Agenda 06/22/2021 Item #16A 1 (Interlocal Agreeement w/City of Naples)06/22/2021
EXECUTIVE SUMMARY
Recommendation to approve an Interlocal Agreement between Collier County and the City of
Naples. This agreement will enable the sharing of video and data as per Local Agency Program
(LAP) FPN# 435013-1-98-01 ITS Integrate/Standardized Network Communication, across a
standardized network infrastructure. (This Agenda item is a companion to Item 11A, "20-7777
Presidio Contract".)
LEGAL CONSIDERATIONS: This item has been reviewed by the County Attorney, is approved as to
form and legality, and requires majority vote for Board approval. -JAK
RECOMMENDATION: Recommendation to approve an Interlocal Agreement between Collier County
and the City of Naples. This agreement will enable the sharing of video and data as per Local Agency
Program (LAP) FPN# 435013-1-98-01 ITS Integrate/Standardized Network Communication, across a
standardized network infrastructure.
Prepared by Pierre-Marie Beauvoir, Signal Systems Network Specialist, Transportation Engineering
Division.
ATTACHMENT(S)
1. SKM_C360i21051111290 (PDF)
2. [Linked] 435013-1 Executed LAP Agreement & NTP reduced (PDF)
16.A.1
Packet Pg. 669
06/22/2021
COLLIER COUNTY
Board of County Commissioners
Item Number: 16.A.1
Doc ID: 15899
Item Summary: Recommendation to approve an Interlocal Agreement between Collier County
and the City of Naples. This agreement will enable the sharing of video and data as per Local Agency
Program (LAP) FPN# 435013-1-98-01 ITS Integrate/Standardized Network Communication, across a
standardized network infrastructure. (This Agenda item is a companion to Item 11A, "20-7777 Presidio
Contract".)
Meeting Date: 06/22/2021
Prepared by:
Title: Signal Systems Network Specialist – Transportation Engineering
Name: Pierre Beauvoir
05/17/2021 12:57 PM
Submitted by:
Title: Division Director - Transportation Eng – Transportation Engineering
Name: Jay Ahmad
05/17/2021 12:57 PM
Approved By:
Review:
Procurement Services Ana Reynoso Additional Reviewer Completed 05/17/2021 1:55 PM
Growth Management Department Anthony Khawaja Additional Reviewer Completed 05/17/2021 2:07 PM
Growth Management Department Lisa Abatemarco Additional Reviewer Completed 05/18/2021 9:42 AM
Growth Management Department Jeanne Marcella Growth Management Department Completed 05/20/2021 8:46 AM
Capital Project Planning, Impact Fees, and Program Management Rookmin Nauth Additional Reviewer Completed 05/24/2021 12:10 PM
Growth Management Operations Support Christopher Johnson Additional Reviewer Completed 05/25/2021 7:53 AM
Growth Management Department James C French Growth Management Skipped 05/18/2021 3:21 PM
County Attorney's Office Pierre Beauvoir Level 2 Attorney Review Skipped 05/26/2021 9:52 AM
Growth Management Department Trinity Scott Transportation Completed 05/28/2021 10:07 AM
Grants Valerie Fleming Additional Reviewer Completed 06/02/2021 8:22 AM
County Attorney's Office Jeffrey A. Klatzkow Level 3 County Attorney's Office Review Completed 06/02/2021 10:52 AM
Office of Management and Budget Debra Windsor Level 3 OMB Gatekeeper Review Completed 06/02/2021 2:17 PM
Grants Erica Robinson Additional Reviewer Completed 06/14/2021 10:25 AM
Office of Management and Budget Susan Usher Additional Reviewer Completed 06/14/2021 10:57 AM
County Manager's Office Amy Patterson Level 4 County Manager Review Completed 06/15/2021 2:42 PM
16.A.1
Packet Pg. 670
06/22/2021
Board of County Commissioners Geoffrey Willig Meeting Pending 06/22/2021 9:00 AM
16.A.1
Packet Pg. 671
16.A.1.a
Packet Pg. 672 Attachment: SKM_C360i21051111290 (15899 : Interlocal Agreement with the City of Naples)
16.A.1.a
Packet Pg. 673 Attachment: SKM_C360i21051111290 (15899 : Interlocal Agreement with the City of Naples)
16.A.1.a
Packet Pg. 674 Attachment: SKM_C360i21051111290 (15899 : Interlocal Agreement with the City of Naples)
16.A.1.a
Packet Pg. 675 Attachment: SKM_C360i21051111290 (15899 : Interlocal Agreement with the City of Naples)
Florida Department of Transportation
RON DESANTIS
GOVERNOR 605 Suwannee Street
Tallahassee, FL 32399-0450
KEVIN J. THIBAULT, P.E.
SECRETARY
www.dot.state.fl.us
June 16, 2020
Pierre-Marie Beauvoir
Signal System Network Specialist
2885 S. Horseshoe Drive
Naples, FL 34104
RE: NOTICE TO PROCEED
Financial Project #: 435013-1-98-01
Agency Collier County
Federal Aid Project #: D118 052 B
Contract #: G1O02
Description: ITS INTEGRATE/STANDARDIZE NETWORK COMMUNICATION
Dear Mr. Beauvoir:
In accordance with the Local Agency Program (LAP) Agreement, dated June 16, 2020 between the
Department and Collier County for the purchase of Network equipment for the Traffic Management
Operations Center, you are hereby authorized to proceed on this project. All associated project
activities are to begin on or after June 16, 2020 and be completed on or before December 31, 2022.
If Collier County is not able to meet the project schedule, the District LAP Coordinator should be notified
as soon as possible. A copy of this Notice to Proceed must be uploaded into LAPIT along with the entire
executed contract. Collier County will also need to send written correspondence to my attention of the
commencement and completion of the phase.
Please be mindful that Collier County shall be obligated to submit an invoice to the Department for the
percentage of work that is complete for this project no less frequently than on a quarterly basis from the
date of this NTP. Upon completion of the project phase, the Department will have forty -five (45)
working days after receipt of the invoice to review, inspect and approve the project phase for payment.
If I can be of further assistance, please contact me at (239) 225-1958.
Sincerely,
Simon Shackelford
Local Agency Program Coordinator
FDOT, District One
DocuSign Envelope ID: D0995568-DB18-422F-8AEF-05CC7C772611
RESOLUTION NO. 2020 -5 3 ---
A RESOLUTION BY THE BOARD OF COUNTY COMMISSIONERS,
COLLIER COUNTY FLORIDA, APPROVING, AND AUTHORIZING ITS
CHAIRMAN TO EXECUTE A LOCAL AGENCY PROGRAM AGREEMENT
WITH THE STATE OF FLORIDA DEPARTMENT OF TRANSPORTATION
FOR THE UPDATE AND STANDIZE OF THE INTELLIGENT
TRANSPORTATION SYSTEM NETWORK COMMUNICATION (FPN
435013-1-98-1)
WHEREAS, the State of Florida Department of Transportation (FDOT) is willing to enter into
a Local Agency Program Agreement (the "Agreement") with Collier County, wherein FDOT will
reimburse Collier County up to the sum of $1,108,409 for the update and standardize of the Intelligent
Transportation System (ITS) Network between local agencies (FPN 435013-1-98-01); and
WHEREAS, the Collier County Board of Commissioners finds that the Agreement is in the
public interest and benefits the citizens of Collier County.
NOW, THEREFORE, BE IT RESOLVED BY THE BOARD OF COUNTY
COMMISSIONERS OF COLLIER COUNTY, FLORIDA, that:
1. The Board of County Commissioners approves and authorizes its Chairman to sign the
Agreement pertaining to FPN 435013-1-98-01.
2. The Collier County Clerk is directed to forward a certified copy ofthis Resolution along with
the Agreement for execution by FDOT.
3. This Resolution shall take effect immediately upon adoption.
THIS RESOLUTION ADOPTED after motion, second, and majority vote favoring same,
this 2!f!'day of mnc:clv , 2020.
•' 1-, ,_'..,.1.·.1 •
. ~. l ,t
t, t I, I r I J, > ~. ~, , '
1• ,,, • /l ";,,.,;' ·,·
ATTEST .,• "''\~. iJ I) ,, .. , ...
·• ,, ~, . . . . . . . . . . (} .,,;,, ~.
CRYST~, K -IQ]'JZE-I.:,£lerk
•. / -!-~· :-,14 ►-r.-h , ,.J , • • .P. ":,·,,,. ,...f:..) ·. ~-
By: ---'-~~.u....:J\1-r,-,-1~-!'----'.,__---A,-.._-1,-l,.£ __ _
A
si
. 1 :
[19-ECM-02407/1458917/I]
BOARD OF COUNTY COMMISSIONERS
OF COLLIER COUNTY, FLORIDA
/J .1if~a
By:~/-~---------
BURT L. SAUNDERS
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
06/01/2020
G1O02
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
6/16/2020 | 1:16 PM EDT
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
Legal Review
______________________________________
Jeffrey A. Klatzkow
County Attorney
John M. Kubler, P.E.
