4.14 Non-public network

24.5013GPPNon-Access-Stratum (NAS) protocol for 5G System (5GS)Release 17Stage 3TS

4.14.1 General

Two types of NPN can be deployed using 5GS: SNPN (see subclause 4.14.2) and PNI-NPN (see subclause 4.14.3).

4.14.2 Stand-alone non-public network

If the UE is not SNPN enabled, the UE is always considered to be not operating in SNPN access operation mode. If the UE is SNPN enabled, the UE can operate in SNPN access operation mode. Details of activation and deactivation of SNPN access operation mode at the SNPN enabled UE are up to UE implementation.

The functions and procedures of NAS described in the present document are applicable to an SNPN and an SNPN enabled UE unless indicated otherwise. The key differences brought by the SNPN to the NAS layer are as follows:

a) instead of the PLMN selection process, the SNPN selection process is performed by a UE operating in SNPN access operation mode (see 3GPP TS 23.122 [5] for further details on the SNPN selection);

b) a "permanently forbidden SNPNs" list and a "temporarily forbidden SNPNs" list are managed per access type independently (i.e. 3GPP access or non-3GPP access) and, if the UE supports access to an SNPN using credentials from a credentials holder, per entry of the "list of subscriber data" or the PLMN subscription, by a UE operating in SNPN access operation mode instead of forbidden PLMN lists;

c) inter-system change to and from S1 mode is not supported;

d) void;

e) CAG is not supported in SNPN access operation mode;

f) with respect to the 5GMM cause values:

1) 5GMM cause values #74 "Temporarily not authorized for this SNPN" and #75 "Permanently not authorized for this SNPN" are supported whereas these 5GMM cause values cannot be used in a PLMN; and

2) 5GMM cause values #11 "PLMN not allowed", #31 "Redirection to EPC required", #73 "Serving network not authorized", and #76 "Not authorized for this CAG or authorized for CAG cells only" are not supported whereas these 5GMM cause values can be used in a PLMN;

NOTE 1: The network does not send 5GMM cause value #13 to the UE operating in SNPN access operation mode in this release of specification.

g) a list of "5GS forbidden tracking areas for roaming" and a list of "5GS forbidden tracking areas for regional provision of service" are managed per SNPN and, if the UE supports access to an SNPN using credentials from a credentials holder, entry of the "list of subscriber data" or PLMN subscription (see 3GPP TS 23.122 [5]);

h) when accessing SNPN services via a PLMN using 3GPP access, access to 5GCN of the SNPN is performed using 5GMM procedures for non-3GPP access, 5GMM parameters for non-3GPP access, the UE is performing access to SNPN over non-3GPP access and the UE is not operating in SNPN access mode over 3GPP access. When accessing PLMN services via a SNPN using 3GPP access, access to 5GCN of the PLMN is performed using 5GMM procedures for non-3GPP access, 5GMM parameters for non-3GPP access, the UE is not performing access to SNPN over non-3GPP access, and the UE is operating in SNPN access mode over 3GPP access. From the UE’s NAS perspective, accessing PLMN services via an SNPN and accessing SNPN services via a PLMN are treated as untrusted non-3GPP access. If the UE is accessing the PLMN using non-3GPP access, the access to 5GCN of the SNPN via PLMN is not specified in this release of the specification .

Emergency services are not supported in an SNPN when a UE accesses SNPN services via a PLMN;

NOTE 2: The term "non-3GPP access" in an SNPN refers to the case where the UE is accessing SNPN services via a PLMN.

i) when registered to an SNPN, the UE shall use only the UE policies provided by the registered SNPN;

j) equivalent SNPN is not supported;

k) void;

l) void;

m) UE mobility between SNPNs in 5GMM-CONNECTED mode is not supported, UE mobility between SNPNs in 5GMM-IDLE mode is supported when the UE supports access to an SNPN using credentials from a credentials holder, and UE mobility between an SNPN and a PLMN is not supported;

n) CIoT 5GS optimizations are not supported;

o) accessing SNPN services using non-3GPP access is not supported, except when accessing SNPN services via a PLMN using 3GPP access as specified in item h;

p) when registering or registered to an SNPN, the UE shall handle the 5GS mobile identity as described in subclause 5.5.1.2.2;

q) when registering or registered to an SNPN, the UE shall only consider:

