I think you used Google and their AI started making things up by itself. I can't find anything around NWA_SessionLimit, and at least by default there is no such reference. You can create almost any attribute with ClearPass, and someone created this; or I may have missed it completely.
If I understand your ask correctly, then there are 3 components that need to work together for enforcing dynamic limits on concurrent active sessions:
1) A placeholder to register in some way what the session limit should be for a user. That can be in the Guest User Database, for example the simultanous_use field, or any other field that you have or added to the Guest User Database. But if you want a limit of 12 concurrent for new accounts, and after 2 weeks reduced to 3 concurrent, you could also do a comparison to the creation date. You can access a field in the Guest User Database via GuestUser:<field name>.
Then you need to have enforcement:
2) You should set a Post Authentication Session-Limit, which periodically checks the concurrent sessions for a user and performs the Action (Disconnect in the screenshot below) to kill sessions above the limit (think it kills oldest sessions first). The limit can then be set to %{GuestUser:simultaneous_use}, a fixed value (based on other checks) or another dynamic field value (screenshot just sets to 1 concurrent session)
3) If you also want reject sessions before they connect to the network, you could create a query to the Insight Database where you can retrieve the actual concurrent sessions during the authentication. You may also skip this as if you just allow the user during authentication and set the session limit, additional connections will be disconnected within some time.
Setting this up is greatly helped if you have access to someone who understands this in depth; maybe your HPE Networking partner or professional services organization.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 06, 2026 04:19 AM
From: ajorigenes17
Subject: ClearPass Guest session custom database query
Hello, I would like to ask if it is possible to create a custom query to filter the session limit for guest users. Our scenario involves session limits for guests that change from time to time. Currently, we have configured it so that the active session count is greater than or equal to 3, and for newly generated users, the limit is set to 12 sessions-or sometimes higher, depending on the situation. For example, with a 12-session limit, only 3 users can connect simultaneously, while the rest are rejected based on our current configuration.
We want this process to be more dynamic, where the session limit is checked based on the configured value, and the enforcement policy enforces it according to the query. While researching, I came across the following syntax:
%{Authorization:[Guest User Repository]:NWA_SessionLimit} . Could someone please explain how this works?
Thank you !
-------------------------------------------