Something like this if you're using Radius for authentication.
#Set selected authentication mode
aaa authentication port-access eap-radius server-group "Radius"
#Configure specified ports for authentication
aaa port-access authenticator 1-24
#Assign unauthenticated client VLAN to authenticator ports
aaa port-access authenticator 1-24 unauth-vid 2
#Assign authenticated client VLAN to authenticator ports
aaa port-access authenticator 1-24 auth-vid 3
#Activate authentication on assigned ports with configured options
aaa port-access authenticator active