Cisco DNA Software Expansion Pack for Switching
Segment your network for security, compliance, and complex processes and centralize policy management
DNA Software Expansion Pack for Switching
Purchase the following add-on Cisco licenses, appliances, and services along with a Cisco DNA Essentials or Advantage license, using one convenient ordering menu.
Cisco DNA Expansion Pack is a flexible way to purchase Cisco ISE, Cisco DNA Spaces, Secure Network Analytics (Stealthwatch), ThousandEyes and other licenses, appliances, and services in one convenient bundle. Enhance your Cisco networking solutions such as SD-Access, Zero Trust solutions, Encrypted Traffic Analytics (ETA), location analytics, and assurance. You can add the pack to your Cisco DNA software licenses and choose the license count that fits your needs.
Unlock value with software
Cisco DNA Software subscriptions can help your IT team keep pace with your network's expanding demands. Purchase subscriptions individually or through a Cisco Enterprise Agreement (EA).
Automate with confidence
Provide access to users, devices, and applications, without shortchanging security.
Gain visibility
Detect threats hidden in encrypted network traffic and respond quickly with security embedded in the access network.
Make your network smarter
Quickly troubleshoot and convert data into business and IT insights.
Secure with ease
Help keep users, devices, and application traffic secure with continuous zero trust.
See what you can do with Cisco DNA Software for Switching
Learn how innovative software features enhance the usability of Cisco Catalyst switches to support your move to hybrid work.
- Thousand Eyes Observability
- WebEx Application Experience
- PoE Analytics.
Compare Cisco DNA Software licensing tiers
Cisco DNA Software
Essentials
Get networking essentials, including basic automation, monitoring, and easy management.
Features include:
- Basic automation
- Monitoring
- Centralized management
Cisco DNA Software
Advantage
Get all Cisco DNA Essentials features plus advanced segmentation, artificial intelligence and machine learning (AI/ML) analytics, and complete visibility with Cisco ThousandEyes.
Includes all features of Essentials, plus:
- Policy-based automation with software-defined access
- Assurance and AI network analytics
- Complete visibility with Cisco ThousandEyes
- Cisco Spaces for smart buildings
Optional add-on
Expansion Pack
Purchase the following add-on Cisco licenses, appliances, and services along with a Cisco DNA Essentials or Advantage license, using one convenient ordering menu.
Available for:
- Cisco Identity Services Engine (ISE)
- Secure Network Analytics (Stealthwatch)
- Cisco Spaces
- Cisco ThousandEyes
Network Essentials
- License type:Perpetual license compatible with Cisco DNA Essentials. Cannot be purchased as a standalone license
- Management options: Manual, Web UI
Network Advantage
- License type: Perpetual license compatible with Cisco DNA Advantage. Cannot be purchased as a standalone license
- Management options: Manual, Web UI
Cisco DNA Essentials
- License type: 3/5/7 year term subscription
- Management options: Automation through Cisco DNA Center including Manual, WebUI
Cisco DNA Advantage
- License type: Includes Cisco DNA Essentials, 3/5/7 year term subscription
- Management options: Automation through Cisco DNA Center including Manual, WebUI
FeatureRoll over each feature for more information. |
||||
| Network Essentials | Network Advantage | Cisco DNA Essentials | Cisco DNA Advantage | |
| Essential switch capabilities Layer 2, routed access, OSPF, PBR, PIM Stub Multicast, PVLAN, VRRP, PBR, Cisco Discovery Protocol, QoS, FHS, 802.1X, MACsec-128, CoPP, SXP, IP SLA responder, SSO, StackWise (Catalyst 9300/9200). |
⊛ | ⊛ | ||
| L3 Routed access L3 Routed access (RIP, EIGRP Stub, OSPF (1000 routes)) |
⊛ | ⊛ | ||
| Programmability, NETCONF/RESTCONF/gRPC/YANG Model-driven programmability lets you automate configuration and control of your network devices with rogrammable interfaces. |
⊛ | ⊛ | ||
| Zero Touch Provisioning Automated provisioning of a new Cisco switch using the Zero Touch Provisioning functionality built into the switch. |
⊛ | ⊛ | ||
| 128-bit MACsec encryption Configure 128-bit MACsec for authenticating and encrypting packets between MACsec-capable devices. |
⊛ | ⊛ | ||
