Support SUPPORT
New to T-Mobile? Switching is easy Set up your device Using the app Sprint Migration Center All get started topics Ways to pay your bill All about your bill Line permissions Your T-Mobile ID Your PIN/Passcode All account resources topics T-Mobile network In-flight texting and Wi-Fi Wi-Fi Calling International roaming Mobile Without Borders All network & roaming topics Find the right plan Netflix on Us HotSpot plans Voicemail Use Mobile HotSpot All plans support topics Tutorials Troubleshooting Unlock your device Protect your device SIM card & eSIM All device assistance topics Get T-Mobile for Business Billing and payments Manage your account Orders and shopping Account Hub registration All business support topics

Find the technical details to set up a corporate environment for T-Mobile Wi-Fi Calling​.

On this page:

 

Setup

In a multipurpose network setting, we recommend setting up a specific SSID (secure network) to exclusively segment traffic for Wi-Fi calling.

 

Security

Even though voice over Wi-Fi does not require a specific security mechanism or authentication to be put in place in order to work, we recommendation securing the wireless local area network (WLAN) that will be used to carry Wi-Fi calling.

T-Mobile devices support the WLAN security techniques used in corporate environments for authentication and encryption, such as:

  • WPA (TKIP) - Personal and Enterprise
  • WPA2 (AES-CCMP) - Personal and Enterprise
  • LEAP: TKIP, Dynamic WEP, AES. (No LEAP-CKIP)
  • PEAP
  • EAP-TLS, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA
  • Virtual private network (VPN) access security
  • Media Access Control (MAC) lists
  • Service-specific access security
  • Captive portal

 

EAP

EAP-FAST (if available) is the recommended EAP type for use of VoWLAN deployments.

 

Firewalls

IPv4 Address Block: 208.54.0.0/16:

Port & TCP/UDP and their descriptions
Port &TCP/UDP Description
Port: 500 / UDP IPsec - IKE : Authentication [WFC 2.0]
Port: 4500 / UDP IPsec - NAT traversal : Encrypted voice traffic [WFC  2.0]
Port: 5061 / TCP/UDP SIP/TLS : Encrypted SIP [WFC 1.0]

 

IPv4 Address Block: 66.94.0.0/19:

Port & TCP/UDP and their descriptions
Port &TCP/UDP Description
Port: 443 / TCP HTTPS : Used for handset authentication [WFC 1.0]
Port: 993 / TCP IMAP/SSL : Visual Voicemail [WFC 1.0]

Also allowlist the CRL server for DIGITS OTT and WFC 1.0: crl.t-mobile.com 206.29.177.36

Was this helpful?