 
      Cisco DNA Software Expansion Pack for Switching
        Segment your network for security, compliance, and complex processes and centralize policy management
      
      DNA Software Expansion Pack for Switching
Purchase the following add-on Cisco licenses, appliances, and services along with a Cisco DNA Essentials or Advantage license, using one convenient ordering menu.
 
          Cisco DNA Expansion Pack is a flexible way to purchase Cisco ISE, Cisco DNA Spaces, Secure Network Analytics (Stealthwatch), ThousandEyes and other licenses, appliances, and services in one convenient bundle. Enhance your Cisco networking solutions such as SD-Access, Zero Trust solutions, Encrypted Traffic Analytics (ETA), location analytics, and assurance. You can add the pack to your Cisco DNA software licenses and choose the license count that fits your needs.
Unlock value with software
Cisco DNA Software subscriptions can help your IT team keep pace with your network's expanding demands. Purchase subscriptions individually or through a Cisco Enterprise Agreement (EA).
Automate with confidence
Provide access to users, devices, and applications, without shortchanging security.
Gain visibility
Detect threats hidden in encrypted network traffic and respond quickly with security embedded in the access network.
Make your network smarter
Quickly troubleshoot and convert data into business and IT insights.
Secure with ease
Help keep users, devices, and application traffic secure with continuous zero trust.
See what you can do with Cisco DNA Software for Switching
Learn how innovative software features enhance the usability of Cisco Catalyst switches to support your move to hybrid work.
- Thousand Eyes Observability
- WebEx Application Experience
- PoE Analytics.
Compare Cisco DNA Software licensing tiers
Cisco DNA Software Essentials
Get networking essentials, including basic automation, monitoring, and easy management.
Features include:
- Basic automation
- Monitoring
- Centralized management
Cisco DNA Software Advantage
Provides all functionality of Essentials, plus policy-based automation with software-defined access, monitoring, assurance, location analytics, and AI network analytics.
Includes all features of Essentials, plus:- Policy-based automation with Cisco Software-Defined
- Access Assurance and AI network analytics
- Location analytics with Cisco Spaces
- Detection and mitigation of security threats
Optional add-on Expansion Pack
Purchase the following add-on Cisco licenses, appliances, and services along with a Cisco DNA Essentials or Advantage license.
Available for:
- Cisco Identity Services Engine (ISE)
- Secure Network Analytics (Stealthwatch)
- Cisco Spaces
- Cisco ThousandEyes
Network Essentials
- License type: Perpetual license compatible with Cisco DNA Essentials. Cannot be purchased as a standalone license
- Management options: Manual, Web UI
Network Advantage
- License type: Perpetual license compatible with Cisco DNA Advantage. Cannot be purchased as a standalone license
- Management options: Manual, Web UI
Cisco DNA Essentials
- License type: 3/5/7 year term subscription
- Management options: Automation through Cisco DNA Center including Manual, WebUI
Cisco DNA Advantage
- License type: Includes Cisco DNA Essentials, 3/5/7 year term subscription
- Management options: Automation through Cisco DNA Center including Manual, WebUI
| FeatureRoll over each feature for more information. | ||||
| Network Essentials | Network Advantage | Cisco DNA Essentials | Cisco DNA Advantage | |
| Essential switch capabilities Layer 2, routed access, OSPF, PBR, PIM Stub Multicast, PVLAN, VRRP, PBR, Cisco Discovery Protocol, QoS, FHS, 802.1X, MACsec-128, CoPP, SXP, IP SLA responder, SSO, StackWise (Catalyst 9300/9200). | ⊛ | ⊛ | ||
| L3 Routed access L3 Routed access (RIP, EIGRP Stub, OSPF (1000 routes)) | ⊛ | ⊛ | ||
| Programmability, NETCONF/RESTCONF/gRPC/YANG Model-driven programmability lets you automate configuration and control of your network devices with rogrammable interfaces. | ⊛ | ⊛ | ||
| Zero Touch Provisioning Automated provisioning of a new Cisco switch using the Zero Touch Provisioning functionality built into the switch. | ⊛ | ⊛ | ||
| 128-bit MACsec encryption Configure 128-bit MACsec for authenticating and encrypting packets between MACsec-capable devices. | ⊛ | ⊛ | ||
