Yes - clients could use 802.1x to authenticate to AD either via Wireless LAN access points or via switches (given APs and switches support 802.1x).
This page list is probably a good starting point with links to various resources for 802.1x wired and wireless networking:
Wired and Wireless Networking with 802.1X Authentication
In a nutshell, you need a Radius server (NPS in a Microsoft / AD environment and in this forum, I guess) and the APs and switches are configured as clients to this Radius servers.
802.1x can use different authentication options, most common are EAP-TLS and PEAP-MS-CHAPv2. In both cases the NPS server has a server certificate, thus the authentication channel is protected. Clients authenticate either using certificates (you need a PKI
to distribute those) or username (machine name) and password (PEAP).
Client settings (such as: authenticate as a computer, user, or both) are distributed via group policies.
At the Radius server policies are configured, that (e.g.) determine which groups of users or computers are allowed to use these networks. There could be different policies for wired and wireless LANs.
Elke
(Edit - clarification, just to be sure: I was assuming here... also because this is the network access protection forum... that logon to AD should be a requirement to connect to the network. Of course you could have an open or MAC-'protected' WLAN and unprotected
switch ports and users would still need to logon to AD to access resources on the network.)
