Yes, this solution can greatly improve wireless network security, but if you implement something different from Eap/tls with mutual authentification with previous installed certicate, it could happen that a user "forget" to authenticate the AAA server (freeradius in this case) and mitm attack raises (read mitm as Rouge AP). Keep in mind that even with mutual authentication there's still room for an attack as exaplained in "An initial security analysis of the IEEE802.1x Standard" by Arunesh Mishra and William A. Arbaugh 6 Feb 2002.