that setting is mainly used for wired dot1x on Windows devices to enable them to get an IP address or at least keep the interface up.
The WiFi dot1x operation is different from wired dot1x.
in WiFi dot1x only auth, when authentication fails, the AP drops the client
but if you enable "MAC authentication fail-thru" which is one of the configuration options for IAPs, then the WiFi clients remain connected and the AP does MAC auth.
That is how you can use that setting in your screenshot in WiFi context.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------
Original Message:
Sent: May 16, 2023 09:27 AM
From: Ahmad Enaya
Subject: Aruba AP 802.1X Supplicant - Fallback Option
Thank you. But still not clear what happens if the port has no EAP enabled or if the AP fails to authenticate. I configured the port for MAB and Guest VLAN, but I was looking for something similar to Windows Fallback option that says if you fail or no EAP reply disable EAP And send traffic without authentication.
Also, what happens if I enable EAP-PEAP but EAP credentials are not stored yet in some APs or when I add a new AP.
Original Message:
Sent: May 16, 2023 07:38 AM
From: Craig Syme
Subject: Aruba AP 802.1X Supplicant - Fallback Option
Is this Central cloud or Central on-prem? You are correct there is no TLS/PEAP fallback however you can enable EAP-TLS under Devices > Access Points > Config > Interfaces > Uplink > AP1X then choose the Option for TLS or PEAP. Could you configure a MAC Auth on your Switch as a failback option?
Original Message:
Sent: May 15, 2023 09:08 PM
From: Ahmad Enaya
Subject: Aruba AP 802.1X Supplicant - Fallback Option
Aruba APs support 802.1X, but supplicant configuration has limited options. No EAP-TLS, and no option for fallback to open in case of authentication failure or ClearPass is down. M customer is interested in enabling 802.1X in all Aruba APs but wants to know what happens in case of failure as APs are already mounted and resetting them to factory default in case of failure in very difficult.
Any idea about the default behavior of Aruba AP 802.1X supplicant in case of authentication failure or is EAP is not enables on switch port.