Subscribe

Cisco DNA Software

SD-WAN and Routing Matrices

Cisco DNA Software for SD-WAN Feature Matrix

Cisco DNA Essentials Cisco DNA Advantage
License type
Includes Cisco DNA Essentials
3-, 5-, or 7-year term subscription
3-, 5-, or 7-year term subscription

Management options CLI, Web UI CLI, Web UI

Cisco Catalyst SD-WAN Manager1 Cisco Catalyst SD-WAN Manager1

Cisco DNA for SD-WAN subscription features CIsco DNA Essentials CIsco DNA Advantage

Connectivity and management

Cloud or on-premises management, flexible topology including hub/spoke, full mesh and partial mesh,
app- and SLA-based routing policy, VNF lifecycle management, DSL, 4G LTE, and multilink router interfaces, NTP client, zero-touch VPNs limited to 10 user + 1 mgmt
provisioning and onboarding, global and site topology.
Cisco Catalyst SD-WAN Layer 2 and Layer 3 routing – general
Static and dynamic routing (BGP, OSPF), routing protocol redistribution (EIGRP, OSPF, BGP), EIGRP

(service side), route maps, BFD PMTU, CoS marking (802.1P), static and service side NAT, NAT pool support for DIA, NAT using loopback
interface address, HQoS, per-tunnel QoS, Ethernet subinterface QoS, WAN loopback support, OMP redistribution, service VPN redistribution,
mapping BGP communities to OMP tags, match and set communities during BGP to OMP redistribution (localized and centralized policy),
secondary IP address support on SVI (interface VLAN), TLOC extension, DHCP options support, BFD for BGP/OSPF/EIGRP - CLI template,
NTP server support, DIA Tracker: Interface tracker for DIA, ability to track static route on service VPN, per-class/DSCP BFD for AAR, ACL
matching ICMP, enhanced policy-based routing (CLI template), jumbo frames (1GE interface), custom app support (for application aware
routing), SD-AVC, flexible Netflow, EVPN, MACSec Support, automated service chaining and insertion.
Cisco Catalyst SD-WAN Layer 2 and Layer 3 routing – IPv6
Dual stack support (for transport), inbound and outbound filtering, support for NAT64 devices (DIA), dual-stack service-side interface support
(Gigabit, subinterface, SVI, loopback), unicast addressing (link-local, unique-local, and global), anycast addressing, QoS, QoS policer, QoS
DSCP rewrite (inbound and outbound), IP name server, ICMP redirects, VRRP, DHCP relay agent, SSH, traceroute, SNMP logging server,
automated service chaining and insertion.
Multicloud and SaaS
Cloud OnRamp for Multicloud (GCP, AWS, Azure) – Site to Cloud connectivity, Cloud OnRamp for SaaS, monitoring capabilities for Multicloud
and SaaS via Cisco Catalyst SD-WAN Manager, SD-WAN Application Intelligence Engine (SAIE), automated service chaining and insertion.
SSE Connectivity (IPSec)
3rd party cloud security providers, Cisco Catalyst SD-WAN auto-register and IPsec auto-tunnel to Cisco Umbrella®, Cisco Umbrella DNS
monitoring (visibility only), Cisco Umbrella app discovery.
NGFW Stack
Cisco AMP, geo location-based filtering, interface zone support, high speed logging, URL filtering, TLS/SSL proxy support with Cisco Catalyst SD-
WAN, FQDN support, enterprise certificate support, ACL, pairwise key support for IPsec, SSH login with key, syslog over TLS, enterprise firewall with
Talos® powered IPS and application controls, RADIUS, Micro and Micro Segmentation (ICE/SGT), Cisco Secure Malware Analytics support4.

Cisco Catalyst SD-WAN services

DNS (including local bypass), basic path optimization with FEC and packet duplication, AppQoE: TCP optimization, ZBFW – multiple prefix list,
rule-set support, microtenancy: RBAC by VPN, policy based routing to SIG, weighted load-balancing for multiple SIG tunnels.

