NAUN3 devices cannot be authenticated by 5GC but may e.g. be locally authenticated by the 5G-RG using e.g. pre-shared secret. Differentiated services (QoS, network slicing) may be provided for NAUN3 devices as defined in this clause.
"Connectivity Group IDs" may be defined on the 5G-RG where each Connectivity Group ID corresponds to a separate physical or virtual port on the 5G-RG. These ports could, for example, refer to separate physical ethernet ports and/or to separate WLAN SSIDs and/or to a separate VLAN. The devices that connect to a certain logical port are considered part of the same Connectivity Group ID. How this configuration on the 5G-RG is done is out of scope of this specification.
Each Connectivity Group ID is then mapped to a separate PDU Session that is established by the 5G-RG based on the procedures defined in clause 7. The overall architecture is illustrated in Figure 4.10b-1.
The 5G-RG is configured with the (virtual) port information (e.g. VLANs and SSIDs) based on TR-69 [18], TR-360 and TR-181 [46]. URSP rules can be provided to the 5G-RG to indicate how to map Connectivity Group ID to the parameters of the PDU Session used to carry the traffic of corresponding devices e.g. DNN, S-NSSAI, etc.
Whether and how the NAUN3 devices are configured to use a specific SSID or connect to a certain Ethernet port on the 5G-RG is out of scope of this specification.
Differentiation of charging and QoS may be provided via PCC rules (for different service flows) related with dedicated PDU Sessions for NAUN3 devices. Isolation of devices using a specific Connectivity Group ID into a specific network slice, i.e. with separate S-NSSAI may also be provided.
This clause defines the support of AUN3 devices, i.e. Authenticable Non-3GPP devices (AUN3) as defined in clause 3.1, behind a 5G-RG. This clause applies only to 5G-RG connected via wireline access.
Figure 4.10c-1 shows the architecture for support of AUN3 device.
Differentiated services for AUN3 devices behind 5G-RG are provided as specified below:
Each AUN3 device has its own UDM/UDR subscription data including its own SUPI and policy control subscription data.
The interface between 5G-RG and AUN3 devices is out of scope of 3GPP.
In order to serve the AUN3 device in 5GC, a 5G-RG issues a NAS register and handles RM and CM related signalling on behalf of an AUN3 device that it is requesting to be served and relays EAP signalling between the AUN3 device and the 5GC.
A 5G-RG serving an AUN3 device establishes a single PDU Session on behalf on this AUN3 device.
The AMF and the 5G-RG maintain a separate NAS connection per AUN3 device. This includes maintaining a GUTI and NAS (RM, CM, etc.) context per AUN3 device. As described in TS 33.501, NAS security (encryption, integrity protection) is not used for AUN3 device.
A 5G-RG shall be connected to the 5GC (be in RM-REGISTERED and CM-CONNECTED mode) over Wireline access to serve an AUN3 device: the 5G-RG shall not issue a NAS register or service request on behalf of an AUN3 device if it is itself not registered and connected to the 5GC.
The operator configures the access restrictions in the subscription data of all AUN3-capable subscriptions to not allow them to connect to 5GS via 3GPP access.
The 5G-RG is configured with URSP for each AUN3 devices it serves. The UE PCF selected by the AMF at the registration of an AUN3 device sends this URSP to 5G-RG via the AMF and the NAS connection of the AUN3 device.
The AUN3 devices and the 5G-RG belong to the same PLMN.
A 5G-RG uses default values, which are the same for all AUN3 devices it serves, to populate the parameters in the Registration Request message built on behalf of an AUN3 device. For example, the 5G-RG issues the Registration Request with no S-NSSAI and the AMF selects the default S-NSSAI in the subscription of the AUN3 device.
There shall be a separate N2 connection per AUN3 device that is in state CM-CONNECTED.
The W-AGF shall determine that a W-CP connection is for an AUN3 device and apply corresponding policies. The W-AGF indicates to the AMF when an N2 connection relates to an AUN3 device.
The same W-AGF shall serve a 5G-RG and all AUN3 devices connected via this 5G-RG.
The W-CP and W-UP protocols shall be able to manage multiple connections for different subscribers (the 5G-RG itself and the different AUN3 devices) between the same pair of 5G-RG and W-AGF. In particular, W-CP needs to be able to differentiate NAS messages related to a 5G-RG and to each different AUN3 device served by this 5G-RG and W-UP needs to distinguish between user plane packets for a 5G-RG and user plane packets for each different AUN3 device served by this 5G-RG.
When the registration of an AUN3 device has successfully completed, the 5G-RG establishes a PDU Session on behalf of the AUN3 device. This PDU Session is handled by 5GC as part of the AUN3 subscription and is associated with the SUPI of AUN3 device. An AUN3 device can at a given time only use a single PDU Session. The parameters to establish this PDU session are based on the URSP (if any) for the AUN3 device.
Different QoS parameters may apply to PDU sessions of different AUN3 devices.
Roaming is not applicable to subscriptions for AUN3 devices.
The RG Level Wireline Access Characteristics sent to the W-AGF for a 5G-RG may contain a maximum bit rate for the aggregated traffic of the 5G-RG and of the AUN3 devices served by this 5G-RG. The W-AGF uses this information to limit the maximum bit rate of the aggregated user plane traffic of the 5G-RG and of the AUN3 devices served by this 5G-RG.
If a W-AGF detects that a 5G-RG is unreachable, then the W-AGF triggers the N2 UE context release. The W-AGF identifies if there exists any AUN3 device connected to the 5G-RG through the W-AGF. For each identified AUN3 device, the W-AGF invokes step 5 and 6 of Figure 7.2.8.3-1 which releases the PDU sessions of these AUN3 devices.
The Registration Management of AUN3 devices follows clause 5.5.1 of TS 23.501 for Registration Management related with non-3GPP access networks.
NSWO as defined in clauses 4.2.15 and 5.42 of TS 23.501 may be supported for UE(s) connected via a 5G-RG, and/or for UE(s) connected via a FN-RG.
When this feature is supported, the RG and the W-5GAN need to support the WLAN Access functionality defined in clauses 4.2.15 and 5.42 of TS 23.501. The WLAN Access functionality includes the support of the SWa' interface to NSWOF. The SWa' support in Wireline access network has no impact on 3GPP specifications.
When NSWO applies, the user plane traffic of the UE is not traversing the UE's 5GC.
The specification of functionalities to support NSWO in the wireline access network is out of 3GPP scope including specifications on how the offloaded traffic is carried in W-5GAN and bypass the 5GC of the UE.
The UE can also connect to 5GC using 5GS credentials as defined in clause 5.42 of TS 23.501.
A 5G RG shall not issue authentication request over SWa' for the UE if it is itself not registered to 5GC.