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
DocuSign Envelope ID: 72ADB2C4-FE1F-4DCB-A195-7FFB34EA49FA
REGIONAL ITS NETWORK REVIEW
FDOT DISTRICT ONE / COLLIER COUNTY /
CITY OF NAPLES
June 14, 2019 | Version 3.0
Recommendations Report
Regional ITS Network Review | Recommendations Report
Document Panel Control
File Name: Regional ITS Network Review Final Report.docx
File Location: Metric Technology Group - Documents\Projects\4.2330_D1 Traffic Operations & ITS\TWO 12_Collier & Naples Network Upgrade\3. Project Documents\Document
Version Number: 3.0
Name (Firm/Organization) Date
Created By: Scott Agans (Metric Engineering, Inc.) 02/20/2019
Abram Little (Metric Engineering, Inc.) 02/20/2019
Reviewed By: Demetrius Lewis (Metric Engineering, Inc.) 02/25/2019
Richard Phillips (Metric Engineering, Inc.) 02/26/2019
Pierre Beauvoir (Collier County) 03/08/2019
Mark Roberts (HNTB / FDOT District One Consultant) 03/18/2019
Shawna Slate (Metric Engineering, Inc.) 03/19/2019
Corrine DiSanto (Metric Engineering, Inc.) 03/19/2019
Demetrius Lewis (Metric Engineering, Inc.) 03/21/2019
Richard Phillips (Metric Engineering, Inc.) 03/27/2019
Demetrius Lewis (Metric Engineering, Inc.) 03/28/2019
FDOT District One and FDOT District One Consultants 04/24/2019
Pierre Beauvoir (Collier County) 05/05/2019
Craig Carnes (Metric Engineering, Inc.) 06/12/2019
Modified By: Scott Agans (Metric Engineering, Inc.) 02/27/2019
Abram Little (Metric Engineering, Inc.) 03/25/2019
Scott Agans (Metric Engineering, Inc.) 03/28/2019
Scott Agans (Metric Engineering, Inc.) 05/15/2019
Scott Agans (Metric Engineering, Inc.) 06/10/2019
Scott Agans (Metric Engineering, Inc.) 06/13/2019
Completed By: Scott Agans (Metric Engineering, Inc) 06/13/2019
Regional ITS Network Review | Recommendations Report
i
Table of Contents
Table of Contents ........................................................................................................................................... i
List of Figures ............................................................................................................................................... iii
List of Tables ............................................................................................................................................... iii
List of Acronyms ........................................................................................................................................... iv
1. Introduction ............................................................................................................................................... 1
1.1 Task Overview ............................................................................................................................... 1
1.1.1 Document Overview .................................................................................................................. 1
2. Project Stakeholder Discussions ............................................................................................................... 3
2.1 Coordination Efforts ....................................................................................................................... 3
2.2 Stakeholder Identification .............................................................................................................. 3
2.2.1 Florida Department of Transportation District One .................................................................... 3
2.2.2 Collier County ............................................................................................................................ 4
2.2.3 City of Naples ............................................................................................................................ 5
3. Network Architecture Design ..................................................................................................................... 7
3.1 Existing Network Assessment ....................................................................................................... 7
3.1.1 Florida Department of Transportation District One .................................................................... 7
3.1.2 Collier County ............................................................................................................................ 9
3.1.3 City of Naples .......................................................................................................................... 12
3.2 Proposed Network Improvements ............................................................................................... 18
3.2.1 Florida Department of Transportation District One .................................................................. 18
3.2.2 Collier County .......................................................................................................................... 19
3.2.3 City of Naples .......................................................................................................................... 23
3.2.4 Proposed Network Improvements............................................................................................ 25
4. Proposed Regional Network Strategies ................................................................................................... 29
4.1 Proposed Network Architecture Design ....................................................................................... 29
4.1.1 Proposed Internet Protocol (IP) Schematic .............................................................................. 30
4.1.2 Data and Multicast Sharing Between Agencies ....................................................................... 31
5. Standardization of ITS Communications Equipment ................................................................................ 33
5.1 Agency Network Requirements ................................................................................................... 33
5.2 Field Network Devices Standardization ....................................................................................... 33
5.3 Physical Redundancy - Master Hub and TMC ............................................................................. 34
5.3.1 FDOT District One RTMC – SWIFT SunGuide® Center .......................................................... 34
5.3.2 Collier County ESC and TMC .................................................................................................. 34
5.3.3 City of Naples TMC.................................................................................................................. 34
6. User Access and Authentication .............................................................................................................. 35
Regional ITS Network Review | Recommendations Report
ii
6.1 FDOT District One ....................................................................................................................... 35
6.2 Collier County .............................................................................................................................. 36
6.3 City of Naples .............................................................................................................................. 36
6.4 Recommendations ....................................................................................................................... 36
7. Network Implementation Budgetary Estimate .......................................................................................... 38
Appendix A - Regional Partner Network Topologies ............................................................................. A-1
Appendix B - Regional Partner IP Address Schema ............................................................................. B-1
Appendix C - Summary of Recommendations ...................................................................................... C-1
Regional ITS Network Review | Recommendations Report
iii
List of Figures
Figure 3-1: FDOT District One Existing Network and Communications Logical Diagram .............................. 8
Figure 3-2: Collier County Existing Network and Communications Logical Diagram ................................... 10
Figure 3-3: City of Naples Existing Network and Communications Logical Diagram ................................... 12
Figure 3-4: Collier County Proposed Network and Communications Logical Diagram ................................ 21
Figure 3-5: City of Naples Proposed Network and Communications Logical Diagram ................................ 23
Figure 4-1: Proposed Regional Network Architecture Diagram ................................................................... 29
List of Tables
Table 2-1: FDOT District One Project Stakeholders and User Classes ......................................................... 4
Table 2-2: Collier County Project Stakeholders and User Classes ................................................................ 5
Table 2-3: City of Naples Project Stakeholders and User Classes ................................................................ 5
Table 3-1: Discovered Areas of Concern ..................................................................................................... 14
Table 3-2: Proposed Network Improvement Items ....................................................................................... 25
Table 6-1: Recommended Strategies for User Access and Authentication ................................................. 36
Table 7-1: Engineers Cost Estimate ............................................................................................................ 39
Table C-1: Summary of Recommendations ............................................................................................... C-1
Regional ITS Network Review | Recommendations Report
iv
List of Acronyms
ACLs ................................................................................................................................ Access Control Lists
APL ............................................................................................................................. Approved Products List
ATMS.................................................................................................. Advanced Traffic Management System
CCTV ........................................................................................................................ Closed Circuit Television
CLI ............................................................................................................................ Command Line Interface
CV ..................................................................................................................................... Connected Vehicle
DAC ................................................................................................................... Discretionary Access Control
EIGRP ....................................................................................... Enhanced Interior Gateway Routing Protocol
EOL ................................................................................................................................................ End of Life
ESC ....................................................................................................................... Emergency Service Center
FDOT ..................................................................................................... Florida Department of Transportation
FHWA ............................................................................................................ Federal Highway Administration
IEEE ...................................................................................... Institute of Electrical and Electronics Engineers
IGMP .................................................................................................... Internet Group Management Protocol
IGRP ........................................................................................................... Interior Gateway Routing Protocol
IP ........................................................................................................................................... Internet Protocol
IPSec ....................................................................................................................... Internet Protocol Security
ISP ............................................................................................................................ Internet Service Provider
ITS ............................................................................................................. Intelligent Transportation Systems
LAN................................................................................................................................... Local Area Network
LAP .............................................................................................................................. Local Agency Program
MAC.............................................................................................................................. Media Access Control
MHUB ............................................................................................................................................ Master Hub
MMU ................................................................................................................. Malfunction Management Unit
MSDP ..................................................................................................... Multicast Source Discovery Protocol
MSRP .................................................................................................... Manufacturer Suggested Retail Price
MSTP............................................................................................................ Multiple Spanning Tree Protocol
OSPF ........................................................................................................................ Open Shortest Path First
PIM ................................................................................................................. Protocol Independent Multicast
PIM-SM ..................................................................................... Protocol Independent Multicast-Sparse Mode
PIM-SM-DM ...................................................................Protocol Independent Multicast Sparse-Dense Mode
PVST+ ............................................................................................................ Per VLAN Spanning Tree Plus
RADIUS ...................................................................................... Remote Authentication Dial-In User Service
Rapid-PVST+......................................................................................... Rapid Per VLAN Spanning Tree Plus
RP ...................................................................................................................................... Rendezvous Point
RSTP ............................................................................................................... Rapid Spanning Tree Protocol
RTMC ....................................................................................... Regional Transportation Management Center
SAN .............................................................................................................................. Storage Area Network
SSH ............................................................................................................................................. Secure Shell
SSM ......................................................................................................................... Source Specific Multicast
STMC .................................................................................................... Satellite Traffic Management Center
Regional ITS Network Review | Recommendations Report
v
SWIFT ................................................................................ Southwest Interagency Facility for Transportation
TMC ...................................................................................................................... Traffic Management Center
TOR .............................................................................................................................................. Top of Rack
UPS ..................................................................................................................... Uninterrupted Power Supply
VLAN ..................................................................................................................... Virtual Local Area Network
VRRP...................................................................................................... Virtual Router Redundancy Protocol
WAN ................................................................................................................................. Wide Area Network
Regional ITS Network Review | Recommendations Report
1
1. Introduction
1.1 Task Overview
The Regional Intelligent Transportation Systems (ITS) Network Review is intended to review the existing ITS
and traffic signal regional network in Collier County (County) and the City of Naples (City) and provide a
recommended best practices approach to establishing a network connection to the Florida Department of
Transportation (FDOT) District One ITS Advanced Traffic Management System (ATMS) network for data and
video sharing purposes. This document will also serve as regional standards guidance for the staff who
currently manage and maintain their respective ITS and traffic signal networks, to support their current
operations. This document begins the initial stage in FDOT District One’s initiative to develop a regional ITS
and traffic signal network which will be used to disseminate traffic-related information as needed. Also, this
document is intended to provide recommended guidelines to allow each project stakeholder to integrate their
network resources and share video resources with other regional partners without conflict.
