You can do this very easily. Set your port as a trunk port and allow the VLANs you want. Set the management IP address on your management VLAN and set that as the native VLAN on your port. For example, this is what I did:
I set the ports on the switch to Trunk 802.1q with native VLAN 99 (management) and allowed VLANs 99, 30, 60. I want the regular traffic on 30 and the guest traffic on 60. I gave the APs management addresses of xx.xx.99.xx and you have to set the VLAN on the AP to 1 (the AP is going to see VLAN 99 as the native VLAN, i.e. VLAN 1.
You don't want the management IP available on the guest VLAN. Actually, I went back and looked at my configs again and what I gave was incorrect -- I am not using the management IP on the Ruckus setup (was confusing it with another Meraki net I've set up -- sorry to muddy the waters, but it should work in any case). This is what I did on the Ruckus setup: Set the ports on the switch as Trunk 802.1q and allow VLANs 30 (employees) and 60 (guest). Set native VLAN to 30. Set IP addresses for the APs on the xx.xx.30.xx subnet. Under WLAN setup, set the access VLAN to 1 for the employee SSID and 60 for the guest SSID. Restrict subnet access on the guest SSID. I can manage my APs through the employee network, but not through the guest network.
Are you running your guest SSID as a 'standard' network type?
I have the vlan working for normal networks, when i introduce 'guest mode' where it's prompting the user to accept to terms is where my issue lies, since that is done via the management IP address of the AP/Unleashed.