Wi-Fi Calling on a corporate network

Find the technical details to set up a corporate environment for Wi-Fi Calling.

 

 

Setup

In a multipurpose network setting, it is recommended to set up a specific SSID (secure network), to exclusively segment traffic for Wi-Fi calling.

 

 

Security

  • While voice over Wi-Fi does not require a specific security mechanism or authentication to be put in place in order to work, there are several recommendations to secure the wireless local area network (WLAN) that will be used to carry Wi-Fi calling.
  • T-Mobile handsets support the WLAN security techniques used in corporate environments for authentication and encryption, such as:
    • WPA (TKIP) - Personal and Enterprise
    • WPA2 (AES-CCMP) - Personal and Enterprise
    • LEAP: TKIP, Dynamic WEP, AES. (No LEAP-CKIP)
    • PEAP
    • EAP-TLS, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA
    • Virtual private network (VPN) access security
    • Media Access Control (MAC) lists
    • Service-specific access security
    • Captive portal

 

 

EAP

EAP-FAST (if available) is the recommended EAP type for use of VoWLAN deployments.

 

 

Firewalls

IPv4 Address Block: 208.54.0.0/17:

 

Port &TCP/UDPDescription
Port: 500 / UDPIPsec - IKE : Authentication [WFC 2.0]
Port: 4500 / UDPIPsec - NAT traversal : Encrypted voice traffic [WFC  2.0]
Port: 5061 / TCP/UDPSIP/TLS : Encrypted SIP [WFC 1.0]

 

IPv4 Address Block: 66.94.0.0/19:

 

Port &TCP/UDPDescription
Port: 443 / TCPHTTPS : Used for handset authentication [WFC 1.0]
Port: 993 / TCPIMAP/SSL : Visual Voicemail [WFC 1.0]