1.1.1 Document Overview
This document identifies specific guidance from the Institute of Electrical and Electronics Engineers (IEEE)
Transactions on Professional Communication for Electronic and Information Technologies. This document
also provides an overview of the Regional ITS Network Review task and key principles which guided the
project discovery and assessment activities which included an overview of the project, the stakeholders,
guiding principles, and referenced materials. This Regional ITS Network Review document, contains detailed
descriptions of network components discovered, an assessment of each item, recommendations for updating
those items and proposed replacement tools and equipment to deliver new capabilities that offer an
improvement over the current operational state. As a function of the ITS Continuing Services Consultant
Contract, Metric Engineering was requested to evaluate the existing ITS network located within FDOT District
One, the County, and the City. The network peer review was requested to assist the County and City with
developing a network strategy to provide a reliable, scalable, and redundant regional ITS network. This task
includes providing recommendations for upgrading the County and City’s network hardware which is to be
completed under an upcoming Local Agency Program (LAP) project. Recommendations will also include a
regional network architecture and configurations to establish network continuity for data and video sharing
capabilities. In addition, this document will also provide guidance for the required IP address migrations
mandated by FDOT Central Office to ensure all districts and regional partners are in compliance with the
Statewide IP addressing scheme.
The Regional ITS Network Review document, will illustrate a current state of the ITS network, security posture
and communications equipment, documenting the items discovered and provides an assessment with
associated strategies and recommendations for future deployments. The document also identifies FDOT
Regional ITS Network Review | Recommendations Report
2
District One’s, Collier County, and City of Naples stakeholders’ user classes, identified system capabilities,
and the existing network conditions of the system in ITS functional groups for establishing requirements.
Regional ITS Network Review | Recommendations Report
3
2. Project Stakeholder Discussions
2.1 Coordination Efforts
Metric Engineering was responsible for all coordination efforts for this task including scheduling meetings
with all stakeholders for project related tasks. A kick-off meeting was held to serve as an introduction of staff
of all stakeholders and Consultants and to provide all parties with an understating of the Scope of Services,
progress meetings, project schedule, and important milestones. All subsequent meetings were coordinated
by Metric Engineering through the FDOT District One project manager and the project stakeholders.
2.2 Stakeholder Identification
The term project stakeholders refers to any individual or group affected by the activities of the ITS network
assessment task. They may have a direct or indirect interest in the assessment, and their levels of
participation may vary. Stakeholders include internal organizations, external agencies, or end users with a
vested interest, or a "stake" in one or more aspect of the network. The stakeholders identified for this project
includes FDOT District One, Collier County, and the City of Naples. User Classes are classified based on
their perception of the system and the needs identified. Note that some key personnel may serve in multiple
roles based on user needs and functions.
2.2.1 Florida Department of Transportation District One
With a land area of nearly 12,000 square miles, FDOT District One represents twelve (12) counties in
Southwestern Florida. Its 2.7 million residents contribute to the 42 million miles traveled daily on its state
highways. FDOT District One provides capital grant funds to twenty-one (21) public airports, including three
(3) international airports.1
1https://www.fdot.gov/agencyresources/districts/index.shtm
Regional ITS Network Review | Recommendations Report
4
Table 2-1: FDOT District One Project Stakeholders and User Classes
FDOT District One Stakeholders
User Classes Technology Operations TSM&O Operations Traffic Operations Security Network Infrastructure Administration Mark Mathes, P.E.
TSM&O Project Engineer
Kat Chinault, CPM
TSM&O Project Manager
Mark Roberts
Consultant Project Manager
Tim Smith
Project Manager
Michael Braun
RTMC IT Manager
Carlos Gomez
ITS Technician II
Robbie Brown
RTMC /Freeway Operations
2.2.2 Collier County
The focus of Collier County’s Transportation Engineering Division is to maintain safe traffic operations on
their roads, implement capital improvements for the transportation network and to acquire needed property
for capital programs. The Collier County Transportation Engineering staff works in project management
teams that are made up of well-trained, highly motivated professionals who uphold the efficient use of public
funds as their highest priority.2
2 https://www.colliercountyfl.gov/your-government/divisions-s-z/transportation-engineering-division
Regional ITS Network Review | Recommendations Report
5
Table 2-2: Collier County Project Stakeholders and User Classes
Collier County Stakeholders
User Classes Technology Operations Traffic Operations Software Development Security Network Infrastructure Administration Anthony Khawaja, P.E.
Chief Engineer of Traffic Operations
Pierre Beauvoir
Sr. Project Manager/ Signal Systems
Network Specialist
Haris Domond
Engineering Technician
2.2.3 City of Naples
The City of Naples operates and maintains forty-two (42) traffic signals within the city limits.3 In addition to
maintaining traffic signals, the City also performed in-house traffic designs, roadway lighting on arterial
roadways, roadway signing, and markings, and operates a TMC to monitor real-time traffic congestion and
mitigation.
Table 2-3: City of Naples Project Stakeholders and User Classes
City of Naples Stakeholders
User Classes Technology Operations Traffic Operations Software Development Security Network Infrastructure Administration Alison Bickett, P.E
Traffic Engineer, Streets &
Stormwater
3https://www.naplesgov.com/streetsstormwater/page/streets-traffic
Regional ITS Network Review | Recommendations Report
6
City of Naples Stakeholders
User Classes Technology Operations Traffic Operations Software Development Security Network Infrastructure Administration Dave Rivera
Streets & Traffic Supervisor
Haroll Fernandez
Engineering Technician
Regional ITS Network Review | Recommendations Report
7
3. Network Architecture Design
3.1 Existing Network Assessment
To obtain a comprehensive understanding of each agency’s respective network, the network and
infrastructure documentation was provided and reviewed by each stakeholder. The documentation provided
included network topology diagrams, fiber optic infrastructure, splicing diagrams, and network equipment
configurations. Based on the review, areas of improvement within each of the agency’s respective networks
were identified. Some improvements may only require reconfiguring existing hardware, while others may
require the replacement of equipment and updating configurations.
In some cases, gaps within the network documentation were identified, and Metric Engineering either
requested additional information from the agency or made educated assumptions based on the data
provided. All data collected from each agency is represented within the existing topology diagrams of this
document.
3.1.1 Florida Department of Transportation District One
FDOT District One has two (2) TMCs, the first is the Southwest Interagency for Transportation (SWIFT)
SunGuide® Center in Fort Myers, Florida and the second is the Satellite Traffic Management Center (STMC)
in Bradenton, Florida. There are one hundred seventy-eight (178) miles of roadway along Interstate 75 (I-75)
with ninety-six (96) dedicated strands of fiber and four (4) network distribution hubs on the northbound side
of I-75 which connect the two (2) data centers, along with many field switches and devices that are used to
monitor the interstate. FDOT District One is seeking to establish network communications between each
agency for data and video sharing, as there are currently no existing network connections between the
stakeholders.
3.1.1.1 Network Architecture Topology
FDOT District One’s current network topology consists of a linear ring network topology. The major benefits
to the deployment of this topology are that it will allow FDOT District One to design and connect the County
and City’s’ to be interconnected with each other without changing the existing network topologies. If one of
the devices fail, the network traffic would be seamlessly routed back to the nearest router without a noticeable
impact to the end user. To mitigate any network flooding or broadcast storms, the routers have been
configured to use Rapid Spanning Tree Protocol (RSTP) which is a network loop prevention protocol. Since
all the data flows in a single direction, the data transfer between devices can occur at higher speeds to further
increase network performance.
Regional ITS Network Review | Recommendations Report
8
Figure 3-1 : FDOT District One Existing Network and Communications Logical Diagram
3.1.1.2 Layer 2 (Data Link) and VLANs
FDOT District One has implemented Virtual Local Area Network (VLAN) segments on both their core routers
and ITS field switches. A VLAN can be described as a set of physical or logical ports within the same
broadcast domain which can span numerous devices. By having a logical separation from other specific data,
this will logically segment the network, so data is not transmitted to unnecessary devices or users. FDOT
District One has chosen to deploy VLANs to increase data security and make the overall network simpler to
manage. In addition to the deployment of VLANs, FDOT District One has deployed Per VLAN Spanning Tree
Plus (PVST+). PVST+ is based upon the IEEE standard with Cisco proprietary extensions and is utilized on
each specific VLAN to enable a loop-free transmission of network data.
3.1.1.3 Layer 3 (Network) Routing Protocols
The FDOT District One network transmits ITS video images to their SWIFT SunGuide® Center, STMC, and
to other local agencies. To ensure these images are routed from the field Closed Circuit Television (CCTV)
cameras to their destination, the network can be capable of multicast routing. FDOT District One has chosen
to utilize the Protocol Independent Multicast-Sparse Mode (PIM-SM) routing solution for distributing multicast
traffic. PIM-SM is the preferred method of multicast routing which allows the multicast streams to dynamically
discover active multicast sources outside of the native network domain. To share the video with the
stakeholders, FDOT District One is also using Multicast Source Discovery Protocol (MSDP) which allows
each multicast domain to advertise their multicast sources within the multicast group to the local Rendezvous
Point (RP). The RP can replicate and route the multicast videos to the requested user either in or out of the
multicast domain.
Regional ITS Network Review | Recommendations Report
9
3.1.1.4 Network Security
Currently, FDOT District One does not deploy network security items to protect their network from the
proposed shareholder connections. After discussing network security practices with the FDOT District One
network staff, additional network security recommendations were provided which are included within this
document.
3.1.2 Collier County
3.1.2.1 Network Architecture Topology
The Collier County network architecture is defined as a modified star network topology where all the data
must be passed through a central device before being routed to its destination. If a failure of a single ITS
switch occurs, it will not negatively impact the remaining devices in-line. In the event of a network device
malfunction, the time to troubleshoot the device may be reduced due to the singular connection to the central
device. However, the network impact would be more severe. The primary disadvantage of this modified star
network topology is if the primary device at the TMC were to fail, the entire network would fail as well.
In addition to a review of the network topologies, an in-depth review of the network configurations occurred.
Based on the information provided, the existing network configurations identified each Master Hub (MHUB)
location as unique and composed of multiple network segments. Each network segment did not possess a
diverse and redundant network path in case of an equipment or fiber failure. All Layer 3 routing for the entire
network was relied upon by the single core router located at the TMC.