| Advanced telemetry SPAN, RSPAN Manual/CLI or WebUI configuration of SPAN, RSPAN for providing near real-time access to operational statistics. No automation through Cisco DNA Center. | ⊛ | ⊛ | ||
| Streaming telemetry and visibility Model-driven telemetry lets you monitor your network by streaming data from network devices, continuously providing near-real-time access to operational statistics. | ⊛ | ⊛ | ||
| Cisco Trustworthy Solutions Help ensure hardware and software authenticity for supply chain trust and strong mitigation against man-in-the-middle attacks that compromise software and firmware. | ⊛ | ⊛ | ||
| Software Image Management (SWIM) Manually manage software upgrades and control the consistency of image versions through CLI or WebUI. Automation through Cisco DNA Center not supported. | ⊛ | ⊛ | ||
| Full L3 routing functionality BGP*, OSPF, IS-IS*. | ⊛ | |||
| Flexible network segmentation VRF*, VXLAN, LISP,* SGT, MPLS*, BGP-EVPN with VXLAN* | ⊛ | |||
| High availability Support operational continuity and maintain availability during routine maintenance, and perform disaster recovery. NSF*, GIR*, HSRP, Stackwise Virtual*, ISSU*/eFSU* | ⊛ | |||
| Patch/SMU lifecycle management*** Manual/CLI operations or through WebUI only. Automation through Cisco DNA Center not supported. | ⊛ | |||
| Optimize bandwidth utilization (Advanced Multicast) Multicast is used between routers so they can track which multicast packets to forward to each other and to their directly connected LANs. RP Discovery*, PIM BI-DIR*. | ⊛ | |||
| 256-bit MACsec encryption Configure 256-bit MACsec* for authenticating and encrypting packets between MACsec-capable devices. | ⊛ | |||
| Precision Time Protocol Timing and synchronization for time sensitive applications with PTPv2 as default profile (IEEE 1588v2/PTPv2, gPTP (IEEE 802.1AS), AES67 and G8275.1 profiles with less than 100 nano seconds precision. | ⊛ | |||
| Audio Video Bridging Cisco AVB simplifies digitization of audio and video and offers superior quality of experience with standards like IEEE1588v2 PTPv2, AES67 timing profile | ⊛ | |||
| Full Flexible NetFlow This next generation in flow technology optimizes the network infrastructure, reducing operating costs and improving capacity planning and security incident detection. (License is required for Manual/CLI, WebUI or automated Cisco DNA Center configuration). | ⊛ | |||
| Cisco IOS Embedded Event Manager (EEM) EEM is a powerful and flexible subsystem that provides real-time network event detection and onboard automation. It gives you the ability to adapt the behavior of your network devices to align with your business needs. | ⊛ | |||
| Software Image Management (SWIM) Automate software upgrades and control the consistency of image versions through Cisco DNA Center. | ||||
| Overall health dashboard Gives a high-level overview of the health of every network device/client on the network, wired and wireless, through Cisco DNA Center or cloud monitoring for Catalyst. | ⊛ | |||
| Overall health dashboard for Device, Network, Application and Client for 24 hours only Gives a high-level overview of the health of wired network devices/clients on the network, managed by Cisco DNA Center. | ||||
| Network Plug and Play (PnP) provisioning application Zero-touch provisioning for new device installation of Cisco devices to be provisioned simply by connecting to the network, managed by Cisco DNA Center. | ||||
| Cisco DNA Service for Bonjour LAN This software-defined, controller-less solution enables Bonjour services discovery and advertisement at for local cache discovery and distribution functions between VLANs. License is required for both manual/CLI configuration or automation through Cisco DNA Center | ⊛ | |||
| Out of box reports Cisco DNA Center pre-built reports that can be consumed directly or exported to third party tools such as Tableau. | ||||
| Cloud monitoring for Catalyst Offers cloud monitoring options with Cisco Catalyst 9000 switches to deliver visibility and troubleshooting. | ⊛ Limited visibility | |||
| Cisco Spaces Extend A powerful end-to-end, indoor location services cloud platform that extends platform capabilities via integrations and partner applications. Includes Cisco Spaces See. Available for Cisco Catalyst 9300 and 9400 Series Switches. | ⊛ | |||
| Cisco ThousandEyes Network and Application Synthetics** Deliver superior network and application experience with Cisco ThousandEyes, now integrated into Cisco Catalyst 9300 and 9400 Series switches. | ⊛ | |||
| Controller Orchestrated Fabric Management and Configuration Any Cisco or a third party controller orchestrating a Fabric like EVPN, MPLS etc. | ⊛ | |||
| Fabric, Segmentation, and eWC Enables policy-based automation with secure segmentation, complete visibility, and delivery of new services quickly on SD-Access devices, managed by Cisco DNA Center only. | ||||
| Cisco AI Network Analytics AI and machine learning technologies are implemented on Cisco DNA Center and in the AI Network Analytics cloud to enhance the insight and remediation capabilities of Cisco DNA Assurance. | ||||
| AI Endpoint Analytics Identify and check compliance of endpoints, and use AI/ML techniques to classify them into groups. | ⊛ | |||
| Group-Based Policy Analytics Makes segmentation policy simpler by discovering traffic flows between scalable groups to determine the right policies. | ⊛ | |||
| AI Trust Analytics Verifies that connected endpoints are legitimate. Use this information to define security policies that isolate rogue or compromised endpoints to reduce threat proliferation. | ⊛ | |||
| LAN automation Automate configurations and deployment of networks with Cisco DNA Center. | ||||
| Patch/SMU lifecycle management Automated management of SMU/Patches patching by Cisco DNA Center. | ||||
| Compliance Compliance reports managed by Cisco DNA Center. | ||||
| IPsec Supports 100G+ HW encryption for high-bandwidth secure L3 transport between sites or from cloud to site. | ⊛ | |||
| Device 360, Client 360, and Network Health Insights Display devices and client connectivity from any angle or context, providing for very granular troubleshooting in seconds. | ||||
| Application policy creation Assign policies to applications based on business relevance and business-critical QoS priority for life-saving devices, manual through CLI or automation through Cisco DNA Center. | ⊛ | |||
| Application hosting Allows third-party applications to be hosted in a secure container environment on the switch. License is required for both manual/CLI configuration or automation through Cisco DNA Center. | ⊛ | |||
| Third-party API integration A flexible framework is provided to integrate third-party application software. | ⊛ | |||
| Encrypted Traffic Analytics (ETA)*: (No Stealthwatch License Included) Detect malware within encrypted traffic. License is required for both manual/CLI configuration or automation through Cisco DNA Center. | ⊛ | |||
| Cisco DNA Service for Bonjour WAN This software-defined, controller-based solution enables Bonjour services discovery and advertisement at scale across multiple domains. License is required for both manual/CLI configuration or automation through Cisco DNA Center. | ⊛ | |||
| ERSPAN* Monitor and re-direct traffic. License is required for both manual/CLI configuration or automation through Cisco DNA Center. | ⊛ | |||
| Wireshark* Packet capture for analysis. License is required for both manual/CLI configuration or automation through Cisco DNA Center. | ⊛ | |||
| AVC (NBAR2)* Gain application visibility and control through Next-Generation Network-Based Application Recognition. License is required for both manual/CLI configuration or automation through Cisco DNA Center. | ⊛ | |||
| Cisco Prime Infrastructure License Provides a single integrated solution for comprehensive lifecycle management of the wired or wireless access, campus, and branch networks, and rich visibility into end-user connectivity and application performance assurance issues. Only available on the Catalyst 9000 switches, not on legacy switches. | ⊛ | |||
| Support | Network Essentials | Network Advantage | Cisco DNA Essentials | Cisco DNA Advantage | 
| E-LLW 90 days of Cisco TAC support; local business hours, 8x5; Hardware replacement (next business day where available); Warranty duration is lifespan of hardware product; OS software updates and upgrades. | ||||
| SWSS Software Support Service in the subscription software stack and OS software on the AP (requires SNTC on the WLC), and includes 24-hour TAC support and software updates and upgrades in Cisco DNA Center. | ||||
| SNTC Smart Net Total Care, 24-hour hardware and network software stack support provided by TAC. | Optional | Optional | ||
⊛ Does not require Cisco DNA Center.
