Wi-Fi Calling on a corporate network
Added!
Manage Links
Click any available links to add.
Click any added links to remove.
Links with no highlight can't be sent.
Find the technical details to set up a corporate environment for T-Mobile Wi-Fi Calling.
Setup
In a multipurpose network setting, we recommend setting up a specific SSID (secure network) to exclusively segment traffic for Wi-Fi calling.
Security
Even though voice over Wi-Fi does not require a specific security mechanism or authentication to be put in place in order to work, we recommendation securing the wireless local area network (WLAN) that will be used to carry Wi-Fi calling.
T-Mobile devices support the WLAN security techniques used in corporate environments for authentication and encryption, such as:
- WPA (TKIP) - Personal and Enterprise
- WPA2 (AES-CCMP) - Personal and Enterprise
- LEAP: TKIP, Dynamic WEP, AES. (No LEAP-CKIP)
- PEAP
- EAP-TLS, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA
- Virtual private network (VPN) access security
- Media Access Control (MAC) lists
- Service-specific access security
- Captive portal
EAP
EAP-FAST (if available) is the recommended EAP type for use of VoWLAN deployments.
Firewalls
IPv4 Address Block: 208.54.0.0/16:
| Port &TCP/UDP | Description |
|---|---|
| Port: 500 / UDP | IPsec - IKE : Authentication [WFC 2.0] |
| Port: 4500 / UDP | IPsec - NAT traversal : Encrypted voice traffic [WFC 2.0] |
| Port: 5061 / TCP/UDP | SIP/TLS : Encrypted SIP [WFC 1.0] |
IPv4 Address Block: 66.94.0.0/19:
| Port &TCP/UDP | Description |
|---|---|
| Port: 443 / TCP | HTTPS : Used for handset authentication [WFC 1.0] |
| Port: 993 / TCP | IMAP/SSL : Visual Voicemail [WFC 1.0] |
Also allowlist the CRL server for DIGITS OTT and WFC 1.0: crl.t-mobile.com 206.29.177.36
Was this helpful?