One network concern identified was the different types of Layer 2 field switches deployed in the field cabinets.
The Layer 2 rings are comprised of both Cisco 2955 and RuggedCom RS900G switches which is a concern
because the different types of switch manufacturers can potentially have interoperability issues and the
County could have possible maintenance issues by having to stock replacement equipment from two different
manufacturers. Furthermore, the existing Cisco ME3400E switches that were also identified do not support
MSDP and are currently End of Life (EOL). This is an issue because the County would be unable to transmit
or receive their regional agency partner video streams.
Additionally, each MHUB was found not to have a redundant connection from the TMC core network which
is the location where all routing is taking place. Another item also identified was that MHUB3 was found to
have two (2) Cisco ME3400E switches which supply local hub switch rings and two (2) spurs to additional
MHUB locations which had one link to MHUB4 and the other to MHUB5. This is a concern because this
causes a single point of failure in the network and can potentially have the ability to affect network
communications to downstream MHUB locations. This single point of failure could be caused from a loss of
power as each MHUB location is not equipped with an Uninterrupted Power Supply (UPS) device.
Regional ITS Network Review | Recommendations Report
10
Additionally, it was also discovered that numerous core networking equipment are performing unnecessary
switching and routing. The core network in the TMC has two (2) Cisco ME3400E switches, one (1) Cisco
C3560 switch, one (1) Cisco C2950 switch, one (1) HP 2530-24G switch, one (1) RuggedCom RS900G
switch and one (1) Cisco ASA 5506 firewall.
Figure 3-2 : Collier County Existing Network and Communications Logical Diagram
3.1.2.2 Layer 2 (Data Link) and VLANs
During the investigation phase of the Collier County network, there were no network conventions identified
between the MUHBs. Each MHUB router location had all VLANs configured to transmit them out of each
tagged/optical port which means every VLAN is forwarding ethernet data to each Layer 2 field switch. The
majority of fiber ports on the Layer 2 field switches are tagged with all VLANs whether they are used or not
which causes increased network congestion.
Collier County has also used VLANs to segment network functions. The differentiation between FDOT District
One and Collier County is that Collier County has elected to utilize Rapid Per VLAN Spanning Tree (Rapid-
PVST+). This spanning-tree mode is the same as PVST+ except that it uses a rapid convergence based on
the IEEE 802.1w standard. Due to the existing daisy-chained architecture between each master, there is a
chance a network loop can occur also referred to as a broadcast storm. This occurs when there is more than
one Layer 2 connection/path between two endpoints. To prevent these broadcast loops, the use of a Layer
2 loop prevention protocol such as Rapid-PVST+ which allows the user to create a single spanning tree
topology for each VLAN is suggested. To provide rapid convergence, the Rapid-PVST+ immediately deletes
Regional ITS Network Review | Recommendations Report
11
dynamically learned Media Access Control (MAC) address entries on a per-port basis upon receiving a
topology change.4
3.1.2.3 Layer 3 (Network) Routing Protocols
After reviewing the County’s network configuration files, specific routing protocols were identified and used
by Collier County. All of the routing for all of the ITS field devices occurs at the Collier County TMC router.
Besides the single routing location, the County utilizes static routes to direct traffic to specific external
networks which are then routed through their existing firewall. Static routing is an ideal method for smaller
networks (due to the ease of deployment) and for networks which do not have numerous topology changes
or a high rate of projected growth. However, as the network grows, it will be increasingly difficult to manage
the many route changes within the network router(s) which must be updated manually by the network
administrator. Additionally, the County utilizes Enhanced Interior Gateway Routing Protocol (EIGRP) to route
between the ITS networks dynamically. EIGRP is a dynamic routing protocol that updates route changes in
the network automatically. The convergence properties and the operating efficiency of this protocol have
improved significantly allowing for an improved architecture while retaining existing investment in IGRP.5
3.1.2.4 Network Security
The County has previously installed a firewall to allow access to their network remotely through a Virtual
Private Network (VPN) connection. A firewall is a network security appliance which serves as the first line of
defense against potential cyber or internal network attacks and is designed to prevent, both internal and
external, unauthorized systems and users from accessing network resources within a private local area
network. By using the firewall for VPN connections, authorized County staff are able to establish an encrypted
communications tunnel between their local computer and their remote Collier County device without worry of
their data streams being compromised. This VPN connection aids the County network administration staff to
connect to the ITS network for remote access, network troubleshooting, and the ability to access the network
from just an internet connection from around the world if needed.
According to the County personnel, the Apollo Metro Street Light Solution provides the County with a service
for the street lights and is directly connected to the Collier County network by an outside internet connection.
The Apollo Metro Solutions Street Light Luminaire with integrated Wireless Controller is capable of providing
an alert as to why the streetlight has burnt out; be it electrical error or due to age.6 The operator can also see
how many hours the bulb has been out and can then better plan the shift of the bulb.7 This router is not
4 https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/lanswitch/16-6-1/b-lanswitch-xe-16-6-1-
asr920/configure-pvst-rpvst.pdf
5 https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/13669-1.html#intro
6 http://bulldogenergy.org/2016/10/collier-county-continues-installation-of-apollo-metro-solutions-smart-led-street-lights/
7 https://www.telenor.com/telenor-helps-cut-cost-of-lighting-oslos-streets/
Regional ITS Network Review | Recommendations Report
12
managed by Collier County, but by an outside vendor via an external internet connection. A Cisco ISR4321
router was found attached to the TMC core which supplies a secure tunnel for the Apollo Street Light System.
Lastly, it was also identified that the County does not utilize a central method for providing users access to
field equipment. Moreover, it was discovered Collier County still utilizes some default username and
passwords on their network devices. Using default equipment usernames and passwords is a network
security concern because an unauthorized user can gain access by a simple internet search.
3.1.3 City of Naples
3.1.3.1 Network Architecture Topology
The City’s architecture is configured as a ring topology in which there are two (2) Layer 3 routers connected
to field Layer 2 field switches, which are located at the City’s TMC. The field switch is connected in a daisy-
chained fashion and uses the Layer 3 routers as their gateway. Also, most of the ITS field rings terminate
on both sides of the ring on a single router. For Layer 3, the City uses Cisco ME3400G, which are now EOL
and ITS Express 8012-24+ for Layer 2 field switches. By not having a Layer 3 router which is currently
available for purchase, the City will not have access to manufacturer upgraded firmware features (i.e.,
security and software patches) and hardware support in the event of a failure. No replacement router will be
available for purchase.
Finally, it was discovered many of the network devices were not equipped with a redundant power source
at all locations.
Figure 3-3: City of Naples Existing Network and Communications Logical Diagram
Regional ITS Network Review | Recommendations Report
13
3.1.3.2 Layer 2 (Data Link) and VLANs
The City, like FDOT District One and Collier County, also uses VLANs for network segmentation. Similar to
Collier County, the City of Naples has chosen to utilize Rapid-PVST+ for their network. The City has elected
to transmit (or tag) only the required VLANs to be accessed at the Layer 2 location. Also, only a single VLAN
is used and no specific management VLAN has been established for switch and CCTV/Video transmission.
3.1.3.3 Layer 3 (Network) Routing Protocols
The City provided network documentation regarding the current condition of their ITS network. After a review
of the City of Naples’ network documentation, it was determined that the City uses static routes to transmit
their network traffic between specific networks. To route the roadside multicast video images throughout the
network, the City uses Protocol Independent Multicast Sparse-Dense Mode (PIM-SM-DM) as their multicast
routing protocol. This is a very common method used to route multicast streams throughout a network. In
addition to the use of multicast video transmission, the City has also elected to utilize the TMC location for
all of their routings to occur. To provide network redundancy between the core switches, the City has elected
to use the Virtual Router Redundancy Protocol (VRRP). The VRRP redundancy protocol eliminates the single
point of failure inherent in the static default routed environment. VRRP specifies an election protocol that
dynamically assigns responsibility for a virtual router (a VPN 3000 Series Concentrator cluster) to one of the
VPN Concentrators on a Local Area Network (LAN). The VRRP VPN Concentrator that controls the IP
address(es) associated with a virtual router is called the Master and forwards packets sent to those IP
addresses. When the Master becomes unavailable, a backup VPN Concentrator takes the place of the
Master.8
Another item which was discovered is that there is no network demarcation point established for the routed
connection from Collier County.
3.1.3.4 Network Security
Without an added level of network security, the City of Naples TMC can potentially have a loss of
communications to the field devices which can hinder the dissemination of traveler information to the
motorists. The City currently has an existing firewall installed at the TMC and is able to protect itself from
external internet threats. It was discovered the City of Naples Police Department has a direct connection to
the City of Naples network and no demarcation point was established for the routed connection from the
Police Department. Another identified network security item was the City of Naples still utilizes default
8 https://www.cisco.com/c/en/us/support/docs/security/vpn-3000-series-concentrators/7210-vrrp.html
Regional ITS Network Review | Recommendations Report
14
usernames and passwords. Using default equipment usernames and passwords is a network security
concern because an unauthorized user can gain access by a simple internet search.
Lastly, it was also identified that the City does not utilize a central method for providing users access to field
equipment.
Table 3-1: Discovered Areas of Concern
The table below identified areas of concern when performing an audit of the stakeholder networks in an
overall tabular format.
Section
ID Discovered Concerns Agency
3.1.1.4
No network security items are proposed for
Regional Partner external connections.
Cyber threats can be either
transmitted from or to the project
stakeholders.
FDOT District
One
3.1.2.1
The Layer 2 field rings are comprised of
multiple switch vendors such as Cisco 2955
and RuggedCom RS900G switches.
In some cases, various vendors
implement Layer 2 protocols
differently, which causes
compatibility issues between the
switches and cause network
disruptions.
