Yep, the APs don't really inhibit the EAP type, its more to do with what the supplicant and RADIUS server support. Cisco ISE supports EAP-TLS, but this will mean you'll most likely be using certificates for authentication, so you'll need an appropriate Enterprise PKI in place, certificates issued to devices/users, and trusted CA certificates installed on ISE - and then you need to write the policy to check the certificates. If this is your first experience with ISE I'd follow the guide and get the username/password solution working with PEAP-MSCHAPv2 first, and then look at how you can move to EAP-TLS and certificates.
... View more