You should use the standard Radius « Filter-Id » Attribute (11)
And define the value as the ACL number you want to apply on the authenticated port.
Or
Use the user-profile feature. In the case, set user-profile name as standard Radius Filter-id attribute (11)
User-profile test
qos apply policy test inbound
acl number 3000
rule 0 permit tcp source-port eq 21
traffic classifier classifier_1
if-match acl 3000
traffic behavior behavior_1
filter deny
qos policy test
classifier classifier_1 behavior behavior_1
User-profile test enable
Regards