WA6320H面板AP的lan口配置802.1x后下联用户不能认证

具体配置如下：

 sysname 8haoyingdi3qu-bgl-4110

#

 telnet server enable

#

 dot1x

 dot1x authentication-method eap

 dot1x timer reauth-period 300

#

 mac-authentication 

 mac-authentication domain radius-hnld 

#

 lldp global enable

#

 password-recovery enable

#

vlan 1

#

vlan 2 to 160

#

interface NULL0

#              

interface Vlan-interface1

 ip address dhcp-alloc

 ipv6 address auto

 ipv6 address dhcp-alloc

#

interface Vlan-interface150

#

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan all

#

interface GigabitEthernet1/0/2

 port access vlan 150

 stp edged-port

 dot1x

 dot1x mandatory-domain radius-hnld

#

interface GigabitEthernet1/0/3

 port access vlan 103

#

interface WLAN-Radio1/0/1

#

interface WLAN-Radio1/0/2

#

 scheduler logfile size 16

#

line class console

#

line class vty

#

line con 0

#

line vty 0 4

 set authentication password hash $h$6$Z83icwaxMII18Ayi$VzVf05Ep9CGpAnuusJzgptjYVuqhTRuCgl3amSgXAbi8LgfiGvomMHFiDL/4kM/X1p3ci/WblBwPyhn8IhhsQg==

#

line vty 5 63

#

 undo gratuitous-arp-learning enable

#

acl advanced 3001

 rule 0 permit ip destination 10.190.0.1 0

 rule 2 permit ip source 10.190.0.1 0

 rule 3 deny ip

#

 radius nas-ip 172.16.1.31

#              

radius scheme radius-bbb

 primary authentication 10.190.0.1

 primary accounting 10.190.0.1

 key authentication cipher $c$3$V7xMRwgDRiaqo1y4cIsP+bnh28t5dNOPs4M=

 key accounting cipher $c$3$IVsfaGJDjnJ0IKWgcTTV6bneUeTVqo7ir6c=

 user-name-format without-domain

 nas-ip 172.16.1.31

#

domain radius-bbb

 authentication lan-access radius-scheme radius-bbb none

 authorization lan-access radius-scheme radius-bbb none

 accounting lan-access radius-scheme radius-bbb none

#

domain system

#

 domain default enable radius-hnld

#