Switch does not fill in the Calling-Station-ID with the MAC Address, therefore ISE 1.0 cannot do a normal MAB.
MAB was added to ISE 1.2 to support 3rd party devices like this one.
Service-Type = Login, not Call-Check.
There are NO debugs on the Nortel. Not a single one. So you cannot debug AAA, RADIUS, and you will need to use a sniffer. When you use the sniffer, since there are no debugs, it is not possible to see what the Nortel switch is actually doing with the received RADIUS messages.
Use Policy Sets...
Nortel MAB will send MAC Address as Username, but does not send Calling-Station-ID. Therefore: you must check the box to use the username for host-lookup.
Do NOT check the box to compare the password for the MAB - it will not work. Nortel sends the password as .<macaddress>. (example: .aabbccddeeff.) So therefore it is NOT the same format as the username which is AA:BB:CC:DD:EE:FF...
4550T-PWR#show running-config ! Embedded ASCII Configuration Generator Script ! Model = Ethernet Routing Switch 4550T-PWR ! Software version = v5.6.1.052 ! ! Displaying only parameters different to default !================================================ enable configure terminal ! ! *** CORE (Phase 1) *** ! ntp server 172.25.73.1 enable authentication-key 1 ntp authentication-key 1 "cisco" ntp interval 1440 ntp radius server host 10.1.100.231 acct-enable radius server host key "Cisco123" radius server host 10.1.100.231 used-by eapol acct-enable radius server host key "Cisco123" used-by eapol radius server host 10.1.100.231 used-by non-eapol acct-enable