Error says that the interface is dropping received (inbound) packets because it doesn’t know what to do with the packets (unknown protocols).

This usually occurs when the interface receives packets that are non-standard on the network (like IPv6 packets, or IPX packets, or AppleTalk packets). This is not a big problem, but if the error rate is high then it may be a significant source of “unwanted packets” on the network.

To resolve this problem, you will need to plug in WireShark and monitor this interface and capture the packets that it is receiving to find out what they are and where they are coming from.

What’s suggested is to plug a sniffer such as Wire Shark or set up an analyzer that watches that port so you can see the source address of the packets.

Here are the most likely sources of unknown protocols:

1) Network printers: Network printers usually have all protocols turned on by default so they can be viewed as “plug and play” for any computer using any protocol. Since Appletalk and IPX are now considered “dead” protocols, they can safely be disabled as a way of reducing these broadcast sources.

2) “Teamed” network adapters: If you have a server that has a “teamed” network adapter for fault tolerance, these teamed adapters will typically send out a ton of broadcasts (10 per second!) just to test connectivity to its other adapter. These broadcasts may cause flooding of other ports so it may be a good idea to set up a separate VLAN for these teamed adapters.

3) Cisco CDP: Cisco has a proprietary “Cisco Discovery Protocol” that is broadcast from each Cisco device every 15 seconds or so. If you have many Cisco devices on the network, and each one is transmitting these broadcasts, you may get close to having 1% of an interface’s utilization have to handle these broadcasts. The protocol can be disabled on the Cisco devices without harm or configuration concern. Many companies have a “best practices” of disabling this on Cisco devices as an improved security measure as well.