Switch.com is an IT company that has an existing enterprise network comprised of two layer 2 only switch; DSW1 and ASW1. The topology diagram indicates their layer 2 mapping. VLAN 20 is a new VLAN that will be used to provide the shipping personnel access to the server. Corporate polices do not allow layer 3 functionality to be enabled on the switch. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:

• User connecting to VLAN 20 via pot f0/1 on ASW1 must be authenticated before they are given access to the network. Authentication is to be done via a Radius server:
• Radius key: rad123
• Authentication should be implemented as close to the host ad possibile
• Device on VLAN 20 are restricted to the subnet of 172.120.40.0/24 
• Packets from devices in the subnet of 172.120.40.0/24 should be allowed on VLAN20.
• Packets form devices in any other address range should be dropped on VLAN20.
• Filtering should be implemented as close to the serverfarm as possible.

The Radius server and application server will be installed at a future date. You have been tasked with implementing the above access control as a pre.condition to installing the servers. You must use the available IOS switch features