Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1185
Views
7
Helpful
4
Replies

unknown protocol drops

khuysmans
Level 1
Level 1

‎06-11-2008 09:49 PM - edited ‎03-05-2019 11:34 PM

Hi,

I've searched Cisco and the net in general, but I can't find any helpful information that would help me figure out what the "unknown protocol drops" are in the interface output below.

Can anyone shed some light on this?

#sh int f0/0

FastEthernet0/0 is up, line protocol is up

Hardware is MV96340 Ethernet, address is 001d.46f0.8120 (bia 001d.46f0.8120)

Description: switch

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:06, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

30 second input rate 18000 bits/sec, 10 packets/sec

30 second output rate 43000 bits/sec, 9 packets/sec

20046327 packets input, 3786623660 bytes

Received 831679 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

21187748 packets output, 708301434 bytes, 0 underruns

0 output errors, 0 collisions, 3 interface resets

185786 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

thanks in advance,

Kevin

Labels:
0 Helpful
4 Replies 4

puagarwa
Level 1
Level 1

‎06-11-2008 11:59 PM

these are drops related to IPX or Decnet traffic which is not IP. You need to look what all L3 protocols are running in your network.

khuysmans
Level 1
Level 1
In response to puagarwa

‎06-12-2008 09:40 PM

Thanks!

Any tips on how I might find out more information as to which device is responsible for this?

I'm not knowledgeable (at all) about IPX/DECnet, but am I right to assume that these L3 protocols are encapsulated in ethernet just the same as IP and are arriving on my router's interface and being dropped there for "not being IP"?

If the above is correct, then I think my culprit can be in the entire L2 domain and might perhaps be recognizable by its MAC address. How might I go about and figuring out where the IPX/DECnet is coming from?

kind regards,

Kevin

0 Helpful

khuysmans
Level 1
Level 1
In response to khuysmans

‎06-15-2008 10:21 PM

For the interested: By polling the OID 1.3.6.1.2.1.2.2.1.15 (ifInUnknownProtos) from the IF-MIB, I was able to check this on more devices since not all supported the CLI output of "unknown protocol drops", but all had the info via SNMP.

It turned out to be UDLD configured on the trunk on the switch side (2950/3550) which the routers (2811/1803/1841) didn't understand and they counted these frames as "unknown protocol drops".

I'd like to point out that UDLD, according to the documentation I have read, operates on Layer2, so it wasn't enough to just look at IPX/DECnet on Layer3.

Richard Burts
Hall of Fame
Hall of Fame
In response to khuysmans

‎06-20-2008 12:00 PM

Kevin

Thanks for posting back and indicating the information that allowed you to find the solution to your question. It is very helpful to see this aspect of the unknown protocol drops. I believe that it deserves the rating that I gave it.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card