Update on Cisco DNA Licenses

This is AI generated but worth a read.

Equip Networks

Cisco is currently in the middle of a significant rebranding effort, transitioning from Cisco DNA to Cisco Catalyst Software. You will see both terms used interchangeably in documentation, quotes, and purchasing portals.

The Executive Summary

• What it is: A mandatory subscription-based software license required when purchasing modern Cisco hardware (Catalyst 9000 switches, 9800 wireless controllers, etc.).
• The “Secret” Structure: Every license is actually two licenses wrapped in one SKU:
  1. Perpetual “Network” Stack: The permanent right to use the device’s local features (Layer 2/Layer 3 routing, local CLI). This never expires.
  2. Subscription “DNA” (or Catalyst) Stack: The term-based right to use cloud/controller features (automation, analytics, Cisco Catalyst Center). This can expire.
• The Tiers: Essentials (Basic), Advantage (Advanced), and Premier (Bundled “All-in”).

1. The Rebranding: DNA vs. Catalyst

Cisco is phasing out the “DNA” name in favor of “Catalyst.”

• Old Name: Cisco DNA Center $\rightarrow$ New Name: Cisco Catalyst Center
• Old License: Cisco DNA Essentials $\rightarrow$ New License: Catalyst Essentials
• Old Bundle: Cisco DNA Expansion Pack $\rightarrow$ New Bundle: Catalyst Expansion Pack

Note: For the rest of this guide, I will use the term “DNA” as it is still the most common term on invoices and datasheets today.

2. How the License Structure Works

When you buy a 3, 5, or 7-year DNA subscription, you are purchasing two distinct feature sets.

Critical Note for Renewals: If you only manage your devices via CLI (Command Line) and do not use Cisco Catalyst Center, you typically do not need to renew the DNA subscription after the initial term expires. The device will continue to function using the perpetual Network stack.

3. License Tiers Overview
4. Essentials (The “Day 0” Basics)

Designed for basic connectivity and management.

• Target: Branch offices or simple campus deployments.
• Includes:
  • Automation: Plug-and-Play (PnP) for zero-touch deployment.
  • Monitoring: Basic health dashboards and device visibility.
  • Security: Basic security features (MACsec).
  • Meraki: “Cloud Monitoring for Catalyst” (visibility only in Meraki Dashboard).

1. Advantage (The “Day 2” Operations)

The standard for most enterprise networks. Includes everything in Essentials, plus advanced automation and AI.

• Target: Core enterprise networks requiring high availability and deep visibility.
• Includes:
  • Advanced Routing: Full VRF, VXLAN, and advanced BGP support (critical for SD-Access).
  • Assurance: AI-driven health insights, “Time Travel” troubleshooting, and predictive analytics.
  • SD-Access: Required if you want to run Cisco’s Campus Fabric (Software-Defined Access).
  • Security: Encrypted Traffic Analytics (ETA) to find malware in encrypted streams.

1. Premier (The Bundle)

This is effectively Advantage + Expansion Pack. It is often not a separate feature set but a purchasing bundle.

• Target: Organizations that need the full security suite immediately.
• Includes: Everything in Advantage plus licenses for Cisco ISE (Identity Services Engine) and Cisco Spaces (Location Analytics).

4. Feature Breakdown by Technology

Switching (Catalyst 9000 Series)

Wireless (Catalyst 9100 APs / 9800 Controllers)

• Essentials: Basic Wi-Fi connectivity, onboarding, and central management.
• Advantage: Required for Airtime Fairness, Application Visibility & Control (AVC), and Location Analytics.
• Note: Wireless relies heavily on Advantage for performance features. If you have high-density environments (stadiums, auditoriums), Advantage is strongly recommended.

SD-WAN (Catalyst 8000 / ISR Routers)

SD-WAN is unique because the license often dictates Bandwidth and Cloud Security.

• Essentials: Basic SD-WAN (Hub & Spoke), limited to 4 Virtual Networks (VPNs). Good for simple retail branches.
• Advantage: Unlimited VPNs, Advanced Security (URL filtering, AMP, IPS), and support for Cloud OnRamp (optimizing Office 365/AWS traffic).
• Premier: Adds Cisco Umbrella SIG (Cloud Security) integration directly into the license.

5. Frequently Asked Questions (FAQ)

Q: Do I have to buy a license with a new switch?

A: Yes. Cisco mandates an initial 3-year (min) subscription with every Catalyst 9000 hardware purchase. You cannot buy the hardware “bare.”

Q: What happens if I don’t renew?

A:

• Switch/Router: You lose access to Cisco Catalyst Center (DNA Center) management and AI analytics. The switch continues passing traffic using the “Network” features (Layer 2/3) which are perpetual.
• SD-WAN: Caution. SD-WAN is purely subscription-based. If you let an SD-WAN license expire, the router may lose its controller connection and downgrade to a basic router, breaking your SD-WAN overlay.

Q: Can I mix Essentials and Advantage?

A: Generally, no. Within a single switch stack or a specific site, you should match license levels to avoid feature mismatches.

Recommendation

• Choose Essentials if: You manage devices via CLI, don’t use SD-Access, and just need a solid, working switch/AP.
• Choose Advantage if: You plan to use Cisco Catalyst Center (DNA Center) for troubleshooting, need full Layer 3 routing (VRFs/BGP), or are deploying SD-Access.

Next Step:

If you are currently reviewing a quote or Bill of Materials (BOM), would you like me to analyze the Part Numbers (SKUs) to confirm exactly which tier and duration is being proposed?