Collier County
3.1.2.1
Numerous core networking equipment are
performing unnecessary switching and routing.
The core network in the TMC has two (2) Cisco
ME3400E switches, one (1) Cisco C3560
switch, one (1) Cisco C2950 switch, one (1) HP
2530-24G switch, one (1) RuggedCom
RS900G switch and one (1) Cisco ASA 5506
firewall.
Due to the amount of TMC
equipment that can switch or route,
additional network latency can be
caused including communication
failure due to equipment
malfunction.
Collier County
3.1.2.1
Each MHUB was found to be a non-redundant
Layer 2 connection from the TMC core network
with all routing taking place at the TMC.
If a MHUB were to fail, it would
potentially hinder ITS
communications to all downstream
MHUBs causing an unwanted
network outage.
Collier County
Regional ITS Network Review | Recommendations Report
15
Section
ID Discovered Concerns Agency
3.1.2.1
MHUB3 was found to have two (2) Cisco
ME3400E switches which supplies local HUB
switch rings and two (2) non-redundant
connections to additional hubs. One link to
MHUB4 and one link to MHUB5.
By having two (2) switches and
non-redundant connection at the
core routers, this equipment
configuration can cause a single
point of failure and potential
network failure, due to all routing
occurs at the TMC location.
Collier County
3.1.2.1 The ITS network includes Cisco ME3400E
switches at the core and MHUB levels which
are EOL
Due to the switches being the end
of life, if either experienced a
hardware failure, the County will
not receive support or a
replacement switch
Collier County
3.1.2.1 No network redundancy was identified between
MHUB 5 and the TMC.
If a fiber optic cable cut would
occur, no redundant optical path is
available to reroute within the
network
Collier County
3.1.2.1 No current method of video routing was
identified in the County core configurations.
Collier County would not be able to
send or receive any partner video
streams.
Collier County
3.1.2.4 No current user authorization or authentication
is deployed.
No centralized method to provide
user credentials and access to the
device.
Collier County
3.1.2.4
A router was found attached to the TMC core
which supplies a secure tunnel for Apollo Street
Light System.
The Apollo router is managed and
accessed by the vendor. An
external internet connection is
managed by a third party and
Collier County does not have
access to Apollo router causing a
network security concern.
Collier County
3.1.2.4 Collier County also utilizes default user
accounts for a number of ITS devices.
Using default equipment
usernames and passwords is a
network security concern because
an unauthorized user can gain
access by a simple internet search
Collier County
Regional ITS Network Review | Recommendations Report
16
Section
ID Discovered Concerns Agency
3.1.3.1
ITS network is comprised of two (2) core Layer
3 Cisco ME3400G switches located at City of
Naples’ TMC.
By having two (2) switches and
non-redundant connection at the
core routers, this equipment
configuration can cause a single
point of failure and potential
network failure, due to all routing
occurs at the TMC location.
City of Naples
3.1.3.1
Most of the ITS field rings terminate both sides
of the ring on one of the ME3400Gs.
Since each ITS terminates on a
single ME3400G, if one router
would fail, Ethernet
communications would be halted.
City of Naples
3.1.3.1 Network Equipment Concern – Current Cisco
ME3400Gs are EOL.
Due to the switches being at the
end of life, if either experienced a
hardware failure, the City of Naples
will not receive support or a
replacement switch.
City of Naples
3.1.3.1 Network devices do not have a redundant
power source at all locations.
Loss of power will result in a loss of
ITS network device communication. City of Naples
3.1.3.3 No network demarcation point was established
for the routed connection from Collier County.
By having a network demarcation
point, it will allow the City of Naples
to mitigate or disconnect from
Collier County if a broadcast storm
was detected.
City of Naples
3.1.3.4 No network demarcation point was established
for the routed connection from the City of
Naples Police Department.
By having a network demarcation
point, it will allow the City of Naples
to mitigate or disconnect from the
police department if a broadcast
storm was detected.
City of Naples
3.1.3.4 City of Naples also utilizes default user
accounts for a number of ITS devices.
Using default equipment
usernames and passwords is a
network security concern because
an unauthorized user can gain
access by a simple internet search
City of Naples
Regional ITS Network Review | Recommendations Report
17
Section
ID Discovered Concerns Agency
3.1.3.4 No current user authorization or authentication
is deployed.
No centralized method to provide
user credentials and access to the
device. City of Naples
Regional ITS Network Review | Recommendations Report
18
3.2 Proposed Network Improvements
To support the Federal Highway Administration (FHWA) Open Bid Policy, all recommendations were
developed from a vendor agnostic perspective. Only brand names were identified to obtain a Manufacturer
Suggested Retail Price (MSRP) for budgetary purposes.
3.2.1 Florida Department of Transportation District One
3.2.1.1 Network Architecture Topology
FDOT District One recently completed an upgrade of their network equipment at the core and MHUB
locations. The only topology change for FDOT District One will include adding a connection to both the County
and the City at the MHUB near the Alligator Alley Toll Plaza and the FDOT District One SWIFT SunGuide®
Center. A single one (1) gigabit (Gb) connection at this location will be installed to allow for video and data
sharing with the County and City.
3.2.1.2 Layer 2 (Data Link) and VLANs
No Layer 2 (Data Link) or VLAN improvements were identified.
3.2.1.3 Layer 3 (Network) Routing Protocols
No Layer 3 (Data Link) or routing protocol improvements were identified.
3.2.1.4 Network Security
FDOT District One currently utilizes an existing firewall and stated they would be migrating this existing
firewall from the SWIFT SunGuide® Center to the FDOT District One Headquarters building located in
Bartow, Florida. The primary function of the migrated firewall would allow the ITS network to deploy
secondary internet access to the ITS and traffic signal network. The migration would also allow the network
team to purchase a systemwide firewall to secure the existing stakeholder connections, which are currently
being secured by the use of Access Control Lists (ACLs) which deny all traffic unless a predefined rule or
policy exists. It is suggested to install another firewall appliance in-line with the proposed stakeholder
connection at the Alligator Alley Toll Plaza MHUB. The current firewall deployed at the SWIFT SunGuide®
Center does not support source specific multicast. Source Specific Multicast (SSM) is a datagram delivery
model that best supports one-to-many applications, also known as broadcast applications. SSM is a core
networking technology for the Cisco implementation of IP multicast solutions targeted for audio and video
Regional ITS Network Review | Recommendations Report
19
broadcast application environments.9 This will allow FDOT District One’s network security staff to protect the
FDOT District One network from unwanted cyber security issues. In addition, this firewall will also provide
network logical separation from the stakeholders’ existing network by effectively isolating all networks from
external threats. All network security equipment will be purchased, installed, and configured by FDOT District
One’s internal network engineering staff.
There is an importance for all of the network equipment be updated to the latest stable firmware which will
allow for all identified security vulnerabilities to be patched and no longer accessible.
3.2.2 Collier County
3.2.2.1 Network Architecture Topology
After a review of the County’s network documentation of the fiber optic infrastructure, network logical
diagrams and the network equipment configuration files, a few items were identified that can improve the
efficiency of the existing network and allow for easier daily maintenance for the County’s network
administrator. These recommendations will also facilitate the proposed data and video connection to FDOT
District One.
As part of the LAP agreement, it is recommended to replace each of the Cisco ME3400E switches with
updated switches. This will enable the County to receive hardware and software support from the vendor.
Also, the County requires a Layer 2 switch that can continue passing fiber optic traffic when the switch is
powered off. To meet this requirement, it is recommended to purchase and install Layer 2 switches capable
of optical bypass which will enable self-healing rings. There was also an outlining requirement to identify
equipment manufacturer warranties and support contracts to keep up with current firmware patches and
receive support in the event of an equipment failure. Finally, as requested by FDOT Central Office, there is
a need to change IP addresses to integrate with the existing FDOT Statewide ITS WAN network. Additional
funds were identified for the warranties and IP Address changes in Table 7-1, which is the Engineers Cost
Estimate.
To reduce the amount of network equipment to manage and maintain, the recommendation is to consolidate
the existing connections, which are currently connected to the TOR and applicable field rings on a proposed
aggregation switch to increase the existing port capacity and decrease switch processor overhead.
9 https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/imc-pim-xe-3e/imc-ss-mc.pdf
Regional ITS Network Review | Recommendations Report
20
Another recommendation would be to utilize the core routers, which are capable of deploying MSDP for
multicast sharing. MSDP will be required to establish a multicast peering with the City and FDOT District
One.
In respect to the Layer 3 routing, it is recommended to establish redundant point-to-point connections
between each MHUB back to the TMC and Emergency Service Center (ESC) using a dynamic routing
protocol such as EIGRP or Open Shortest Path First (OSPF). This will also greatly reduce administration
overhead as it pertains to managing the network and reduce the potential of network outages due to
broadcast storms. If a network misconfiguration occurs in the field, creating a broadcast storm, the core
router’s performance will be negatively impacted and shift all routing to the MHUB locations to mitigate the
current single point of failure at the TMC for all routing. The proposed routers are capable of routing the field
networks from the MHUB locations to the TMC. The proposed routers will have a greater port density than
the existing Cisco ME3400Es, which allows for reducing the number of chassis needed as well as reducing
the annual warranty and support costs. By adding redundant MHUB point-to-point links, it increases system
resiliency to fiber cuts and equipment failure at the MHUB locations. A supplemental benefit of the proposed
deployment is the familiarity of the Command Line Interface (CLI) by the network staff and the ability for each
stakeholder to assist the other if additional assistance is needed. Lastly, it is suggested to replace the Cisco
ME3400Es as the last day of software maintenance releases will be October 3, 2019 and the End of Sale for
these units was October 3, 2018. In addition, the Cisco 2955 are also recommended for replacement because
the last date of all support services was on July 31, 2018.
