Is it possible to use WPA2 over ethernet?
You say "WPA2" but I suspect you're not looking for encryption but, rather, authentication. (If you are looking for encryption then skip to the edit at the end of this answer.)
I strongly suspect you're looking for is 802.1X authentication.
802.1X allows you to have wired (and wireless) clients authenticate before being granted access to the network. All the currently-supported versions of Windows support 802.1X, as do most other modern operating systems. Your Ethernet switches (and/or wireless access points) will also need to support 802.1X, which permits the switch to restrict traffic until the client authenticates.
Typically the switches (and/or wireless access points) would be configured to use a RADIUS server that actually performs the authentication. The RADIUS server would have policy definitions such that each of your switches doesn't need to be aware of the allowed clients but, rather, can just offload that decision to the RADIUS server. This gives you a lot of flexibility in defining policy and allows for scale.
The actual authentication uses the Extensible Authentication Protocol (EAP). EAP allows for a variety of authentication credentials to be used, including user/password or certificates.
Edit:
If you are looking for encryption then IPsec with encapsulating security payload (ESP) is probably the way to go. (Arguably you can also use IPsec for authentication, too, but you won't get security at layer 2 like you will with 802.1X). IPsec can be statically keyed with a pre-shared key, not unlike WPA2, or it can be used with certificates or passwords (via EAP).