Hi z1vikingfan,
this works as designed since years - manually changes of vlan assignments are not allowed on EAP enabled ports for security reasons. Once the device is authenticated on one of these ports, the related radius return attributes for vlan-create, vlan-id, i-sid, etc. are "allowed" to set these settings.
Good luck