WX 系列无线控制器本地MAC地址认证下发vlan不成功问题

需求：客户现场有多层办公楼，希望使用一个SSID统一接入，每层楼接入相同VLAN，终端在不同楼层间移动或者接入希望接入相同VLAN，保证终端访问权限不变；

组网：针对客户需求，现场使用MAC地址认证对认证成功用户授权，每次用户接入使用相同vlan，保证客户接入访问权限，由于现场没有单独radius服务器，现场使用AC作为radius服务器对用户认证并赋予认证权限；

问题现象：用户接入无线连接成功，但不久之后就下线，终端无法获取IP地址，设备上日志提示认证失败。

设备上日志提示测试终端接入认证失败，无线下线原因为reason 1：

%Jan 18 14:35:32:195 2016 WX3510E-zhu PORTSEC/6/PORTSEC_MACAUTH_LOGIN_FAILURE: -IfName=WLAN-DBSS1:417-MACAddr=38:59:F9:E9:22:F3-VlanId=1-UserName=3859f9e922f3-UserNameFormat=MAC address; The user failed the MAC address authentication.
%Jan 18 14:35:32:226 2016 WX3510E-zhu WMAC/6/WMAC_CLIENT_GOES_OFFLINE:  Client 3859-f9e9-22f3 disconnected from WLAN HG-Office. Reason code is 1.

从设备日志记录信息分析，终端接入MAC地址格式正确：

%Jan 18 14:35:32:195 2016 WX3510E-zhu PORTSEC/6/PORTSEC_MACAUTH_LOGIN_FAILURE: -IfName=WLAN-DBSS1:417-MACAddr=38:59:F9:E9:22:F3-VlanId=1-UserName=3859f9e922f3-UserNameFormat=MAC address; The user failed the MAC address authentication.

由于认证过程需要对账户下发授权，通过调试信息看到设备对认证账户并未下发授权vlan：

*Jan 18 14:35:30:915 2016 WX3510E-zhu PORTSEC/7/Event: Process WLAN MSG:3, user-info:
 ModuleID:0xb030000, SrcID:0xffffffff, UserIndex:4294967295
 IfIndex:0xc70009, VlanID:1, LogoffCode:0
 LeaveFlag:0, AuthorFlag:0
 UserName:, SSID:HG-Office
 StaMAC:3859-f9e9-22f3, BSSID:5866-bab6-06d0
 AuthorInfo:
 VlanID:0, Acl:0, UserprofileID:-1
*Jan 18 14:35:30:956 2016 WX3510E-zhu PORTSEC/7/Event: Port:WLAN-DBSS1:417,Receive PORTSEC_RCVMSG_AUTHREQ_PSK_11KEY msg
*Jan 18 14:35:30:976 2016 WX3510E-zhu MACAUTH/7/EVENT: Port:WLAN-DBSS1:417,Portsec received the Mac authenticate request from WLAN.
*Jan 18 14:35:30:996 2016 WX3510E-zhu MACAUTH/7/EVENT: Port:WLAN-DBSS1:417,new mac address 3859-f9e9-22f3
*Jan 18 14:35:31:017 2016 WX3510E-zhu MACAUTH/7/EVENT: Auth:751,Processing node CONNECTING...
*Jan 18 14:35:31:027 2016 WX3510E-zhu MACAUTH/7/EVENT: Auth:751,Processing node connecting trans...
*Jan 18 14:35:31:037 2016 WX3510E-zhu MACAUTH/7/Error:: Auth:751,The user (3859f9e922f3@mac) authentication failed.
*Jan 18 14:35:31:058 2016 WX3510E-zhu PORTSEC/7/Event: Port:WLAN-DBSS1:417,Auth:751,PortSec handling access user(MAC:3859-f9e9-22f3, userIndex:0x000002ef) event(4) of srcMod(11):
*Jan 18 14:35:31:078 2016 WX3510E-zhu MACAUTH/7/EVENT: Port:WLAN-DBSS1:417,Auth:751,PORTSEC HandleAccessUserEvent return 0
*Jan 18 14:35:31:098 2016 WX3510E-zhu MACAUTH/7/EVENT: Auth:751,Processing node RELEASE...
*Jan 18 14:35:31:109 2016 WX3510E-zhu PORTSEC/7/Event: Port:WLAN-DBSS1:417,Auth:751,PortSec handling access user(MAC:3859-f9e9-22f3, userIndex:0x000002ef) event(32) of srcMod(11):
*Jan 18 14:35:31:129 2016 WX3510E-zhu PORTSEC/7/Event: Port:WLAN-DBSS1:417,
 Intrusion Protection occurs, NO action!
*Jan 18 14:35:31:149 2016 WX3510E-zhu PORTSEC/7/Event: Port:WLAN-DBSS1:417,PortSec Notify Event Module:0x0b030000, Event:0x00000004, RegEventMask:0x00000f8e, fun:0x81d90d78, ret:0x00000000

查询账户相关配置，发现账户下配置绑定VLAN，绑定vlan为终端认证时检测vlan是否与绑定vlan相同，如果不同将认证失败，经过沟通发现现场配置错误，应该配置为授权vlan：

#

local-user 3859f9e922f3
 password cipher $c$3$EhA00UwbqM2lMJw8coMqPAr+JFe3LK4emgi8/OB06Q==
 bind-attribute vlan 12
 service-type lan-access

#

在账户下删除绑定vlan，增加授权vlan配置，终端重新接入认证成功，查询接入VLAN正确。

#

local-user 3859f9e922f3
 password cipher $c$3$EhA00UwbqM2lMJw8coMqPAr+JFe3LK4emgi8/OB06Q==
 authorization-attribute vlan 12
 service-type lan-access

#