A.2 Call Flow for SCM and EPC-routed access

29.2733GPP3GPP EPS AAA interfacesEvolved Packet System (EPS)Release 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

A.2.1 Successful call flow

Figure Annex A.2-1 describes a successful call flow for SCM and EPC-routed access, i.e. with S2a connectivity being granted to the UE.

Figure Annex A.2-1: TWAN Authentication and Authorization Procedure for SCM and EPC routed access – successful case

1. A connection is established between the UE and the TWAN, using a specific procedure based on IEEE 802.11 [40].

2. The TWAN sends an EAP Request/Identity to the UE.

3. The UE sends an EAP Response/Identity message to the TWAN.

4. The TWAN forwards the EAP payload received from the UE to the 3GPP AAA Server and also indicates the supported TWAN connection modes in the DER message. The routing path may include one or several 3GPP AAA proxies for roaming case.

5. The 3GPP AAA Server retrieves authentication vectors for the UE from the HSS.

6. The 3GPP AAA Server sends an EAP Request/AKA’-Challenge in which it also indicates to the UE the TWAN connection modes supported by the network (e.g. TSCM, SCM and MCM) and in which it also requests the UE to provide its Mobile Equipment Identity. The Result-Code AVP in the DEA message is set to DIAMETER_MULTI_ROUND_AUTH. The TWAN-S2a-Connectivity Indicator is not set in the DEA-Flags AVP.

7. The TWAN forwards the EAP payload to the UE.

8. The UE sends the EAP Response/AKA’-Challenge in which it also indicates the requested connection mode. If the UE requests SCM and an EPC-routed access, the UE also indicates the requested APN, PDN type, Initial Attach/Handover indication and/or PCO. The user’s Mobile Equipment Identity is also included, if available and if requested by the 3GPP AAA Server.

9. The TWAN forwards the EAP payload to 3GPP AAA Server.

10. If the 3GPP AAA Server successfully authentifies the UE, the 3GPP AAA Server downloads the user’s subscription information from the HSS.

11. If the 3GPP AAA Server authorizes the SCM for EPC access for the UE, the 3GPP AAA Server includes the UE requested APN, PDN type, Initial Attach/Handover indication and/or PCO in the DEA message with the Result-Code AVP set to DIAMETER_MULTI_ROUND_AUTH. The 3GPP AAA Server also sets the TWAN-S2a-Connectivity Indicator in the DEA-Flags AVP to request the TWAN to proceed with the establishment of the S2a connectivity. The 3GPP AAA Server also includes the user’s Mobile Equipment Identity, if available.

12. The TWAN sends a Create Session Request/PBU message to the PDN GW to initiate the S2a tunnel establishment.

13. The PDN GW informs the 3GPP AAA Server/HSS of its PDN GW identity and the APN corresponding to the UE’s PDN Connection.

14. The PDN GW returns a Create Session Response/PBA message to the TWAN, including the IP address(es) allocated for the UE.

15. The TWAN includes the provided Connectivity Parameters received from the PDN GW and sets the TWAN-S2a-Connectivity Indicator in the DER-Flags AVP in the DER message to the 3GPP AAA Server. The 3GPP AAA Server ignores the EAP payload included in the DER message.

16. The 3GPP AAA Server includes the PDN connectivity parameters in the AKA’-Notification and sends the DEA message to the TWAN. The Result-Code AVP in the DEA message is set to DIAMETER_MULTI_ROUND_AUTH. The TWAN-S2a-Connectivity Indicator is not set in the DEA-Flags AVP.

17. The TWAN forwards the EAP payload to the UE.

18-19. The UE responds with an EAP-RSP/AKA’-Notification message that the TWAN forwardsto the 3GPP AAA Server.

20-21. The 3GPP AAA Server sends an EAP Success message that the TWAN forwards to the UE. The Result-Code AVP in the DEA message is set to DIAMETER_SUCESS. The subscription information need not to be included in the DEA message (if not changed).

A.2.2 Unsuccessful call flow

Figure Annex A.2-2 describes an unsuccessful call flow for SCM and EPC-routed access, where S2a connectivity can not been granted to the UE due to an overload condition in the network for the APN requested by the UE.

Figure Annex A.2-2: TWAN Authentication and Authorization Procedure for SCM and EPC routed access – UE request rejected with a Session Management back-off timer.

1. to 11. Same as Figure Annex A.2-1.

12. The TWAN sends a Create Session Request/PBU message to the PDN GW to initiate the S2a tunnel establishment, or skips this step and goes directly to step 14 if it is already aware of an overload condition for the requested APN and the UE request cannot be served by another PGW and if it decides to reject this UE request.

13. The PDN GW rejects the UE request, possibly including overload control information.

14. The TWAN rejects the request due to an overload condition for the APN requested by the UE. The TWAN returns the cause "insufficient resources" and provides a Session Management back-off timer to be sent to the UE. The TWAN also sets the TWAN-S2a-Connectivity Indicator in the DER-Flags AVP in the DER message to the 3GPP AAA Server. The 3GPP AAA Server ignores the EAP payload included in the DER message.

15. The 3GPP AAA Server forwards the Session Management back-off timer received from the TWAN encapsulated in the AKA’-Notification and sends the DEA message to the TWAN. The Result-Code AVP in the DEA message is set to DIAMETER_MULTI_ROUND_AUTH. The TWAN-S2a-Connectivity Indicator is not set in the DEA-Flags AVP.

16. The TWAN forwards the EAP payload to the UE.

17-18. The UE responds with an EAP-RSP/AKA’-Notification message that the TWAN forwards to the 3GPP AAA Server.

19-20. The 3GPP AAA Server sends an EAP Failure message that the TWAN forwards to the UE. The Result-Code AVP in the DEA message is set to DIAMETER_UNABLE_TO_COMPLY.

A.2.3 Call flow with IMEI check in VPLMN

Figure Annex A.2-3 describes a roaming call flow for SCM and EPC-routed access, with IMEI check performed in the VPLMN.

Figure Annex A.2-3: TWAN Authentication and Authorization Procedure for SCM and EPC routed access, with IMEI check performed in the VPLMN

1. to 3. Same as Figure A.2-1.

4. If IMEI check is required by operator policy, the 3GPP AAA Proxy sets the IMEI-Check-Required-In-VPLMN bit in the DER-Flags AVP.

5. to 9. Same as Figure A.2-1.

9A. The 3GPP AAA Server requests the VPLMN to perform the IMEI check by setting the IMEI-Check-Request-In-VPLMN bit in the DEA-Flags AVP and including the Terminal-Information AVP in the DEA message.

9B. The TWAN returns the IMEI-Check-Request-In-VPLMN flag in the DER-Flags AVP and the Terminal-Information AVP to the 3GPP AAA Proxy.

9C. The 3GPP AAA Proxy performs the IMEI check in the VPLMN and forwards the DER to the 3GPP AAA Server, replacing the IMEI-Check-Request-In-VPLMN bit in the DER-Flags AVP by the IMEI-Check-In-VPLMN-Result AVP.

10. to 21. Same as Figure A.2-1 if the IMEI check in VPLMN was successful.

Otherwise the 3GPP AAA Server sends an EAP Failure message that the TWAN forwards to the UE. The Result-Code AVP in the DEA message is set to DIAMETER_ERROR_ILLEGAL_EQUIPMENT.