E.2 Successful call flow

29.2733GPP3GPP EPS AAA interfacesEvolved Packet System (EPS)Release 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

Figure Annex E.2-1 describes a successful Untrusted WLAN authentication and authorization call flow.

Figure Annex E.2-1: Untrusted WLAN Authentication and Authorization Procedure – successful case

3. The ePDG sends the EAP-RSP/Identity payload to the 3GPP AAA Server and also indicates the user identity and requested APN, if received from the UE.

4. The 3GPP AAA Server retrieves authentication vectors for the UE from the HSS.

5. The 3GPP AAA Server sends an EAP Request/AKA-Challenge.

6. The ePDG forwards the EAP payload to the UE and also requests the UE to provide its Mobile Equipment Identity if required.

8. The ePDG forwards the EAP payload to the 3GPP AAA Server. The user’s Mobile Equipment Identity is also included, if available.

9. If dynamic IP mobility selection is executed, the selected mobility mode is sent to the UE in an AKA-Notification request.

10. If the 3GPP AAA Server successfully authentifies the UE, the 3GPP AAA Server downloads the user’s subscription information from the HSS.

11. If the 3GPP AAA Server authorizes the access for the UE, the 3GPP AAA Server sends an EAP Success message that the ePDG forwards to the UE. The Result-Code AVP in the DEA message is set to DIAMETER_SUCESS. The subscription information, keying material and permanent user identity are also provided to the ePDG.

14. The ePDG sends a Create Session Request/PBU message to the PDN GW to initiate the S2b tunnel establishment.

15. The PDN GW informs the 3GPP AAA Server/HSS of its PDN GW identity and the APN corresponding to the UE’s PDN Connection.

16. The PDN GW returns a Create Session Response/PBA message to the ePDG, including the IP address(es) allocated for the UE.

17. The IKEv2 negotiation completes. The ePDG provides the UE IP address to the UE.