Scenarios 6–10

Scenario 6: Location quota exceeded (FUP) → Accept throttled _H package

Trigger

Location quota exceeded

Process

  • Switch to FUP profile

  • Assign throttled package (_H)

Outcome

Access-Accept (Reduced bandwidth)

Request

echo 'User-Name="5a8c.7816.5f24",
User-Password="mytest",
NAS-Port=2138432,
NAS-IP-Address=10.174.157.1,
Service-Type=Framed-User,
Framed-Protocol=PPP,
Calling-Station-Id="5a:8c:78:16:5f:24",
NAS-Identifier="MALA-B-HW-BNG-01",
NAS-Port-Type=Ethernet,
NAS-Port-Id="\001QWLAN:wlan1:320:DE_IWAG_MAC:R310:997339611_DETAC_Ruckus_MAIN_AP:34:FA:9F:08:72:40:",
Acct-Session-Id="MALA-B-00210300100320ef3f87AAAYfe",
Connect-Info="1000000000",
Huawei-Startup-Stamp=1722845152,
Huawei-IPHost-Addr="255.255.255.255 5a:8c:78:16:5f:24",
Huawei-Connect-ID=94208,
Huawei-Version="Huawei NetEngine 8000",
Huawei-Product-ID="NetEngine 8000",
Huawei-Domain-Name="mac_auth_test",
Huawei-User-Mac="5a:8c:78:16:5f:24",
Access-Loop-Encapsulation=0x000000,
Module-Failure-Message="Routing to MAC_AUTH: 5a8c.7816.5f24",
Realm="mac_auth_realm"' \
| radclient -x localhost:21812 auth mysecret

Expected Response

RECEIVE Access-Accept Response:
    Id = 166
    Source = 127.0.0.1:21812
    Destination = 127.0.0.1:34250
    Length = 127

    Attributes:
        Message-Authenticator = 0x387eca28a662f2c923a9cccb5e9158dc
        Session-Timeout = 3600
        Idle-Timeout = 1800
        Class = 0x4c4f4349443a393937333334363131
        Huawei-Account-Info = "APostpaid_12M_UD_VOL_H"
        Huawei-Account-Info = "NPostpaid_12M_UD_VOL_H"

Database State

SELECT USERNAME, OldQT, OldQV FROM MACL2USERS;
USERNAME OldQT OldQV

5a8c.7816.5f24

0

0

Scenario 7: Continuation (normal session) → Accept with recalculated quotas

Trigger

Active session exists, quotas available

Process

  • Recalculate remaining quotas

  • Update session state

Outcome

Access-Accept

Request

echo 'User-Name="5a8c.7816.5f24",
NAS-Port=2138432,
NAS-IP-Address=10.174.157.1,
Service-Type=Framed-User,
Framed-Protocol=PPP,
Framed-IP-Address=10.254.157.235,
NAS-Identifier="MALA-B-HW-BNG-01",
NAS-Port-Type=Ethernet,
NAS-Port-Id="\001QWLAN:wlan1:320:DE_IWAG_MAC:R310:997339611_DETAC_Ruckus_MAIN_AP:34:FA:9F:08:72:40:",
Acct-Session-Id="MALA-B-00210SSG000100446996AAAbbc",
Huawei-Service-Info="NPostpaid_12M_UD_VOL"' \
| radclient -x localhost:21812 auth mysecret

Expected Response

RECEIVE Access-Accept Response:
    Id = 61
    Source = 127.0.0.1:21812
    Destination = 127.0.0.1:37782
    Length = 62

    Attributes:
        Message-Authenticator = 0x62b157679b474c8538fc8bb4b1e83c6e
        Session-Timeout = 10800
        Huawei-Remanent-Volume = 307200
        Idle-Timeout = 1800

