3825 unknown protocol drops

Unanswered Question
Nov 7th, 2008
User Badges:

Hi all,

I've searched the forums and online, but haven't yet been able to work out a solution to the "unkown protocol drops" for my particular setup. I see these incrementing on on both Gigabit interfaces (first on the LAN int, then on the WAN int) on our 3825.

I have looked at the discussion here "http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&topicID=.ee71a04&fromOutline=true&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc0e9e3/0"

but haven't been able to get a decent reply from the router's snmp service.

Running a wireshark trace on the LAN interface, while monitoring the "unkown protocol drops" with "sh run | inc uknown" I notice the incrementation occur on the LAN interface but don't notice which protocol is to blame. A few seconds later, I notice the WAN interface's counter increase and wireshark shows ICMP V2 join/requests between router and a number of clients at the same time.

This immediately seems to lead to the conclusion that there are different IGMP version requests occuring. The problem is, I don't see this in the wireshark montioring.

Any ideas would be appreciated.

The setup is simply: 3825 WAN-g0/0, LAN-g0/1 to 3750 switch port VLAN'd.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Fri, 11/07/2008 - 09:23
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Mario,

In general DTP or VTP frames from switches can be a reason in LAN interfaces.

For the WAN interface that is a LAN too:

in addition

if the router in the other side is running IS-IS and you router doesn't the IS_IS hello pdus count as unknown in the order of 1 every 10 seconds.

Is the rate of increments constant over time or do you see spikes of unknown protocol count number ?

This could help also.

It looks like you see some peaks over time not a regular increment.

However, if the router declares the packets on the LAN side dropped for unknown protocol there shouldn't be a direct correlation with the packets that increment the counters on the WAN interface.

There can be hosts/routers on both sides that are running IPv6 and your router is single stack IPv4 only ando so IPv6 packets can count as unknown protocol dropped ?

Hope to help



This Discussion