WPA2 using AES for Encryption and EAP-TLS is IMHO the top of the line wireless security. The only thing is, it requires a certificate on both the client and the server. PEAP can do this as well, as long as the root CA certificate is already in place on the clients.
That being said, I've seen a lot more people using PEAP and a 3rd party cert (Verisign/Thawte) lately. Most Windows machines now have the latest Thawte/Verisign Root Certs installed.
Note: There is an issue with PEAP and Windows XP that requires a patch being loaded. KB885453 is the one I believe.