How could it be, when it passes the same information in both cases (the only difference is the username/password)? Is it possible that the switch interprets the reply differently for dot1x and mab authentication? I know it's rather Cisco related issue than RADIUS, but maybe someone experienced it before.
The switch has a list of authentication methods to try for each type of login. For example my config for 802.1x says: aaa authentication dot1x default group radius You'll also need: dot1x mac-auth-bypass configured on the interface itself. There's some info here http://www.symantec.com/connect/articles/snac-8021x-mac-authentication-bypas... It's about IAS unfortunately, but it explains the cisco bits. Plenty more on the Cisco site as well. Good luck, Leighton --- This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.