I already read "Guide wired policy enforcement" and according to my scenario with Switch's Aruba using Downloadables Roles (DUR) for 802.1X Employee and MAC Auth., I can not make a user who does not authenticate in the network is assigned another Vlan, I tried it with "Port-Bounce" and put another Profile but it does not work, or I do not know which is the best option to do this because if the user does not authenticate, "Authentication error" appears and does not assign an address IP since authentication is denied; I have the services "Wired-802.1X_WebAuth_MAC-Auth";
I have enabled in the "Captive Portal" switch and this configuration per port.
//
tagged vlan 102 (Voice Vlan)
untagged vlan 1
aaa port-access authenticator
aaa port-access authenticator tx-period 10
aaa port-access authenticator supplicant-timeout 10
aaa port-access authenticator client-limit 30
aaa port-access mac-based
aaa port-access mac-based addr-limit 100
exit
//
I hope you can help me, thanks.