No, at least in the situation where you have a second/new CA, you can still use the expiring CA as both will be trusted for client certs.
I once created a new CA with longer expiration and 4096 bit keys (which can be considered more secure), and configured new clients to get a certificate from the new CA. But both CA's were trusted, and clients could have certificates from either CA.
After some testing, I conclude that in fact it does not make a difference at all, as if you renew your existing CA, an additional entry of the Root CA will be created in the trust list:
It might be that the root has the same key-pair, but that does not matter either.
As soon as the old CA will expire, all certificates signed by that CA are likely to become invalid; and by that time your clients need to be re-onboarded and have a client certificate that is signed by a still valid CA that is in the trust list. If we had created a new CA, it would be similar, just the naming is different.
My choice would be to create a new CA, and name it different as well to ease troubleshooting. If the signing CA has a different name, you can quickly see if clients have a cert from the old, or from the new CA. If you renew, you cannot easily see as the naming is the same.
You are likely to need onboard all clients before the existing CA expires, regardless the choice renew CA or create a new CA. As the current CA is likely to have a short running time, and I could not find a way to change the expiration period when renewing, I would go for a new CA and set the expiration of the root CA to 10, 15 or 20 years (and take the highest possible when in doubt).
For official advice, please contact Aruba TAC as they can look with you to your system and get a better view of your case.