| Advanced telemetry SPAN, RSPAN Manual/CLI or WebUI configuration of SPAN, RSPAN for providing near real-time access to operational statistics. No automation through Cisco DNA Center. |
⊛ | ⊛ | ||
| Streaming telemetry and visibility Model-driven telemetry lets you monitor your network by streaming data from network devices, continuously providing near-real-time access to operational statistics. |
⊛ | ⊛ | ||
| Cisco Trustworthy Solutions Help ensure hardware and software authenticity for supply chain trust and strong mitigation against man-in-the-middle attacks that compromise software and firmware. |
⊛ | ⊛ | ||
| Software Image Management (SWIM) Manually manage software upgrades and control the consistency of image versions through CLI or WebUI. Automation through Cisco DNA Center not supported. |
⊛ | ⊛ | ||
| Full L3 routing functionality BGP*, OSPF, IS-IS*. |
⊛ | |||
| Flexible network segmentation VRF*, VXLAN, LISP,* SGT, MPLS*, BGP-EVPN with VXLAN* |
⊛ | |||
| High availability Support operational continuity and maintain availability during routine maintenance, and perform disaster recovery. NSF*, GIR*, HSRP, Stackwise Virtual*, ISSU*/eFSU* |
⊛ | |||
| Patch/SMU lifecycle management*** Manual/CLI operations or through WebUI only. Automation through Cisco DNA Center not supported. |
⊛ | |||
| Optimize bandwidth utilization (Advanced Multicast) Multicast is used between routers so they can track which multicast packets to forward to each other and to their directly connected LANs. RP Discovery*, PIM BI-DIR*. |
⊛ | |||
| 256-bit MACsec encryption Configure 256-bit MACsec* for authenticating and encrypting packets between MACsec-capable devices. |
⊛ | |||
| Precision Time Protocol Timing and synchronization for time sensitive applications with PTPv2 as default profile (IEEE 1588v2/PTPv2, gPTP (IEEE 802.1AS), AES67 and G8275.1 profiles with less than 100 nano seconds precision. |
⊛ | |||
| Audio Video Bridging Cisco AVB simplifies digitization of audio and video and offers superior quality of experience with standards like IEEE1588v2 PTPv2, AES67 timing profile |
⊛ | |||
| Full Flexible NetFlow This next generation in flow technology optimizes the network infrastructure, reducing operating costs and improving capacity planning and security incident detection. (License is required for Manual/CLI, WebUI or automated Cisco DNA Center configuration). |
⊛ | |||
| Cisco IOS Embedded Event Manager (EEM) EEM is a powerful and flexible subsystem that provides real-time network event detection and onboard automation. It gives you the ability to adapt the behavior of your network devices to align with your business needs. |
⊛ | |||
| Software Image Management (SWIM) Automate software upgrades and control the consistency of image versions through Cisco DNA Center. |
||||
| Overall health dashboard Gives a high-level overview of the health of every network device/client on the network, wired and wireless, through Cisco DNA Center or cloud monitoring for Catalyst. |
⊛ | |||
| Overall health dashboard for Device, Network, Application and Client for 24 hours only Gives a high-level overview of the health of wired network devices/clients on the network, managed by Cisco DNA Center. |
||||
| Network Plug and Play (PnP) provisioning application Zero-touch provisioning for new device installation of Cisco devices to be provisioned simply by connecting to the network, managed by Cisco DNA Center. |
||||
| Cisco DNA Service for Bonjour LAN This software-defined, controller-less solution enables Bonjour services discovery and advertisement at for local cache discovery and distribution functions between VLANs. License is required for both manual/CLI configuration or automation through Cisco DNA Center |
⊛ | |||
| Out of box reports Cisco DNA Center pre-built reports that can be consumed directly or exported to third party tools such as Tableau. |
||||
| Cloud monitoring for Catalyst Offers cloud monitoring options with Cisco Catalyst 9000 switches to deliver visibility and troubleshooting. |
⊛ Limited visibility |
|||
| Cisco Spaces Extend A powerful end-to-end, indoor location services cloud platform that extends platform capabilities via integrations and partner applications. Includes Cisco Spaces See. Available for Cisco Catalyst 9300 and 9400 Series Switches. |
⊛ | |||
