TNAP

Trusted non-3GPP Access Peers

Core Network →
Introduced in Rel-12 Also in: Security

TNAP is a network function within a trusted non-3GPP access network that acts as the peer endpoint for N2 and N3 connections to the 5G Core, enabling the integration of Wi-Fi and fixed networks.

Category
Core Network
Introduced
Rel-12
Where
Core Network › 5G Core
Also touches
1 segments
Specifications
15 specs
TNAP Description Purpose Detected Changes Specifications

Description

Trusted non-3GPP Access Peers (TNAPs) are the logical collective term for the network functions in a trusted non-3GPP access network that serve as the direct connection points to the 5G Core Network. In practical deployment, the primary TNAP is the Trusted Non-3GPP Gateway Function (TNGF) for general trusted access, or the Wireline Access Gateway Function (W-AGF) for specific wireline scenarios. These functions terminate the 3GPP-defined interfaces from the 5GC, effectively translating between 3GPP signaling and the native protocols of the non-3GPP access (e.g., IEEE 802.11 for Wi-Fi, or PPP/802.1X for fixed).

Architecturally, a TNAP sits at the boundary between the trusted non-3GPP access domain and the 5GC. On its northbound side, it implements the N2 interface (to the AMF) for control plane signaling and the N3 interface (to the UPF) for user plane data. On its southbound side, it connects to the non-3GPP access points (e.g., Wi-Fi APs) or aggregation networks. The TNAP's key role is to act as a proxy and adapter. It relays NGAP messages between the UE/access network and the AMF, and forwards user plane packets between the access network and the UPF. It also participates in the authentication process, helping to establish the trust relationship between the access network and the 5GC operator.

The operation involves several key procedures. During initial attachment, the TNAP facilitates the UE's authentication with the 5GC, often by relaying EAP messages. It obtains UE context from the AMF and manages resource setup for the PDU session. For mobility, the TNAP supports handover procedures between 3GPP and non-3GPP access. Crucially, because the access is trusted, the TNAP does not need to establish an IPSec tunnel with the UE for the user plane; security is provided by the underlying link-layer (e.g., Wi-Fi security) and the secured N3 transport. The TNAP ensures that policy and QoS rules from the SMF are enforced within the non-3GPP access network, providing a consistent service experience.

Purpose & Motivation

The concept of TNAP was formalized to provide a clear architectural definition for the endpoints that integrate trusted non-3GPP accesses into the 5G System. It addresses the ambiguity that could arise from having multiple gateway functions (TNGF, W-AGF) serving similar roles for different types of trusted access. The purpose is to create a unified logical reference point for the 5GC, simplifying system design and specification. It solves the problem of how a monolithic 5GC can interface with a diverse ecosystem of non-3GPP technologies in a standardized, yet flexible manner.

Its creation was motivated by the 5G design principle of access-agnostic core network services. Prior approaches, like the ePDG in 4G, were designed specifically for untrusted Wi-Fi and created a siloed integration. TNAP, as part of the Release 12 onwards evolution for S2a-based trusted access and fully realized in Release 16 for 5G, enables a more efficient and native integration. It allows operators to leverage their existing or partner Wi-Fi and fixed broadband infrastructure as a seamless extension of their 5G network, supporting use cases like carrier Wi-Fi offload, fixed wireless access, and converged offerings without redundant security encapsulation for trusted paths.

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (43 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-12, normative work from Rel-15.

Rel-15 1 change

In Release 15, the TNAP function was introduced as part of the trusted non-3GPP access for 5G location services, enabling architectures for both roaming and non-roaming scenarios. Specifically, it allowed for GNSS assistance data collection directly from a trusted Application Function (AF), which registers its GNSS information and serving area with the NRF. This included defining the TNAP/TWAP Identifier for nodes like the 5G-CRG and making corrections for network-based location in trusted WLAN access.

  • NetLoc corrections in trusted WLAN. TS 29.214CR1584
Rel-16 21 changes

In Release 16, the TNAP function was formally introduced, enabling 5G Core integration with trusted non-3GPP access networks like WLAN. The release specified new procedures for UE registration, network selection, and AMF overload control specifically for this trusted access type. It also defined requirements for charging and the collection of location information from these trusted access peers.

