Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
819
Views
0
Helpful
1
Replies

3825 unknown protocol drops

mariov652
Level 1
Level 1

‎11-07-2008 06:18 AM - edited ‎03-04-2019 12:13 AM

Hi all,

I've searched the forums and online, but haven't yet been able to work out a solution to the "unkown protocol drops" for my particular setup. I see these incrementing on on both Gigabit interfaces (first on the LAN int, then on the WAN int) on our 3825.

I have looked at the discussion here "http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&topicID=.ee71a04&fromOutline=true&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc0e9e3/0"

but haven't been able to get a decent reply from the router's snmp service.

Running a wireshark trace on the LAN interface, while monitoring the "unkown protocol drops" with "sh run | inc uknown" I notice the incrementation occur on the LAN interface but don't notice which protocol is to blame. A few seconds later, I notice the WAN interface's counter increase and wireshark shows ICMP V2 join/requests between router and a number of clients at the same time.

This immediately seems to lead to the conclusion that there are different IGMP version requests occuring. The problem is, I don't see this in the wireshark montioring.

Any ideas would be appreciated.

The setup is simply: 3825 WAN-g0/0, LAN-g0/1 to 3750 switch port VLAN'd.

Thanks,

Mario

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-07-2008 09:23 AM

Hello Mario,

In general DTP or VTP frames from switches can be a reason in LAN interfaces.

For the WAN interface that is a LAN too:

in addition

if the router in the other side is running IS-IS and you router doesn't the IS_IS hello pdus count as unknown in the order of 1 every 10 seconds.

Is the rate of increments constant over time or do you see spikes of unknown protocol count number ?

This could help also.

It looks like you see some peaks over time not a regular increment.

However, if the router declares the packets on the LAN side dropped for unknown protocol there shouldn't be a direct correlation with the packets that increment the counters on the WAN interface.

There can be hosts/routers on both sides that are running IPv6 and your router is single stack IPv4 only ando so IPv6 packets can count as unknown protocol dropped ?

Hope to help

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card