The FN-RG connects to a W-AGF (W-5GAN) via a layer-2 (L2) connection, based on Wireline AN specific procedure.
The FN-RG is authenticated by the W-5GAN based on Wireline AN specific mechanisms.
W-AGF selects an AMF based on the AN parameters and local policy. W-AGF may use the Line ID / HFC identifier provided from the Wireline AN to determine the 5GC and AN parameters to be used for the FN-RG registration. How the W-AGF can determine the necessary 5GC and AN parameters is defined in BBF TR-456 
, WT-457 
or CableLabs WR-TR-5WWC-ARCH 
W-AGF performs initial registration on behalf of the FN-RG to the 5GC. The W-AGF sends a Registration Request to the selected AMF within an N2 initial UE message (NAS Registration Request, ULI, Establishment cause, UE context request, Allowed NSSAI, Authenticated Indication).
The NAS Registration Request contains the SUCI or 5G-GUTI of the FN-RG, security parameters/UE security capability, UE MM Core Network Capability, PDU Session Status, Follow-on request, Requested NSSAI. The 5G-GUTI, if available, has been received from the AMF during a previous registration and stored in W-AGF.
The NSSAI parameters are provided based on W-AGF configuration. Based on W-AGF configuration of the 5GC NAS parameters, one or multiple Requested S-NSSAI may be used; e.g. when the W-AGF has been configured to use a specific slice for RG management purposes.
The following differences exist, compared to 5G-RG case:
The W-AGF use SUCI as defined in clause 4.7.3 and clause 4.7.4.
The Authenticated Indication indicates to AMF and 5GC that the FN-RG has been authenticated by the access network.
The SUCI is built by the W-AGF based on:
In the case of a BBF access: the GLI as defined in clause 4.7.8 together with an identifier of the Home network as described in TS 23.003.
In the case of a Cable access: the GCI as defined in clause 4.7.8 together with an identifier of the Home network as described in TS 23.003.
If the AMF receives a SUCI, the AMF shall select an AUSF as specified in TS 23.501, clause 6.3.4
based on SUCI. If 5G-GUTI is provided, there is no need to map SUCI to SUPI and steps 5-9 can be skipped.
AMF sends an authentication request to the AUSF in the form of, Nausf_UEAuthentication_Authenticate. It contains the SUCI of the FN-RG. It also contains an indication that the W-5GAN has authenticated the FN-RG.
AUSF selects a UDM as described in clause 6.3.8 of TS 23.501
and sends a Nudm_UEAuthentication_Get
Request to the UDM. It contains the SUCI of the FN-RG and indication that the W-5GAN has authenticated the FN-RG.
UDM invokes the SIDF to map the SUCI to a SUPI.
UDM sends a Nudm_UEAuthentication_Get Response to the AUSF. It contains the SUPI corresponding to the SUCI. It also contains an indication that authentication is not required for the FN-RG.
AUSF sends a Nausf_UEAuthentication_Authenticate
Response to the AMF. This response from AUSF indicates that authentication is successful. The response contains the SUPI corresponding to the SUCI.
The procedure described in TS 23.502, clause 188.8.131.52.3
may apply (the AMF decides if the Registration Request needs to be rerouted, where the initial AMF refers to the AMF).
AMF initiates a NAS security mode command procedure upon successful authentication as defined in TS 33.501
The NAS security mode command is sent from the AMF to the W-AGF in a N2 Downlink NAS transport message.
W-AGF responds to the AMF with a NAS Security Mode Complete message in a N2 Uplink NAS transport message. A NAS security context is created between W-AGF and AMF.
The AMF performs steps 11-16 in TS 23.502, clause 184.108.40.206.2
The AMF may be configured by local policies to issue EIR check:
Only if the PEI is an IMEI; or
Only if the PEI is an IMEI or a user device trusted MAC address.
These local policies may be defined on a per RAT Type basis.
At FN-RG registration to UDM, the Access Type non-3GPP access is used. The UDM, based on Access and Mobility Subscription information authorizes the FN-RG to access the 5GC. For FN-CRG, the AMF compares the list of serving area restrictions it receives from the UDM against the ULI from the W-AGF to check if the location information is allowed for the FN-CRG, as defined in clause 9.5.1
. The AMF may also interact with the PCF for obtaining the Access and Mobility policy for the FN-RG.
Upon receiving NAS Security Mode Complete, the AMF shall send an N2 Initial Context Setup Request message as defined in TS 38.413
and TS 29.413
including possibly as additional W-AGF specific parameter the RG Level Wireline Access Characteristics to the W-AGF.
W-AGF notifies to the AMF that the FN-RG context was created by sending a N2 Initial Context Setup Response.
The AMF sends the N2 Downlink NAS transport with NAS Registration Accept message (5GS registration result, 5G-GUTI, Equivalent PLMNs, Non-3GPP TAI, Allowed NSSAI, Rejected NSSAI, Configured NSSAI, 5GS network feature support, network slicing indication, Non-3GPP de-registration timer value, Emergency number lists, SOR transport container, NSSAI inclusion mode) to the W-AGF.
The following parameters are ignored by the W-AGF if received from the AMF: Emergency number lists, SOR transport container, NSSAI inclusion mode.
The W-AGF sends a N2 Uplink NAS transport message, including a NAS Registration Complete message, back to the AMF when the procedure is completed. The W-AGF shall store the 5G-GUTI to be able to send it in potential later NAS procedures.
The AMF performs step 23-24 in TS 23.502, clause 220.127.116.11.2
The W-AGF may continue by establishing PDU session(s) on behalf of the FN-RG.