An alternative proposal is to consolidate network connections at the MHUB locations. By consolidating the
connections, it would allow for future expansion using existing equipment if needed. The recommendation is
to consolidate connections at MHUB3 onto one (1) router, freeing up a pair of fiber to have a direct connection
from the TMC to MHUB5. It was also observed to build in additional optical redundancy into the network by
utilizing additional optical fiber along CR951 from MHUB5 to the ESC to provide a redundant routed path
from MHUB5 to the TMC by way of the ESC. A redundant optical connection would allow for the primary
connection to be lost and no impacts would be seen by the end users.
Another recommendation for the County is to establish a proposed connection to the remaining stakeholders
by implementing MSDP peering between FDOT District One, the City of Naples and Collier County for
multicast video sharing. This will ensure proper segmentation while providing full video service to and from
each agency.
The final recommendation is to upgrade the connection between the TMC and the EOC to ten (10) gigabit.
The increased bandwidth will allow the data replication of the Storage Area Network (SAN) between these
sites to be more efficient and will allow the replication of data between the primary and back-up locations to
take less time to complete.
Regional ITS Network Review | Recommendations Report
21
Figure 3-4 : Collier County Proposed Network and Communications Logical Diagram
3.2.2.2 Layer 2 (Data Link) and VLANs
The recommendation is to install and configure the same type of Layer 2 field switches to be deployed in the
field cabinets. By deploying the higher port density switch at each cabinet location, it will reduce the
deployment times and the need to purchase additional Layer 2 switches for stand-by replacements. An
update of the existing VLAN structure is also proposed. Each switch and VLAN equipment configuration will
be consistent across the entire network and will only transmit the required VLAN network traffic which is
required at each ITS device location. It is also recommended that the City installs UPSs at the TMC and at
each MHUB location to ensure all networking equipment remains active during a power outage and can guard
against power surges and brown outs. This also provides “clean” power to the ITS network equipment if the
traffic signal was to be powered by an emergency generator.
3.2.2.3 Layer 3 (Network) Routing Protocols
The first Layer 3 recommendation would be for the County to create a point-to-point network connection to
FDOT District One and one to the City. Once the connection is established, it is recommended to implement
MSDP peering between FDOT District One and the City for multicast video sharing which will ensure proper
network segmentation while providing full video streaming between each agency. The second
recommendation would be to create a point-to-point routed connection between each MHUB router and the
proposed core to facilitate the dynamic routing between each router. Also, by moving their routed gateways
Regional ITS Network Review | Recommendations Report
22
to their respective MHUB locations, it will reduce the amount of network latency and also the core router
processor overhead.
3.2.2.4 Network Security
It is suggested to configure the proposed firewall appliance and install this device in-line with the new
stakeholder connections. The installation of the proposed firewall will allow the County network security staff
to protect the County network from unwanted cyber-attacks and other external threats from partner agencies
and also allow external access to their network securely if direct network access is not available. The external
access is not a traditional VPN connection but a secured internet connection also known as a secure tunnel.
To ensure external information is routed correctly the configuration of ACLs is recommended at the router
locations to designate which networks are allowed to access the remote agency network or be routed to the
firewall for existing verification. This proposed firewall will also provide network logical separation from the
stakeholders’ existing network by effectively isolating all networks from external threats. Finally, the County
should assume management of the Apollo machine to ensure all proper network security policies are
implemented and validated.
In addition to the installation of a new firewall, it is also recommended that the County installs a Remote
Authentication Dial-In User Service (RADIUS) server. RADIUS is a client/server protocol and software that
enables remote access servers to communicate with a central server to authenticate dial-in users and
authorize their access to the requested system or service. Ultimately, the server provides better security,
allowing an institution to set up a policy that can be applied from a single administered network point which
is easier to track usage for billing and for keeping network statistics.10
11
It is recommended that the County change the default user credentials on ITS and ATMS devices and
implements a solution to provide a centralized method to provide user credentials and access to the device.
One option is to use a RADIUS server which incorporates an authentic user group and access level to each
10 https://searchsecurity.techtarget.com/definition/RADIUS
11 https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/12433-32.html
Regional ITS Network Review | Recommendations Report
23
field device and to limit individuals who are trying to access the network without the appropriate credentials.
For instance, if a new traffic signal project would require network access, Collier County could create a unique
username and password for each technician. Once the project is completed, Collier County could then delete
the temporary users from a single location instead of having to reconfigure each network device to remove
the users. Not all devices are capable of communicating with a RADIUS server and in that case, another
method such as manual configurations or development of a script may be used. These security
recommendations include performing an extensive audit of devices and users which have access, or
potentially can access, the network remotely via the VPN connection.
3.2.3 City of Naples
3.2.3.1 Network Architecture Topology
As it relates to the network architecture, it is recommended that the City replaces the existing EOL Cisco
Catalyst 3400s and installs two (2) new up-to-date switches in a stacked configuration. Stacking the proposed
switches will allow for management of both switches as one logical switch while providing physical
redundancy for the ITS rings. Additionally, by upgrading the core switches at the TMC to newer models, the
City of Naples will have vendor hardware support and warranty which is needed to mitigate any firmware or
network connectivity issues. A key benefit of implementing a stack core configuration is that the existing ITS
device rings will diversely connect to the stack which will provide physical redundancy and help prevent a
potential loss of communications to the field devices if one of the field switches fail.
Figure 3-5: City of Naples Proposed Network and Communications Logical Diagram
3.2.3.2 Layer 2 (Data Link) and VLANs
The City currently uses ITS Express 8040 with optical bypass monitoring; however, the switches are no
longer under warranty. It is recommended to upgrade the existing switch to the latest model to ensure
Regional ITS Network Review | Recommendations Report
24
warranty and support for future issues. It is also recommended that the City installs UPS’s at the TMC location
to ensure all networking equipment remains active during a power outage and can guard against power
surges and brown outs. This also provides “clean” power to the ITS network equipment if the traffic signal
was to be powered by an emergency generator.
For the VLAN structure, the recommendation is to segment the multicast video from the legacy signal
equipment. By segmenting the video, this will allow for legacy traffic signal devices to be unaffected by the
multicast data which could possibly cause the legacy device to continuously reboot.
3.2.3.3 Layer 3 (Network) Routing Protocols
From a Layer 3 perspective, it is recommended that the City establish a point-to-point network connection to
the remaining stakeholders. As with FDOT District One and the County, the City would need to implement
MSDP peering between FDOT District One and Collier County for multicast video sharing. This ensures
proper segmentation while providing full video service to and from each agency. As VRRP was considered,
it is recommended to configure both proposed switches in a stacked chassis.
As indicated above, the City should implement MSDP peering between the City of Naples, Collier County,
and FDOT District One for multicast video and data sharing. MSDP allows each multicast domain to advertise
ITS multicast sources within the group to the local RP. All RPs will reside on separate network domains and
will facilitate the discovery and sharing of all the different stakeholder video streams or camera feeds and will
be routed to the requested network user. The use of MSDP protocol will be required to share roadside
(multicast) videos between all the stakeholders. The deployment of MSDP peering creates best practice PIM-
SM boundaries between the City of Naples and Collier County. Finally, upgrading the core switches to Cisco
C3850s is necessary to enable MSDP capabilities, as the existing Cisco ME3400Gs do not support the
required MSDP.
3.2.3.4 Network Security
The City does not currently have a firewall in place to protect against external threats. It is recommended that
the City purchase a firewall for this purpose. The firewall will also serve as a security gateway to external
networks and will allow the City to implement additional network security measures. This proposed firewall
will also provide a secure demarcation point for the City of Naples Police Department which is currently
directly connected to the City of Naples traffic network and video control server.
It is also suggested that the City utilize a central method for providing users access to field equipment. The
recommended method would be the use of a RADIUS server. For devices that are not capable of
communicating to a RADIUS server, it is recommended to manually update user admin credentials
periodically or use a script to perform this action.
Regional ITS Network Review | Recommendations Report
25
It was discovered that the signal controllers, MMUs, UPS, workstations, and servers were only being
managed by a single administrator account. In contrast, the VDG Sense video software was the only system
which had unique usernames and passwords with different levels of access depending on their current
position. The final recommendation would be to remove default credentials from ITS field devices and assign
a unique username and password to each employee who has access to the network. Having a single
administrator password will not allow the ability to track or hold staff accountable for network configuration
changes.
3.2.4 Proposed Network Improvements
Below is a synopsis of the proposed network improvements in a tabular format.
Table 3-2: Proposed Network Improvement Items
Recommendation
Identifier Recommendations Benefits Agency
3.2.1.4
Suggest purchasing a new firewall
appliance and installing this device in-
line with the proposed stakeholder
connection at the Alligator Alley Toll
Plaza MHUB.
Protect the Department from
unwanted stakeholder cyber threats
and to provide a routed demarcation
point.
FDOT District
One
3.2.2.1 Suggest replacing the Cisco
ME3400Es. Last day of software
maintenance releases will be October
3, 2019. End of Sale for ME3400s was
October 3, 2018.
Due to the switches being at the end
of life, if the switches experienced a
hardware failure, the County would
not receive support or a
replacement switch.
Collier
County
3.2.2.1
Recommend replacing RuggedCom
RS900G with a switch with a higher
port capacity and with the optical
bypass feature. Also, suggest replacing
the Layer 2 Cisco 2955s. Last date of
all support services for the C2955 was
on July 31, 2018.
Allows the Layer 2 switch to pass
optical traffic if the switch were to
lose power or fail. Additionally, due
to the switches being at the end of
life, if either unit experienced a
hardware failure, the County would
not receive support or a
replacement switch.
Collier
County
Regional ITS Network Review | Recommendations Report
26
Recommendation
Identifier Recommendations Benefits Agency
3.2.2.1
Proposed routers are fully Layer 3
capable to move to route off the field
networks out to MHUB locations from
TMC.
