In order to register to the 5G core network (5GCN) via untrusted non-3GPP IP access, the UE first needs to be configured with a local IP address from the untrusted non-3GPP access network (N3AN). Once the UE is configured with a local IP address, the UE shall select the Non-3GPP InterWorking Function (N3IWF) as described in clause 7.2 and shall initiate the IKEv2 SA establishment procedure as described in clause 7.3. During the IKEv2 SA establishment procedure, authentication and authorization for access to 5GCN is performed. In a trusted non-3GPP access, a UE shall first connect to a TNAN using a link layer protocol and shall initiate EAP authentication. During EAP authentication, authentication and authorization for access to 5GCN is performed by exchange of EAP-5G message encapsulated in the link layer protocol between the UE and the TNAN, see clause 7.3A.2.1. Upon completion of EAP authentication, the UE shall be assigned an IP address by that TNAN. Once the UE is configured with an IP address, it shall initiate the IKEv2 SA establishment procedure as described in clause 7.3A. In wireline access, the 5G-RG shall first establish connection using W-CP protocol stack with a W-AGF serving the 5G-RG using means out of scope of the present document. In wireline access, authentication and authorization of an N5GC device behind a CRG for access to 5GCN is performed as described in clause 6.3.2.

In order to register to 5GCN via wireline access, the N5GC device first establishes a layer-2 connection to W-AGF via the CRG as specified in CableLabs WR-TR-5WWC-ARCH- V02-200430 [36]. Once the layer-2 connection is established, authentication and authorization for access to 5GCN is performed. The W-AGF initiates an exchange of EAP-Request/Identity message and EAP-Response/Identity message as specified in RFC 3748 for obtaining the identity of the N5GC device. In wireline access, the W-AGF and the N5GC device exchange EAP-Request/Identity message and EAP-Response/Identity message via the CRG, encapsulated in the link layer protocol packets. Upon reception of EAP-Request/Identity message, the N5GC device shall:

1. construct an EAP-Response/Identity message as described in RFC 3748 containing an NAI username@realm as specified in RFC 7542; and
2. transmit the EAP-Response of identity type encapsulated in the link layer protocol packets towards the W-AGF.

The CRG conveys the information provided by the N5GC device to the W-AGF which initiates the registration on behalf of the N5GC device as described in TS 24.501. The SUPI of the N5GC device contains a network specific identifier. For the registration, the W-AGF uses the NULL scheme as specified in TS 33.501, to construct a SUCI from the SUPI which was received as the NAI from the N5GC device in the EAP-Response/Identity message. An exchange of the EAP request and EAP response as described in RFC 3748 occurs until the N5GC device is authenticated by the 5GCN with the EAP authentication described in TS 33.501. Upon completion of successful authentication and on reception of the authentication result from the AMF, the W-AGF serving the N5GC device shall complete the procedure by sending an EAP-Success message encapsulated in the link layer protocol packets.

The 5G-RG may support acting as the WLAN access network entity as defined in clause 4.2.15 and clause 5.42 of TS 23.501. This clause applies in that case. The 5G-RG shall register to 5GC before initiating the authentication for 5G NSWO.

The 5G-RG shall handle the EAP messages:

1. from the UE behind the 5G-RG; or
2. to the UE behind the 5G-RG,

in the same way as the WLAN access network as specified in TS 33.501 Annex S.3. The 5G-RG shall handle messages of the Swa' reference point from the NSWOF or to the NSWOF in the same way as the WLAN access network as specified in TS 33.501 Annex S.3. Messages of Swa' reference point are user data packets. The W-AGF serving the 5G-RG is not impacted by passing of the messages of Swa' reference point.

The Access Network Discovery & Selection policy (ANDSP) is used to control UE behavior related to access network discovery and selection of trusted and untrusted non-3GPP access network. ANDSP consists of:

• WLAN Selection Policy (WLANSP); and
• Non-3GPP access network (N3AN) node configuration information.

The UE uses the WLANSP for selecting the WLAN. The UE uses the Non-3GPP access network (N3AN) node configuration information for selecting a N3AN node (i.e. N3IWF or ePDG). When roaming, the UE can receive ANDSP from H-PCF or V-PCF or both with following exception:

• the V-PCF only provides the N3AN node configuration information containing slice-specific N3IWF prefix configuration applicable for the visited PLMN (see clause 7.2.2).The UE shall ignore the N3AN node configuration information containing the information other than slice-specific N3IWF prefix configuration in the ANDSP if the ANDSP is provided by V-PCF.

The structure and the content of ANDSP are defined in TS 24.526.

ANDSP information is provided by the network to the UE using the UE policy delivery procedure described in Annex D of TS 24.501.