继续求助2，s5560有线802.1x验证不通过，客户端用iNode7.3，附全部配置+debug

交换机是S5560，客户端是win10+iNode7.3，采用本地认证，交换机可以读取用户信息但验证失败。

确认测试用户test的密码设置为最简单"12345678"，但仍失败，提示ErrCode=8。

配置如下：

[Core_SW]dis cur

#

 dot1x 

# 

interface GigabitEthernet1/0/3 

 port access vlan 20

 stp edged-port

 dot1x

 #

domain system

 authentication lan-access local

 authorization lan-access local

 accounting lan-access local

#

 domain default enable system

 #

local-user test class network

 password cipher $c$3$rPs7cArO5ZceaH2FVzU6PbNWJB+Hh3gpRls=

 service-type lan-access

 authorization-attribute user-role network-operator 

# 

=====================================================

debugging dot1x all，全部的debug信息显示如下：

*Dec 13 14:44:09:881 2019 Core_SW DOT1X/7/PACKET: 

Transmitted a packet on interface GE1/0/3. 

---Verbose information of the packet---

 Destination Mac Address: f439-0924-0aa9 

Source Mac Address: 9ce8-95d1-a74c 

VLAN ID: 20 

Mac Frame Type: 888e

 Protocol Version ID: 1 

Packet Type: 0 

Packet Length: 22 

-----Packet Body----- 

Code: 1 

Identifier: 2 

Length: 5632 

*Dec 13 14:44:09:896 2019 Core_SW DOT1X/7/PACKET: 

Received a packet on interface GE1/0/3.

 ---Verbose information of the packet--- 

Destination Mac Address: 9ce8-95d1-a74c 

Source Mac Address: f439-0924-0aa9 

Mac Frame Type: 888e 

Protocol Version ID: 1

 Packet Type: 0 

Packet Length: 26 

-----Packet Body-----

 Code: 2 

Identifier: 2

Length: 26 

*Dec 13 14:44:09:896 2019 Core_SW DOT1X/7/EVENT: [f439-0924-0aa9:VLAN20:GE1/0/3] BE is in Response state. 

*Dec 13 14:44:09:897 2019 Core_SW DOT1X/7/EVENT: [f439-0924-0aa9:VLAN20:GE1/0/3] Created server timeout timer successfully. 

*Dec 13 14:44:09:905 2019 Core_SW DOT1X/7/EVENT: [f439-0924-0aa9:VLAN20:GE1/0/3] User sent authentication request. 

%Dec 13 14:44:09:908 2019 Core_SW DOT1X/6/DOT1X_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/3-MACAddr=f439-0924-0aa9-VLANID=20-Username=test-ErrCode=8; User failed 802.1X authentication. 

*Dec 13 14:44:09:910 2019 Core_SW DOT1X/7/EVENT: [f439-0924-0aa9:20:GE1/0/3] AAA processed authentication request and returned Failure code 26. 

*Dec 13 14:44:09:911 2019 Core_SW DOT1X/7/EVENT: [f439-0924-0aa9:VLAN20:GE1/0/3] BE is in Fail state. 

*Dec 13 14:44:09:913 2019 Core_SW DOT1X/7/PACKET: 

Transmitted a packet on interface GE1/0/3. 

---Verbose information of the packet--- 

Destination Mac Address: f439-0924-0aa9 

Source Mac Address: 9ce8-95d1-a74c 

VLAN ID: 20 

Mac Frame Type: 888e 

Protocol Version ID: 1 

Packet Type: 0 

Packet Length: 4 

-----Packet Body-----

 Code: 4 

Identifier: 2 

Length: 1024 

*Dec 13 14:44:09:914 2019 Core_SW DOT1X/7/EVENT: [f439-0924-0aa9:VLAN20:GE1/0/3] PAE is in Aborting state. 

*Dec 13 14:44:09:914 2019 Core_SW DOT1X/7/EVENT: [f439-0924-0aa9:VLAN20:GE1/0/3] BE is in Initialize state. 

