Enable AAA
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# aaa authorization network default group radius
Switch(config)# aaa accounting dot1x default start-stop group radius
Switch(config)# aaa accounting network default start-stop group radius
authentication mac-move permit
dot1x system-auth-control
dot1x guest-vlan supplicantConfigure RADIUS Server
Switch(config)# radius-server host 192.168.128.245 auth-port 1812 acct-port 1813 key PRESHAREDKEY
Switch(config)# radius-server host 192.168.128.246 auth-port 1812 acct-port 1813 key PRESHAREDKEYPort Configuration
Switch(config)# interface range FastEthernet0/1-20
Switch(config-if)#authentication event fail action authorize vlan 100
Switch(config-if)#authentication event no-response action authorize vlan 1
Switch(config-if)#authentication host-mode multi-domain
Switch(config-if)#authentication order mab
Switch(config-if)#authentication port-control auto
Switch(config-if)#mab
Switch(config-if)#dot1x pae authenticatorAuthentication event fail action authorize vlan
This is the GUEST VLAN for unknown devices
Authentication event no-response action authorize vlan
In case the RADIUS Server isn't responding (e.g. server dead), you can configure a fallback VLAN. e.g. office VLAN.