hi everyone , 

I'm running 802.1X on wired with Cisco ISE , I'm using template on switch  to authenticate Computer and IP-Phone , so IPPhone get authenticated and Computer failed and match MAP Policy on ISE .

Find below the config that I'm using 

class-map type control subscriber match-any AAA-DOWN
match result-type aaa-timeout
class-map type control subscriber match-all DOT1X-FAILED
match method dot1x
match result-type method dot1x authoritative

policy-map type control subscriber DOT1X-DEFAULT
event session-started match-all
10 class always do-all
10 authenticate using dot1x priority 10
20 authenticate using mab priority 20
event violation match-all
10 class always do-all
10 restrict
event agent-found match-all
10 class always do-all
10 authenticate using dot1x
event authentication-failure match-all
10 class AAA-DOWN do-all
10 authorize
20 activate service-template CRITICAL
30 terminate dot1x
40 terminate mab
20 class DOT1X-FAILED do-all
10 authenticate using mab

____________________

template port-auth-Laptop-IPPhone
dot1x timeout tx-period 7
dot1x max-reauth-req 3
spanning-tree portfast
spanning-tree bpduguard enable
switchport access vlan 101
switchport mode access
switchport voice vlan 100
device-tracking attach-policy IPDT_POLICY
mab
access-session host-mode multi-domain
access-session port-control auto
authentication periodic
authentication timer reauthenticate server
service-policy type control subscriber DOT1X-DEFAULT
description User Desktop + Phone

----------------

interface GigabitEthernet1/0/33
ip access-group IPV4_PRE_AUTH_ACL in
source template port-auth-Laptop-IPPhone
spanning-tree portfast

please help me fix this issus .