Find the technical details to set up a corporate environment for Wi-Fi Calling.
In a multipurpose network setting, it is recommended to set up a specific SSID (secure network), to exclusively segment traffic for Wi-Fi calling.
- While voice over Wi-Fi does not require a specific security mechanism or authentication to be put in place in order to work, there are several recommendations to secure the wireless local area network (WLAN) that will be used to carry Wi-Fi calling.
- T-Mobile handsets support the WLAN security techniques used in corporate environments for authentication and encryption, such as:
- WPA (TKIP) - Personal and Enterprise
- WPA2 (AES-CCMP) - Personal and Enterprise
- LEAP: TKIP, Dynamic WEP, AES. (No LEAP-CKIP)
- EAP-TLS, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA
- Virtual private network (VPN) access security
- Media Access Control (MAC) lists
- Service-specific access security
- Captive portal
EAP-FAST (if available) is the recommended EAP type for use of VoWLAN deployments.
IPv4 Address Block: 188.8.131.52/17:
|Port: 500 / UDP||IPsec - IKE : Authentication [WFC 2.0]|
|Port: 4500 / UDP||IPsec - NAT traversal : Encrypted voice traffic [WFC 2.0]|
|Port: 5061 / TCP/UDP||SIP/TLS : Encrypted SIP [WFC 1.0]|
IPv4 Address Block: 184.108.40.206/19:
|Port: 443 / TCP||HTTPS : Used for handset authentication [WFC 1.0]|
|Port: 993 / TCP||IMAP/SSL : Visual Voicemail [WFC 1.0]|