H.1 Introduction
23.5023GPPProcedures for the 5G System (5GS)Release 18TS
Secondary authentication/authorization by a DN-AAA server during the establishment of a PDN connection over 3GPP access to EPC, is supported based on following principles:
– A SMF+PGW-C shall be used to serve DNN(s) requiring secondary authentication/authorization by a DN-AAA server.
– For secondary authentication/authorization by a DN-AAA server, the SMF+PGW-C runs the same procedures with PCF, UDM and DN-AAA and uses the same corresponding interfaces, as defined in clause 4.3.2, regardless of whether the UE is served by EPC or 5GC.
– If the UE has included the PDU session ID in PCO, the UE may indicate in the PDN connection establishment request its support for EAP-based secondary authentication and authorization by DN-AAA over EPC. The SMF+PGW-C may reject the PDN connection establishment if the UE does not support EAP-based secondary authentication and authorization by DN-AAA over EPC while local policies tell that secondary authentication and authorization by DN-AAA is mandatory to access to the DN. When a PDU session is established, the UE may also indicate via PCO that it supports secondary DN authentication and authorization over EPC.
– The interface towards the UE is different (usage of EPC NAS instead of 5GC NAS) between the EPC and 5GC cases.
– The MME and SGW are not impacted by the procedure. Specific exchanges between the UE and the SMF+PGW-C for secondary authentication/authorization by a DN-AAA server are carried via PCO. This includes the support of EAP exchanges between the UE and the DN-AAA server.
– As it is not possible to exchange PCO between the UE and the PGW without first establishing the PDN connection, the PDN connection is established before secondary authentication/authorization by a DN-AAA server takes place.
– When secondary authentication/authorization by a DN-AAA server has successfully taken place, the SMF+PGW-C allows traffic exchange at the UPF and indicates to the UE that User plane traffic is now possible.