What my customers are doing is utilizing the guest network with role derivation based on the OUI of the gaming consoles, skipping the captive portal piece and going directly to an authenticated role. We create a role specificallly for the consoles that gives a different bandwidth contract that will allow more bandwidth for the devices (obviously, this comes at a sacrifice to other users and gobbles up bandwidth faster).
If your bandwidth is controlled by your actual network, you can have the role assigned to the a different VLAN than the normal guest network, say the same as the LeopardSecure network.
You aren't going to be able to bypass the Enterprise security for the LeopardSecure network however.
Hope that helps