I believe you need a new switch. AFAIK the 3500XL series switches does not and will not support dot1x authentication. The 2950 or 3550 should do quite nicely though (12.1 release train vs. 12.0 for 3500XL). Here is a link to configuring it once you get a switch that will do it.
The only "aaa" that a switch will do is to authenticate a user to log onto the switch, unless it is dot1x capable.
dot1x was developed to grant users/machines access to the network by authenticating them before allowing them to pass traffic on a switchport (or via wireless). So you are correct, that is dot1x in a nutshell. Without it a switch cannot do what your looking for, which is why the 3500XL series won't do it. There is no other mechanism to accomplish this at a switchport level, at least on Cisco equipment from what I know.
You could use other things such as port security via mac addresses and such, but dot1x is required for what you are looking for.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...