No vendor can support MAB and dot1x at the same time.
In Wi-Fi you have a layer 2 security type: Open, WPAx-Peronsal, WPAx-Enterprise, Enhanced Open.
You cannot mix these within the same SSID, so WPAx-Personal will always use a pre-shared key and WPAx-Personal will always be an 802.1X authentication method.
However what you CAN do is in the L3 authentication part you can have a login form that uses a radius server in the background for logins or have some device based access policy.
Usually in companies you have a single SSID with 802.1X authentication for use for corporate owned laptops and other devices supporting 802.1X and BYOD. Then you have a second pre-shared key based SSID (can also be identity pre-shared key) for IoT devices that do not support 802.1X and a third Open/Enhanced Open for visitors where you can optionally have a portal page.
In case of venues you can also have a fourth SSID based on some external system like Cisco's OpenRoaming, or in educations EduRoam.
