Ok, so I've managed to get the wired port working now (tbh I think I just forgot to check the "Wired AP enable" checkbox.. oops
Now for a bit of tweaking. We currently use Radius to authenticate users/computers based on AD group membership. So your account and / or computer have to be in these groups to be on the wireless.
I would like to limit the wired ethernet port so that only authenticated computers have access.
I've noticed on the AP port configuration page there is a "bridge role" drop down list, is it just a case of changing this to "Trusted_computer" / "Computer" / "Staff"
Thanks