The behavior is determined by the multiauth config of the port:
Specifies the port(s)’ multiple authentication mode as:
auth-opt — Authentication optional (“non-strict” behavior). If a user does not attempt to authenticate using 802.1x, or if 802.1x authentication fails, the port will allow traffic to be forwarded according to the defined default VLAN. This mode is typically used with a default policy that restricts the unauthenticated user while allowing the authenticated user to gain a higher level of network access.
auth-reqd — Authentication is required. All user traffic is dropped until the user authenticates.
force-auth — Authentication disable, all traffic is allowed to pass (this mode is often set on underlying lag ports)
force-unauth — Authentication disabled. The authentication ID is disabled, no authentication is possible, and all traffic is dropped.