If a network misconfiguration occurs
in the field, creating a broadcast
storm, the core router’s performance
will be negatively impacted, moving
all routing to the MHUB locations to
mitigate the current single point of
failure at the TMC for all routing.
Collier
County
3.2.2.1
Utilize fiber along CR951 from MHUB5
to the ESC to provide a redundant
routed path from MHUB5 to the TMC
by way of the ESC.
A redundant optical connection
would allow for the primary
connection to be lost and no
impacts would be seen by the end
users.
Collier
County
3.2.2.1
Deploy the County owned Cisco 6509-
E to enable MSDP capabilities as the
existing Cisco ME3400Es do not
support MSDP.
Collier County would be unable to
send or receive any partner video
streams.
Collier
County
3.2.2.1 Adding redundant MHUB point-to-point
links.
Will increase system resiliency to
fiber cuts and equipment failures at
the MHUB locations.
Collier
County
3.2.2.1 Consolidation of fiber connections. By consolidating the connections, it
would allow for future expansion
using existing equipment if needed.
Collier
County
3.2.2.2 Install Uninterrupted Power Supplies at
all MHUB Locations and TMC.
Will keep equipment operational
during power outage and clean
power when cabinet is connected to
an external generator.
Collier
County
3.2.2.4
Install a RADIUS server for user
authentication.
Have the ability to manage all
ITS/TOR/Active Directory from a
single location and interface.
Collier
County
3.2.2.4 Eliminate default user credentials and
assigning each user a unique
username and password.
This will prevent any user from
retrieving the default credentials
from the internet and using these
identified credentials to access the
ITS network.
Collier
County
Regional ITS Network Review | Recommendations Report
27
Recommendation
Identifier Recommendations Benefits Agency
3.2.2.4 Obtain network management and
control of the Apollo router.
Reconfigure with proper network
security protocols.
Will allow Collier County to mitigate
external internet threats which could
be introduced by the third party
vendor.
Collier
County
3.2.3.1
Upgrade the EOL Cisco ME3400G
switches to an updated model with
upgraded features and manufacturer
support.
Due to the switches being at the end
of life, if either device experienced a
hardware failure, the City of Naples
would not receive support or a
replacement switch.
City of
Naples
3.2.3.1
Utilize two (2) new Cisco C3850s in a
stack to manage as one (1) logical
switch while providing physical
redundancy for the field ITS rings.
Provides network resiliency in the
form of redundant routing engines
and network expansion flexibility
with minimal impact to a
configuration
City of
Naples
3.2.3.1
Ensure all field rings are diverse across
Cisco C3850s switches.
This will ensure if one of the stacked
chassis switches fails it will fail over
to a single router no physical
intervention is required.
City of
Naples
3.2.3.2
Install Uninterrupted Power Supply at
TMC location.
To provide auxiliary power during
power outages and brownouts to
ensure service continuity.
City of
Naples
3.2.3.2
Purchase new Layer 2 Field Ethernet
Switches with optical by-pass feature.
Will allow for the optical signal to be
transmitted if power to switch would
be lost allowing for downstream
ethernet communications to remain
online.
City of
Naples
3.2.3.4
Purchase and install a firewall to use
as a demarcation point for routed
connection from other agencies
To protect City of Naples from
unwanted stakeholder cyber threats
and to provide a routed demarcation
point.
City of
Naples
3.2.3.4
Purchase and install a firewall to use
as a demarcation point for routed
connection from the City of Naples
Police Department.
To protect City of Naples from
unwanted stakeholder cyber threats
and to provide a routed demarcation
point.
City of
Naples
Regional ITS Network Review | Recommendations Report
28
Recommendation
Identifier Recommendations Benefits Agency
3.2.3.4
Install a RADIUS server for user
authentication.
Have the ability to manage all
ITS/TOR/Active Directory from a
single location and interface.
City of
Naples
3.2.3.4 Eliminate default user credentials and
assigning each user a unique
username and password.
This will prevent any user from
retrieving the default credentials
from the internet and using these
identified credentials to access the
ITS network.
City of
Naples
Regional ITS Network Review | Recommendations Report
29
4. Proposed Regional Network Strategies
4.1 Proposed Network Architecture Design
In the network topology below, FDOT District One will establish a routed connection to Collier County’s
Master Hub Five from which Collier County will utilize a Layer 2 Tunnel to carry the routed connections back
to the firewall at the Collier County TMC. Once routed communications are established, the MSDP protocol
will be used to facilitate video sharing.
The City of Naples will also establish a routed connection to Collier County who will then share their unicast
and multicast data with FDOT District One and Collier County by the previously mentioned routing protocols.
Figure 4-1 : Proposed Regional Network Architecture Diagram
Regional ITS Network Review | Recommendations Report
30
4.1.1 Proposed Internet Protocol (IP) Schematic
FDOT District One received IP address allocations for the ITS network from FDOT Central Office for the
district and ITS local transportation agencies. It was the responsibility of each FDOT district to allocate IP
addresses to each local agency. As part of this network review, Metric Engineering was requested to review
the existing IP schematic for both the County and City and recommend a new IP schematic based on the IP
allocations provided by FDOT District One. Metric Engineering consulted with each FDOT District One
stakeholder to identify each of the needs as it relates to IP networks and hosts per network to determine an
appropriate IP schematic.
4.1.1.1 Florida Department of Transportation District One
FDOT District One’s network has previously been configured to use the updated IP schematic allocated by
FDOT Central Office. No changes to the existing FDOT District One IP Address Scheme is proposed at this
time.
4.1.1.2 Collier County
The County’s existing IP Scheme and list of existing traffic signal devices was provided and reviewed. It was
noticed that there is an immediate need for Collier County to reassign IP addresses to all of their existing
field equipment to meet their future network equipment requirements. After meeting with the network
engineering staff at the County, additional IP addressable devices were identified which requires network
connectivity back to the TMC such as Connected Vehicle (CV) devices, Wireless Street Lighting (Apollo),
Sensys vehicle counters and power distribution units. The additional equipment need was used to determine
an IP schematic that would accommodate the largest potential network expansion with the least amount of
wasted IP addresses.
The current recommendation is to update the existing ITS network IP address list and assign specific ITS
network equipment into segmented VLANs. This change will facilitate the segmentation of multicast traffic,
so the data stream will not cause connectivity issues in legacy traffic signal and detection equipment and to
include the ability for future expansion. Additionally, having the traffic signal controller in the same network
as the proposed CV connections allows for a reduction in network latency, further increasing network
reliability, which is required for these devices.
The proposed IP addressing scheme was developed for the number of required addresses identified for the
proposed CCTV cameras. Collier County had informed Metric Engineering that there was a need to assign
a total of four (4) CCTV cameras per signalized intersection. This proposed assignment would allow for two
(2) CCTV cameras be placed at the intersection and one (1) mid-block camera to be placed at both the
ingress and egress of the intersection. Additional discussions and comments will need to be addressed with
FDOT District One, FDOT Central Office and Collier County collectively due to the fact that the amount of
Regional ITS Network Review | Recommendations Report
31
multicast addresses required would exceed the amount of addresses assigned to Collier County. To ensure
Collier County remained in the assigned block of multicast addresses, Metric Engineering had to reduce the
number of cameras at each intersection. Illustrated in the sample IP Address List located in Appendix B of
this document. Metric Engineering was only able to assign each intersection a single intersection camera
and a single midblock camera.
4.1.1.3 City of Naples
Overall, the same recommendations apply to the City of Naples, as they will be connecting to the Collier
County Network; less the requirements of additional multicast addresses. The current proposal is to update
the existing ITS network IP address list and assign specific ITS network equipment into segmented VLANs.
This change will facilitate the segmentation of multicast traffic, so the data stream will not cause connectivity
issues in legacy traffic signal and detection equipment and to include the ability for future expansion.
Additionally, having the traffic signal controller in the same network as the proposed CV connections allows
for a reduction in network latency, further increasing network reliability, which is required for these devices.
4.1.2 Data and Multicast Sharing Between Agencies
Sharing agency signal data and multicast video between each of the stakeholders has great benefit for each
agency. A benefit to sharing data between agencies is that each governing agency will be able to participate
in joint incident management, signal performance measures and/or coordination of traffic signals to increase
the roadway capacities. The stakeholders can then have immediate access to their partner agencies to obtain
real time traffic data. Finally, each stakeholder can access the signal data both inside and outside their
jurisdiction to obtain the signal/video images to assist with incident management with each respective TMC.
To share multicast video between the required agencies, Metric Engineering proposes that each agency
establish a dynamically routed point-to-point connection to one another to deploy MSDP peering to
interconnect the three (3) Protocol Independent Multicast (PIM) domains. This method allows the network
equipment to reroute multicast data during an outage and also dynamically learn new multicast devices to
share with other agencies without external intervention.
4.1.2.1 Florida Department of Transportation District One
FDOT District One currently shares their multicast streams with other local agencies (i.e. Manatee County,
Sarasota County) using the MSDP peering protocol with the Rendezvous Point (RP) router located at the
FDOT District One SWIFT TMC. The only recommendation for FDOT District One regarding data sharing
between the stakeholders is to coordinate with the other stakeholders to ensure the proper security protocols
are implemented and the multicast RP router is properly configured. This must be done prior to
interconnecting each agency to reduce the likelihood of a possible network conflict.
Regional ITS Network Review | Recommendations Report
32
4.1.2.2 Collier County
Since Collier County is not currently utilizing multicast video transmission on their network, additional items
will be needed to be implemented in order to deploy the proposed MSDP. To begin the MSDP deployment,
Collier County would need to enable multicast transmission on each of their roadside CCTV video cameras.
