Thank you for your time. I as mentioned in the edit already I solved this on my own, but I will answer for anyone looking at his in the future.
You mention Ethernet WAN (i.e. wired) and wpa2 (i.e. wireless) in the same sentence. Please clarify.
I meant wired connection using 802.1x authentication. I was confused because I thought wpa2 and 802.1x was the same thing.
Here is how I solved it:
Since my router had flash size limitations I created a firmware build without ppp and ipv6 and replaced wpad-basic-wolfssl with wpad-wolfssl and then flashed it on the device: make image PROFILE=tplink_tl-wdr3600-v1 PACKAGES="uhttpd uhttpd-mod-ubus libiwinfo-lua luci-base luci-app-firewall luci-mod-admin-full luci-theme-bootstrap -ppp -ppp-mod-pppoe -ip6tables -odhcp6c -kmod-ipv6 -kmod-ip6tables -wpad-basic-wolfssl wpad-wolfssl"