In order to register to the 5G core network (5GCN) via untrusted non-3GPP IP access, the UE first needs to be configured with a local IP address from the untrusted non-3GPP access network (N3AN).
Once the UE is configured with a local IP address, the UE shall select the Non-3GPP InterWorking Function (N3IWF) as described in subclause 7.2 and shall initiate the IKEv2 SA establishment procedure as described in subclause 7.3. During the IKEv2 SA establishment procedure, authentication and authorization for access to 5GCN is performed.
In a trusted non-3GPP access, a UE shall first connect to a TNAN using a link layer protocol and shall initiate EAP authentication. During EAP authentication, authentication and authorization for access to 5GCN is performed by exchange of EAP-5G message the link layer protocol between the UE and the TNAN, see subclause 7.3A.2.1. Upon completion of EAP authentication, the UE shall be assigned an IP address by that TNAN. Once the UE is configured with an IP address, it shall initiate the IKEv2 SA establishment procedure as described in subclause 7.3A.
In a wireline access, the 5G-RG shall first establish W-CP EAP connection with a W-AGF serving the 5G-RG using means out of scope of the present document and shall initiate EAP authentication. During EAP authentication, authentication and authorization for access to 5GCN is performed by exchange of EAP-5G messages via W-CP EAP connection, see clause 7A. Once the EAP authentication succeeds, the 5G-RG shall establish a W-CP signalling connection.
In wireline access, authentication and authorization of an N5GC device behind a CRG for access to 5GCN is performed as described in subclause 6.3.2.
In order to register to 5GCN via wireline access, the N5GC device first establishes a layer-2 connection to W-AGF via the CRG as specified in CableLabs WR-TR-5WWC-ARCH- V02-200430 . Once the layer-2 connection is established, authentication and authorization for access to 5GCN is performed.
The W-AGF initiates an exchange of EAP-Request/Identity message and EAP-Response/Identity message as specified in RFC 3748 for obtaining the identity of the N5GC device. In wireline access, the W-AGF and the N5GC device exchange EAP-Request/Identity message and EAP-Response/Identity message via the CRG, encapsulated in the link layer protocol packets.
Upon reception of EAP-Request/Identity message, the N5GC device shall:
construct an EAP-Response/Identity message as described in RFC 3748 containing an NAI username@realm as specified in RFC 7542; and
transmit the EAP-Response of identity type encapsulated in the link layer protocol packets towards the W-AGF.
The CRG conveys the information provided by the N5GC device to the W-AGF which initiates the registration on behalf of the N5GC device as described in TS 24.501. The SUPI of the N5GC device contains a network specific identifier. For the registration, the W-AGF uses the NULL scheme as specified in TS 33.501, to construct a SUCI from the SUPI which was received as the NAI from the N5GC device in the EAP-Response/Identity message.
An exchange of the EAP request and EAP response as described in RFC 3748 occurs until the N5GC device is authenticated by the 5GCN with the EAP authentication described in TS 33.501.
Upon completion of successful authentication and on reception of the authentication result from the AMF, the W-AGF serving the N5GC device shall complete the procedure by sending an EAP-Success message encapsulated in the link layer protocol packets.
The Access Network Discovery & Selection policy (ANDSP) is used to control UE behavior related to access network discovery and selection of trusted and untrusted non-3GPP access network.
ANDSP consists of:
The UE uses the WLANSP for selecting the WLAN.
The UE uses the Non-3GPP access network (N3AN) node configuration information for selecting a N3AN node (i.e. N3IWF or ePDG).
When roaming, the UE can receive ANDSP including WLANSP from H-PCF or V-PCF or both. The ANDSP including N3AN node configuration information is provided by -PCF only. The UE shall ignore the N3AN node configuration information in the ANDSP if the ANDSP is provided by V-PCF.
The structure and the content of ANDSP are defined in TS 24.526.
When ANDSP is modified based on information received from network as specified in TS 24.501Annex D, the UE shall re-evaluate the ANDSP.
The received ANDSP information shall not impact the PLMN selection and reselection procedures specified in TS 23.122.
The UE shall periodically re-evaluate ANDSP. The value of the periodic re-evaluation timer is implementation dependent. The additional trigger for (re )evaluating ANDSP is when the active WLANSP rule becomes invalid (conditions no longer fulfilled), or other manufacturer specific trigger.
If the UE accesses 5GCN via the non-3GPP access, the UE shall use the N3AN node configuration information to select an N3AN node as described in subclause 7.2, to be used for establishing IKEv2 security association as described in subclause 7.3.