XE version 16.8.1 pursuant to revised Federal regulations

© 2024 Cisco and/or its affiliates. All rights reserved. Page 22 of 28

-
 Smart Software Licensing Support for IOS-XE

IOS-XE supports Smart Licensing beginning with image version 16.6.1 and Device Led Conversion with
image version 16.9.1. Cisco Smart Licensing is a flexible licensing model that provides you with an easier,
faster, and more consistent way to purchase and manage software across the Cisco portfolio and across
your organization. And it is secure – you control what users can access. With Smart Licensing you get:

● Easy Activation: Smart Licensing establishes a pool of software licenses that can be used across
the entire organization—no more PAKs (Product Activation Keys).
● Unified Management: My Cisco Entitlements (MCE) provides a complete view into all of your Cisco
products and services in an easy-to-use portal, so you always know what you have and what you
are using.
● License Flexibility: Your software is not node-locked to your hardware, so you can easily use and
transfer licenses as needed.

To use Smart Licensing, you must first set up a Smart Account on Cisco Software Central
(software.cisco.com). One or more Virtual Accounts maybe created under the Smart Account to enable the
organization to logically segregate the purchased licenses. Device Led Conversion (DLC) allows the
customer to convert all existing PAK and RTU licenses on the router into a Smart License.

For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.

Cisco ISR 4000 bundles

Cisco ISR 4000 is available is several attractive bundles. The AX bundles integrate Cisco Wide Area
Application Services (WAAS), Security (SEC), and Data (DATA) licenses into a single bundle that is simple
to order, configure, and deploy. For customers who are also interested in voice along with all of these
features, AXV presents an attractive option. See Table 6 for details.

Table 6. Cisco ISR 4000 feature bundles

Bundles Features

Application Experience with AX + Voice

Voice (AXV)

Voice with Security (VSEC) Voice + Security

Application Experience (AX)
IP Base + Security + advanced networking protocols: L2TPv3, BFD, MPLS, VRF, VXLAN 9
(Bandwidth <100Mbps)
Application Experience: PfRv3, WAAS with AppNav, NBAR2, AVC, IP SLA
Hybrid Cloud Connectivity: LISP, OTV (for Bandwidth <100Mbps), VPLS, EoMPLS
Intelligent Web Caching: Akamai Connect

Voice (V) IP Base + Unified Communications: CME, SRST, CUBE

9
Supported only on the ISR4451

© 2024 Cisco and/or its affiliates. All rights reserved. Page 23 of 28

-
 Bundles Features

Security (SEC) IP Base + Advanced Security: Zone Based Firewall, IPSec VPN, EZVPN, DMVPN,
FlexVPN

Note: ISR4221/K9 does not support UC (Voice), hence no V, VSEC, AXV bundles for ISR4221/K9

More information on ISR AX bundles is available at https://www.cisco.com/go/ax.

A pay-as-you-grow licensing model lets you increase the performance level for the platforms from the
base level to a higher level. So you can purchase at an attractive entry-level price point and increase the
performance level as your business demand grows. Table 7 describes the performance licenses.

Table 7. Cisco ISR 4000 performance licenses

Platform Performance-on-Demand Features

License

ISR4461 FL-4460-PERF-K9 Increases the performance from base performance 1.5 Gbps to 3 Gbps

ISR4451 FL-44-PERF-K9 Increases the performance from base performance 1 Gbps to 2 Gbps

ISR4431 FL-44-PERF-K9 Increases the performance from base performance 500 Mbps to 1 Gbps

ISR4351 FL-4350-PERF-K9 Increases the performance from base performance 200 Mbps to
400 Mbps

ISR4331 FL-4330-PERF-K9 Increases the performance from base performance 100 Mbps to
300 Mbps

ISR4321 FL-4320-PERF-K9 Increases the performance from base performance 50 Mbps to

100 Mbps

ISR4221 FL-4220-PERF-K9 Increases the performance from base performance 35 Mbps to

75 Mbps

Table 8. Cisco ISR 4000 Booster (boost) performance licenses

Part number Description

FL-4220-BOOST-K9 (=) Booster Performance License for 4220 Series Router for up to 1.2 Gbps CEF*

FL-4320-BOOST-K9 (=) Booster Performance License for 4320 Series Router for up to 1.6 Gbps CEF*

FL-4330-BOOST-K9 (=) Booster Performance License for 4330 Series Router for up to 1.8 Gbps CEF*

FL-4350-BOOST-K9 (=) Booster Performance License for 4350 Series Router for up to 2 Gbps CEF *

FL-4430-BOOST-K9 (=) Booster Performance License for 4430 Series Router for up to 3.4 Gbps CEF*

FL-44-BOOST-K9 (=) Booster Performance License for 4450 Series Router for up to 3.8 Gbps CEF*

FL-4460-BOOST-K9 (=) Booster Performance License for 4460 Series Router for up to 10 Gbps CEF *

*
Test results for IP Routing (CEF) @ IMIX

© 2024 Cisco and/or its affiliates. All rights reserved. Page 24 of 28

-
 Ordering information
The Cisco ISR 4000 Family is orderable and shipping. To place an order, refer to Table 9 below and visit
the Cisco Ordering Home Page.

