It depends on the requirements and what type of authentication is enabled on each port.
You could enforce a URL redirect (catch all) when the users fails 802.1X or if the device doesn’t meet any of the Mac authentication conditions (assuming you are using MAB)
Another option is that user/device could be dropped in a guest or remediation VLAN
But at the end of the day it depends on the security requirements for the project
Thank you
Victor Fabian
Pardon typos sent from Mobile