2013-03-05

Unknown Protocol Drops

I've seen this one a few times and it is always momentarily confusing:  on an interface on a Cisco router there is a rather high number of "unknown protocol drops".  What protocol could that be?!  Is it some type of hack attempt?  Ambitious if they are shaping there own raw packets onto the wire.  But, no, the explanation is the much less exciting, and typical, lazy ape kind of error.
  5 minute input rate 2,586,000 bits/sec, 652 packets/sec
  5 minute output rate 2,079,000 bits/sec, 691 packets/sec
     366,895,050 packets input, 3,977,644,910 bytes
     Received 15,91,926 broadcasts (11,358 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     401,139,438 packets output, 2,385,281,473 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     97,481 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
This is probably the result of CDP (Cisco Discovery Protocol) being enabled on one interface on the network and disabled in this interface.  CDP is the unknown protocol.  CDP is a proprietary Data Link layer protocol, that if enabled, sends an announcement out the interface every 60 seconds.  If the receiving end gets the CDP packet and has "no cdp enable" in the interface configuration - those announcements count as "unknown protocol drops".  The solution is to make the CDP settings, enabled or disabled, consistent on every device in the interface's scope.

No comments:

Post a Comment