Cisco Catalyst and Cisco DNA Software Subscription Matrix for Switching
Network Essentials Network Advantage Cisco Catalyst (DNX) and Cisco DNA Essentials Cisco Catalyst (DNX) and Cisco DNA Advantage
License type Perpetual license compatible with Cisco Catalyst and Cisco DNA Essentials. Cannot be purchased as a standalone license License type Perpetual license compatible with Cisco Catalyst and Cisco DNA Advantage. Cannot be purchased as a standalone license 3/5/7 year term subscription Includes Cisco Catalyst and Cisco DNA Essentials, 3/5/7 year term subscription
Management options Manual, WebUI Manual, WebUI Automation through Cisco Catalyst Center including Manual, WebUI Automation through Cisco Catalyst Center including Manual, WebUI
Network Essentials
License type Perpetual license compatible with Catalyst Essentials. Cannot be purchased as a standalone license
Management options Manual, WebUI
Network Advantage
License type Perpetual license compatible with Catalyst Advantage. Cannot be purchased as a standalone license
Management options Manual, WebUI
Cisco Catalyst (DNX) and Cisco DNA Essentials
License type 3/5/7 year term subscription
Management options Automation through Cisco Catalyst Center including Manual, WebUI
Cisco Catalyst (DNX) and Cisco DNA Advantage
License type Includes Catalyst Essentials, 3/5/7 year term subscription
Management options Automation through Cisco Catalyst Center including Manual, WebUI
Features >

Roll over each feature for more information.

Features >

Roll over each feature for more information.

 Network Essentials
Network Advantage
Cisco DNA Essentials
Cisco Catalyst Essentials (DNX)
Cisco DNA Advantage
Cisco Catalyst Advantage (DNX)
Optional
Optional
Optional
Optional
Included with Cisco Catalyst software subscription (DNX)
Included with Cisco Catalyst software subscription (DNX)
Not included
Not included
Optional (recommended)
Optional (recommended)
Optional (recommended)
Optional (recommended)

The Cisco DNA Expansion Pack is a flexible way to purchase Cisco ISE, Cisco Spaces, Secure Network Analytics (Stealthwatch), ThousandEyes and other licenses, appliances, and services in one convenient bundle. Enhance your Cisco networking solutions such as SD-Access, Zero Trust solutions, Encrypted Traffic Analytics (ETA), location analytics, and assurance. You can add the pack to your Cisco DNA software licenses and choose the license count that fits your needs.

For more details, contact a Cisco sales or Cisco registered partner.

Does not require Cisco Catalyst Center. * Not supported on all platforms. ** Cisco ThousandEyes Network and Application Synthetics entitlements will be provided as described in ThousandEyes with Cisco Catalyst 9000 Switches. *** Supported on Network Advantage from Cisco IOS XE Fuji 16.9.7 onwards. Prior to Cisco IOS Fuji XE 16.9.7, Cisco Catalyst or Cisco DNA Advantage is also required. **** Not applicable for Catalyst 9200 series.

Layer 2, routed access, OSPF, PBR, PIM Stub Multicast, PVLAN, VRRP, PBR, Cisco Discovery Protocol, QoS, FHS, 802.1X, MACsec-128, CoPP, SXP, IP SLA responder, SSO, StackWise (Catalyst 9300/9200).

L3 Routed access (RIP, EIGRP Stub, OSPF (1000 routes)).

Model-driven programmability lets you automate configuration and control of your network devices with programmable interfaces.

Configure 128-bit MACsec for authenticating and encrypting packets between MACsec-capable devices.

Manual/CLI or WebUI configuration of SPAN, RSPAN for providing near real-time access to operational statistics. No automation through Cisco Catalyst Center.

Model-driven telemetry lets you monitor your network by streaming data from network devices, continuously providing near-real-time access to operational statistics.

Help ensure hardware and software authenticity for supply chain trust and strong mitigation against man-in-the-middle attacks that compromise software and firmware.

Manually manage software upgrades and control the consistency of image versions through CLI or WebUI. Automation through Cisco Catalyst Center not supported.

BGP*, OSPF, IS-IS*.

VRF*, VXLAN, LISP,* SGT, MPLS*, BGP-EVPN with VXLAN*.

Support operational continuity and maintain availability during routine maintenance, and perform disaster recovery. NSF*, GIR*, HSRP, Stackwise Virtual*, ISSU*/eFSU*.

Manual/CLI operations or through WebUI only. Automation through Cisco Catalyst Center not supported.

Multicast is used between routers so they can track which multicast packets to forward to each other and to their directly connected LANs. RP Discovery*, PIM BI-DIR*.

Configure 256-bit MACsec* for authenticating and encrypting packets between MACsec-capable devices.

Timing and synchronization for time sensitive applications with PTPv2 as default profile (IEEE 1588v2/PTPv2, gPTP (IEEE 802.1AS), AES67 and G8275.1 profiles with less than 100 nano seconds precision.

