Hi
If i understand your question, you want to assign a specific vlan to a user that authentication failed with ISE, am i right?
If yes, on the switch, on the port configuration, you can use the command:
authentication event fail action authorize XX
--> XX represents there vlan id you want to assign in case of failed authentication.
You have also another command to assign a vlan in case ISE isn't responding because it's down (important otherwise you're users won't have access to the network):
authentication event server dead action authorize vlan XX
--> XX represents vlan id you want to assign if ISE is down.
Hope that answers your questions
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question