04-05-2009 07:45 PM - edited 03-06-2019 05:00 AM
Hi, i found "unknown protocol drops" in show interface. Is there any document or clue of that statement?
The number of unknown protocol drops increase continuously. I saw it increased whenever i show interface.
04-05-2009 08:42 PM
Hi, Could you post the log of "show interface"?
Regard,
04-05-2009 08:52 PM
FastEthernet0/1/0 is up, line protocol is up
Hardware is FastEthernet, address is 0022.90c1.cc54 (bia 0022.90c1.cc54)
Description: Wireless Connection to GMF
Internet address is 10.15.1.1/29
MTU 1500 bytes, BW 3072 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:03, output 00:00:02, output hang never
Last clearing of "show interface" counters 00:25:57
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 6000 bits/sec, 5 packets/sec
5 minute output rate 4000 bits/sec, 4 packets/sec
61847 packets input, 7283224 bytes
Received 78 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
57825 packets output, 10575324 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
1 unknown protocol drops
29 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Serial0/3/0 is up, line protocol is up
Hardware is GT96K Serial
Description: Lonsum Sei Bejangkar Estate XL-MPLS Connection
Internet address is 10.172.115.222/30
MTU 1500 bytes, BW 512 Kbit/sec, DLY 20000 usec,
reliability 145/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
REQsent: CDPCP
Open: IPCP, loopback not set
Keepalive set (10 sec)
CRC checking enabled
Last input 00:00:06, output 00:00:01, output hang never
Last clearing of "show interface" counters 00:26:03
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/24/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 384 kilobits/sec
5 minute input rate 2000 bits/sec, 6 packets/sec
5 minute output rate 1000 bits/sec, 4 packets/sec
2681 packets input, 243296 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
38751 input errors, 38751 CRC, 8368 frame, 1401 overrun, 0 ignored, 10089 abort
2917 packets output, 273432 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
3 unknown protocol drops
102 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
I posted two of all four interfaces in the router.
All my router's interface are showing the "unknown protocol drops"
It's wierd that when i use Solarwind "SNMP real time graph" using "ifInUnknownProtos" with OID 1.3.6.1.2.1.2.2.1.15, it shows nothing but zero value
Regards,
Charles Chia
04-05-2009 10:06 PM
Thank you for your posted.
These per-interface counters that record packets with unknown (or unconfigured) protocol received.
I recommend clear your counters, and put Wireshark on the line. Could be like ATM from the remote...
and if you can, it's better to change the configuration of the network, and adjust it when these counters are high.
HTH
04-05-2009 10:32 PM
I've already cleared the counters several times and it still shows increasing number on the unknown protocol drops. It even show up in the LAN interface. The LAN itself is simple. Is there any document that can give justification of what can make the unknown protocol drops value appears?
So far, i think that it should be layer 2 (STP, hdlc) or layer 3 protocol (SNA, ipx, appletalk, etc) that unrecognized or misconfigured by default configured router.
04-05-2009 10:47 PM
Once you sniff the traffic with something like Wireshark it will tell you everything that is running on the cable. You can then look for odd/suspicious traffic types and go from there.
If you can't do this on the machine plugged into the port - you could possibly try setting up a SPAN port that will forward a copy to another port.
04-06-2009 12:58 AM
Hello Charles,
there have been other threads about this.
There is a bug that increments by one the unknown protocol drops each time you issue sh interface.
In one thread the bug id is mentioned you can search using the right top box called "search netpro"
Edit:
See
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&topicID=.ee71a04&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40^1%40%40.2cd28bfa/1#selected_message
bug-id CSCsx18388
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide