In the agent enforcement set bounce client to true for each health status. this will force the onguard agent to perform a bounce from the client side (after a posture status change), not from the switch.
Then the client will reauthenticate with the new health status to your dot1x service, there you can assign a new vlan enforcement, for example user vlan when posture status == healthy, and quarantaine vlan when posture status is unhealthy.