| Cisco ThousandEyes Network and Application Synthetics** Deliver superior network and application experience with Cisco ThousandEyes, now integrated into Cisco Catalyst 9300 and 9400 Series switches. |
⊛ | |||
| Controller Orchestrated Fabric Management and Configuration Any Cisco or a third party controller orchestrating a Fabric like EVPN, MPLS etc. |
⊛ | |||
| Fabric, Segmentation, and eWC Enables policy-based automation with secure segmentation, complete visibility, and delivery of new services quickly on SD-Access devices, managed by Cisco DNA Center only. |
||||
| Cisco AI Network Analytics AI and machine learning technologies are implemented on Cisco DNA Center and in the AI Network Analytics cloud to enhance the insight and remediation capabilities of Cisco DNA Assurance. |
||||
| AI Endpoint Analytics Identify and check compliance of endpoints, and use AI/ML techniques to classify them into groups. |
⊛ | |||
| Group-Based Policy Analytics Makes segmentation policy simpler by discovering traffic flows between scalable groups to determine the right policies. |
⊛ | |||
| AI Trust Analytics Verifies that connected endpoints are legitimate. Use this information to define security policies that isolate rogue or compromised endpoints to reduce threat proliferation. |
⊛ | |||
| LAN automation Automate configurations and deployment of networks with Cisco DNA Center. |
||||
| Patch/SMU lifecycle management Automated management of SMU/Patches patching by Cisco DNA Center. |
||||
| Compliance Compliance reports managed by Cisco DNA Center. |
||||
| IPsec Supports 100G+ HW encryption for high-bandwidth secure L3 transport between sites or from cloud to site. |
⊛ | |||
| Device 360, Client 360, and Network Health Insights Display devices and client connectivity from any angle or context, providing for very granular troubleshooting in seconds. |
||||
| Application policy creation Assign policies to applications based on business relevance and business-critical QoS priority for life-saving devices, manual through CLI or automation through Cisco DNA Center. |
⊛ | |||
| Application hosting Allows third-party applications to be hosted in a secure container environment on the switch. License is required for both manual/CLI configuration or automation through Cisco DNA Center. |
⊛ | |||
| Third-party API integration A flexible framework is provided to integrate third-party application software. |
⊛ | |||
| Encrypted Traffic Analytics (ETA)*: (No Stealthwatch License Included) Detect malware within encrypted traffic. License is required for both manual/CLI configuration or automation through Cisco DNA Center. |
⊛ | |||
| Cisco DNA Service for Bonjour WAN This software-defined, controller-based solution enables Bonjour services discovery and advertisement at scale across multiple domains. License is required for both manual/CLI configuration or automation through Cisco DNA Center. |
⊛ | |||
| ERSPAN* Monitor and re-direct traffic. License is required for both manual/CLI configuration or automation through Cisco DNA Center. |
⊛ | |||
| Wireshark* Packet capture for analysis. License is required for both manual/CLI configuration or automation through Cisco DNA Center. |
⊛ | |||
| AVC (NBAR2)* Gain application visibility and control through Next-Generation Network-Based Application Recognition. License is required for both manual/CLI configuration or automation through Cisco DNA Center. |
⊛ | |||
| Cisco Prime Infrastructure License Provides a single integrated solution for comprehensive lifecycle management of the wired or wireless access, campus, and branch networks, and rich visibility into end-user connectivity and application performance assurance issues. Only available on the Catalyst 9000 switches, not on legacy switches. |
⊛ | |||
| Support | Network Essentials | Network Advantage | Cisco DNA Essentials | Cisco DNA Advantage |
| E-LLW 90 days of Cisco TAC support; local business hours, 8x5; Hardware replacement (next business day where available); Warranty duration is lifespan of hardware product; OS software updates and upgrades. |
||||
| SWSS Software Support Service in the subscription software stack and OS software on the AP (requires SNTC on the WLC), and includes 24-hour TAC support and software updates and upgrades in Cisco DNA Center. |
||||
| SNTC Smart Net Total Care, 24-hour hardware and network software stack support provided by TAC. |
Optional | Optional | ||
⊛ Does not require Cisco DNA Center.
