1- Keeping in mind that there is only one WLC where should i physically put it?

Well since you will also be supporting Corporate and I'm guessing that is where the WLC sites, it should be in the inside network.  You would just need to allow udp 5246 & 5247

2- How guest users will work ? How the authentication will be done?

Guest users can use webauth in which the credentials will be stored on the WLC.

3-There are 8 SFP ports in WLC how physical topology will look like?

This is the tricky part.  You can either lag or not lag.  You can't split up the lag (etherchannel).  So you can either use all 8 if you with and create an etherchannel and then acl the guest traffic out the internet or you can put the guest on a layer 2 vlan in which you would connect that out to the dmz.  Or you can use one port for the management and also have a backup port, one for your internal wireless and also have a backup port and the same for guest.  SO it would look like this:

Management primary port 1 backup port 2

SSID primary port 3 backup port 4

Guest primary port 5 guest port 6

OR

Management & SSID's primary port 1 backup port 2

Guest primary port 3 guest port 4

4-How many Vlans i have to make for wireless users will that be 10? (1 at each site) ?

If you use local switching which I would think you would, the vlans for the SSID at the remote site will be created locally at each remote site.  If you want to centrally switch, means all traffic will come back to the WLC, then you will need at least one.  Now you can use a large subnet or have a subnet for each site, its up to you.  You would use AP Groups for that.

my last question is that how these ports work on WLC are they just like switch e.g one port can be assigned to different vlan....just confuse about interfaces and vlans on WLC (interface concept)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"