TWAN

Trusted WLAN Access Network

Core Network →
Introduced in Rel-11

TWAN is a 3GPP architectural concept for an operator-controlled WLAN that is securely integrated with the mobile core network to provide seamless 3GPP services with authentication, policy, and mobility support.

Category
Core Network
Introduced
Rel-11
Where
Core Network › 5G Core
Specifications
20 specs
TWAN Description Purpose Related Classification Detected Changes Specifications

Description

The Trusted WLAN Access Network (TWAN) is not a single device but a logical architectural construct defined by 3GPP. It represents a Wireless Local Area Network (WLAN) that is considered "trusted" by the 3GPP operator's core network. This trust is established because the TWAN implements specific 3GPP-defined interfaces and functions, allowing it to be integrated as a seamless, secure, and policy-controlled access network on par with 3GPP radio access technologies like LTE. The TWAN encompasses the collection of network functions that together provide trusted WLAN access to the Evolved Packet Core (EPC) and, in later releases, the 5G Core (5GC).

The TWAN architecture is built around three key functional entities: the Trusted WLAN Access Gateway (TWAG), the Trusted WLAN AAA Proxy (TWAP), and the underlying WLAN Access Points (APs). The TWAG handles the user plane, establishing GTP or PMIP tunnels over the S2a interface to the Packet Data Network Gateway (PGW) in the EPC. The TWAP handles the control plane, acting as a proxy for Authentication, Authorization, and Accounting (AAA) signaling between the UE/WLAN and the 3GPP AAA Server/Proxy. The WLAN APs provide the actual radio connectivity. These functions can be collocated in a single physical node or distributed. The TWAN connects to the EPC via two main reference points: STa (between TWAP and 3GPP AAA Server for AAA) and S2a (between TWAG and PGW for user data).

From a procedural standpoint, when a UE connects to a TWAN, it undergoes EAP-based authentication against the 3GPP AAA infrastructure using credentials from its USIM card. The TWAP facilitates this process. Upon successful authentication, the TWAG establishes a data bearer for the UE. The PGW assigns an IP address, and all user traffic is routed through the secure tunnel between the TWAG and PGW. This architecture allows the core network to apply consistent policy and charging control (PCC) rules, managed by the Policy and Charging Rules Function (PCRF), to traffic from the TWAN-connected UE. It also enables mobility support, such as handovers of IP sessions between the TWAN and a 3GPP access network (e.g., LTE) without changing the IP address, as the PGW serves as a common anchor.

In the context of 5G, the TWAN concept evolved. The functions were reinterpreted for interconnection with the 5G Core network via the Non-3GPP InterWorking Function (N3IWF) for untrusted access or, more directly, through a Trusted Non-3GPP Gateway Function (TNGF) which subsumes the roles of the TWAG and TWAP for trusted access. This evolution maintains the principle of a trusted non-3GPP access network but aligns it with the service-based architecture and protocols of 5G. Throughout its lifecycle, the TWAN has been pivotal in enabling operators to deploy carrier-grade Wi-Fi as an integral part of their heterogeneous network strategy.

Purpose & Motivation

The TWAN was created to formally define a standardized architecture for integrating operator-managed or partner Wi-Fi networks into the 3GPP mobile ecosystem as a trusted access type. Before its introduction, Wi-Fi was typically an unmanaged, best-effort access network, leading to a fragmented user experience, separate logins, and no integration with mobile services like IMS or seamless mobility. The primary problem was the lack of a network-based, standardized model that could provide security, authentication, policy control, and service continuity equivalent to cellular access.

The development of the TWAN in Release 11 was a strategic response to the explosive growth of Wi-Fi and the need for mobile operators to offload data traffic efficiently while maintaining control over the user experience and service quality. It addressed the limitations of the earlier "untrusted non-3GPP access" model (which required client-initiated IPsec tunnels), which was complex for device implementation and did not support efficient network-based mobility or deep policy integration. The TWAN model shifted the complexity into the network, allowing for a simpler UE and enabling the operator to treat Wi-Fi as a first-class access technology.

By establishing the TWAN as a trusted entity, 3GPP solved several key issues: it enabled seamless authentication using 3GPP credentials (SIM-based), allowed the core network to enforce consistent quality of service and charging policies across cellular and Wi-Fi, and provided a foundation for real access network mobility. This was crucial for enabling services like Voice over Wi-Fi (VoWiFi) with IMS and for realizing true Fixed-Mobile Convergence (FMC), where a user's services are agnostic to the underlying access technology. The TWAN architecture provided the blueprint for the deep integration of WLAN, which later evolved to become a fundamental component of 5G's commitment to supporting heterogeneous access.

Classification

Part ofEPC
Specific typesTWAGTWAP

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (33 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-11, normative work from Rel-15.

Rel-15 9 changes

In Release 15, the TWAN function was enhanced with a P-CSCF restoration extension to avoid deactivating the IMS PDN connection, requiring support for a WLCP PDN connection modification procedure from the TWAN and UE. This extension allows the PGW to send an updated list of available P-CSCF addresses to the UE via the TWAN using WLCP when in multi-connection mode. Additionally, Release 15 introduced the use of a "reactivation requested" cause code over GTP-C based S2a and WLCP, and enhanced location information support for trusted WLAN access.

