interface GigabitEthernet1/0/11
description ######
switchport mode access
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky ####.####.####
switchport port-security
access-session port-control auto
mab
dot1x pae authenticator
spanning-tree portfast
service-policy type control subscriber TEST

policy-map type control subscriber TEST

event session-started match-all
10 class always do-until-failure
10 authenticate using dot1x priority 10
event agent-found match-all
10 class always do-until-failure
30 authenticate using dot1x priority 10
event authentication-failure match-first
10 class always do-until-failure
event authentication-success match-all
10 class always do-until-failure
10 activate service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE

radius server radius
address ipv4 192.168.40.45 auth-port 1645 acct-port 1646 key ######

dot1x system-auth-control
dot1x auth-fail eapol

aaa authentication login default group radius local
aaa authentication enable default group radius
aaa authentication dot1x default group radius
aaa authorization exec default group radius if-authenticated
aaa authorization network default group radius if-authenticated
aaa accounting identity default start-stop group radius
aaa accounting system default start-stop group radius

in logg i have only one messange:

%DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (xxxx.xxxx.xxxx) with reason (Cred Fail) on Interface Gi1/0/11 AuditSessionID C0A8230E00013533E1B44AC2