  • Support of Trusted non-3GPP access TS 23.501CR0781
  • Trusted non-3GPP Access Network Selection TS 23.501CR0783
  • AMF overload control for trusted non-3GPP access TS 23.501CR1374
  • Location information for trusted N3GPP TS 23.501CR1420
  • EAP-5G extensions for trusted non-3GPP access TS 24.502CR0067
  • Update to the scope for trusted non-3GPP access TS 24.502CR0071

+ 15 more changes

Rel-17 5 changes

In Release 17, the TNAP function was enhanced to support the transport of a SUCI over trusted non-3GPP access and to introduce PDU session limitations and specific protocol stacks for trusted WLAN access, particularly for N5CW devices. The release also included updates to resolve editorial notes on trusted access selection and provided corrections and clarifications for trusted connectivity procedures, including those using the Trusted Non-3GPP Gateway Function (TNGF).

  • Adding PDU session limitation and protocol stacks for trusted WLAN access for N5CW device TS 23.501CR2991
  • SUCI transport via trusted non-3GPP access TS 24.502CR0195
  • Resolve editor notes on trusted access selection TS 24.502CR0157
  • Correction to trusted connectivity TS 24.502CR0173
  • Editorial Clarifications for Trusted non-3GPP Access using TNGF TS 33.501CR1170
Rel-18 14 changes

In Release 18, the TNAP function was enhanced to support Standalone Non-Public Networks (SNPN) for trusted non-3GPP access, including specific SNPN selection procedures. It introduced new capabilities for onboarding over trusted access and enabled Application Function (AF)-based service parameter provisioning for TNAP IDs, including adding these IDs to policy and service parameter data. The release also provided clarifications and corrections for procedures involving UEs behind a 5G Residential Gateway (5G-RG) and for the encapsulation of EAP-5G messages in the link layer protocol.

  • SNPN for trusted non-3GPP access TS 24.502CR0212
  • SNPN selection procedures for using trusted non-3GPP access TS 24.502CR0217
  • Accessing 5GS via trusted non-3GPP access for UE behind 5G-RG TS 24.502CR0262
  • Additional requirements for onboarding over trusted non-3GPP access TS 24.502CR0257
  • AF-based service parameter provisioning for TNAP ID TS 29.513CR0533
  • Adding TNAP IDs to Service Parameter data TS 29.519CR0422

+ 8 more changes

Rel-19 2 changes

In Release 19, the TNAP (Trusted non-3GPP Access Peers) function introduced support for mobility of a UE connected to one TNAP to another TNAP when both are connected to the same TNGF. This enhancement was further refined with a subsequent correction to the defined mobility procedure. The release also specified that for location services, a trusted AF, such as a TNAP, can register its GNSS assistance data capabilities with the NRF.

  • Mobility of the UE connected to a TNAP to another TNAP connected to the same TNGF TS 24.502CR0313
  • Correction to Mobility of the UE connected to a TNAP to another TNAP connected to the same TNGF TS 24.502CR0316

Explore further

Broader topics and technologies where TNAP plays a role.

Topics
Authentication (5G-AKA, EAP)Lawful Intercept5G Core (5GC)Services & ApplicationsProtocols & InterfacesRadio Access Network
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference TNAP, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.273 vj50 5G Location Services Stage 2 Architecture Rel-19
TS 23.501 vk00 5G System Architecture Stage 2 Rel-20
TS 23.852 vc00 Study on GTP-based S2a for WLAN Access Rel-12
TS 24.502 vj20 5G Core Access via Non-3GPP Networks; Stage 3 Rel-19
TS 29.214 vj20 Policy and Charging Control over Rx Rel-19
TS 29.413 vj00 NGAP for Non-3GPP Access Rel-19
TS 29.513 vj40 5G PCC Signalling Flows & QoS Mapping Rel-19
TS 29.514 vj40 5G System; Policy Authorization Service; Stage 3 Rel-19
TS 29.518 vj50 AMF Service Based Interface Protocol Rel-19
TS 29.519 vj40 UDR Usage for Policy & Exposure Data Rel-19
TS 29.561 vj30 5G Interworking with External Data Networks Rel-19
TS 32.255 vk10 Telecom Management; Charging for 5G Data Connectivity Rel-20
TS 33.501 vk00 5G Security Architecture and Procedures Rel-20
TS 33.807 vg01 5G Wireline-Wireless Convergence Security Study Rel-16
TS 38.413 vj10 NG Application Protocol (NGAP) Rel-19