Trying to turn on MAC auth on a per port basis as well but I am getting an error. Config is below.
radius-server host 10.72.211.26 key "*******"
radius-server host 10.72.211.26 dyn-authorization
timesync sntp
sntp unicast
sntp server priority 1 10.72.211.16
snmp-server community "public" unrestricted
aaa authentication port-access eap-radius
aaa port-access authenticator 42
aaa port-access authenticator 42 auth-vid 1
aaa port-access authenticator 42 unauth-vid 150
aaa port-access authenticator active
SW1(config)# aaa port-access mac-based 42
Configuration change denied for port 42.Only Web or Local MAC or
MAC-authenticator can
have unauthenticated VLAN enabled if 802.1X authenticator is enabled on the
same port.Please remove the unauthenticated VLAN from 802.1X authentication
on this port using the following command:
"no aaa port-access authenticator <PORT-LIST> unauth-vid"
Note that you can set unauthenticated VLAN for Web or Local MAC or MAC
authentication instead.
SW1(config)#