Sorry for my question, because I just started to work with Cisco WLC.
I have created some WLAN for local users with authentication by 802.1x + Radius by certificate.
For Guest I used PSK with MAC-filtering.
But I see that is not comfortable for Guests, each time they come and want to access our wireless, we have to come and get their MAC.
I checked on Internet and find that the wireless solution for Hotel, Resorts are very easy.
I also googled and see that Cisco WLC support Lobby Ambassador to generate Guest username/password. But as I checked, this username/password might only use with Web-Auth, this method is not comfortable for Guest who don't know they have to go to Web-Auth to do authentication (e.g: when they only get pop3 email, or vpn, ... not use browsers)
Could I use this method (or another method) for creating one time Guest wireless username/password or Guest PSK that can be used for authentication when Guests click to Wireless-SSID name only (no need to open web browser to do Web-Auth).
Best option Gues users is alwayes is Webauth just like Hotel.
If you have Radius server(ISE) then easily you can create username and password foo guest users and send by email/message or print.
Webauth config guide:http://rscciew.wordpress.com/2014/06/19/wlc-webauth-configuration/
Dont forget to rate helpful posts