Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
Normally, a new user-role for an authenticated user is not applied to the user while the user is authenticated and is connected to the network, unless it is forced to authenticate again.
For example, a captive-portal user is falling into the default user-role "guest". When we change the default-role for captive-portal to "default-vpn-role", this change will not be applied to this user unless it reauthenticates.
But, there is way to change the user-role instantly without having the user to reauthenticate. This is done by issuing the "aaa user add <users IP address> role <rolename>" command.
This user-role is applied to the user instantly and it stays until the next authentication.