my company has a security policy, requesting any machine that connects to the network to be authenticated with certificates. Now we are installing a WLAN, and the request would be that the APs also act as supplicants so that the switchports were they are going to connect, can be authorized via EAP using for that, certificates. Looking at the config guide and at the WLC i only find username and password as authentication parameters. Is there a way to make it also via certificates? The WLC is a 5508, 7.2(110) and the APs are LAP1142n.
You need to look at EAP-TLS which require a certificate on each domain machine. You can authenticate the AP to a AAA server to allow ap to either join the WLC or not. But for device authentication you need to look at machine authentication using EAP-TLS.