M5300 - Tagged VoIP VLAN / Untagged Data VLAN Same Port Configuration Help!

I can't think what I am trying to do is unique or should be that complicated, but alas I am not seeming to get anywhere.  Simple setup really.  To keep it really simple, I will break it down to this:

--------

VLAN 1 - Data VLAN

VLAN 11 - Data2 VLAN

VLAN 10 - VoIP / IP PhoneVLAN

--------------------------------------------

Port 1 -  Untagged VLAN 10 - PVID 10 - Force Authorized - VoIP Controller / Server Unit

Port 2 - Untagged VLAN 1 - PVID 1 - Force Authorized - Windows DHCP Server for 172.20.1.X (VLAN  1), 172.20.10.X  (VLAN 10), 172.20.11.X (VLAN 11)

Port 3 - Untagged VLAN 1 - PVID 1, Tagged VLANs 10, 11 - Port Authentication Enabled - MAC Based - Mac Bypass Enabled - Phone - PC

Port 4 - Untagged VLAN 1 - PVID 1, Tagged VLANs 10, 11 - Force Authorized - Phone - PC

---------------------------------------------

Plugged into Port 1 - Phone / VoIP Server / Controller with IP 172.20.10.10

Plugged into Port 2 - Window DHCP Server with Scopes Setup for Each VLAN

Plugged into Port 3 - IP Phone, plugged into IP Phone - PC

Plugged into Port 4 - IP Phone, plugged into IP Phone - PC

---------------------------------------------

Radius server provided by cloud provider.  Phones are set to the VLAN 10 for their traffic from an option sent from the the DHCP server. 

---------------------------------------------

I can plug a computer into Port 3 directly and the system will authenticate just fine via 802.1x or MAB and get on the network receiving a 172.20.1.X address.  I can plug a phone into Port 3 directly and the system will authenticate via MAB, however it shows in the client summary the MAC address of the phone on VLAN 1.  VLAN 10 traffic does not pass across the VLAN to the Phone Server.  Plugging a Phone and PC into the Port both devices show Authorized on the port, however only the PC works as it is sending untagged traffic.  Phone still does not work.

----------------------------------------------

I can plug Phone into port 4 and it works as expected.  I can plug a PC into the phone and it also works as expected.  

----------------------------------------------

So the issue appears to be that I cannot get the Phone to pass tagged traffic on VLAN 10 after it is authorized on the port.  Client summary shows the phone as a client on VLAN 1, even though the phone correctly grabs the option (can see it on the display) to use VLAN 10 when it boots up.  Problem is VLAN 10 is not transmitting / receiving on that port from what I can see.

I need to know what I am missing to get this configuration to work.  Ultimately we want to assign VLAN's Dynamically based on the Radius option, which I have tested and that works as well for the devices, but it only uses either the last or the first authenticated devices' assigned VLAN for untagged traffic on that port based on the Port Auth setting.  Mac based uses last, Auto uses first authenticated.  

Please help me understand what needs to be in place for this configuration to work.  Can confirm this setup appears to work flawlessly on cisco switches so it must just be something that I am doing improperly here.  Our RADIUS provider has an option to "Assign devices to Voice VLAN on successful authentication", however, there is a note that for this to work "Cisco Meraki switches require the following attribute paris within the Access-Accept frame pt put devices on the voice VLAN: Cisco-AVPair=device-traffic-class=voice"  

If there is a video or other resources that can assist with this, I am not afraid to read or study, but I am stumped and feeling like I must absolutely be missing something really simple here.