  • Support for e2e QoS over trusted WLAN TS 23.402CR2972
  • Support of QoS differentiation for trusted non-3GPP access TS 24.302CR0632
  • Usage of TWAG MAC address for WLCP bearer TS 24.302CR0644
  • Enhance location information in trusted and untrusted WLAN TS 32.251CR0503
  • Enhance location information in trusted and untrusted WLAN TS 32.298CR0658
  • Enhance location information in trusted and untrusted WLAN TS 32.299CR0800

+ 3 more changes

Rel-16 8 changes

In Release 16, the TWAN function was enhanced with a P-CSCF restoration extension to avoid deactivating the IMS PDN connection during P-CSCF recovery, specifically for UEs in multi-connection mode. This optional extension, which relies on the TWAN supporting the WLCP PDN connection modification procedure, allows the PGW to send an updated P-CSCF list directly to the UE via the TWAN. Additionally, Release 16 introduced procedures for interworking between 5GS and EPC for trusted non-3GPP access.

  • EAP-5G extensions for trusted non-3GPP access TS 24.502CR0067
  • Update to the scope for trusted non-3GPP access TS 24.502CR0071
  • Introduction of trusted non-3GPP access description TS 24.502CR0072
  • Update to WLAN selection procedure because of trusted non-3GPP access TS 24.502CR0075
  • TNAN and PLMN selection procedures using trusted WLAN TS 24.502CR0084
  • UE registration for trusted non-3GPP access TS 24.502CR0068

+ 2 more changes

Rel-17 3 changes

In Release 17, the enhancements for the TWAN function specifically introduced an optional P-CSCF restoration extension to avoid deactivating the IMS PDN connection. This extension, applicable when the UE is in multi-connection mode, requires support from the UE, the PGW, and the TWAN's WLCP PDN connection modification procedure to send an updated P-CSCF list. The update also included clarifications and corrections for trusted access selection and connectivity mechanisms.

  • SUCI transport via trusted non-3GPP access TS 24.502CR0195
  • Resolve editor notes on trusted access selection TS 24.502CR0157
  • Correction to trusted connectivity TS 24.502CR0173
Rel-18 12 changes

In Release 18, the enhancements for TWAN primarily focused on extending P-CSCF restoration mechanisms to avoid IMS PDN connection release, specifically introducing an optional extension for TWAN access that utilizes the WLCP PDN connection modification procedure. This allows a PGW to send an updated list of available P-CSCF addresses to the UE via the TWAN without deactivating the connection, contingent on support from the UE, PGW, and TWAN. The release also included clarifications and corrections for accessing 5GS via trusted non-3GPP access, including support for UE behind a 5G-RG and encapsulating EAP-5G messages in the link layer protocol.

  • SNPN for trusted non-3GPP access TS 24.502CR0212
  • SNPN selection procedures for using trusted non-3GPP access TS 24.502CR0217
  • Accessing 5GS via trusted non-3GPP access for UE behind 5G-RG TS 24.502CR0262
  • Additional requirements for onboarding over trusted non-3GPP access TS 24.502CR0257
  • MPS for WLAN EPC trusted attach TS 29.273CR0540
  • Redefining SNPN list with trusted 5G Connectivity IE TS 24.302CR0741

+ 6 more changes

Rel-19 1 change

In Release 19, the enhancement for the Trusted WLAN Access Network (TWAN) introduced a P-CSCF restoration extension procedure to avoid deactivating the IMS PDN connection during P-CSCF recovery. This optional extension, applicable when a UE in multi-connection mode and the TWAN support it, allows the PGW to send an updated P-CSCF list via a WLCP PDN connection modification request through the TWAN. Additionally, the release specified mobility support for a device connected to one TWAP to move to another TWAP connected to the same TWIF.

  • Mobility of the N5CW device connected to a TWAP to another TWAP connected to the same TWIF TS 24.502CR0317

Explore further

Broader topics and technologies where TWAN plays a role.

Topics
Authentication (5G-AKA, EAP)EPC (Evolved Packet Core)IMS & Voice (VoLTE, VoNR)Mission Critical (MCPTT)LTE / LTE-AdvancedPolicy & Charging
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference TWAN, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.380 vj10 IMS Restoration Procedures Rel-19
TS 23.402 vj00 EPC for Non-3GPP Access (PMIP) Rel-19
TS 23.852 vc00 Study on GTP-based S2a for WLAN Access Rel-12
TS 24.229 vj50 IMS call control protocol based on SIP and SDP Rel-19
TS 24.302 vj00 Access to EPC via non-3GPP networks; Stage 3 Rel-19
TS 24.502 vj20 5G Core Access via Non-3GPP Networks; Stage 3 Rel-19
TS 29.061 vj00 Packet Domain Interworking for PLMN Rel-19
TS 29.273 vj10 AAA Protocols for Non-3GPP Access in EPS & 5GS NSWO Rel-19
TS 29.274 vj50 GTPv2-C Control Plane Protocol Specification Rel-19
TS 29.275 vj00 PMIPv6 Mobility & Tunnelling Protocols Stage 3 Rel-19
TS 29.281 vj20 GTPv1-U Protocol Specification Rel-19
TS 29.303 vj10 DNS Procedures for Evolved Packet System Rel-19
TS 29.512 vj40 5G Session Management Policy Control Service Rel-19
TS 29.826 vd10 P-CSCF Restoration Enhancements for WLAN Rel-13
TS 32.251 vj00 PS Domain Charging Management Rel-19
TS 32.298 vj30 Charging Data Record (CDR) Parameter Specification Rel-19
TS 32.299 vj00 Diameter Charging Applications for 3GPP Rel-19
TS 33.107 vj00 Lawful Interception Architecture & Functions Rel-19
TS 33.108 vj00 LI Handover Interface Specification Rel-19
TS 33.402 vj00 Security for non-3GPP access to EPS Rel-19