Interface - unknown protocol drops

In the output of the show interfaces command for a particular interface, there is a counter called unkonwn protocol drops as shown below:

R1#show interfaces FastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Hardware is Gt96k FE, address is c201.1d00.0000 (bia c201.1d00.0000) MTU 1500 bytes, BW 100000 Kbit/sec, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:02, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 2 packets output, 403 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out

The unknown protocol drops counter refers to the number of packets that were discarded because the router could not identify or process the protocol encapsulated in the packet. Essentially, the Layer 3 protocol used is unidentified or unsupported by the router, so the packet is dropped.

These drops can occur for various reasons, such as:

  • The packet header is corrupted, making it impossible for the router to determine the encapsulated protocol.
  • The router is not configured to handle the specific protocol encapsulated in the packet.
  • The encapsulated protocol is obsolete or not widely used, so the router does not recognize it.

When a Cisco router receives a packet, it checks the EtherType field in the Layer 2 (Data Link layer) header to determine the encapsulated Layer 3 protocol (such as IPv4, IPv6, or others). If the EtherType field value does not correspond to a known or supported Layer 3 protocol, the router will consider it an unknown protocol and drop the packet.

If you are consistently seeing a high number of unknown protocol drops, it could indicate a network issue, such as misconfigured devices, or faulty hardware or cabling.