When AP is set with dot1x supplicant
configuration to perform port authentication, it presents its Base MAC address.
This MAC is visible in self-overrides for give AP or using show version on <AP>
However, there is physical MAC assigned to GE1 port, which is serving Layer2, but is not contributing in other communication.
This unfortunately adds a MAC to get authenticated which does not supply EAP details.
The GE1 MAC is to be ignored by RADIUS server as only a single base MAC is used to communicate across all VLANs.