无线一次认证双栈放行失败

无线需要做一次认证双栈放行，ipv4认证后ipv6可以访问外网。配置完成后出现的问题是当认证页面弹出还没有输入账号认证的时候，ipv6就可以访问外网，此时ipv4地址不能访问外网，输入账号认证通过后 ipv4和ipv6都可以访问外网，我感觉ipv4认证控制不了ipv6的流量。我在无线服务模板里加上portal ipv6 enable method direct  后ipv4认证前和认证后ipv6都不能访问外网。下面是服务模板里的配置

wlan service-template test 

 ssid drocm-test 

 vlan 240 

 portal enable method direct

 portal domain drcom

 portal bas-ip 192.168.4.6 

 portal apply web-server drcom 

 portal dual-stack enable 

 service-template enable

我的无线控制器和认证服务器都是旁挂在核心交换机上，用户的地址池和网关都在AC上。下面是相关配置

interface Vlan-interface240

 ip address 172.16.32.250 255.255.224.0

 ipv6 dhcp select server 

 ipv6 address 2001:DA8:D818:240::1/64 

 ipv6 nd autoconfig managed-address-flag 

 ipv6 nd autoconfig other-flag 

 undo ipv6 nd ra halt

#

ipv6 dhcp pool pool240 

 network 2001:DA8:D818:240::/64 

 dns-server 2001:DA8:D818:88::68

 dns-server 2001:DA8:D818:88::67 

 domain-name ***.***

#

dhcp server ip-pool vlan240

 gateway-list 172.16.32.250

 network 172.16.32.0 mask 255.255.224.0

 dns-list 192.168.88.68 192.168.88.67

#

radius scheme drcom

primary authentication 192.168.88.252

primary accounting 192.168.88.252

 key authentication cipher $c$3$Tcn/A0+W

key accounting cipher $c$3$fx/LW0Omp

timer realtime-accounting 3

user-name-format keep-original

nas-ip 192.168.4.6

#

domain drcom

authorization-attribute idle-cut 60 102400

authentication lan-access radius-scheme drcom

authorization lan-access radius-scheme drcom

accounting lan-access radius-scheme drcom

authentication portal radius-scheme drcom

authorization portal radius-scheme drcom

accounting portal radius-scheme drcom

#

portal web-server drcom 

 url http://192.168.88.252/a79.htm

 url-parameter wlanacname value ac

url-parameter wlanssid ssid

url-parameter wlanuesrmac source-mac

url-parameter wlanuserip source-address

#

portal server drcom

ip 192.168.88.252 key cipher $c$3$CfTvM8dmY

port 2000