From the screenshots, you can see that the user gets just the roles [Guest] and [User Authenticated]. The mac caching role does not kick in, which is correct as the MAC-Auth Expiry (2017-08-19 17:00:00) is before the Now DT (2017-08-21 15:00:00); according to rule 1 in the role mapping.
Then, if you look in the Enforcement Profile, you can see that the first rule is 'always true' for MAC Authentication (Authentication:Username EQUALS %{Radius:IETF-User-Name}). So that rule matches, and provides access to the guest, regardless of MAC Caching status which is only evaluated in rule 2.
So you have the wrong Enforcement Profile selected, or the access is matching the wrong service. In my ClearPass the enforcement profile looks like something:
I don't know how you got to your enforcement policy, but that is where the issue seems to be.
I posted some videos on how I setup my ClearPass in this Workshop video series. If you watch the Guest section (5 videos), much is covered, and it may help you setting up ClearPass Guest with MAC Caching.