NAUN3 devices cannot be authenticated by 5GC but may e.g. be locally authenticated by the 5G-RG using pre-shared secret. Differentiated services (QoS, network slicing) may be provided for NAUN3 devices as defined in this clause.
NAUN3 devices may be associated with "Connectivity Group IDs" where each Connectivity Group ID corresponds to a separate physical or virtual port on the 5G-RG. These ports could, for example, refer to separate physical ethernet ports and/or to separate WLAN SSIDs and/or to a separate VLAN. The devices that connect to a certain logical port are considered part of the same Connectivity Group ID. How this configuration on the 5G-RG is done is out of scope of this specification.
Each Connectivity Group ID is then mapped to a separate PDU Session that is established by the 5G-RG based on the procedures defined in clause 7. The overall architecture is illustrated in Figure 4.10b-1.
The 5G-RG is configured with the (virtual) port information (e.g. VLANs and SSIDs) based on TR-69 , TR-360 and TR-181 . URSP rules can be provided to the RG to indicate how to map Connectivity Group ID to the parameters of the PDU Session used to carry the traffic of corresponding devices e.g. DNN, S-NSSAI, etc.
How the NAUN3 devices are configured to use a specific SSID or connect to a certain Ethernet port on the 5G-RG is out of scope of this specification.
Differentiation of charging and QoS may be provided via PCC rules (for different service flows) related with dedicated PDU Sessions for NAUN3 devices. Isolation of devices using a specific Connectivity Group ID into a specific network slices, i.e. with separate S-NSSAIs may also be provided.
This clause defines the support of AUN3 devices, i.e. Authenticable Non-3GPP devices (AUN3) as defined in clause 3.1, behind a 5G-RG. This clause applies only to 5G-RG connected via wireline access.
Figure 4.10c-1 shows the architecture for support of AUN3 device.
Differentiated services for AUN3 devices behind 5G-RG are provided as specified below:
Each AUN3 device has its own UDM/UDR subscription data including its own SUPI and policy control subscription data.
The interface between 5G-RG and AUN3 devices is out of scope of 3GPP.
In order to serve the AUN3 device in 5GC, a 5G-RG issues a NAS register and handles RM and CM related signalling on behalf of an AUN3 device that it is requesting to be served and relays EAP signalling between the AUN3 device and the 5GC.
A 5G-RG serving an AUN3 device establishes a single PDU Session on behalf on this AUN3 device.
The AMF and the 5G-RG maintain a separate NAS connection per AUN3 device. This includes maintaining a GUTI and NAS (RM, CM, security, etc.) context per AUN3 device.
A 5G-RG shall be connected to the 5GC (be in RM-REGISTERED and CM-CONNECTED mode) over Wireline access to serve an AUN3 device: the 5G-RG shall not issue a NAS register or service request on behalf of an AUN3 device if it is itself not registered and connected to the 5GC.
The 5G-RG is configured with URSP for each AUN3 devices it serves. The UE PCF selected by the AMF at the registration of an AUN3 device sends this URSP to 5G-RG via the AMF and the NAS connection of the AUN3 device.
The AUN3 devices and the 5G-RG belong to the same PLMN.
A 5G-RG uses default values, which are the same for all AUN3 devices it serves, to populate the parameters in the Registration Request message built on behalf of an AUN3 device. For example, the 5G-RG issues the Registration Request with no S-NSSAI and the AMF selects the default S-NSSAI in the subscription of the AUN3 device.
There shall be a separate N2 connection per AUN3 device that is in state CM-CONNECTED.
The W-CP and W-UP protocols shall be able to manage multiple separate Registrations and PDU Sessions for different SUPIs between the same pair of 5G-RG and W-AGF. In particular, W-CP needs to be able to differentiate NAS messages related to a 5G-RG and to each different AUN3 device served by this 5G-RG and W-UP needs to distinguish between user plane packets for a 5G-RG and each different AUN3 device served by this 5G-RG.
When the registration of an AUN3 device has successfully completed, the 5G-RG establishes a PDU Session on behalf of the AUN3 device. This PDU Session is handled by 5GC as part of the AUN3 subscription and is associated with the SUPI of AUN3 device. An AUN3 device can at a given time only use a single PDU Session. The parameters to establish this PDU session are based on the URSP (if any) for the AUN3 device.
Different QoS parameters may apply to PDU sessions of different AUN3 devices.
Roaming is not applicable to subscriptions for AUN3 devices.
NSWO as defined in clauses 4.2.15 and 5.42 of TS 23.501 may be supported for UE(s) connected via a 5G-RG, and/or for UE(s) connected via a FN-RG.
When this feature is supported, the RG and the W-5GAN need to support the WLAN Access functionality defined in clauses 4.2.15 and 5.42 of TS 23.501. The WLAN Access functionality includes the support of the SWa' interface to NSWOF. The SWa' support in Wireline access network has no impact on 3GPP specifications.
When NSWO applies, the user plane traffic of the UE is not traversing the UE's 5GC.
The specification of functionalities to support NSWO in the wireline access network is out of 3GPP scope including specifications on how the offloaded traffic is carried in W-5GAN and bypass the 5GC of the UE.
The UE can also connect to 5GC using 5GS credentials as defined in clause 5.42 of TS 23.501.
A 5G RG shall not issue authentication request over SWa' for the UE if it is itself not registered to 5GC.