I need some advise. I have a core switch Cisco 3850. One of the port that currently connected to my PABX having issue whereby the unknown protocol drop keeps on increasing every 2-3minutes. The rest of the port seems fine. What is the root cause of this issue? How to fix it? Can this issue give a problem to my IP phone quality like cracking sound during talking?
You need to find out where is this unknown coming from,
Inside LAN or from outside ? Do you have any FW in place ?
It good to have some kind your network topology to understand, some sample logs which you seeing as unknown ?
if from PBX part, im not sure as the configuration done by my vendor.
attached sh version and configuration of the interface
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2018.10.11 04:18:07 =~=~=~=~=~=~=~=~=~=~=~=
login as: monitor
Using keyboard-interactive authentication.
Unauthorized access to this machine is prohibited.
Use of this system is limited to authorized individuals only.
All activity is monitored.
KUL-Core-1>ss h vers
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.07.04E RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Thu 19-May-16 11:48 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 3.58, RELEASE SOFTWARE (P)
KUL-Core-1 uptime is 1 year, 38 weeks, 3 days, 4 hours, 20 minutes
Uptime for this control processor is 1 year, 38 weeks, 3 days, 4 hours, 23 minutes
System returned to ROM by Power Failure
System restarted at 23:58:10 MY Sat Jan 14 2017
System image file is "flash:packages.conf"
Last reload reason: Power Failure
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
--More-- If you require further assistance please contact us by sending email to
License Level: Ipservices
License Type: Permanent
Next reload license Level: Ipservices
cisco WS-C3850-48T (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FCW2020C07B
33 Virtual Ethernet interfaces
136 Gigabit Ethernet interfaces
16 Ten Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
250456K bytes of Crash Files at crashinfo-4:.
250456K bytes of Crash Files at crashinfo-2:.
250456K bytes of Crash Files at crashinfo-1:.
1609272K bytes of Flash at flash:.
1609272K bytes of Flash at flash-4:.
1609272K bytes of Flash at flash-2:.
1609272K bytes of Flash at flash-1:.
0K bytes of Dummy USB Flash at usbflash0:.
--More-- 0K bytes of Dummy USB Flash at usbflash0-4:.
0K bytes of Dummy USB Flash at usbflash0-2:.
0K bytes of Dummy USB Flash at usbflash0-1:.
0K bytes of at webui:.
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
1 56 WS-C3850-48T 03.07.04E cat3k_caa-universalk9 INSTALL
2 20 WS-C3850-12S 03.07.04E cat3k_caa-universalk9 INSTALL
* 3 56 WS-C3850-48T 03.07.04E cat3k_caa-universalk9 INSTALL
4 20 WS-C3850-12S 03.07.04E cat3k_caa-universalk9 INSTALL
Configuration register is 0x102
switchport access vlan 78
switchport mode access
If you are not having an issue, please disregard these messages. These are a common non-issue causing drop. One example is when you have a switch and router connected and the switch is running DTP. You will see a constant Unknown protocol drop. However, you only want to use this information for troubleshooting purposes if you are having a problem. If that increments every 2 to 3 minutes, you most likely do not have a problem.
Please mark helpful posts.
I have a common issue whereby i have quite numbers of complaint on my Integrated Conference Bridge which sometimes the quality is poor. We have done so many troubleshooting but we cant find any issue. Yesterday I just do a POC for new network monitoring netflow call IR Prognosis - Path Insight. This product so good as it can detect the incrementt error on my core switch interfaces daily.
Server ports all goods but one of the port that connect to PABX only having an incremental of error. So i just want to confirm because of this error it can impact the quality of my voice.
Have you tried using a different port, changing the cabling and using auto-negotiation instead of hard coding the speed/duplex settings.
One of the port that currently connected to my PABX having issue whereby the unknown protocol drop keeps on increasing every 2-3minutes.
Unknown Protocol Drops are caused by DTP. Nothing to be worried about. This normally "appears" when the link is configured as 802.1q Trunk.
I wasn’t aware of this “unknown protocols “ being related to a trunk and dtp
in any case I am aware of if you put the port into an access mode this will negate dtp also will switchport nonnegotiate so I’m theory this will prohibit such errors!
