Ultra Cloud Core 5G Access and Mobility Management Function, Release 2021.04 - Configuration and Administration Guide - EAP and AKA Authentication [Cisco Ultra Cloud Core - Access and Mobility Management Function]

Feature Summary and Revision History

Summary Data

Table 1. Summary Data
Applicable Product(s) or Functional Area	AMF
Applicable Platform(s)	SMI
Feature Default Setting	Enabled - Always-on
Related Documentation	Not Applicable

Revision History

Table 2. Revision History
Revision Details	Release
First introduced.	2021.04.0

Feature Description

AMF supports the handling of Extensible Authentication Protocol(EAP)-AKA Prime(AKA') authentication at the AMF.

AMF interacts with the UE and the AUSF while performing the UE registration procedure.

EAP-AKA' authentication is carried over the N12 interface with the AUSF.

When the AMF receives the Authentication Response from the AUSF, it carries the EAP payload back and forth between the AUSF and the UE. The AMF carries this payload until it’s successful or failed.

AMF supports optional message of Authentication Response from the AUSF.

Note

The notification received after a successful Authentication Response isn’t supported.

How it Works

This section describes how this feature works.

Call Flows

This section describes the key call flows for this feature.

EAP-AKA'-based Authentication Call Flow

This section describes the EAP-AKA'-based Authentication basic call flow.

Table 3. EAP-AKA'-based Authentication basic Call Flow Description
Step	Description
1	gNB sends the Registration Request along with SUCI information to the AMF.
2, 3	AMF sends Nnrf_NF_Discovery_Get_request with tgt-nf: AUSF, Routing-indicator, and other parameters to the NRF, and receives Nnrf_NF_Discovery_Response from the NRF.
4, 5	AMF sends Nausf_UEAuthentication_AuthenticateRequest with SUPI, SUCI, and SN-name to the AUSF. AMF receives Nausf_UEAuthentication_AuthenticateResponse with type: EAP-AKA’, EAPRequest/AKA' challenge, and link from the AUSF.
6, 7	AMF sends the Authentication Request (EAP Request/AKA’ challenge, ngKSI, ABBA) to the UE and receives the Authentication Response with the EAP Response/AKA’ challenge from the UE.
8, 9	AMF sends the Nausf_UEAuthentication_AuthenticateRequest (EapSession) to the AUSF and receives Nausf_UEAuthentication_AuthenticateResponse (EapSession) from the AUSF.
10, 11	The AMF sends the Authentication Request with EAP Request/ngKSI, ABBA to the UE and receives the Authentication Response (EAP Response) from the UE.
12, 13	AMF sends the Nausf_UEAuthentication_AuthenticateRequest (EapSession) to the AUSF and receives the Nausf_UEAuthentication_AuthenticateResponse with EAPSuccess, kseaf, and SUPI from the AUSF.
14, 15	AMF sends the Security Mode command with EAPSuccess, ngKSI, ABBA to UE and receives the Security Mode Complete from the UE.
16	AMF sends the Authentication Reject to the UE for Authentication Failure.
17, 18	AMF sends the Nnrf_NFDiscovery_GetRequest with tgt-nf: UDM, Routing-indicator, and other parameters to the NRF, and receives the Nnrf_NFDiscovery_Response from the NRF.

Ultra Cloud Core 5G Access and Mobility Management Function, Release 2021.04 - Configuration and Administration Guide

Bias-Free Language

Book Title

Ultra Cloud Core 5G Access and Mobility Management Function, Release 2021.04 - Configuration and Administration Guide

Chapter Title

EAP and AKA Authentication

Results

Chapter: EAP and AKA Authentication