Interface - show interfaces counters explained


In the output of the `show interfaces` command for a particular interface, there is a counter called `unkonwn protocol drops` as shown below:

```
R1#show interfaces FastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is Gt96k FE, address is c201.1d00.0000 (bia c201.1d00.0000)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:02, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     2 packets output, 403 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
```

The `unknown protocol drops` counter refers to the number of packets that were discarded **because the router could not identify or process the protocol encapsulated in the packet**. Essentially, the Layer 3 protocol used is unidentified or unsupported by the router, so the packet is dropped.

These drops can occur for various reasons, such as:

-   The packet header is corrupted, making it impossible for the router to determine the encapsulated protocol.
-   The router is not configured to handle the specific protocol encapsulated in the packet.
-   The encapsulated protocol is obsolete or not widely used, so the router does not recognize it.

When a Cisco router receives a packet, it checks the [EtherType](/ethernet-header) field in the Layer 2 (Data Link layer) header to determine the encapsulated Layer 3 protocol (such as [IPv4](/ipv4), [IPv6](/ipv6), or others). If the EtherType field value does not correspond to a known or supported Layer 3 protocol, the router will consider it an unknown protocol and drop the packet.

If you are consistently seeing a high number of unknown protocol drops, it could indicate a network issue, such as misconfigured devices, or faulty hardware or cabling.

Links:

https://networklessons.com/cisco/ccnp-tshoot/cisco-ios-show-interface-explained

https://forum.networklessons.com/t/cisco-ios-show-interface-explained/1181/50?u=lagapides

Interface - unknown protocol drops

IPv4 header length field

IPv4 network and broadcast addresses

IPv4 point to point addresses

IPv4

IPv6 - ACLs, RAs, and RSes

IPv6 - DHCPv6

IPv6 - IPv4-mapped IPv6 address

IPv6 - NDP Neighbor Discovery Process

IPv6 - NDP preferred and valid lifetimes

IPv6 - Network and Interface Identifiers

IPv6 - RA suppression command

IPv6 - SLAAC

IPv6 - Site Local addresses

IPv6 - Solicited Node Multicast Address

IPv6 - Unique Local addresses

IPv6 - Valid and Preferred Addresses

IPv6 - destination guard

IPv6 - ipv6 nd prefix command

IPv6 - loopback address

IPv6 - prefix length

IPv6 - understanding how to enable IPv6 functionality and routing on an IOS device

IPv6 EIGRP static neighbors

IPv6 EUI-64 host address configuration method

IPv6 Neighbor Discovery Protocol Extensions

IPv6 RA Guard

IPv6 computing a global unicast address

IPv6 first hop security features on CML

IPv6 global unicast address

IPv6 link-local address

IPv6 minimum and maximum prefix lengths

IPv6 mobility features

IPv6 simplicity and complexity of various prefix values

IPv6 stateless DHCP active clients equals zero

IPv6 transition technologies

IPv6

IS-IS - DIS and Pseudonode

IS-IS - attached bit

IS-IS - route filtering

IS-IS - up-down bit

IS-IS multitopology support

IS-IS

ISDN

ISIS circuit-type command

ISP Peering

ISPs, tiers, transiting, and the Internet

Importance of self-study for CCIE or CCDE

Interface - configuring a range of interfaces

Interface - no carrier counter

Interface speed and bandwidth

Interior Gateway Protocol (IGP)

Internet Exchange Point (IXP)

Internet Service Provider (ISP)

Intrusion prevention system (IPS)

Kron task scheduler

L2TPv3 over IPSec

L2TPv3

LACP

LAG - Multi-Chassis LAG

LFA - Topology Independent LFA

LFA, remote LFA, and how they work together in OSPF

LISP - map request and reply process

LISP - what is it

LISP and overlapping address spaces

LISP debug traffic between two EIDs

LISP host mobility use cases

LISP where EID-to-RLOC mappings originate

LISP

Logging buffered command

Loop-Free Alternate (LFA) Fast Reroute (FRR)

Loop-Free Alternate (LFA) and remote LFA

Loops in layers 2 and 3

MAC Access List EtherType

MAC Access List

MAC address flapping

MAC address of all zeros

MAC address table - multiple entries of the same MAC address

MAC address table - show command on Nexus device

MAC address table populated using source address field

MAC address table static multicast entry

MAC address table

MAC address

MPLS - BGP customer prefixes do not appear in the LFIB

MPLS - Connecting IPv6 sites over an IPv4 backbone

MPLS - Disabling IPv4 address family in BGP for VPNv4

MPLS - Ethernet over MPLS (EoMPLS)

MPLS - L3VPN BGP EIGRP redistribution

MPLS - L3VPN BGP OSPF Redistribution

MPLS - LDP source interface

MPLS - Layer 2 VPNs

MPLS - Multi-VRF CE

MPLS - Segment Routing over MPLS

MPLS - Transport Profile

MPLS - Using the BGP Allow-AS in feature

MPLS - VPN label

MPLS - VPNv4 Labels are assigned per route

MPLS - Virtual Private Network (VPN)

MPLS - label distribution using MP-BGP

Interface - unknown protocol drops

Links to this page: