Hi Óscar
Having read the post in the Microsoft forum I'd suggest you go for PEAP on the wired XP clients. Using clearpass you can easily build a policy that allows XP devices to connect using PEAP and forces W7 devices to do EAP-TLS. You just have to build an enforcement profile (or role derivation) that uses the profiling info in the endpoint repository.
If you need further assistance please don't hesitate to ask.
Regards