1) a last visited registered TAI visited in the same SNPN as an available last visited registered TAI; or

2) a last visited registered TAI visited using the same entry of the "list of subscriber data" or the same PLMN subscription as an available last visited registered TAI, if the UE supports access to an SNPN using credentials from a credentials holder;

NOTE 3: If the last visited registered TAI is assigned by an SNPN other than the current SNPN, the serving AMF can determine the SNPN assigning the last visited registered TAI using the NID provided by the UE.

r) emergency service fallback is not supported;

s) when registering or registered for onboarding services in SNPN, the UE shall not provide the requested NSSAI to the network;

s1) when performing initial registration for onboarding services in SNPN, the UE shall set the 5GS registration type value to "SNPN onboarding registration";

t) when registering or registered for onboarding services in SNPN, the AMF shall not provide the configured NSSAI, the allowed NSSAI or the rejected NSSAI to the UE, shall use the S-NSSAI included in the AMF onboarding configuration data for onboarding services in SNPN and shall not perform NSSAA procedure for S-NSSAI used for onboarding services in SNPN;

u) the UE can access an SNPN indicating that onboarding is allowed using default UE credentials in order for the UE to be configured with one or more entries of the "list of subscriber data"; and

x) eCall over IMS is not supported in SNPN access operation mode and the UE ignores any USIM configuration for eCall only mode.

y) when registering or registered for onboarding services in SNPN, the AMF shall store in the 5GMM context of the UE an indication that the UE is registered for onboarding services in SNPN.

4.14.3 Public network integrated non-public network (PNI-NPN)

A PNI-NPN is made available by means of e.g. dedicated DNNs or by one or more S-NSSAIs allocated for it. A CAG can be optionally used in order to prevent UEs not allowed to access a PNI-NPN from accessing the PNI-NPN. The key enablers for the CAG in the NAS layer are as follows:

a) CAG selection (see 3GPP TS 23.122 [5]); and

b) provisioning of a "CAG information list" as specified in 3GPP TS 23.122 [5], from network to UE via the generic UE configuration update procedure, the registration procedure, the service request procedure, and the network-initiated de-registration procedure.

The "CAG information list" provisioned by the network, if available, is stored in the non-volatile memory in the ME as specified in annex C. The "CAG information list" stored in the ME is kept when the UE enters 5GMM-DEREGISTERED state. Annex C specifies condition under which the "CAG information list" stored in the ME is deleted. Additionally, when a USIM is inserted, if:

– no "CAG information list" is stored in the non-volatile memory of the ME; or

– the SUPI from the USIM does not match the SUPI stored together with the "CAG information list" in the non-volatile memory of the ME;

and the UE has a "CAG information list" stored in the USIM (see 3GPP TS 31.102 [22]), the UE shall store the "CAG information list" from the USIM into the ME, as specified in annex C. The "Allowed CAG list" included in the entry for the HPLMN or EHPLMN in "CAG information list" stored in the USIM can contain a range of CAG-IDs.

The UE supporting CAG may perform the initial registration for emergency services via a non-CAG cell in a PLMN for which the UE has an "indication that the UE is only allowed to access 5GS via CAG cells" or via a CAG cell that is not included in the "Allowed CAG list" (see 3GPP TS 23.122 [5]) for the selected PLMN. If a UE supporting CAG having an emergency PDU session is camping on:

a) a CAG cell and none of the CAG-IDs of the CAG cell are included in the "Allowed CAG list" for the current PLMN in the UE’s subscription; or

b) a non-CAG cell in a PLMN for which the UE’s subscription contains an "indication that the UE is only allowed to access 5GS via CAG cells";

the AMF shall behave as specified in subclause 5.4.4.2, 5.5.1.3.4 or 5.6.1.4.1.

NOTE: The emergency services in a PLMN for which the UE’s subscription contains an "indication that the UE is only allowed to access 5GS via CAG cells" can be subject to local regulation.