I'm getting mixed responses regarding whether this should be possible, but am not in a position to lab it at the moment so am taking a stab in the dark that someone has come across this already.
Essentially, I have configured sponsored guest-registration that upon verification, instigates a role change. The sponsorship element is actually used to verify the email address used by the guest.
In this scenario, should the session be updated using CoA to instigate the role change whilst the guest is still online rather than having to log off and back on again? I am seeing the CoA-Request in a pcap but receiving a CoA-NAK in response from the Aruba WLAN. All RFC 3576 capability is configured (I can disconnect users for instance).