* Not supported on all platforms.
** Each Catalyst 9300 or 9400 Cisco DNA Advantage subscription entitles the customer to run up to a maximum of 110,000 units per month of ThousandEyes test capacity per Customer Organization, regardless of the number of purchased Cisco DNA Advantage licenses. ThousandEyes Cloud Agent access is not included in the Cisco DNA license entitlement. Test capacity can be increased and Cloud Agents accessed with purchase of additional ThousandEyes Network and Application Synthetics. The Cisco DNA license entitlements will ONLY be provisioned in Customer Organizations on the usage billing model. Customer Organizations on the legacy metered billing model are ineligible. “Customer Organization” means Customer and its Affiliates (as defined in the Cisco End User License Agreement) collectively who are Cisco DNA Advantage license holders.
*** Supported on Network Advantage from Cisco IOS XE Fuji 16.9.7 onwards. Prior to Cisco IOS Fuji XE 16.9.7, Cisco DNA Advantage is also required.
Benefits
The Cisco DNA Expansion Pack is a flexible way to purchase Cisco ISE, Cisco DNA Spaces, Secure Network Analytics (Stealthwatch), ThousandEyes, and other licenses, appliances, and services, using one convenient “point and click” ordering menu. This optional pack can be purchased along with a Cisco DNA Essentials license or a Cisco DNA Advantage license, or on its own.
Build your complete solution
The Cisco DNA Expansion Pack provides a convenient way for you to buy what you need for a full Cisco DNA software solution. The pack provides flexibility to configure necessary product options within the quote.
- Cisco DNA Spaces delivers location analytics to gain more insights into the behavior of people and things.
- ThousandEyes allows you to instantly identify what is impacting user experiences across any domain—even those that you do not own or control.
- Cisco Identity Services Engine (ISE) enables a dynamic and automated approach to policy enforcement that simplifies the delivery of highly secure network access control.
- Cisco Secure Network Analytics (Stealthwatch) provides pervasive network visibility and sophisticated security analytics for advanced protection.
All of these licenses would co-terminate. You can add this expansion pack to your Cisco DNA Advantage or Essentials licenses, but you do not need Cisco DNA software licenses to purchase the pack.
| Cisco Identity Services Engine 3.x (On-Prem/Cloud) | Secure Network Analytics (Stealthwatch) (On-Prem/Cloud) | Cisco DNA Spaces (Cloud) | Cisco ThousandEyes for observability |
|---|---|---|---|
Physical/Virtual Appliances Software Licenses* Software Licenses (Cloud)* Quick Start Services |
Physical/Virtual Appliances Flow Licenses On-Prem* Flow Licenses Cloud* Quick Start Services |
Cisco DNA Spaces Cisco DNA Spaces ACT Upgrade |
Cisco ThousandEyes Cloud and Enterprise Agents End User Monitoring Internet Insights |
*Basic support included