Essential Voice/UC features (managed via Cisco Catalyst Manager)

CUBE (IP to IP)
Software Support Service (SWSS)
Software support services that also offer license portability and ongoing innovation in the subscription software stack, including 24-hour TAC 2 2

support.
Premium Support Services
Success Tracks and/or Solution Support.
Optional2 Optional2
Advanced Cisco Catalyst SD-WAN Layer 2 and Layer 3 routing – general
Per-VPN QoS, adaptive QOS support, dynamic on-demand tunnel support, Hierarchical Cisco Catalyst SD-WAN, automated service chaining and insertion - service creation/discovery.
Cisco Catalyst SD-WAN Layer 2 and Layer 3 Multicast routing – IPv4
IGMPv3, PIM SSM, auto RP, app-aware routing policy support for multicast.
Advanced Cisco Catalyst SD-WAN services
Cisco Catalyst SD-WAN Manager (design, deploy, monitor) for virtualized platforms, AppQoE – multiple service nodes, DRE and LZ (including SSL proxy).
Advanced Multicloud and SaaS, Analytics, and Visibility
Cloud OnRamp for SaaS with Cisco Catalyst SD-WAN Analytics3 and telemetry, Cloud OnRamp for Multicloud – Site to Site and Cloud to Cloud connectivity via mid-mile with Cloud Interconnect/Cloud
Backbone, M365 Informed Network Routing, Webex telemetry, automated service chaining and insertion - service creation/discovery, Cloud OnRamp for Colocation, Cisco Catalyst SD-WAN Analytics3,
Predictive Path Recommendations (powered by ThousandEyes WAN Insights).
Cross-domain innovations
Integrated border for campus (SD-Access), integration with Cisco ACI® for application SLA.
Advanced Voice/UC features (Managed via Cisco Catalyst Manager)
Non-secure TDM/PSTN SIP trunk with digital cards (T1/E1) and analog cards (FXO/FXS), non-secure DSP farm services (media termination point, transcoder and conference bridge),
SIP SRST4.
Roaming User Protection
Cisco AnyConnect® protects your employees even when they are off the VPN. Enjoy seamless protection against malware, phishing, and command-and-control callbacks wherever your users go.

Layer 2 and Layer 3 routing

RIP, OSPF, BGP, EIGRP, IS-IS, IGRP (routing protocols), On-Demand Routing (ODR), NSF awareness, Point-to-Point Protocol (PPP), Multi-Link
PPP (MLP), PPPoE.
Essential router capabilities
NetFlow, Flexible NetFlow (FnF), IPFIX, performance monitoring, Flexible Packet Matching (FPM), Bidirectional Forwarding (BFD), LLDP, ACL,
ARP, DHCP, BDI, Cisco Discovery Protocol, COPP, NAT, DNS, Dynamic DNS, NTPv4, TR-069, TR069-CWMP, TCP-ECN, Window, MSS, etc.,
Stream Control Transmission Protocol (SCTP), 802.1P, 802.1Q, LACP, PAgP, EtherChannel, box-to-box HA, FHRP, GLBP (global load balancing),
NAT, PAT – IPv4/v6, Reverse Path Forwarding (URPF), Switch Port Analyzer (SPAN), Encapsulated Remote SPAN (ERSPAN).

Programmability and provisioning

NETCONF/YANG support, Zero Touch Support (PnP/ZTP).
Cisco Catalyst SD-WAN functionality is a pure subscription-based product offering. Upon expiration of your Cisco DNA
Subscription for SD-WAN, you are no longer licensed to access the Cisco Catalyst SD-WAN feature set.
Essential security capabilities
Zone-based firewall, IPS/Snort), Public Key Infrastructure (PKI), ACL, trustworthy system, Challenge Handshake (CHAP) and Password
Repurposing eligible hardware platforms from Cisco Catalyst SD-WAN to traditional
routing deployments is possible.
Authentication (PAP), Certificate Authority (CA).
Network Essentials and Network Advantage perpetual licenses are included on eligible hardware platforms with every
MACsec support Cisco DNA for SD-WAN subscription. The Cisco vEdge router family is not compatible with Network Essentials and Network
Advantage,
MACsec Key Agreement Protocol, LAN MACsec andMACSec
(128-bit), WAN therefore is not eligible for Network Essentials and Network Advantage licenses.
(125-/256-bit).

VPN support For a full listing of the traditional routing capabilities of the Network Essentials and Network Advantage perpetual licenses,
3 3
IPsec (point to point), DMVPN, GET VPN, Easy please
VPN. see the Cisco DNA for Routing perpetual license feature matrix below.

Essential Application Experience

MQC including classification, policing, re-marking, scheduling; HQoS, Application Visibility and Control (AVC), NBAR, IPSLA (Initiator), Deep
Packet Inspection.

Router management
TACACS+, NETCONF, AAA, RESTCONF, gRPC, YANG.

