Hi @shredder,
It is possible to protect your Wifi with Duo two-factor authentication, as described here in a past post. I think a better solution would be to protect access to the applications your users use instead, though. The response in that link details why many people who are considering this approach ultimately go another route instead.
As for Cisco wireless access points, I am not familiar with them to make any sort of recommendation. A good bet would be to post in the Cisco Wireless Mobility community (you can even just crosslink this post) as the members there will likely be better equipped to help you.
Also, others in the Duo community may have some insight to offer here, so I welcome any other thoughts on this!