LTE Security Mode Reject

Message Fact Sheet

Protocol	nas	Network	lte
Spec	3GPP TS 24.301	Spec Section	5.4.3, 8.2.22
Direction	UE to MME	Message Type	EMM signaling

Full message name	LTE Security Mode Reject
Protocol	NAS
Technology	LTE
Direction	UE to MME
Interface	N1 over LTE access / S1-MME control path
Signaling bearer / channel	NAS signaling / Commonly carried in uplink NAS transport after Security Mode Command when the UE cannot continue with Security Mode Complete
Typical trigger	Sent after Security Mode Command when the UE cannot accept the selected NAS security context.
Main purpose	Rejects the commanded NAS security activation when the UE cannot apply the selected algorithms, key context, or related EPS security parameters.
Main specification	3GPP TS 24.301, 5.4.3, 8.2.22
Release added	Release 8
Procedures where used	EPS NAS Security Mode Control Procedure, LTE Attach Procedure, Tracking Area Updating Procedure, LTE Service Request Procedure
Related timers	T3460
Related cause values	EMM cause

What is LTE Security Mode Reject in simple terms?

Security Mode Reject is the EPS NAS message the UE sends when it cannot accept the NAS security configuration selected by the MME in Security Mode Command.

Rejects the commanded NAS security activation when the UE cannot apply the selected algorithms, key context, or related EPS security parameters.

Why this message matters

Security Mode Reject means the UE could not accept the NAS security settings chosen by the network.

Where this message appears in the call flow

Initial LTE attach NAS security rejection

LTE initial attach NAS security rejection flow showing Security Mode Command followed by Security Mode Reject and later attach stop — In the attach path, Security Mode Reject shows that the UE would not move the procedure into the selected protected NAS state.

Call flow position: UE rejection branch after Security Mode Command when the attach procedure cannot continue into the selected NAS security state.

Typical state: Authentication may have succeeded, but the UE cannot move the attach branch into the commanded protected state.

Preconditions:

The UE received Security Mode Command.
The UE cannot accept the selected NAS security configuration.

Next likely message: Procedure stop, later retry, or attach failure handling

Tracking area update NAS security rejection

Call flow position: UE rejection branch after Security Mode Command when the TAU branch cannot continue into the selected NAS security state.

Typical state: The TAU path cannot continue with the current NAS security selection.

Preconditions:

The network attempted to activate NAS security in the TAU branch.
The UE cannot accept the selected security context.

Next likely message: Procedure stop, rejection handling, or later retry

Service restoration NAS security rejection

Call flow position: UE rejection branch after Security Mode Command when the service-restoration path cannot continue into the selected NAS security state.

Typical state: The service-restoration branch cannot continue with the current protected NAS selection.

Preconditions:

The network attempted to activate NAS security in the service branch.
The UE cannot accept the selected security context.

Next likely message: Procedure stop, later recovery, or failure handling

Call flow position

Previous message(s): Security Mode Command, Authentication Response

Next message(s): Procedure abort or fresh retry, Attach rejection or stop, Tracking area update rejection or stop, Service failure or stop

Message direction and transport

Sender and receiver: UE to MME

Interface: N1 over LTE access / S1-MME control path

Domain: Core-side EPS mobility management signaling with radio-side NAS transport

Signaling bearer: NAS signaling

Logical channel: Commonly carried in uplink NAS transport after Security Mode Command when the UE cannot continue with Security Mode Complete

Transport / encapsulation: EPS NAS message sent by the UE and delivered to the MME through the eNodeB as part of the NAS security mode control procedure

Security context: This message appears when EPS NAS security activation fails at the UE side, so it is the main failure branch of the NAS security procedure.

Message Structure Overview

Security Mode Reject is an EPS mobility-management message rather than an ASN.1 LTE RRC structure.
The practical reading path starts with the EMM cause and then compares the reject against the selected algorithms and key context in Security Mode Command.
In real traces, this message is the UE-side sign that authentication succeeded but NAS security activation did not.