          * Not supported on all platforms.
          ** Each Catalyst 9300 or 9400 Cisco DNA Advantage subscription entitles the customer to run up to a maximum of 110,000 units per month of ThousandEyes test capacity per Customer Organization, regardless of the number of purchased Cisco DNA Advantage licenses. ThousandEyes Cloud Agent access is not included in the Cisco DNA license entitlement. Test capacity can be increased and Cloud Agents accessed with purchase of additional ThousandEyes Network and Application Synthetics. The Cisco DNA license entitlements will ONLY be provisioned in Customer Organizations on the usage billing model. Customer Organizations on the legacy metered billing model are ineligible. “Customer Organization” means Customer and its Affiliates (as defined in the Cisco End User License Agreement) collectively who are Cisco DNA Advantage license holders.
          *** Supported on Network Advantage from Cisco IOS XE Fuji 16.9.7 onwards. Prior to Cisco IOS Fuji XE 16.9.7, Cisco DNA Advantage is also required.
        
Cisco Networking
Cisco Networking is your team’s bridge to an intent-based network. It is an open, extensible, software-driven portfolio that helps accelerate and simplify your enterprise network operations while lowering costs and reducing your risk. Only Cisco provides a single-network fabric that is powered by deep intelligence and integrated security to delivery automation and assurance across your entire network organization at scale. Cisco Networking gives IT time back from time-consuming, repetitive network configuration tasks so you can focus on the innovations your business needs.
Cisco DNA Software subscriptions provide customers with four key benefits:
- Investment protection of software purchases through software services-enabled license portability
- Software suites that address typical customer use case scenarios at an attractive price
- Flexible licensing models to smoothly distribute customer’s software spending over time
- Access to new technology from Cisco
IT management challenges and Cisco DNA Software benefits
The outlines common IT management challenges and the ways that Cisco DNA Software helps customers to address them.
| IT management challenges | Cisco DNA Software benefits | 
|---|---|
| Shrinking IT budgets | Deliver more value for your money Increase investment protection | 
| Infrastructure inflexibility | Enhance business agility | 
| Lack of buying options | Supplies flexible licensing models | 
| Implementation obstacles | Reduce risk | 
| Excessive time and costs for maintenance | Accelerate ROI and time-to-value | 
Cisco platforms supported by the Cisco DNA Advantage offer
Cisco DNA Advantage is available on the following Cisco Catalyst switches:
- Cisco Catalyst 9000 Series Switches (Cisco Catalyst 9300, 9400, 9500, and 9600 Series): These are Cisco’s leading stackable and modular enterprise switches. They are built for security, Internet of Things (IoT), and cloud environments and are the next generation of the Industry’s most widely deployed switching platform.
