Hi mohanvnegi,
DUR is based on "user-based authentication".
So it means that you can assign different user-roles on a same port, in the limit of 32, as each user/device will be individually authenticated.
Once authenticated, the match between the user and the Role/Network Profile, and so the VLAN, is made through its MAC Address.
So, your implementation is totally supported :
You can use 2 different user-roles, with 2 different profiles, assigned by 2 different authentication methods, without any issue.
You can even assign your user to a tunnel if you want to use Dynamic Segmentation, and let your IP Phone forward on the legacy network.
You can refer to the "Access Security Guide" if you need more informations regarding User-Based and Port-Based Authentication modes.
You can also look at the "ClearPass Solutions Guide: Wired Policy Enforcement" document.