3GLTEInfo Text-based logo for the 3GLTEInfo telecom engineering reference platform. 3GLTE INFO TELECOM ENGINEERING REFERENCE

Telecom engineering reference for protocols, messages, call flows, troubleshooting, releases, and tools.

Menu
NAS 5G SMF to UE via AMF 3GPP TS 24.501

5G NAS - PDU Session Authentication Command

PDU Session Authentication Command is the 5GSM message that carries an EAP request from the SMF to the UE when session-level authentication or authorization is required.

Message Fact Sheet

Protocol nas Network 5g
Spec 3GPP TS 24.501 Spec Section 8.3.4
Direction SMF to UE via AMF Message Type 5GSM signaling
Full message name 5G NAS - PDU Session Authentication Command
Protocol NAS
Technology 5G
Direction SMF to UE via AMF
Interface N1
Signaling bearer / channel NAS signaling / Usually carried inside DL NAS Transport on the access side
Typical trigger The SMF needs to deliver an EAP-request from the data network or local authorization logic during PDU session authentication and authorization.
Main purpose Starts the PDU EAP message reliable transport procedure and delivers the EAP challenge to the UE so upper-layer authentication can continue.
Main specification 3GPP TS 24.501, 8.3.4
Release added Release 15
Procedures where used 5G PDU Session Establishment, 5G PDU Session Authentication Procedure, PDU EAP message reliable transport procedure
Related timers T3590

What is PDU Session Authentication Command in simple terms?

PDU Session Authentication Command is the 5GSM message that carries an EAP request from the SMF to the UE when session-level authentication or authorization is required.

Starts the PDU EAP message reliable transport procedure and delivers the EAP challenge to the UE so upper-layer authentication can continue.

Where this message appears in the call flow

5G PDU Session Authentication Procedure

Call flow position: Network-issued challenge step that delivers the EAP-request to the UE.

Typical state: The UE is already in the session establishment or session authentication branch and is waiting for the next 5GSM payload.

Preconditions:

  • The SMF decided that external DN authentication or authorization is required.
  • The UE has an active transaction for the PDU Session ID being authenticated.

Next likely message: PDU Session Authentication Complete

5G PDU Session Establishment

Call flow position: Optional branch inside the main establishment flow before the accept or reject can be finalized.

Typical state: The UE has already requested a PDU session and the network is still deciding whether the session can be fully activated.

Preconditions:

  • The UE requested a PDU session for a DNN that requires authentication.
  • The SMF selected the authentication-and-authorization branch before sending the final establishment outcome.

Next likely message: PDU Session Authentication Complete

Call flow position

Previous message(s): PDU Session Establishment Request, DL NAS Transport

Next message(s): PDU Session Authentication Complete, PDU Session Authentication Result, PDU Session Establishment Accept, PDU Session Establishment Reject

Message direction and transport

Sender and receiver: SMF to UE via AMF

Interface: N1

Domain: Core-side session management response with access-side NAS delivery dependency

Signaling bearer: NAS signaling

Logical channel: Usually carried inside DL NAS Transport on the access side

Transport / encapsulation: 5GSM NAS message transported end-to-end from the SMF to the UE through AMF mediation

Security context: Normally sent after registration and NAS security establishment, so the payload is usually integrity protected and often ciphered even though the EAP exchange itself is transparent to the 5GSM layer.

ASN.1 Message Syntax for 5G NAS - PDU Session Authentication Command

This message is not typically analyzed as ASN.1 on the wire. It is usually read as a NAS or protocol field structure instead.

This is a 5GSM NAS message defined by ordered information elements in 3GPP TS 24.501 rather than ASN.1 syntax.

5G NAS - PDU Session Authentication Command - Example Dump

PDU Session Authentication Command
  Extended Protocol Discriminator: 5G Session Management
  PDU Session ID: 10
  PTI: No procedure transaction identity assigned
  Message Type: PDU Session Authentication Command
  EAP Message:
    Code: Request
    Identifier: 7
    Type: EAP-AKA'
    Data: [authentication challenge]
  Extended Protocol Configuration Options:
    DNS IPv4 address: 10.1.1.1
    DNS IPv6 address: 2001:db8::53

Related message pages

5G NAS - PDU Session Establishment RequestPDU Session Establishment Request is the 5GSM message the UE sends to request creation of a new PDU session for user-plane connectivity toward a DNN on a selected slice.5G NAS - PDU Session Establishment AcceptPDU Session Establishment Accept is the 5GSM success message the network sends after it creates the requested PDU session and returns the final session parameters, address, and QoS context.5G NAS - PDU Session Establishment RejectPDU Session Establishment Reject is the 5GSM failure response the network sends when the requested PDU session cannot be created and the UE needs the rejection reason.5G NAS - DL NAS TransportDL NAS Transport is the NAS wrapper message the network uses to deliver a payload downward to the UE when the procedure needs to carry additional content transparently through NAS.5G NAS - UL NAS TransportUL NAS Transport is the NAS wrapper message the UE uses to send a payload upward toward the core when the NAS procedure needs to carry additional information transparently.5G NAS - Registration CompleteRegistration Complete is the UE-to-AMF NAS message used to confirm that the UE has accepted the registration context returned by the network.

Related Procedures

Related Tools

Use This Reference in Practice

Decode this message with the 3GPP Decoder, inspect the related message database, or open the matching call flow to see where this signaling step fits in the full procedure.