I configured the switch to fail-open if the communication with CPPM lost, but I got the unauthorized users have access to network due to this setting.
If someone have 802.1x enabled on his adapter and connected his PC to network, then the conencted switch port will start looking for the authentication server, but since the authentication will fail for this user, then and due to the "fail-open" action in switch port, the port will be assigned to the data VLAN and he will have network access.
So is this logic, or it must be setup in different way?