Yes we can apply on Cisco Router(as much as I know) and we have the following options:
- OTP using external RADIUS server and RSA tokens
- EAP-Chaining using the AnyConnect Agent and Cisco ISE
- MAR (machine access restrictions). If the machine had not performed authentication the user will not be authorized
- Layer 3 security on the Wireless LAN Controller