Hi matthew,
I'm using ArubaOS switch, and I see that it has the option to specify multiple authentication methods on the port (802.1X, MAC auth, captive portal). But if we set 802.1X first and then captive portal, the users would have to fail 802.1X before being able to fallback to captive portal, which is not very good in terms of user experience. And if we set captive portal first, they might be redirected every time the port comes up, and not being able to authenticate by EAP-TLS.
That's what I understand about ArubaOS switch's behavior, and I'm afraid it may not work that way. Am I missing something?
Regards,