yes it can using flexauth

"Case 2: MAB First in Order but Higher Priority Assigned to 801.1X

If you change the order so that MAB comes before 802.1X and change the default priority so that 802.1X has higher priority than MAB, then every device in the network will still undergo MAB,. However, devices that pass MAB can subsequently authenticate via 802.1X. This enables a scenario where devices can get partial access to be assigned an IP address or begin a PXE boot, and so forth, after successful authentication via MAB and then get complete access after a successful 802.1X authentication. In this case, you can have 802.1X devices in your MAB database.

Pay attention to what happens if a device fails 802.1X after a successful MAB. First, the device will have temporary network access between the time MAB succeeds and 802.1X fails. What happens next depends on the configured event-fail behavior. If local web-auth is not configured, then the switch will return to the first method (MAB) after the configured interval (dot1x timeout quiet-period). MAB will succeed, the device will again have temporary access until and unless the supplicant tries to authenticate again. This behavior is supplicant-dependent. Some supplicants will stop attempting 802.1X after a certain number of failed attempts and some will continue indefinitely. If the supplicant stops attempting 802.1X altogether, the device will eventually end up with MAB-authorized access. If the supplicant continues to attempt 802.1X, the device will have intermittent access as it cycles between successful MAB and failed 802.1X."

Hi,

I would like to know my switch port authentication is  double authentication.

Eg. MAC sticky + 802.1x with certificate or username/password. ( not mean MAC stick or 802.1x)

I want to do switch port check MAC firstly.If MAC is correct ,check 802.1x with certificate. I would like to do two step authentication.

let me know switch port can do one authentication in one time ?

Or can do both ?