*Dec 13 14:44:09:914 2019 Core_SW DOT1X/7/EVENT: [f439-0924-0aa9:VLAN20:GE1/0/3] PAE is in Disconnect state. 

*Dec 13 14:44:09:915 2019 Core_SW DOT1X/7/EVENT: [f439-0924-0aa9:VLAN20:GE1/0/3] BE is in Idle state. 

*Dec 13 14:44:09:915 2019 Core_SW DOT1X/7/EVENT: PORT_SM[GE1/0/3] received event Set the port authorization status to unauthorized.. 

*Dec 13 14:44:09:917 2019 Core_SW DOT1X/7/EVENT: [f439-0924-0aa9:VLAN20:GE1/0/3] Processing the event of AuthenFail. 

*Dec 13 14:44:09:917 2019 Core_SW DOT1X/7/EVENT: [f439-0924-0aa9:VLAN20:GE1/0/3] Notified PortSec of AuthenFail result: 2

##########

====================

附上基本全部的配置：

[Core_SW]dis cur 

#

 sysname Core_SW

#

 clock timezone PRC add 08:00:00 

#

 telnet server enable #

 irf mac-address persistent timer

 irf auto-update enable undo

 irf link-delay 

irf member 1 priority 2

 irf member 2 priority 1 

#

 dot1x 

#

 dns server 114.114.114.114 

#

 lldp global enable 

# 

 password-recovery enable 

#

 vlan 1 

#

 vlan 10 

#

 vlan 20 

#

 vlan 252 

#

 irf-port 1/1 port group

 interface Ten-GigabitEthernet1/0/25 

#

 irf-port 2/2 port group 

 interface Ten-GigabitEthernet2/0/25 

#

 stp global enable 

#

 interface Bridge-Aggregation13

 port link-type trunk

 port trunk permit vlan 1 20 

#

 interface Bridge-Aggregation14

 port link-type trunk

 port trunk permit vlan 1 10 

#

 interface Bridge-Aggregation23

 port link-type trunk

 port trunk permit vlan 1 20 

#

 interface Bridge-Aggregation24

 port link-type trunk

 port trunk permit vlan 1 10 

#

 interface NULL0 

#

 interface Vlan-interface1 

#

 interface Vlan-interface10 ip address xxxxx 

#

 interface Vlan-interface20 ip address xxxxxxxxxx 

#

 interface GigabitEthernet1/0/3

 port access vlan 20

 stp edged-port

 dot1x 

#

 scheduler logfile size 16

 #

 line class aux

 user-role network-admin 

#

 line class vty

 user-role network-operator 

#

 line aux 0 1

 user-role network-admin 

#

 line vty 0

 user-role network-admin

 user-role network-operator

 set authentication password hash $h$6$kdh0pOK5OTSPlO5R$0G9n7P9J9Du+gOZJnADvXp30j4JHBs2OViC5r+SP6RYU5eBE4Xn4SDyORJzId2GxQapSe5PyQWXnHRTZiAiKCA== 

 idle-timeout 180 0 

#

 ip route-static xxxxxxxxxxxxxxxx 

#

 ntp-service enable

 ntp-service unicast-server ***.*** 

#

 domain system

 authentication lan-access local

 authorization lan-access local

 accounting lan-access local 

#

 domain default enable system 

#

 role name level-0

 description Predefined level-0 role 

#

 user-group system 

#

 local-user admin class manage

 password hash $h$6$ktmWTMdwDA7Kr2kk$Kl4TF/Hw2hBAJUtXCBlEBdkgYy4Pd1xb3Zp4gVujXP80Tqb5N6d9mwVXhpS8dCmY6hlaTSzwLE06gGX5p9LpvA==

 service-type telnet terminal

 authorization-attribute user-role network-admin 

 authorization-attribute user-role network-operator 

#

 local-user test class network

 password cipher $c$3$rVPhtEAQ/RLN1qR1EsUtaHIj/AbQIkawg6ev

 service-type lan-access

 authorization-attribute user-role network-operator 

#

 return

麻烦各位老大帮忙看看还是哪些地方没有设置，非常感谢！