Hi Billy,
Disabling authentication on a port (not globally for the entire device!) means the MAC address will be passed through according to static port configuration (PVID, Policy, ACLs etc.). This is the way for exclusion as even if you planned to assign 'Full Access' policy to the device, any authentication request will always end up in NAC end-system table. When Extreme Access Control is an AAA server from the switch perspective, it receives all the authentication requests and that's how it learns of the connected end-system, and that's how your licenses can get saturated. So as Ron said, disabling authentication on the port to Qualys scanner might be helpful.
You can disable authentication and if you wish to run scans from particular user role perspective, you can assign policy/VLAN statically to a port for scanning time.
On EXOS switches you can also assign a policy role with 'HTTP Aware' (aka 'auth-override') flag, so only the first MAC seen on a port will be authenticated, and all the rest on that port will be treated according to the same policy.
Hope that helps,
Tomasz