Cisco AVB simplifies digitization of audio and video and offers superior quality of experience with standards like IEEE1588v2 PTPv2, AES67 timing profile.

Software services-enabled license portability lets your software licenses stay current through hardware upgrades and replacements at no additional cost.

This next generation in flow technology optimizes the network infrastructure, reducing operating costs and improving capacity planning and security incident detection. (License is required for Manual/CLI, WebUI or automated Cisco Catalyst Center configuration).

Automate software upgrades and control the consistency of image versions through Cisco Catalyst Center.

Automate configurations and deployment of networks with Cisco Catalyst Center.

Gives a high-level overview of the health of every network device/client on the network, wired and wireless, through Cisco Catalyst Center or cloud monitoring for Catalyst.

Gives a high-level overview of the health of wired network devices/clients on the network, managed by Cisco Catalyst Center.

Zero-touch provisioning for new device installation of Cisco devices to be provisioned simply by connecting to the network, managed by Cisco Catalyst Center.

This software-defined, controller-less solution enables Bonjour services discovery and advertisement at for local cache discovery and distribution functions between VLANs. License is required for both manual/CLI configuration or automation through Cisco Catalyst Center.

Cisco Catalyst Center pre-built reports that can be consumed directly or exported to third-party tools such as Tableau.

Supports intent-based workflows for simplified wireless deployment and automation, managed by Cisco Catalyst Center appliance.

Create policies based on business intent for a particular part of the network that are network- and device-specific, adjusted dynamically to guarantee services, managed by Cisco Catalyst Center.

Gives a high-level overview of the health of every network device/client on the network, wired and wireless, Cisco and Meraki, managed by Cisco Catalyst Center.

Provides operational status of every network device connected to Cisco Catalyst Center, with suggested remediation for any communication issues, managed by Cisco Catalyst Center.

Displays operational status of every client connected to Cisco DNA Center, with suggested remediation for any issues, managed by Cisco Catalyst Center.

Displays overall health of all applications on the network, with special section for business-relevant application issues and suggested remediation, managed by Cisco Catalyst Center.

Enables network devices to send near-real-time telemetry information to Cisco Catalyst Center.

Zero-touch provisioning for new device installation allows off-the-shelf Cisco devices to be provisioned simply by connecting to the network, managed by Cisco Catalyst Center.

Enables policy-based automation with secure segmentation, complete visibility, and delivery of new services quickly on SD-Access devices, managed by Cisco Catalyst Center only.

Any Cisco or a third-party controller orchestrating a Fabric like EVPN, MPLS etc.

Achieve faster deployment of zero-trust network security solutions such as SD-Access, Client Assurance, and network authentication/authorization. ISE license quantity depends on switch model.

Automated management of SMU/Patches patching by Cisco Catalyst Center.

Compliance reports managed by Cisco Catalyst Center.

Display devices and client connectivity from any angle or context, providing for very granular troubleshooting in seconds.

Fabric technology is an integral part of SD-Access. Fabric-enabled wireless is a deployment option, managed by Cisco Catalyst Center only.

Assign policies to applications based on business relevance and business-critical QoS priority for life-saving devices, manual through CLI or automation through Cisco Catalyst Center.

Allows third-party applications to be hosted in a secure container environment on the switch. License is required for both manual/CLI configuration or automation through Cisco Catalyst Center.

Detect malware within encrypted traffic. License is required for both manual/CLI configuration or automation through Cisco Catalyst Center.

This software-defined, controller-based solution enables Bonjour services discovery and advertisement at scale across multiple domains. License is required for both manual/CLI configuration or automation through Cisco Catalyst Center.

Monitor and re-direct traffic. License is required for both manual/CLI configuration or automation through Cisco Catalyst Center.

Packet capture for analysis. License is required for both manual/CLI configuration or automation through Cisco Catalyst Center.

Gain application visibility and control through Next-Generation Network-Based Application Recognition. License is required for both manual/CLI configuration or automation through Cisco Catalyst Center.

Provides a single integrated solution for comprehensive lifecycle management of the wired or wireless access, campus, and branch networks, and rich visibility into end-user connectivity and application performance assurance issues. Only available on the Catalyst 9000 Switches, not on legacy Switches.

Packet capture for analysis. License is required for both manual/CLI configuration or automation through Cisco Catalyst Center.

Gain application visibility and control through Next-Generation Network-Based Application Recognition. License is required for both manual/CLI configuration or automation through Cisco Catalyst Center.

Provides a single integrated solution for comprehensive lifecycle management of the wired or wireless access, campus, and branch networks, and rich visibility into end-user connectivity and application performance assurance issues.

Gain application visibility and control through Next-Generation Network-Based Application Recognition. Does not require Cisco Catalyst Center. Not supported on Cisco Catalyst 9200 Series switches.

