ADOM from 7.0 to 7.2: errno=-2 vlan quarantine can not be both untagged-vlans and native vlan

RPS · ‎03-07-2024

Trying to upgrade an ADOM from 7.0 to 7.2 and it continues to fail with the error:

Fail(errno=-2):vlan quarantine can not be both untagged-vlans and native vlan for port28

Enabled diag debug on the FortiManager and then did the upgrade, the debug logs are below:

2024-03-07 11:41:57 copy switch-controller managed-switch.Import-<<NAME>>-<<SERIAL_NUM>>(soid=33478) to dparent=101,
2024-03-07 11:41:57 copy ports.port1(soid=33479) to dparent=33478,
2024-03-07 11:41:57 copy ports.port2(soid=33480) to dparent=33478,

...

2024-03-07 11:41:57 copy ports.port28(soid=33506) to dparent=33478,
2024-03-07 11:41:57 __do_cdb_node_attr_check error:ports.untagged-vlans 2024-03-07 11:41:57 "quarantine"2024-03-07 11:41:57
2024-03-07 11:41:57 --> commit 2024-03-07 11:41:57 copy ports.port28(soid=33506) to dparent=33478, 2024-03-07 11:41:57 fail: err=-2,vlan
quarantine can not be both untagged-vlans and native vlan for port28

If I connect to the switch's CLI port28 shows (4093 is the quarantine VLAN):

<<SWITCH_NAME>> (port28) # show
config switch interface
edit "port28"
set native-vlan 11
set allowed-vlans 4093
set untagged-vlans 4093
set snmp-index 28
next
end

To me this looks like the 4093 quarantine VLAN is not in the native-vlan list but it still fails with that error.

Stephen_G · ‎03-10-2024

Hello RPS,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Stephen - Fortinet Community Team

smkml · ‎03-12-2024

Hi RPS,

Since you need to upgrade the ADOM, can you disable FortiSwitch in central-management for a temporary, and enable it back once it succeed to upgrade?