Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssanga
Staff
Staff

Created on ‎10-14-2024 10:31 PM

Article Id 349366

Technical Tip: Error 'Failed to save changes' when modifying Native/Allowed VLAN on FortiSwitch Ports

Description

This article describes how to fix an issue where Native/Allowed VLAN changes may fail from FortiGate GUI with the error 'Failed to save changes'.
Scope FortiGate v7.4.3, v7.4.4.
Solution

The error message 'Failed to save changes' appears when attempting to change Native/Allowed VLAN by navigating to Wifi & Switch Controller -> FortiSwitch Ports -> Modify Native/Allowed VLAN.


Failedtosavechanges.png 
The following errors may be seen in httpsd debugs:


diag debug app httpsd -1
diag debug enable

[httpsd 13777 - 1713123551 info] api_cmdb_request_init_by_path[2644] -- new CMDB query (path='switch-controller',name='managed-switch')

[httpsd 13777 - 1713123551 info] api_cmdb_request_init_by_path[2676] -- querying CMDB entry (mkey='IDF2-L')

[httpsd 13777 - 1713123551 warning] api_cmdb_request_init_by_path[2679] -- unable to find 'IDF2-L' in table 'switch-controller.managed-switch'

[httpsd 13777 - 1713123551 info] handle_cli_req_v2[4296] -- returning to original vdom "root"

[httpsd 13777 - 1713123551 warning] api_return_http_result[1280] -- API error 404 raised

[httpsd 13777 - 1713123551 info] fweb_debug_final[351] -- Completed PUT request for "/api/v2/cmdb/switch-controller/managed-switch/IDF2-L/Bottom/ports/port1" (HTTP 404)

[httpsd 13776 - 1713123552 info] fweb_debug_init[508] -- New POST request for "/api/v2/monitor/system/debug" from "172.30.0.4:56709"

[httpsd 13776 - 1713123552 info] fweb_debug_init[510] -- User-Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"

[httpsd 13776 - 1713123552 info] fweb_debug_init[512] -- Handler "api_monitor_v2-handler" assigned to request

[httpsd 13776 - 1713123552 info] api_store_parameter[327] -- add API parameter 'messages' (type=array)

[httpsd 13776 - 1713123552 info] endpoint_process_req_vdom[1071] -- new API request (action='select',path='system',name='debug',vdom='root',user='admin)

[httpsd 13776 - 1713123552 error] JavaScript -- Failed to update entry: "[object Object]

 

The error 'unable to find 'IDF2-L' in table 'switch-controller.managed-switch'' indicates a mismatch in the switch name.

In this example, the switch name is identified as IDF2-L when performing the changes from GUI, but the correct name is IDF2-L/Bottom. This issue has been resolved in v7.4.5 and v7.6.0

 

Workaround:

  1. Rename the switch by removing '/' from the name and modify the VLANs.

OR

 

  1. Change the native and allowed VLANs via FortiGate CLI:


config switch-controller managed-switch

    edit <switch-name>

        config ports

            edit <port-name>

                set native-vlan <VLAN-ID>

                set allowed-vlans <VLAN-IDs>

            end

        end
65
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.