Test Case: Enterprise VPN Profile

Table of Contents

1. Description
2. Configuration Mapping
3. Test Implementation Request
4. Expected Result

1. Description

Validates the authentication and mapping logic for a GPON subscriber requiring a dedicated Enterprise VPN routing configuration. This involves applying specific VRF (Virtual Routing and Forwarding) contexts and assigning a precise static IP within that VRF.

2. Configuration Mapping

The following parameters are supplied to the AAA backend to map the Enterprise VRF:

Field Value

Field	Value
Endpoint ID	`94666543214`
Authentication Match	`MySecurePass123`
Assigned Group	`GPON`
customfield3 (VRF Context Name)	`vrfValue`
customfield15 (Routed Subnet Details)	`192.168.1.100/20`
customnumfield1	`150`
userip (Assigned Endpoint IP)	`192.168.1.100`
sessionlimit	`300`
barringstatus	`0` (Unbarred - Allowed)
status	`1` (Active)

Endpoint ID

94666543214

Authentication Match

MySecurePass123

Assigned Group

GPON

customfield3 (VRF Context Name)

vrfValue

customfield15 (Routed Subnet Details)

192.168.1.100/20

customnumfield1

150

userip (Assigned Endpoint IP)

192.168.1.100

sessionlimit

300

barringstatus

0 (Unbarred - Allowed)

status

1 (Active)

3. Test Implementation Request

curl --location --request PUT 'http://localhost:4000/users/94666543214' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: ••••••' \
--data-urlencode 'password=MySecurePass123' \
--data-urlencode 'customfield3=vrfValue' \
--data-urlencode 'customfield15=192.168.1.100/20' \
--data-urlencode 'customnumfield1=150' \
--data-urlencode 'userip=192.168.1.100' \
--data-urlencode 'sessionlimit=300' \
--data-urlencode 'groupname=GPON' \
--data-urlencode 'barringstatus=0' \
--data-urlencode 'status=1'

4. Expected Result

The RADIUS payload returned will carry Vendor-Specific Attributes (VSAs) corresponding to customfield3 acting as the VRF identifier over the BNG, forcing the remote session into an isolated routing tunnel.

echo -e 'Packet-Type = Access-Request\nUser-Name = "94100200900"\nCHAP-Password =dialog \nCHAP-Challenge = 0x3c16fd3376dc4415c25ee1a1aca9dcdf\nNAS-Port = 2138182\nNAS-IP-Address = 10.174.157.1\nService-Type = Framed-User\nFramed-Protocol = PPP\nCalling-Station-Id = "78:17:be:16:67:2a"\nNAS-Identifier = "MALA-B-HW-BNG-01"\nNAS-Port-Type = Ethernet\nNAS-Port-Id = "\015UNION_PLACE-CMBC-GPA03-R1-N1-01 xpon 0/1/0/12:4.1.502=02"\nAcct-Session-Id = "111125"\nConnect-Info = "1000000000"\nHuawei-Startup-Stamp = 1722845152\nHuawei-IPHost-Addr = "255.255.255.255 78:17:be:16:67:2a"\nHuawei-Connect-ID = 46086\nHuawei-Version = "Huawei NetEngine 8000"\nHuawei-Product-ID = "NetEngine 8000"\nHuawei-Domain-Name = "dialog_test"\nHuawei-User-Mac = "78:17:be:16:67:2a"\nADSL-Agent-Circuit-Id = 0x554e494f4e5f504c4143452d434d42432d47504130332d52312d4e312d30312078706f6e20302f312f302f31323a342e312e353032\nAccess-Loop-Encapsulation = 0x000000'| radclient -x  localhost:1812 auth mysecret

Received Access-Accept Id 10 from 127.0.0.1:1812 to 127.0.0.1:54242 length 106
	Message-Authenticator = 0x1f6d9f7566706745142b3f5e4b217a49
	User-Name = "94100200902"
	Session-Timeout = 300
	Idle-Timeout = 150
	Framed-IP-Netmask = 255.255.255.255
	Framed-IP-Address = 192.168.1.1
	Huawei-Domain-Name = "vrfvalue"
	Reply-Message = "Access Accept"

mysql> select * from SUBSCRIBER where USER_ID='94100200902';
+-------+-------------+---------------------------------------------------+---------+---------+----------+---------------+----------------+----------------+-------------+----------------+----------------+------------------+-----------------+--------------------------+-----------------+--------------+---------+----------------+-------------------------------+--------+-----------+--------------------+---------------------+--------------+--------+------+-----------+-----------------+---------------------+---------------------+
| id    | USER_ID     | PASSWORD                                          | PCRF_ID | PACKAGE | VRF_NAME | LOOPBACK_NAME | IPV4_POOL_NAME | IPV6_POOL_NAME | IPV4_VALUE  | IPV6_LAN_VALUE | IPV6_WAN_VALUE | FRAMED_ROUTE     | FRAMEDIPNETMASK | MAX_SIMULTANEOUS_SESSION | SESSION_TIMEOUT | IDLE_TIMEOUT | GROUPID | BARRING_STATUS | NOTES                         | STATUS | FRAMED_ID | INPUT_QOS_TEMPLATE | OUTPUT_QOS_TEMPLATE | SUB_TEMPLATE | MSISDN | APN  | USER_NAME | CREATE_USER     | CREATE_DATE         | LAST_UPDATE         |
+-------+-------------+---------------------------------------------------+---------+---------+----------+---------------+----------------+----------------+-------------+----------------+----------------+------------------+-----------------+--------------------------+-----------------+--------------+---------+----------------+-------------------------------+--------+-----------+--------------------+---------------------+--------------+--------+------+-----------+-----------------+---------------------+---------------------+
| 16836 | 94100200902 | XCWW/OCw5zl0g5wFU49tBA==:vLsYxSjJmX6h5sR4jJOUow== |         |         | vrfvalue |               |                |                | 192.168.1.1 |                |                | 192.168.1.100/20 | 255.255.255.255 |                        1 |             300 |          150 | GPON    |              0 | Testing Purpose - Enterprise  |      1 | NULL      |                    |                     |              |        |      |           | Manudi_12345678 | 2026-03-18 17:18:50 | 2026-03-18 17:18:50 |
+-------+-------------+---------------------------------------------------+---------+---------+----------+---------------+----------------+----------------+-------------+----------------+----------------+------------------+-----------------+--------------------------+-----------------+--------------+---------+----------------+-------------------------------+--------+-----------+--------------------+---------------------+--------------+--------+------+-----------+-----------------+---------------------+---------------------+
1 row in set (0.00 sec)