Table 9. Cisco ISR 4000 Series ordering information

Product Name Product Description

ISR4461/K9 Cisco ISR 4461 with 4 onboard GE, 3 NIM slots, 1 ISC slot, 3 SM slots, 8 GB Flash Memory
default, 2 GB DRAM default (data plane), 4 GB DRAM default (control plane)

ISR4451-X/K9 ISR 4451 with 4 onboard GE, 3 NIM slots, 1 ISC slot, 2 SM slots, 8 GB Flash Memory default, 2
GB DRAM default (data plane), 4 GB DRAM default (control plane)

ISR4431/K9 ISR 4431 with 4 onboard GE, 3 NIM slots, 1 ISC slot, 8GB Flash Memory default, 2 GB DRAM
default (data plane), 4 GB DRAM default (control plane)

ISR4351/K9 ISR 4351 with 3 onboard GE, 3 NIM slots, 1 ISC slot, 2 SM slots, 4 GB Flash Memory default, 4
GB DRAM default

ISR4331/K9 ISR 4331 with 3 onboard GE, 2 NIM slots, 1 ISC slot, 1 SM slots, 4 GB Flash Memory default, 4
GB DRAM default

ISR4321/K9 ISR 4321 with 2 onboard GE, 2 NIM slots, 1 ISC slot, 4 GB Flash Memory default, 4 GB DRAM
default

ISR4221/K9 ISR 4221 with 2 onboard GE, 2 NIM slots, 1 ISC slot, 8 GB Flash Memory default, 4 GB DRAM
default

ISR4221X/K9 ISR 4221 with 2 onboard GE, 2 NIM slots, 1 ISC slot, 8 GB Flash Memory default, 8 GB DRAM
default

For additional product numbers, including the Cisco 4000 Family bundle offerings, please contact your
local Cisco account representative. To place an order, visit the Cisco Ordering Home Page. To download
software, visit the Cisco Software Center.

Integrated Services Router Migration Options

The Cisco ISR 4000 Family is included in the standard Cisco Technology Migration Program (TMP). Refer to
https://www.cisco.com/go/tmp and contact your local Cisco account representative for program details.

Warranty information
The Cisco ISR 4000 Series Integrated Services Routers have a 90-day limited liability warranty.

© 2024 Cisco and/or its affiliates. All rights reserved. Page 25 of 28

-
 Product sustainability
Information about Cisco’s Environmental, Social and Governance (ESG) initiatives and performance is
provided in Cisco’s CSR and sustainability reporting.

Table 10. Product sustainability

Sustainability Topic Reference

General Information on product-material-content laws and regulations Materials

Information on electronic waste laws and regulations, including WEEE Compliance

our products, batteries and packaging

Information on product takeback and resuse program Cisco Takeback and Reuse Program

Sustainability Inquiries Contact: [email protected]

Environmental specifications Table 5. Product specifications

Regulatory and compliance Table 5. Product specifications

MTBF Table 5. Product specifications

Power Power supplies Table 5. Product specifications

Power Table 5. Product specifications

Material Product packaging weight and materials Contact: [email protected]

Size and Weights Table 5. Product specifications

Packaging Weight Table 5. Product specifications

Cisco and Partner Services for the branch office

Services from Cisco and our certified partners help you transform the branch-office experience and
accelerate business innovation and growth. We have the expertise to create a clear, replicable, optimized
branch-office footprint across technologies. Planning and design services align technology with your
business goals and can increase deployment efficiency. Technical services help you improve operational
efficiency, save money, and mitigate risk. Optimization services help you continuously improve
performance and succeed with new technologies. For more information, please visit
https://www.cisco.com/go/services.

Cisco SMARTnet® technical support for the Cisco ISR 4000 Family is available on a one-time or annual
contract basis. Support options range from help-desk assistance to proactive, onsite consultation. All
support contracts include:

● Major Cisco IOS Software updates for protocol, security, bandwidth, and feature improvements
● Full access rights to Cisco.com technical libraries for technical assistance, electronic commerce,
and product information
● Access 24 hours a day to the industry’s largest dedicated technical support staff

© 2024 Cisco and/or its affiliates. All rights reserved. Page 26 of 28

-
 Cisco Capital
Flexible payment solutions to help you achieve your objectives

Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business
transformation and help you stay competitive. We can help you reduce the total cost of ownership,
conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can
help you acquire hardware, software, services and complementary third-party equipment in easy,
predictable payments. Learn more.

For more information

For more information about the Cisco ISR 4000 Family, visit https://www.cisco.com/go/ISR4K or contact
your local Cisco account representative.

© 2024 Cisco and/or its affiliates. All rights reserved. Page 27 of 28

-
 Document history
New or revised topic Described In Date

Completely revised and updated ● Updated product family to include Cisco 4331-DC and August 28, 2024
to newest standard Cisco 4221(X)
● Updated General features (Table 1)
● Updated Architectural highlights (Table 2)
● Updated Specifications (Table 5)
● Updated Cisco DNA Software for SD-WAN and Routing
subscription tiers and licensing information
● Updated Product Performance and Scalability (Figure 2)
● Updated Boost performance license description to
include throughput (Table 8)
● Updated product names to reflect current state, i.e.,
Cisco Catalyst Center, Cisco Catalyst SD-WAN
Manager, Cisco Catalyst SD-WAN, Cisco Secure
Network Analytics, etc.

Completely updated to newest Entire document August 20, 2024

standard

Revised content on Smart Smart Software Licensing Support for IOS-XE May 25, 2021
Licensing

Change 4461 from 2RU to 3RU Sizing Section December 4, 2018

Added 4461 and SD-WAN November 13, 2018

Added support for Cisco SD-WAN Ordering Information August 8, 2018

with IOS XE SD-WAN, 16.9.1
software release. Added
Encrypted Traffic Analytics as
well as Boost Performance
Licensing support information.

Added new ISR 4000 Series Features and Benefits August 23, 2017
model, the ISR 4221. Updated all
related modules, memory,
licenses and bundles support
related to the ISR 4221.

Printed in USA C78-732542-25 09/24

© 2024 Cisco and/or its affiliates. All rights reserved. Page 28 of 28

-