TNAN

Trusted Non-3GPP Access Network

Core Network →
Introduced in Rel-16 Also in: Services, Security

TNAN is a trusted non-3GPP access network, like Wi-Fi, that has a secure connection to the 5G Core and is treated similarly to a 3GPP radio access network.

Category
Core Network
Introduced
Rel-16
Where
Core Network › 5G Core
Also touches
2 segments
Specifications
10 specs
TNAN Description Purpose Detected Changes Specifications

Description

A Trusted Non-3GPP Access Network (TNAN) is a critical component in 3GPP's 5G architecture for supporting access network convergence. It refers to a non-3GPP radio access network, most commonly a Wi-Fi network or a fixed broadband network, which connects to the 5G Core (5GC) via a standardized, secure interface. The key distinction from an untrusted non-3GPP access is that the TNAN has a pre-established trust relationship with the 5G operator. This trust is validated through network authentication, allowing the 5GC to extend its services directly over this access without requiring an additional IPsec tunnel for all user traffic, as is the case with untrusted access.

Architecturally, a TNAN connects to the 5GC via the TNGF (Trusted Non-3GPP Gateway Function) in the case of wireline access, or the W-AGF (Wireline Access Gateway Function) for certain fixed scenarios. The TNGF acts as a control plane proxy and user plane anchor, presenting the non-3GPP access to the 5GC's AMF and SMF as a logical N3 interface. The connection between the User Equipment (UE) and the TNAN uses native access-specific security (e.g., WPA3 for Wi-Fi). The trust is established between the TNAN/TNGF and the 5GC operator, often based on the TNAN's credentials validated by the 3GPP AAA server or the N3IWF for the control plane. User plane traffic can flow directly from the TNAN to the UPF, secured by the underlying transport network's security.

How it works involves several steps. First, the UE discovers and associates with the TNAN using standard Wi-Fi or Ethernet procedures. For network access, the UE initiates 5G authentication and registration procedures. The TNGF relays these signaling messages to the AMF over the N2 interface. The 5GC authenticates the UE using 5G-AKA or EAP-AKA', and simultaneously validates that the TNGF/TNAN is a trusted entity. Once authenticated, the SMF establishes a PDU Session, and user data flows between the UE and the UPF via the TNAN and TNGF. The TNAN's role is to provide a trusted IP connectivity path, enabling seamless mobility and session continuity between 3GPP and non-3GPP accesses, and allowing the operator to apply consistent policies and charging across all access types.

Purpose & Motivation

TNAN was introduced in 3GPP Release 16 as part of the broader 5G System architecture to fully realize the vision of converged access. Prior to this, non-3GPP access integration (e.g., via ePDG in 4G) often treated all such access as 'untrusted,' mandating resource-intensive IPsec tunnels for every UE connection, which added overhead and complexity. The purpose of TNAN is to recognize that many non-3GPP networks, especially operator-managed Wi-Fi or partner fixed networks, are inherently trustworthy from the operator's perspective.

This concept solves the problem of inefficient resource usage and latency for trusted access scenarios. By establishing a network-level trust anchor (the TNGF), it allows the 5GC to bypass per-UE tunneling for the user plane, leading to more efficient data forwarding. It was motivated by the increasing importance of Wi-Fi 6 and fixed access in 5G deployment strategies, enabling true wireline-wireless convergence. TNAN allows operators to offer a unified 5G service experience regardless of the underlying access technology, simplifying network management and enabling new service models like 5G Fixed Wireless Access (FWA) with native 5G core integration.

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (39 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-16 19 changes

In Release 16, the Trusted Non-3GPP Access Network (TNAN) function was formally introduced, enabling UEs to access the 5G Core network via trusted WLAN and other non-3GPP accesses. The release specified key procedures including UE registration, TNAN and PLMN selection, and AMF overload control for this access type. Furthermore, it defined the TNAN's role in providing location information to the LMF and integrated it into the architecture for Location Services alongside NG-RAN and untrusted access.

  • Support of Trusted non-3GPP access TS 23.501CR0781
  • Trusted non-3GPP Access Network Selection TS 23.501CR0783
  • AMF overload control for trusted non-3GPP access TS 23.501CR1374
  • Location information for trusted N3GPP TS 23.501CR1420
  • EAP-5G extensions for trusted non-3GPP access TS 24.502CR0067
  • Update to the scope for trusted non-3GPP access TS 24.502CR0071

+ 13 more changes

Rel-17 7 changes

In Release 17, enhancements for the TNAN function included introducing PDU session limitations for trusted WLAN access, enabling SUCI transport and separate UE identifiers for trusted non-3GPP access, and specifying procedures for emergency service PLMN selection. The release also provided clarifications and corrections for trusted connectivity, including the resolution of editorial notes on access selection and TNGF usage.

  • Adding PDU session limitation and protocol stacks for trusted WLAN access for N5CW device TS 23.501CR2991
  • Provide different UE IDs for trusted and untrusted non-3GPP access TS 24.501CR2890
  • The selected PLMN for emergency services via trusted non-3GPP access TS 24.501CR2940
  • SUCI transport via trusted non-3GPP access TS 24.502CR0195
  • Resolve editor notes on trusted access selection TS 24.502CR0157
  • Correction to trusted connectivity TS 24.502CR0173

+ 1 more changes

Rel-18 13 changes

In Release 18, the TNAN (Trusted Non-3GPP Access Network) function was enhanced with new capabilities including support for SNPN (Standalone Non-Public Network) access and selection, improved onboarding procedures, and refined support for User Equipment behind a 5G Residential Gateway (5G-RG). Key additions introduced the TNAN Information IE and clarified procedures for its use in scenarios like registration rejection, while also specifying the encapsulation of EAP-5G messages within the link layer protocol for trusted access.

  • Introducing the TNAN information IE TS 24.501CR5123
  • SNPN for trusted non-3GPP access TS 24.502CR0212
  • SNPN selection procedures for using trusted non-3GPP access TS 24.502CR0217
  • TNAN selection based on the TNAN information provided to the UE in the REGISTRATION REJECT message TS 24.502CR0231
  • Accessing 5GS via trusted non-3GPP access for UE behind 5G-RG TS 24.502CR0262
  • Additional requirements for onboarding over trusted non-3GPP access TS 24.502CR0257

+ 7 more changes

Explore further

Broader topics and technologies where TNAN plays a role.

Topics
Authentication (5G-AKA, EAP)Policy & ChargingLawful Intercept5G Core (5GC)Services & ApplicationsManagement & Operations
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference TNAN, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.273 vj50 5G Location Services Stage 2 Architecture Rel-19
TS 23.501 vk00 5G System Architecture Stage 2 Rel-20
TS 23.700 vk00 XR Services Application Enablement Layer Rel-20
TS 24.501 vj50 5G NAS Protocols Specification Rel-19
TS 24.502 vj20 5G Core Access via Non-3GPP Networks; Stage 3 Rel-19
TS 24.526 vj30 UE Policies for 5GS; Stage 3 Rel-19
TS 29.512 vj40 5G Session Management Policy Control Service Rel-19
TS 32.255 vk10 Telecom Management; Charging for 5G Data Connectivity Rel-20
TS 33.501 vk00 5G Security Architecture and Procedures Rel-20
TS 33.807 vg01 5G Wireline-Wireless Convergence Security Study Rel-16