Hi,
Do you have a CoA in your WebAuth for "HEALTHY(0)" or Not equals to HEALTHY(0)?
In both the cases you need to disconnect the client from layer 3 network using Change of Authorization(CoA) to force him to re-authenticate.
Vikram Sonawane | ACCP | @vicky24081990