The rule of thumb is that as soon as you have a successful authentication, ClearPass counts that device against the appliance capacity. So if you don't want it to authenticate, you can use the [MAC AUTH] method, instead of [Allow All MAC AUTH] to only authenticated devices that are set to known in the Endpoint Database. To implement MAC Caching, you can on successful authentication in the Web portal set the endpoint status to known.
You can do that with the [Updated Endpoint Known] Enforcement profile that looks like this:
The standard wizard for a Guest with MAC Caching does a lot of this for you, if you need more insight, run the wizard (on a lab/test box; or delete what you don't need afterwards) to see what it creates.