Unknown protocol drops reports the packets with unknown or un-configured protocol on a per interface basis. If you cannot explain these errors, you can use a sniffer to identify the unknown protocol. To reproduce a situation with unknown protocol drops two 2821 routers are back to back connected in the Cisco-faq lab (see the figure).
With a default configuration as shown bellow no unknown drops occurs. Router2#sh run int gi 0/1 Building configuration... Current configuration : 97 bytes ! interface GigabitEthernet0/1 ip address 99.99.99.1 255.255.255.0 duplex full speed 100 end Router2#sh run int gi 0/1 Building configuration... Current configuration : 97 bytes ! interface GigabitEthernet0/1 ip address 99.99.99.2 255.255.255.0 duplex full speed 100 end
Router1#sh int gi 0/1 GigabitEthernet0/1 is up, line protocol is up Hardware is MV96340 Ethernet, address is 001e.1323.4c11 (bia 001e.1323.4c11) Internet address is 99.99.99.1/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is T output flow-control is XON, input flow-control is XON ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:45, output 00:00:04, output hang never Last clearing of "show interface" counters 02:04:20 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 125 packets input, 46064 bytes, 0 no buffer Received 124 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 1338 packets output, 137992 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Example of unknown protocol drops: Disabling CDP on interface Gi 0/1 of Router1 will results in unknown protocol drops on that interface. The CDP packets will no longer be recognized and dropped. Router1#conf t Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#int gigabitEthernet 0/1 Router1(config-if)#no cdp enable Router1(config-if)#^Z Router1# GigabitEthernet0/1 is up, line protocol is up Hardware is MV96340 Ethernet, address is 001e.1323.4c11 (bia 001e.1323.4c11) Internet address is 99.99.99.1/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is T output flow-control is XON, input flow-control is XON ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:28, output 00:00:01, output hang never Last clearing of "show interface" counters 02:14:03 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 135 packets input, 49774 bytes, 0 no buffer Received 134 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 1439 packets output, 147648 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 2 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out

Vulnerability Announcements

Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series

Default Credentials Vulnerability in Cisco Network Registrar

Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities

Cisco Content Services Gateway Denial of Service Vulnerability

Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities

Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability

Field Notices

(Cisco 10000 Series Routers) Field Notice: FN - 62762 - Updated - UMPIRE Archived -- ESR or uBR PRE2 Unable To Read PCMCIA ATA Flash Disk - Data Loss or System Boot Hang - Replace Flash Card

(Cisco uBR10012 Universal Broadband Router) Field Notice: FN - 62762 - Updated - UMPIRE Archived -- ESR or uBR PRE2 Unable To Read PCMCIA ATA Flash Disk - Data Loss or System Boot Hang - Replace Flash Card

(Cisco CRS Series Routers) Field Notice: FN - 63126 - CRS: 1OC768-ITU/C cards may experience High Bit Error Rate (BER) or loss of Transmit power incidents in certain batch of optical module - Workaround Fix on Failure

(Cisco CRS Series Routers) Field Notice: FN - 63046 - CRS - 1OC768-POS-SR cards May Experience Bit Error Rate (BER) Incidents Due to Onboard Short - Fix on Failure

(Cisco MGX 8800 Series Switches) Field Notice: FN - 63319 - MGX - VXSM-SW May Report Error Code 400 for CAS Signaling Call - Workaround Available

(Cisco 7800 Series Media Convergence Servers) Field Notice: FN - 63324 - A Limited Number of HP DL380-G6 Servers Shipped Prior to November 16, 2009 May Unexpectedly Reboot