I have implemented this technology at a company who was correct in being concerned about public access to their network ports. When I was posed the question about the automatic lockdown of ports based on authorized computers within Active Directory, I explained the functionality about the implementation of a 802.1x authentication server and configuring all Cisco devices to acts as clients and then send the authentication request to the RADIUS servers.
I have implemented this in 2 ways. Firstly using Microsoft NPS and creating the objects for the computers within AD and pushing out a GPO which contains the installation of a private certificate so that EAP can be used.
I have now implemented a Cisco TACACS solution by using the same method. The TACACS server is used instead of NPS but still servers as a RADIUS server.
This was implemented quickly with a lot of planning. Firstly finding out all of the MAC addresses which were on each switch, then documenting every port and the end device and removing unmanaged switches at the edge. These switches were then configuring with the RADIUS server parameters along with MAB and Dot1x configuration elements to provide a secure authentication mechanism which provide to be very dynamic and helpful in the company.