cuando mi cliente no soporta 802.1x, se supone que el puerto del switch debe permanecer en estado no autorizado. Pero no logro que esto funcione.

¿Sabe alguien como se logra esto?

This is may configuration:

aaa new-model

aaa authentication dot1x default group radius

aaa authorization network default group radius

radius server ServidorCPPM

address ipv4 192.168.1.1 auth-port 1812 acct-port 1813

key peppearste

dot1x system-auth-control

class-map type control subscriber match-any AAA-DOWN

match result-type aaa-timeout

exit

!

class-map type control subscriber match-all DOT1X-FAILED

match method dot1x

match result-type method dot1x authoritative

exit

!

class-map type control subscriber match-all DOT1X_NO_RESP

match method dot1x

match result-type method dot1x agent-not-found

exit

!

policy-map type control subscriber DOT1X-DEFAULT

event session-started match-all

  10 class always do-all

   10 authenticate using dot1x priority 10

event violation match-all

  10 class always do-all

   10 restrict

event agent-found match-all

10 class always do-all

   10 authenticate using dot1x

event authentication-failure match-all

10 class AAA-DOWN do-all

   10 terminate dot1x

  20 class DOT1X_NO_RESP do-all

   10 terminate dot1x

   20 unauthorize

30 class DOT1X-FAILED do-all

   10 terminate dot1x

  40 class always do-until-failure

   10 terminate dot1x

   20 authentication-restart 60

interface GigabitEthernet0/1

switchport mode access

service-policy type control subscriber DOT1X-DEFAULT

authentication periodic

authentication timer reauthenticate server

mab

access-session host-mode multi-auth

dot1x timeout tx-period 10

access-session port-control auto

dot1x pae authenticator

interface Vlan109

ip address 192.168.1.254 255.255.255.0

Thank you