Essential multicast features

Bi-Di PIM, IGMP, Protocol Independent Multicast (PIM), CGMP, AutoRP, Bootstrap Router (BSR), mroute, MLD (v1, v2), extending SSM support
(PIM-SSM, IGMPv3 with SSM), SSM-Mapping, Multicast Source Discovery Protocol (MSDP).

1
The Cisco Catalyst Cloud SD-WAN subscription provides the right to use SD-WAN solution only with the cloud controller. The Cisco Catalyst on-premise SD-WAN subscription provides the right to use SD-WAN solution only with the on-premise controller.
2
With Cisco DNA software licenses, customers receive embedded SWSS, which covers 24x7x365 Cisco Technical Assistance Center (TAC) support and software release updates. This is valid only for the Cisco DNA software subscription stacks (Cisco DNA Essentials
and Advantage). Embedded SWSS DOES NOT cover the Network Stack.
For full hardware support, including the network stack (Network Essentials/Advantage), customers are required to additionally purchase either Smart Net Total Care on the hardware itself, or Cisco’s premium support services: Solution Support and/or Success Tracks.
These premium services must be purchased on both your Cisco DNA software license and the hardware.
3
Cisco Catalyst SD-WAN Analytics, Cisco Catalyst SD-WAN hosted in the Cisco cloud environment, cloud-delivered Cisco Catalyst SD-WAN, and other cloud features cannot be used by customers headquartered or mainly based in mainland China.
4
Requires purchase of additional licenses.

© 2024 Cisco and/or its affiliates. All rights reserved.

 Cisco DNA Software for Routing Feature Matrix
Catalyst Routing Essentials Cisco DNA Essentials Cisco DNA Advantage
Subscription license 7-year term only 3-, 5-, or 7-year 3-, 5-, or 7-year
Network stack Term based Perpetual Perpetual
Management options CLI, Web UI, CLI, Web UI, CLI, Web UI,
Cisco Catalyst Cisco Catalyst Cisco Catalyst
SD-WAN Manager, SD-WAN Manager, SD-WAN Manager,
Cisco Catalyst Center Cisco Catalyst Center Cisco Catalyst Center
Cisco Catalyst SD-WAN Manager5
(SD-Routing) On-Prem On-Prem/Cloud On-Prem/Cloud

