You cannot do this easily. Once a host is placed in "auth'd" mode, all its traffic is accounted for and passed to RADIUS for accounting (if that's what you use).
One solution I tested and worked, but ended up not implementing, was to use Traffic Flow, with an nfacctd listener which filtered traffic to/from the local network and removed it from a user's data usage. It did the checks based on what was live in the RADONLINE table & the traffic updates that happened once a minute.
This did not cure the user from being cut off by Hotspot after X MB are used, but at least he could log back in and keep using his remaining data.
nfacctd:
http://wiki.pmacct.net/OfficialExamples
Make sure you update to 6.33+ as it introduced Traffic Flow fixes which send extra information (v9 only), accounting for NAT & showing you the real client IP address.