ASN.1 Message Syntax for LTE Security Mode Reject

Security Mode Reject
  EMM cause

How to read this message syntax

Security Mode Reject is a NAS layer-3 message, not an ASN.1 LTE RRC message. Read it together with the immediately preceding Security Mode Command because the reject only makes sense in that context.

LTE Security Mode Reject - Example Dump

Security Mode Reject
  Protocol discriminator: EPS mobility management
  Security header type: Plain NAS message
  Message type: Security Mode Reject
  EMM cause: UE security capabilities mismatch

How to read this dump

The key field is the EMM cause because it explains why the UE could not continue the NAS security procedure.
This message should always be correlated with the immediately preceding Security Mode Command.
The practical value is in comparing the reject against the earlier selected algorithms and capability replay.

Important Information Elements

IE	Required	Description
`EMM cause`	Yes	Explains why the UE rejected the NAS security activation.

Detailed field explanation

`EMM cause`

Explains why the UE rejected the NAS security activation.

Presence: Required

In practice: In practice, compare this field with the original request and with any later release-dependent optional fields so you can see whether the network accepted the same service model the UE asked for.

What to check in logs and traces

Confirm the message directly follows Security Mode Command.
Inspect the EMM cause first.
Compare the rejection with the selected algorithms and NAS key set identifier in the earlier command.
Check whether the UE capability replay in Security Mode Command matched what the UE actually supports.
Correlate the rejection with the later failure behavior such as attach stop, TAU stop, service failure, or retry.

Common Issues and Troubleshooting

The UE sends Security Mode Reject during attach or TAU.

Likely cause: The UE cannot accept the selected EPS NAS security configuration or finds it inconsistent with its capabilities or context.

What to inspect: Check the EMM cause, selected algorithms, NAS key set identifier, and replayed UE security capabilities in Security Mode Command.

Next step: Compare the failure against a known-good authentication and NAS security trace.

The procedure fails immediately after authentication even though authentication looked normal.

Likely cause: The failure is in NAS security activation rather than in the authentication branch.

What to inspect: Use Security Mode Reject as the branch marker and move analysis back to Security Mode Command rather than Authentication Request.

Next step: Confirm whether the MME selected unsupported or inconsistent NAS security parameters.

The UE never reaches later protected continuation messages.

Likely cause: Security Mode Reject stopped the branch before protected NAS continuation could begin.

What to inspect: Check Security Mode Command, Security Mode Reject, and the first missing later message together.

Next step: Treat the security reject as the boundary marker between successful authentication and failed NAS activation.

LTE / 5G / Variant Comparison

Compared with LTE Security Mode Complete

Security Mode Complete is the UE accepting the selected NAS security state. Security Mode Reject is the UE refusing that state.

Compared with LTE Authentication Failure

Authentication Failure belongs to the earlier challenge stage. Security Mode Reject belongs to the later NAS security activation stage.

Compared with LTE RRC Security Mode Failure

This page is the LTE NAS reject path between the UE and MME. LTE RRC Security Mode Failure is a different access-stratum message between the UE and eNodeB.

FAQ

What is Security Mode Reject in LTE NAS?

It is the EPS NAS message the UE sends when it cannot accept the selected NAS security configuration from Security Mode Command.

What should I inspect first in Security Mode Reject?

Start with the EMM cause, then compare it with the selected algorithms and NAS key set identifier in Security Mode Command.

What usually happens after Security Mode Reject?

The current procedure usually fails, stops, or has to be retried with a fresh context.

Is Security Mode Reject the same as Authentication Failure?

No. Authentication Failure belongs to the authentication challenge stage, while Security Mode Reject belongs to the later NAS security activation stage.

Related message pages

Related Procedures

Related Tools

Use This Reference in Practice

Decode this message with the 3GPP Decoder, inspect the related message database, or open the matching call flow to see where this signaling step fits in the full procedure.