Hi,
1) Which switch you are using alongwith firmware version?
2) Assuming its aruba switch (since you are using aruba CoA profiles), make sure dynamic authorization is enabled on the switch
3) Make sure the device added in clearpass properly with vendor selected as Aruba and Radius CoA is checked
The process should work like below, you may track to see which part is missing, or else give your switch configuration and clearpass snapshot for us to analyze it further
1) Client connects on the port
2) Since this is the first time, client's posture is unknown, it should be assigned quarantine vlan
3) Now onguard must be installed on the client. Either manually or through web redirect to CPPM web page, which gives the option to download onguard agent
4) once client is redirected and downloaded/installed onguard, onguard will try to connect to CPPM (make sure assigned role/acl allow access to CPPM IP)
5) once onguard sends HEALTHY token to cppm, NOW CPPM must send CoA to the switch.
6) Upon receiving the CoA, switch disconnects the client which results in re authentication
7) this time client's posture is known and HEALTHY, so it gets the required role/VLAN
8) Make sure your 802.1x service has "use the cached roles/postures" checked.