For Wireless: Only after a successful EAP-TLS authentication the client and server negotiate the encryption keys for the session. And only with these keys negotiated, the 'link' will come up. So, no. There is no way for 'fallback' as there is no negotiated link.
For wired, you can have a fallback scenario (most times combined with MAC Authentication) if client and infrastructure are configured to do so. In the most secure situation, the client would not allow access if there was no successful authentication, but that also means there is no (wired) access when you take your laptop home or to a customer. That also is a security decision.