I am working on dot1x configuration deployment project and wanted to clear one confusion, I am having simple setup in which after authentication, workstation should go to vlan decided by ACS and after failed authenticatio, workstation should go to Guest or auth-fail any one is fine since I will keep both same.
So I can understand that basic config should be as follows considering old IOS.
dot1x port-control auto
switchport mode access
switchport guest-vlan 10
switchport auth-fail valn 10
Now I had see many configuration examples and found that many have defined vlan's in switchport mode access 
Why is this command needed since vlan will be assigned from ACS, Could somone tell me why few configuration have defind ports in some vlans already ?
Also what can be best practice in case ACS server goes down, since in that scenario all workstation will fail into auth-fail or Guest vlan's.
Is there any Best practices for such scenario's ?????