This is an excellent document, thanks for sharing! I have a few suggestions on how to improve it and make it more complete.
1. Explain how a user can replace the default certificate with one of their own.
2. Show the alternate guest configuration that utilizes local controllers and centralized guest controllers. This configuration gives central guest account management, central captive portal management, does not require DHCP on every local controller, and does not require src-NAT.