Cisco Catalyst Center

On-Prem On-Prem On-Prem

Platform based routing features Catalyst Routing Essentials Cisco DNA Essentials Cisco DNA Advantage
(Most features included with the perpetual network stack)
Routing and protocols
RIP, OSPF, BGP, EIGRP, IGRP, IS-IS, On-Demand Routing (ODR), Point-to-Point Protocol (PPP), Multi-Link PPP (MLP),
TR-069, TR069-CWMP, TCP (ECN, Window scaling, MSS) Stream Control Transmission Protocol (SCTP).
Link capabilities
LACP, PAgP, EtherChannel, LLDP, 802.1Q.
High availability
HSRP, FHRP, GLBP (global load balancing).
Essential application experience
IPSLA initiator/responder, echo, jitter, path (ICMP, UDP, and multicast), TCP connect, HTTP, FTP, DHCP, MQC including
classification, policing, re-marking, scheduling; HQoS, NBAR2 (standard protocol packs).
System control capabilities
DNS, Dynamic DNS, NTPv4, Cisco Discovery Protocol, Control Plane Policing (CoPP).
Essential traffic management capabilities
NetFlow, Flexible NetFlow (FNF), IPFIX, performance monitoring, Flexible Packet Matching (FPM), Policy-Based Routing
(PBR), ACL, ARP, DHCP, BDI, NAT, PAT – IPv4/v6, Reverse Path Forwarding (URPF), 802.1P.
Traffic analytics capabilities
Switch Port Analyzer (SPAN).
Programmability and device management
NETCONF/YANG support, Zero Touch Support (PnP/ZTP), EEM Support, RESTCONF, TACACS+, AAA, GNMI, gRPC.
Secure authentication
Public Key Infrastructure (PKI), Challenge Handshake (CHAP) and Password Authentication (PAP), Certificate Authority (CA).
Perimeter security
Zone-based firewall, ACL.
Secure infrastructure
IPsec (point to point).
MACsec support
MACsec Key Agreement Protocol, LAN MACsec (128-bit), WAN MACSec (125-/256-bit).
Platform integrity
Trustworthy system.
Essential multicast features
Bi-Di PIM, IGMP, Protocol Independent Multicast (PIM), mVPN, CGMP, AutoRP, Bootstrap Router (BSR), mroute, MLD (v1, v2),
extending SSM support (PIM-SSM, IGMPv3 with SSM), SSM-Mapping, Multicast Source Discovery Protocol (MSDP).
Essential broadband CPE support
PPP over Ethernet (PPPoE), PPPoA (PPP over ATM) for DSL support, L2TPv2.
Essential tunneling mechanisms
GRE tunnel, IPv6 over v4 and IPv4 over v6 tunnels, per-tunnel QoS.
Network segmentation
Easy Virtual Network (EVN), vRF-Lite, Multi-VRF, VRF support, Cisco TrustSec® (SGT, SGACL, SGX).
802.1X/AAA support
802.1X feature support, RADIUS integration, TACACS/TACACS+ support, SHA-1, SHA-2, MD5.
Essential routing and traffic management capabilities
Connectivity Fault Management (CFM-802.1ag), Operations and Admin Management (OAM - 802.3ah),
E-OAM (op, admin, maint), E-CFM (connectivity fault management).
Threat protection
IPS/IDS, Cisco AMP4, URL Filtering4.
Secure infrastructure (VPN) 1 1
DMVPN, GET VPN, FlexVPN.
Essential Voice/UC features (managed via Cisco Catalyst Center)
CUBE (IP to IP).
Advanced routing and traffic management capabilities
Carrier grade NAT2, Bidirectional Forwarding (BFD).
Operational/management router capabilities
Unidirectional Link Routing (UDLR), guest shell support, application hosting (app hosting on containers).
High availability
Stateful interchassis redundancy.
Traffic analytics capabilities
Encapsulated Remote SPAN (ERSPAN).
Advanced application experience
Application Layer Gateway (ALG), NBAR2 (standard and custom protocol packs), Application Visibility and Control (SD-AVC).
Legacy protocol support
ISDN BRI, X.25 and XOT support, basic CLNS functionality.
Mobile routing
Radio-Aware Routing (RAR, PPPoE based-RFC 5578), mobile IP, Proxy Mobile IP (PMIP), network positioning system.
Advanced multicast features
Multicast Segment Routing, Pragmatic General Multicast (PGM), Router Group Management Protocol (RGMP), multicast
service reflection, multicast VPN.
Advanced metro and carrier Ethernet support
Ethernet local management Interface (ELMI), Ethernet Virtual Circuit (EVC), Ethernet flow point.
Advanced MPLS and VRF support
MPLS Layer 2 and Layer 3 VPN, Layer 2 VPN Pseudowire (PW), Ethernet over MPLS (EoMPLS), Any Transport
over MPLS (AToM), MPLS Traffic Engineering (TE), Label Distribution Protocol (LDP), Virtual Private LAN Services
(VPLS, H-VPLS), EVPN, Segment Routing.
Advanced tunneling mechanisms
ISATAP tunnels, 6RD tunnels, Layer 2 Tunnel Protocol v3 (L2TPv3)3, LAC3, LNS3, Layer 2 Protocol Tunneling (L2PT),
Virtual Private Data Networks (VPDN)3, Layer 2 forwarding, Ethernet over GRE (EoGRE)3.
Advanced IP service-level analysis
VoIP (UDP jitter, RTP, H323, MOS), video ops, TWAMP, monitor, schedule, disc (for LSP), Y.1731, MPLS OAM.
Content routing
Web Cache Routing Protocol (WCCP), object tracking.
Data center interconnect features
Overlay Transport Virtualization (OTV), VRF-Aware Software Infrastructure (VASI), VXLAN.
Advanced Voice/UC features (managed via Cisco Catalyst Center)
Analog cards (FXO/FXS/BRI/E&M) and digital cards (E1/T1), call control (SIP, SIP line “WxC and CUCM”, STCAPP,
MGCP), DSP farm services (media termination point, transcoder and conference), SRST2, CME2.
Cisco innovation
Analog cards (FXO/FXS/BRI/E&M) and digital cards (E1/T1), call control (SIP, SIP line “WxC and CUCM”, STCAPP,
MGCP), DSP farm services (media termination point, transcoder and conference), SRST2, CME2.

1
No SSL VPN support except on Catalyst 8000V Edge Software.
2
Requires purchase of additional licenses.
3
In a BNG or iWAG deployment, these features require a separate and distinct Broadband Feature License apart from the Cisco DNA
subscription license.
4
Supported only with SD-Routing
5
The Cisco Catalyst Cloud SD-WAN Manager subscription provides the right to use the solution only with the cloud controller. The
Cisco Catalyst on-premise SD-WAN Manager subscription provides the right to use the solution only with the on-premise controller.

