ifinunknownprotos

Answered Question
Nov 17th, 2008

I am a Network Performance Manager for a large network. We recently were having problems with DTP packets from Cisco Switches causing ifinunknownprotos on the Cisco Routers. We have also identified ifinunknownprotos on the Cisco routers from Juniper Switches as well. I was wondering if anyone happens to know if Juniper has a Protocol similar to DTP that would cause this?

I have this problem too.
0 votes
Correct Answer by deyadav about 8 years 3 weeks ago

If the port/interface receives any packet/frame for which it does not understand the encapsulation type would be reported as Unknown protocol.

On routers I remember this counter was implemented with 12.4T train.

This is not an error a simple notification that this interface is receiving unsupported encapsulation or protocols.

Now this may based on the interface configuration and IOS feature support that which such protocols might fall into this category, only a sniffer capture could let you know what traffic is increasing that counter.

Correct Answer by Giuseppe Larosa about 8 years 3 weeks ago

Hello James,

there are different possible reasons for the unknown protocol.

If your Cisco routers are not running IS-IS , IS-IS hello PDUs sent by Juniper routers can count as unknown protocol.

We have a case like this in our DMZ even if all devices are Cisco routers and multilayer switches but some take part in a DMZ IS-IS domain and others don't participate.

On the last ones c7206VXR with NPE-G2 we can see unknown protocols to increment with a frequency that is that of IS-IS hello messages.

This is just an example.

Another could be the new LLDP protocol (used with third party phones and similar to CDP)

If you can you should try to get a packet capture of what arrives on the port to understand what they are.

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Giuseppe Larosa Mon, 11/17/2008 - 10:21

Hello James,

there are different possible reasons for the unknown protocol.

If your Cisco routers are not running IS-IS , IS-IS hello PDUs sent by Juniper routers can count as unknown protocol.

We have a case like this in our DMZ even if all devices are Cisco routers and multilayer switches but some take part in a DMZ IS-IS domain and others don't participate.

On the last ones c7206VXR with NPE-G2 we can see unknown protocols to increment with a frequency that is that of IS-IS hello messages.

This is just an example.

Another could be the new LLDP protocol (used with third party phones and similar to CDP)

If you can you should try to get a packet capture of what arrives on the port to understand what they are.

Hope to help

Giuseppe

Correct Answer
deyadav Mon, 11/17/2008 - 12:41

If the port/interface receives any packet/frame for which it does not understand the encapsulation type would be reported as Unknown protocol.

On routers I remember this counter was implemented with 12.4T train.

This is not an error a simple notification that this interface is receiving unsupported encapsulation or protocols.

Now this may based on the interface configuration and IOS feature support that which such protocols might fall into this category, only a sniffer capture could let you know what traffic is increasing that counter.

Actions

This Discussion