Find the technical details to set up a corporate environment for T-Mobile Wi-Fi Calling.
Setup
In a multipurpose network setting, we recommend setting up a specific SSID (secure network) to exclusively segment traffic for Wi-Fi calling.
Security
Even though voice over Wi-Fi does not require a specific security mechanism or authentication to be put in place in order to work, we recommendation securing the wireless local area network (WLAN) that will be used to carry Wi-Fi calling.
T-Mobile devices support the WLAN security techniques used in corporate environments for authentication and encryption, such as:
- WPA (TKIP) - Personal and Enterprise
- WPA2 (AES-CCMP) - Personal and Enterprise
- LEAP: TKIP, Dynamic WEP, AES. (No LEAP-CKIP)
- PEAP
- EAP-TLS, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA
- Virtual private network (VPN) access security
- Media Access Control (MAC) lists
- Service-specific access security
- Captive portal
EAP
EAP-FAST (if available) is the recommended EAP type for use of VoWLAN deployments.
Firewalls
IPv4 Address Block: 208.54.0.0/16:
Port &TCP/UDP | Description |
---|---|
Port: 500 / UDP | IPsec - IKE : Authentication [WFC 2.0] |
Port: 4500 / UDP | IPsec - NAT traversal : Encrypted voice traffic [WFC 2.0] |
Port: 5061 / TCP/UDP | SIP/TLS : Encrypted SIP [WFC 1.0] |
IPv4 Address Block: 66.94.0.0/19:
Port &TCP/UDP | Description |
---|---|
Port: 443 / TCP | HTTPS : Used for handset authentication [WFC 1.0] |
Port: 993 / TCP | IMAP/SSL : Visual Voicemail [WFC 1.0] |
Also allowlist the CRL server for DIGITS OTT and WFC 1.0: crl.t-mobile.com 206.29.177.36
Was this helpful?