Encrypted Traffic Analytics detects malware within encrypted traffic. Manufacturer user description validates the IoT device, extends trust, and applies policy to the device. Does not require Cisco Catalyst Center. Not supported on Cisco Catalyst 9200 Series switches.

Gain complete security and threat containment, managed by Cisco DNA Center.

Detect malware within encrypted traffic. License is required for both manual/CLI configuration or automation through Cisco Catalyst Center. Includes Stealthwatch Flow Rate License, Virtual Stealthwatch Management Console, and Virtual Flow Collectors.

Multi-Cisco Catalyst Center Management and LAN/Campus Service Automation for Switching Infrastructure

Enables policy-based automation with secure segmentation, complete visibility, and delivery of new services quickly on SD-Access devices, managed by Cisco DNA Center only.

90 days of Cisco TAC support; local business hours, 8x5; hardware replacement (next business day where available); Warranty duration is lifespan of hardware product.

Software support service in the subscription software stack includes TAC support and software updates and upgrades in Cisco Catalyst Center.

  • 24x7 access to the Cisco TAC for hardware issues
  • 60-minute TAC response objective for severity 1 and 2 service requests
  • TAC response objective for severity levels 3 and 4 service requests:
    • 60 minutes during business hours
    • Next Business Day during business hours if the request is made outside of business hours
  • OS updates
  • Self-help resources (tools, documentation, and videos) via Cisco.com
  • Return materials authorization (RMA) with eight service level options

  • 24x7 access to the Cisco TAC phone support for software and hardware issues: Cisco Catalyst Software for Switching, Catalyst 9000 Switches, and the OS.
  • 4-hr TAC response objective for severity 1 and 2 service requests.
  • Next business day TAC response objective for severity 3 and 4 service requests.
  • Access to the CX Cloud base experience: step-by-step adoption task lists and success tips, asset and license views, and case management.
  • Software and OS updates.
  • Self-help resources (documentation and videos) via Cisco.com Hardware replacements with a next business day service level are accessed via the Catalyst 9000 Extended Lifetime Warranty (E-LLW).

Automated provisioning of a new Cisco switch using the Zero Touch Provisioning functionality built into the switch.

Industry-standard network segmentation and extension solution for enterprise campus networks.

Industry-standard micro-segmentation solution extending policy-plane across BGP EVPN VXLAN fabric.

Comprehensive application flow visibility for overlay Macro and Micro-segmented BGP EVPN VXLAN fabric networks.

Flood-free service-oriented mDNS service-routing solution for EVPN users and devices enabling immersive user-experience in enterprise campus networks.

Encrypted EVPN fabric solution across LAN and WAN with Industry-standard IPSec Underlay transport.

Deliver superior network and application experience with Cisco ThousandEyes, now integrated into Cisco Catalyst 9300 and 9400 Series switches.

AI and machine learning technologies are implemented on Cisco Catalyst Center and in the AI Network Analytics cloud to enhance the insight and remediation capabilities of Cisco Assurance.

Identify and check compliance of endpoints, and use AI/ML techniques to classify them into groups.

Get visual traffic flows between endpoint groups, so you can define the right segmentation policies.

Get visual traffic flows between endpoint groups, so you can define the right segmentation policies.

Verifies that connected endpoints are legitimate. Use this information to define security policies that isolate rogue or compromised endpoints to reduce threat proliferation.

Verifies that connected endpoints are legitimate. Use this information to define security policies that isolate rogue or compromised endpoints to reduce threat proliferation.

Makes segmentation policy simpler by discovering traffic flows between scalable groups to determine the right policies.

Supports 100G+ HW encryption for high-bandwidth secure L3 transport between sites or from cloud to site.

Allows IT to give end-users control of their very own wireless network partition. End-users can then remotely and securely deploy their devices on this network.

EEM is a powerful and flexible subsystem that provides real-time network event detection and onboard automation. It gives you the ability to adapt the behavior of your network devices to align with your business needs.

A flexible framework is provided to integrate third-party application software.

A powerful, end-to-end, indoor location services cloud platform that unlock insights and trends into customer, employee and asset behavior. Available for Cisco Catalyst 9300 and 9400 Series Switches.

A powerful end-to-end, indoor location services cloud platform that extends platform capabilities via integrations and partner applications. Includes Cisco Spaces See. Available for Cisco Catalyst 9300 and 9400 Series Switches.

Offers cloud monitoring options with Cisco Catalyst 9000 switches to deliver visibility and troubleshooting.

  • Get streamlined support across software, hardware, and providers for faster complex issue resolution
  • Improve operational efficiency and reduce risk with proactive and predictive analytics-driven insights
  • Speed adoption with personalized use case guidance
  • Avoid adoption pitfalls with best practices and one-on-one consulting
  • Return materials authorization (RMA) with eight service level options