It’s official! T-Mobile & Sprint have merged!
Sprint support pages are available for existing Sprint accounts here. If you are looking for more, visit our Migration Center.

Find the technical details to set up a corporate environment for ​.

On this page:



In a multipurpose network setting, we recommend setting up a specific SSID (secure network) to exclusively segment traffic for Wi-Fi calling.



Even though voice over Wi-Fi does not require a specific security mechanism or authentication to be put in place in order to work, we recommendation securing the wireless local area network (WLAN) that will be used to carry Wi-Fi calling.

T-Mobile devices support the WLAN security techniques used in corporate environments for authentication and encryption, such as:

  • WPA (TKIP) - Personal and Enterprise
  • WPA2 (AES-CCMP) - Personal and Enterprise
  • LEAP: TKIP, Dynamic WEP, AES. (No LEAP-CKIP)
  • PEAP
  • Virtual private network (VPN) access security
  • Media Access Control (MAC) lists
  • Service-specific access security
  • Captive portal



EAP-FAST (if available) is the recommended EAP type for use of VoWLAN deployments.



IPv4 Address Block:

Port &TCP/UDP Description
Port: 500 / UDP IPsec - IKE : Authentication [WFC 2.0]
Port: 4500 / UDP IPsec - NAT traversal : Encrypted voice traffic [WFC  2.0]
Port: 5061 / TCP/UDP SIP/TLS : Encrypted SIP [WFC 1.0]

IPv4 Address Block:

Port &TCP/UDP Description
Port: 443 / TCP HTTPS : Used for handset authentication [WFC 1.0]
Port: 993 / TCP IMAP/SSL : Visual Voicemail [WFC 1.0]

Also whitelist the CRL server for DIGITS OTT and WFC 1.0:

Was this helpful?