"Campus mode" vs. "ISP mode" has really to do with VLAN assignment mechanism for the port. In the former, VLAN assignment is done using a VSA sent by the RADIUS server for each authorized client. For ISP mode, the port is preconfigured into a VLAN (typically untagged, but not always) and any authorized clients are bridged into that VLAN.
MAC-based VLAN mode for Netlogin is necessarily "Campus mode" and has the disadvantage that all BUMs are received by all clients on that port regardless of their VLAN assignment.
Regardless, whether pre-configuring the netlogin enabled port into a VLAN, or using a VSA to assign the port to a VLAN, multiple supplicant is still in effect for that port.
However, pre-assigning the VLANs and not using the VSA for the dot1x authentication is a very good idea for my script above. I'll need to make further comments.