Cisco Catalyst SD-WAN Manager (SD-Routing) features Catalyst Routing Essentials Cisco DNA Essentials Cisco DNA Advantage
(All features require an active Catalyst Routing or Cisco DNA subscription)
Device management
Zero touch provisioning through Cisco Plug and play, guided workflow for quick connect, Inventory, discovery, topology,
software image management, site management, network settings, credential update, integrity verification, predefined reports.
Monitoring - Network
Dashboards, overall health, network health, site health, topology, pre-canned reports, troubleshooting tools such as
ping, traceroute, speed test, packet capture and Network-wide Path Insights (NWPI).
Monitoring - Applications
Application visibility (name, throughput).
Configuration management
Guided workflows for configuration management and CLI templates.
Software Support Service (SWSS)
Software support services that also offer license portability and ongoing innovation in the subscription software stack, 1 1 1

including 24-hour TAC support.

Premium Support Services
Optional1 Optional1 Optional1
Success Tracks and/or Solution Support.

Advanced monitoring and management

Guided workflow for NGFW (on-box security), Configuration support for DMVPN, GET VPN, FlexVPN.

Cloud OnRamp
BranchConnect for AWS, BranchConnect for Azure.

Security
Management for advanced NGFW and Cloud security.

1
With Cisco DNA software licenses, customers receive embedded SWSS, which covers 24x7x365 Cisco Technical Assistance Center (TAC) support and software release updates. This is valid only for the Cisco DNA
software subscription stacks (Cisco DNA Essentials and Advantage). Embedded SWSS DOES NOT cover the Network Stack.

For full hardware support, including the network stack (Network Essentials/Advantage), customers are required to additionally purchase either Smart Net Total Care on the hardware itself, or Cisco’s premium support
services: Solution Support and/or Success Tracks. These premium services must be purchased on both your Cisco DNA software license and the hardware.

Cisco Catalyst Center features Catalyst Routing Essentials Cisco DNA Essentials Cisco DNA Advantage
(All features require an active Catalyst Routing or Cisco DNA subscription)
Essential Cisco DNA automation – Device management
Inventory, discovery, topology, software image management, site management, network settings, credential update,
integrity verification, template programmer, predefined reports, Plug and Play application.
Cisco DNA assurance – Management and analytics
Dashboards, overall health, network health, client health, topology, pre-canned reports, custom thresholds.
Essential Cisco DNA assurance – Routing and VNF management
Basic router monitoring, basic WAAS monitoring, basic ENFV monitoring (ENCS, UCSE, vRouter, vWAAS).
Essential Cisco DNA assurance
Application visibility (name, throughput).
Software Support Service (SWSS)
Software support services that also offer license portability and ongoing innovation in the subscription software stack, 1 1 1

including 24-hour TAC support.

Premium Support Services
Optional1 Optional1 Optional1
Success Tracks and/or Solution Support.

Essential Cisco DNA automation – Routing and VNF management

Router deployment: day-0 and day-2 changes, NFV provisioning on ENCS and Cisco UCS® E-Series,
Cisco VNF – ISRv, vASA.

Advanced Cisco DNA automation – Device management

Advanced Cisco DNA Automation – device management.

Advanced Cisco DNA automation – Routing and VNF management

IWAN application, security at the edge, VNF management (third party and applications).
Advanced Cisco DNA assurance – Routing and VNF management
360 pages, health score, time travel, targeted insights, neighbor topology, path trace, KPIs, baselining, trends, custom reports
(AppX, SD-Access, Wi-Fi KPIs, etc.), compliance, global insights integrations (Cisco® Unified Communications Manager,
Skype for Business, ETA/SW, Tableau, etc.), router 360, ENFV 360, router underlay insights, ENFV insights.

Advanced Cisco DNA assurance – Application

App health (router, switch, NAM based), app 360, app performance in client/device 360s (jitter, loss, latency).

1
With Cisco DNA software licenses, customers receive embedded SWSS, which covers 24x7x365 Cisco Technical Assistance Center (TAC) support and software release updates. This is valid only for the Cisco DNA software subscription stacks (Cisco DNA Essentials
and Advantage). Embedded SWSS DOES NOT cover the Network Stack.

For full hardware support, including the network stack (Network Essentials/Advantage), customers are required to additionally purchase either Smart Net Total Care on the hardware itself, or Cisco’s premium support services: Solution Support and/or Success Tracks.
These premium services must be purchased on both your Cisco DNA software license and the hardware.

© 2024 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (1110R) C95-742999-17 08/24