Database State

SELECT USERNAME, TimeQuota, OldQT FROM MACL2USERS;
USERNAME TimeQuota OldQT

5a8c.7816.5f24

7200

3600

Scenario 8: Continuation in FUP (within reset window) → Accept

Trigger

FUP active and within reset window

Process

  • Maintain capped session limits

  • Apply placeholder bandwidth (low kbps)

Outcome

Access-Accept (Restricted session)

Request

echo 'User-Name="5a8c.7816.5f24",
NAS-Port=2138432,
NAS-IP-Address=10.174.157.1,
Service-Type=Framed-User,
Framed-Protocol=PPP,
Framed-IP-Address=10.254.157.235,
NAS-Identifier="MALA-B-HW-BNG-01",
NAS-Port-Type=Ethernet,
NAS-Port-Id="\001QWLAN:wlan1:320:DE_IWAG_MAC:R310:997339611_DETAC_Ruckus_MAIN_AP:34:FA:9F:08:72:40:",
Acct-Session-Id="MALA-B-00210SSG000100446996AAAbbc",
Huawei-Service-Info="NPostpaid_12M_UD_VOL"' \
| radclient -x localhost:21812 auth mysecret

Expected Response

RECEIVE Access-Accept Response:
    Id = 144
    Source = 127.0.0.1:21812
    Destination = 127.0.0.1:57887
    Length = 62

    Attributes:
        Message-Authenticator = 0x33c23c3198e8eb7167b9dffd9b8ad704
        Session-Timeout = 10471
        Huawei-Remanent-Volume = 1048576
        Idle-Timeout = 1800

Database State

SELECT USERNAME, TimeQuota FROM MACL2USERS;
USERNAME TimeQuota

5a8c.7816.5f24

0

Scenario 9: Continuation in FUP (outside reset window) → Reject

Trigger

FUP active and reset window expired

Process

  • Check reset eligibility

  • Deny continuation due to policy

Outcome

Access-Reject

Request

NAS → AAA:
ACCOUNTING_STOP {
  User-Name = "MAC"
  Session-Time = MAX
}

AAA → NAS:
ACCOUNTING_RESPONSE {
  Close Session
}

Expected Response

AAA → NAS:
ACCOUNTING_RESPONSE {
  Result = "Session terminated"
}

Database State

SELECT USERNAME, VolumeQuota, TimeQuota FROM MACL2USERS;
USERNAME VolumeQuota TimeQuota

5a8c.7816.5f24

0

3600

Scenario 10: Volume quota exhausted (qv=0) → Reject

Trigger

qv = 0 (no remaining volume)

Process

  • Validate quota counters

  • Detect exhaustion

Outcome

Access-Reject

Request

echo 'User-Name="5a8c.7816.5f24",
NAS-Port=2138432,
NAS-IP-Address=10.174.157.1,
Service-Type=Framed-User,
Framed-Protocol=PPP,
Framed-IP-Address=10.254.157.235,
NAS-Identifier="MALA-B-HW-BNG-01",
NAS-Port-Type=Ethernet,
NAS-Port-Id="\001QWLAN:wlan1:320:DE_IWAG_MAC:R310:997339611_DETAC_Ruckus_MAIN_AP:34:FA:9F:08:72:40:",
Acct-Session-Id="MALA-B-00210SSG000100446996AAAbbc",
Huawei-Service-Info="NPostpaid_12M_UD_VOL"' \
| radclient -x localhost:21812 auth mysecret

Expected Response

RECEIVE Access-Reject Response:
    Id = 145
    Source = 127.0.0.1:21812
    Destination = 127.0.0.1:59978
    Length = 99

    Attributes:
        Message-Authenticator = 0x27c7d3cd5c055ca90e415a336bbccaa3
        Reply-Message = "Volume quota exhausted. Please wait for quota reset interval."

    Result:
        Expected = Access-Accept
        Actual = Access-Reject
        Status = FAILURE

Database State

SELECT USERNAME, TimeQuota, VolumeQuota FROM MACL2USERS;
USERNAME TimeQuota VolumeQuota

5a8c.7816.5f24

3600

0