- Cisco Catalyst 9200 Series Switches
- Cisco Catalyst 3000 Series Switches (Cisco Catalyst 3560-CX, 3650 and 3850 fiber and nonfiber switches)
- Cisco Catalyst 4500 Series Switches (Cisco Catalyst 4500E)
- Cisco Catalyst 6000 Series Switches (Cisco Catalyst 6880-X, 6840-X, 6807-XL, and 6500)
- Cisco Catalyst Digital Building Series Switches (CDB)
Feature sets for the Cisco DNA Advantage offer
The feature sets for the Cisco DNA Advantage subscription offer.
| Cisco Catalyst 9600 Series | Cisco Catalyst 9500 Series | Cisco Catalyst 9400 Series | Cisco Catalyst 9300 Series | Cisco Catalyst 9200 Series | |
|---|---|---|---|---|---|
| Optimized network deployments (multicast Domain Name System [mDNS] gateway) | |||||
| Advanced automation (containers, Python, Cisco IOS Embedded Event Manager, and autonomic networking infrastructure) | |||||
| Advanced telemetry and visibility (Flexible NetFlow and Wireshark) | |||||
| Optimized telemetry and visibility (Encapsulated Remote SPAN [ERSPAN], Cisco Application Visibility and Control, and NBAR2) | |||||
| High availability and resiliency (patching) | |||||
| Advanced security (encrypted traffic analytics) | |||||
| Day-0 network launch automation (Cisco network plug-and-play application, network settings, and device credentials) | |||||
| Element management (discovery, inventory, topology, software image, licensing, and configuration management) | |||||
| Element management (patching) | |||||
| Network monitoring (Cisco Product Security Incident Response Team [PSIRT] compliance; End-of-Life [EoL] and End-of-Support [EoS] reporting; telemetry quotient; client 360; device 360; and top talkers, NetFlow, and streaming telemetry collection and correlation) | |||||
| Static Quality-of-Service (QoS) configuration and monitoring (easy QoS applications) | |||||
| Policy-based automation (SD-Access; group-based policy for access, application prioritization, monitoring, and path selection; and SD-Access with integrated wireless) | |||||
| Network assurance and analytics (insights from analytics and machine learning for the network, clients, and applications that cover onboarding, connectivity, and performance) | |||||
| Cisco ThousandEyes Network and Application Synthetics* (Network performance metrics, dashboarding, visibility into app and service experience, end-to-end visibility across cloud and DC applications) | 
* Each Catalyst 9300 or 9400 Cisco DNA Advantage subscription entitles the customer to run the equivalent of one ThousandEyes network or web test every 5 mins from a ThousandEyes enterprise agent (22 units per month), up to a maximum of 110,000 units per month of ThousandEyes test capacity per customer. ThousandEyes Cloud Agent access is not included in the Cisco DNA license entitlement. Test capacity can be increased and Cloud Agents accessed with purchase of additional ThousandEyes Network and Application Synthetics.
Cisco Technical Services
We recommend that Cisco DNA subscription customers purchase Cisco Solution Support for both hardware and license support.
Cisco Embedded Support is included with the purchase of the software subscription. Cisco Embedded Support provides Cisco technical support access online or by phone.
Cisco Embedded Software Support includes:
- Access to support and troubleshooting through online tools and web case submission; case severity or escalation guidelines are not applicable.
- TAC access 24 hours a day to assist by telephone, or web case submission and online tools with application software use and troubleshooting problems.
- Entitlement to maintenance releases, and software updates for software.
- Access to this system offers customers helpful technical and general information about Cisco products as well as access to the online Cisco Software Center library.
No additional products or fees are required to receive these services with a software subscription.
Cisco Solution Support
Cisco Solution Support is the recommended service on both the hardware and software licenses. Cisco Solution Support is an essential element of the Cisco DNA networking architecture because it helps customers maintain its performance, reliability, and return on investment. This service delivers centralized support across the Cisco and third-party solution partner products in your solution ecosystem. Cisco’s team of solution experts is the primary point of contact and owns the case from first call to resolution, no matter where the problem resides in the customer’s network.
Refer to the service description for more detailed information regarding Cisco Solution Support.
- Cisco Solution Support with Smart Net Total Care
- Cisco Solution Support with Software Support Services

 
      