Technical details for setting up a corporate environment to support T-Mobile Wi-Fi Calling.
On this page
- Setup
- Security
- EAP
Firewalls
Setup
In a multipurpose network setting, T-Mobile recommends setting up a specific SSID (secure network) to exclusively segment traffic for Wi-Fi Calling.
Security
Voice over Wi-Fi doesn't strictly require a specific security mechanism or authentication to function, but it's recommended to secure the wireless local area network (WLAN) that will carry Wi-Fi Calling traffic.
T-Mobile devices support the following WLAN security techniques commonly used in corporate environments for authentication and encryption:
- WPA (TKIP) — Personal and Enterprise
- WPA2 (AES-CCMP) — Personal and Enterprise
- LEAP: TKIP, Dynamic WEP, AES (No LEAP-CKIP)
- PEAP
- EAP-TLS, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA
- Virtual Private Network (VPN) access security
- Media Access Control (MAC) lists
- Service-specific access security
Captive portal
EAP
EAP-FAST (if available) is the recommended EAP type for VoWLAN (Voice over WLAN) deployments.
Firewalls
IPv4 Address Block: 208.54.0.0/16
| Port | TCP/UDP | Description |
|---|---|---|
| 500 | UDP | IPsec – IKE: Authentication [WFC 2.0] |
| 4500 | UDP | IPsec – NAT traversal: Encrypted voice traffic [WFC 2.0] |
| 5061 | TCP/UDP | SIP/TLS: Encrypted SIP [WFC 1.0] |
IPv4 Address Block: 66.94.0.0/19
| Port | TCP/UDP | Description |
|---|---|---|
| 443 | TCP | HTTPS: Used for handset authentication [WFC 1.0] |
| 993 | TCP | IMAP/SSL: Visual Voicemail [WFC 1.0] |
Additional allowlist requirement
Also allowlist the CRL server for DIGITS OTT and WFC 1.0:
- crl.t-mobile.com — 206.29.177.36
Source: T-Mobile Support — Wi-Fi Calling on a corporate network
Comments
0 comments
Article is closed for comments.