ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
Showing results for 
Search instead for 
Did you mean: 

ASR9000/XR : Drops for unrecognized upper-level protocol error



In this articile I will describe the issue of unrecognized protocol drops reported on an interface on the ASR9000. Some steps for remediation are provide

and a few things to check before opening a tac case.

Core Issue

NMS stations looking at interface statistics may get confused or report unnecessary alarms when they are seeing "errors" on the interface. It is recognized that these protocol errors are not well documented and these are raising a larger then normal amount of support cases. In this article I am trying to describe when you see these errors reported and what you can do about it.

The following example shows what you might see:

RP/0/RSP0/CPU0:A9K-TOP#sh int te 0/3/0/0
Fri Mar  4 01:25:16.691 UTC
TenGigE0/3/0/0 is up, line protocol is up
  Interface state transitions: 3
  Hardware is TenGigE, address is 0026.9800.15b0 (bia 0026.9800.15b0)
  Layer 1 Transport Mode is LAN
  Internet address is Unknown
  MTU 1514 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
     reliability 255/255, txload 0/255, rxload 0/255
  Encapsulation ARPA,
  Full-duplex, 10000Mb/s, LR, link type is force-up
  output flow control is off, input flow control is off
  loopback not set,
  ARP type ARPA, ARP timeout 04:00:00
  Last input 00:00:00, output 00:00:00
  Last clearing of "show interface" counters 2d06h
  30 second input rate 0 bits/sec, 0 packets/sec
  30 second output rate 2000 bits/sec, 3 packets/sec
     151224 packets input, 17290273 bytes, 0 total input drops
    3247 drops for unrecognized upper-level protocol
     Received 1 broadcast packets, 136817 multicast packets
              0 runts, 0 giants, 0 throttles, 0 parity
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     753409 packets output, 73257197 bytes, 0 total output drops
     Output 34 broadcast packets, 750081 multicast packets
     0 output errors, 0 underruns, 0 applique, 0 resets
     0 output buffer failures, 0 output buffers swapped out
     2 carrier transitions


"Drops for unrecognized upper-level protocol" means that we've received
packets of a type that you haven't configured and therefore don't have a
handler for in the interface protocol handling chain.

That may be (and most likely is) expected and purely cosmetic.


- other side (switch) has CDP configured but you don't have CDP configured on this end
- someone on the Ethernet is sending IS-IS hellos but you don't have IS-IS configured on this end
- someone on the Ethernet is sending IPv6 neigbor discovery packets but you don't have IPv6 configured on this end

It may be worth checking:
- do these packets increment periodically (i.e. one packet every 30 sec or so)?
- are there any obvious features (CDP is a good candidate) that you haven't configured but the far-end (switch, or if it's a crosslink, then
the connected peer) has?

Otherwise capture & decode the packets, and perhaps reviewing the config will already give the answer in a couple of seconds.

If a 7600/ 6500 port is connected to the ASR9000 and input error increment due to 'unrecognized upper-level protocol', then to avoid various l2 packets reaching ASR9000, you can use:

switchport nonegotiate - disable Dynamic Trunk Protocol (DTP) on the port

no cdp enable - to disable running Cisco Discovery Protocol (CDP)

no vtp - to disable sending VLAN Trunking Protocol(VTP) frame

spanning-tree bpdfilter enable - To enable BPDU filtering on the interface

UDLD: If you are running CatOS try “set udld disable x/y” or “udld port disable” under the interface if you have IOS on the 6500.

LLDP: (new addition) switches by default have lldp enabled that could be, like CDP, be perceived as an unrecognized upper level protocol on the ASR9000.

Related Information


Xander Thuijs - CCIE #6775

Sr Tech Lead ASR9000

Cisco Employee

Another common thing that will cause this to increase is keepalive packets from other IOS boxes.  You should notice this counter incrementing every 10 seconds with default settings. 


Hi Xander, how can i capture those packets locally on the  XR itself, i mean how can i filter them?

Cisco Employee

if you want to capture them and see the contents, you can use the SPP (software packet path) capture facility. More detail is in the cisco live ID 2904 presentation from Orlando 2013 and Sanfran 2014.

For filtering them, based on the protocol that causes this, it is either with an ACL, or defining an EFP that consumes them etc.




Tnx Xander..i have used SPP btw  i have seen your article as well..:).The catchy part is that i cannot find where those drops go..i mean in witch counter under the NP.We have L2 VWLS cct /inter-region/ and when i ping i see those drops incrementing on the interfaces but i dont see any drops marked under the DROP counters on NP..:).I guess i you said is just "cosmetic" thing.





Hi Xander,


Thank you for your post.
I see these same drops on my ASR9K equipment with packet loss when pinging an interconnection.
I have configured different MTU values with no matching result
Do you think the losses of parquet floors are due to these drops?

Thu Jan  3 15:42:46.285 MET
interface TenGigE0/2/0/1.710
 bandwidth 1000000
 ipv4 address xx.xx.xx.xx
 encapsulation dot1q 710

Thu Jan  3 15:42:37.818 MET
TenGigE0/2/0/1.710 is up, line protocol is up
  Interface state transitions: 1
  Hardware is VLAN sub-interface(s), address is 40ce.2459.aff9
  Internet address is
  MTU 4484 bytes, BW 1000000 Kbit (Max: 10000000 Kbit)
     reliability 255/255, txload 8/255, rxload 0/255
  Encapsulation 802.1Q Virtual LAN, VLAN Id 710,  loopback not set,
  Last link flapped 4w1d
  ARP type ARPA, ARP timeout 04:00:00
  Last input 00:00:00, output 00:00:00
  Last clearing of "show interface" counters 04:24:51
  5 minute input rate 260000 bits/sec, 207 packets/sec
  5 minute output rate 346822000 bits/sec, 53402 packets/sec
     3262982 packets input, 505731747 bytes, 0 total input drops
     574 drops for unrecognized upper-level protocol<===========================
     Received 0 broadcast packets, 574 multicast packets
     827404907 packets output, 683607202420 bytes, 0 total output drops
     Output 0 broadcast packets, 0 multicast packets

Thu Jan  3 15:44:30.850 MET
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to XXX.XXX.XXX.XXX, timeout is 2 seconds:
Success rate is 94 percent (94/100), round-trip min/avg/max = 195/195/197 ms




Content for Community-Ad

This widget could not be displayed.