KUL-Core-1>sh int gig3/0/7 control
GigabitEthernet3/0/7 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 009e.1e63.6607 (bia 009e.1e63.6607)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:06, output never, output hang never
Last clearing of "show interface" counters 1y0w
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 309000 bits/sec, 268 packets/sec
5 minute output rate 303000 bits/sec, 271 packets/sec
8696806290 packets input, 1233019973113 bytes, 0 no buffer
Received 9914685 broadcasts (3218918 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 3218918 multicast, 0 pause input
0 input packets with dribble condition detected
8754993815 packets output, 1213715286580 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
1051817 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Transmit GigabitEthernet3/0/7 Receive
2121338731010 Total bytes 2161263732255 Total bytes
15308718735 Unicast frames 15303311083 Unicast frames
2115141406866 Unicast bytes 2159414229305 Unicast bytes
28594544 Multicast frames 5551998 Multicast frames
2278087320 Multicast bytes 733244939 Multicast bytes
58994995 Broadcast frames 12376849 Broadcast frames
3919236824 Broadcast bytes 1116258011 Broadcast bytes
0 System FCS error frames 0 IpgViolation frames
0 MacUnderrun frames 0 MacOverrun frames
0 Pause frames 0 Pause frames
0 Cos 0 Pause frames 0 Cos 0 Pause frames
0 Cos 1 Pause frames 0 Cos 1 Pause frames
0 Cos 2 Pause frames 0 Cos 2 Pause frames
0 Cos 3 Pause frames 0 Cos 3 Pause frames
0 Cos 4 Pause frames 0 Cos 4 Pause frames
0 Cos 5 Pause frames 0 Cos 5 Pause frames
0 Cos 6 Pause frames 0 Cos 6 Pause frames
0 Cos 7 Pause frames 0 Cos 7 Pause frames
0 Oam frames 0 OamProcessed frames
0 Oam frames 0 OamDropped frames
8054643364 Minimum size frames 4647286972 Minimum size frames
44703668 65 to 127 byte frames 3363611768 65 to 127 byte frames
7287952557 128 to 255 byte frames 7307504341 128 to 255 byte frames
1113761 256 to 511 byte frames 1864906 256 to 511 byte frames
52444 512 to 1023 byte frames 401556 512 to 1023 byte frames
7842480 1024 to 1518 byte frames 570387 1024 to 1518 byte frames
0 1519 to 2047 byte frames 0 1519 to 2047 byte frames
0 2048 to 4095 byte frames 0 2048 to 4095 byte frames
0 4096 to 8191 byte frames 0 4096 to 8191 byte frames
0 8192 to 16383 byte frames 0 8192 to 16383 byte frames
0 16384 to 32767 byte frame 0 16384 to 32767 byte frame
0 > 32768 byte frames 0 > 32768 byte frames
0 Late collision frames 0 SymbolErr frames
869959 Excess Defer frames 0 Collision fragments
0 Good (1 coll) frames 0 ValidUnderSize frames
0 Good (>1 coll) frames 0 InvalidOverSize frames
0 Deferred frames 0 ValidOverSize frames
0 Gold frames dropped 0 FcsErr frames
0 Gold frames truncated
0 Gold frames successful
0 1 collision frames
0 2 collision frames
0 3 collision frames
0 4 collision frames
0 5 collision frames
0 6 collision frames
0 7 collision frames
0 8 collision frames
0 9 collision frames
0 10 collision frames
0 11 collision frames
0 12 collision frames
0 13 collision frames
0 14 collision frames
0 15 collision frames
0 Excess collision frames
LAST UPDATE 2630 msecs AGO
Last clearing of "show interface" counters 1y0w
So this port was ALWAYS an access port? There was never a time when this port was a Trunk port?
Looking at the value of the Unknown Protocol Drop (1051817) and comparing it against total Packet Output value (8754993815), that is a very, very, very tiny number.
Important question: Is the Unknown Protocol Drop value incrementing or not?
If it is not, then I'd ignore it.