Trying to add a backup internet connection for cloud hosted VOIP devices

  • 29 September 2020
  • 3 replies

Network background:  I work for a school system in Kentucky.  In this state all schools internet connection, DHCP, DNS, Firewall, etc. are managed by the state and stored in what we call the KEN Cabinet.  We connect to this cabinet with a core router.  Each of our schools has a network switch (x460-G2’s) that is connected to the core router (VSP8400) via 1Gb fiber via our ISP.  We have set VLAN’s with IP ranges from the state that are allowed internet access.

Project: We are adding Cloud hosted VOIP phones to all of our locations.  We are trying to create a backup internet connection at each school using a Cradlepoint device providing cellular data.

The VoIP phones are on the same data network as the client computers since they have to reach out to the internet.  The Default Gateway for this data network is located on the Core Router.  If we lose ISP fiber connection between the core and the school switch, we lose DHCP and DNS access.

From what I’ve read, flow-redirect may be a solution but I can’t for the life of me figure out how to get this to work with the way our network is built.

I hope this all makes sense…  Any suggestions?

3 replies

Userlevel 3

Hi William,


Just to verify, will you be having a backup internet connection at each site that is connected to the EXOS switches?



Chris Thompson

Yes, each school/location will have it’s own backup Cradlepoint cellular device for internet.

Userlevel 6
Badge +1



If you lose DHCP and DNS you’ll not get new IP’s and the existing will not be able to resolve the IPs of the destinations…

A topology design is needed to fully understand your needs.

Some points to clarify:

  • Are the subnets allocated to you public IPs?
    • If not you’ll have to NAT the traffic with a firewall (the craddlepoint device should be able to do that)
    • If yes, no need for NAT but the craddlepoint device will go in trouble concerning the routing
  • Do you manage the VSP8400?
    • If so, you can add an additional default route (changing the default priority) to point to your backup default gateway
  • In any cases you’ll have to provide an additional DHCP/DNS service to your users

The story is quite complicated.

From experience a great solution is to use the XA1440 on schools and XA1480 connected to the core router. Those devices can perform a FabricExtend tunnel over Internet using IPSec to secure it. I use this with healthcare customers

With this solution, you hide the Internet routing complexity and simplify the design as you keep the default DHCP and DNS servers.

Have a look at and page 45