The County would also need to enable Internet Group Management Protocol (IGMP) Snooping on each Layer
2 switch within the network. IGMP Snooping will allow the routers to maintain the multiple multicast
connections between the source (camera) and the router. Next, the County will need to configure their routers
for MSDP and PIM-SM. Additionally, the implementation of a static route will be required on each border
router within Collier County. Finally, the County would need to configure an RP on the ITS core router to
ensure all video is managed, collected, and then routed properly.
4.1.2.3 City of Naples
The City of Naples utilizes multicast but their network routers are not currently capable of MSDP peering.
The implementation of MSDP peering would be more focused at the core router locations and requires the
City to replace their core routers with routers that are MSDP capable. Once replaced, the City would need to
configure PIM-SM and static routing on their core router.
Regional ITS Network Review | Recommendations Report
33
5. Standardization of ITS Communications Equipment
5.1 Agency Network Requirements
In an effort to standardize the method of communication between the stakeholders in the FDOT District One
region, it is recommended that each agency implements the use of standard protocols to ensure the network
compatibility. Some of the protocols include, but are not limited to:
• Virtual Local Area Networks (VLAN) (IEEE 802.1Q)
• Rapid Spanning Tree Protocol (RSTP)
• Multiple Spanning Tree Protocol (MSTP)
• Per VLAN Spanning Tree (PVST+)
• Internet Group Management Protocol (IGMP) Snooping
• Dynamic Routing Protocol [i.e. Open Shortest Path First (OSPF)]
• Protocol Independent Multicast Sparse-Mode (PIM-SM)
• Multicast Source Discover Protocol (MSDP)
5.2 Field Network Devices Standardization
The standardization of network equipment would be preferred however, the agencies are typically acquiring
network equipment via low bid design build projects which provides the most cost-effective equipment listed
on the FDOT Approved Products List (APL). Due to this limitation, Metric Engineering recommends vendor
agnostic device standardization between all agencies. By implementing these standardizations, the
governing agency has the ability to quickly troubleshoot attached devices and identify the attached equipment
without performing additional functions such as looking up MAC addresses to identify the specific type of
device. Metric Engineering suggests the implementation of a standard port assignment for each switch. The
optical ports should be standardized as well at each location. By assigning a consistent direction to each
specific port, it will allow the administrator to quickly identify downed links and ease in troubleshooting optical
issues.
The proposed standard port configuration is as follows:
1. Ethernet Port One – Signal Controller
2. Ethernet Port Two – CCTV Camera
3. Ethernet Port Three – MMU
4. Ethernet Port Four – UPS
5. Ethernet Port Five – PDU
6. Ethernet Port Six – Traffic Signal Video Detection
7. Ethernet Port Seven – Port Server (MVDS)
8. Ethernet Port Eight – Bluetooth Travel Time Reader
Regional ITS Network Review | Recommendations Report
34
9. Ethernet Port Nine – Technician Access Port
10. Ethernet Port Ten – Future Use
11. Optical Port One – North or West Direction
12. Optical Port Two – South or East Direction
13. Optical Port Three – Future Use
14. Optical Port Four – Future Use
5.3 Physical Redundancy - Master Hub and TMC
5.3.1 FDOT District One RTMC – SWIFT SunGuide® Center
FDOT District One has provided specific locations where Collier County and the City of Naples can connect
directly to provide redundant network communications. The first location is the FDOT District One SWIFT
SunGuide® Center. This Regional Traffic Management Center (RTMC) is located near I-75 at MM 170.3 NB.
The secondary redundant connection is the I-75 communications hub located at MM 92.5 NB, which is west
of the Edward J Beck (Alligator Alley) Toll Plaza.
5.3.2 Collier County ESC and TMC
Collier County currently has redundant communications between their core and aggregation routers except
for four (4) locations. Metric Engineering recommends adding another diverse connection between:
1. TMC core to MHUB5 = approximately 8.5 miles (13.6794 km)
2. MHUB5 to the Collier County ESC = approximately 6.5 miles (10.4607 km)
3. Collier County ESC to MHUB2 = approximately 5.8 miles (9.3342 km)
4. MHUB2 to MHUB4 = approximately 11.1 miles (17.86372 km)
The additional connections using diverse paths would provide more network redundancy to all sites including
the disaster recovery site. This will ensure all pertinent data are accessible in the event of a fiber cut, network
outage or infrastructure damage due to extreme weather.
5.3.3 City of Naples TMC
The current proposal is to implement a secondary redundant connection between the City’s TMC and the
Collier County TMC. A redundant network connection can be achieved by deploying a secondary diverse
fiber path between the City TMC and Collier County TMC. This proposed redundant path will ensure network
connectivity between the two Traffic Management Centers in the event of the primary network path being lost
due to a fiber optic cable cut.
Regional ITS Network Review | Recommendations Report
35
6. User Access and Authentication
The FDOT Central Office has developed a draft high level ITS Cybersecurity Guidelines document which
outlines proper user authentication and security resource guidelines for securing a Transportation Systems
Management and Operations (TSM&O) traffic network. Similarly, this section of the document outlines many
of the common industry standards that should be followed to prevent unauthorized users from accessing
network resources. Based upon the FDOT ITS Cybersecurity Guidelines, this document suggests the
implementation of specific network security strategies for user access and authentication described below.
6.1 FDOT District One
The first security item identified is pertaining to the physical access to network devices. All networking
equipment shall be installed in a secure area, with only approved personnel having access to the room where
the equipment is housed and is monitored by a trigged alarm system. This can be achieved by the deployment
of an electronic cabinet access control system with programmable smart keys to log access into the ITS
Cabinets. All network equipment should have the default administrator account and password changed
and/or removed upon installation. Each administrative or other network user should be provided with their
own unique administration network account.
It is recommended to enable Secure Shell (SSH) and disable Telnet on all network infrastructure as Telnet
sends a user's credentials over the network in clear text. SSH encrypts this data prior to leaving the user's
computer. Finally, the use of an external RADIUS authentication or other secure technology should be
implemented for additional access security and user management.
All unused ports on all network equipment should be disabled until needed and configured. Disabling unused
ports will prevent unauthorized users from making a physical connection to the device. Only one access port
should be used to allow for local access for network administration or a network technician to access the
network for testing purposes. Lastly, the network administrator should enable MAC address filtering on all
field network equipment to prevent unauthorized devices (i.e. Wireless Access Point) to access the switch or
router and be connected to the network.
The final element relating to network security is the utilization of strong passwords. By using passwords
which a minimum of are eight (8) hexadecimal characters in length with a special character and not one of
the last twenty-four (24) passwords used will ensure that passwords are more complex making it more
difficult for unauthorized personnel from guessing or using tools for guessing user passwords.
Regional ITS Network Review | Recommendations Report
36
6.2 Collier County
In addition to following the items indicated in the FDOT District One section, it is also suggested to implement
additional security features due to an external network VPN which is currently connected to the Collier County
traffic network. A recommendation would be to employ per-user or user-group based access policies for VPN
access to only the specific systems and devices required for job functionality. Finally, the implementation of
monthly verifications to ensure all users are applying strong passwords for all VPN user accounts.
6.3 City of Naples
It is also recommended to use both encryption and authentication on all deployments for additional network
security. Another suggested network security item is to deploy the use of Discretionary Access Control
(DAC). DAC allows the network administrators to manipulate access control settings which allows all end
users only have access to resources pertaining to their function and/or responsibilities.
6.4 Recommendations
Based upon our findings in each respective network it is suggested that the agencies use the following
network security strategies for user access and authentication:
Table 6-1: Recommended Strategies for User Access and Authentication
Strategy
Identifier Recommended Benefits
6.1 All network devices should be installed in a restricted
access area using an electronic cabinet access control
system with programmable smart keys accessible only
by authorized personnel.
All equipment is installed in a restricted
and limited access facility and will allow
the County to track who is acceding their
facilities.
6.1 Change the default username and password for all ITS
Devices. This will prevent any user from retrieving
the default credentials from the internet
and using these identified credentials to
access the ITS network.
6.1 Provide each administrative user with their own
administration account.
Each approved user will be assigned a
unique administrator account based upon
access privileges and will allow for user
accountability.
Regional ITS Network Review | Recommendations Report
37
Strategy
Identifier Recommended Benefits
6.1 Use strong passwords which are a minimum of eight (8)
hexadecimal characters in length with a special
character and not one of the last twenty-four (24)
passwords used.
This will ensure that passwords are more
complex making it more difficult for
unauthorized personnel from guessing
and using tools for guessing user
passwords.
6.1 Administration accounts shall employ strong password
standards and preferably rely on RADIUS, or similar
technology, for authentication and authorization minus
one administrative account if RADIUS become
unavailable.
All equipment access will be authenticated
via a RADIUS appliance and allow for
central control of user access.
6.1 Disable all unused network interfaces on Layer 2 and
Layer 3 equipment, except for designated “technician
access” ports.
All unused ports will be placed in an
administratively down state if unused and
keeps unauthorized users from accessing
the network equipment.
6.1 Institute port-based network access control IEEE 802.1x
MAC address and/or MAC filtering and security on Layer
2 and Layer 3 equipment to prevent unauthorized
access.
Configure MAC Filtering on all Switches
and Routers for enhanced security. This
also prevents rogue devices from being
connected and receiving network access.
6.2 Employ per-user or user-group based access policies for
VPN access to only the systems and devices required. Implementation of Group Policy to limit
unauthorized access.
6.3 Use of Discretionary Access Control (DAC) allows
administrators to manipulate access settings of objects
under their control
Implement DAC to ensure all end users
only have access to resources pertaining to
their function and/or responsibilities.
Regional ITS Network Review | Recommendations Report
38
7. Network Implementation Budgetary Estimate
Task Four of the Scope of Services for this TWO includes providing a budgetary estimate consisting of the
total sum to purchase, install, configure and integrate the proposed equipment. The budgetary estimate in
Table 7-1 includes this work as percentages of the total cost of equipment. This budgetary estimate is based
on information provided to Metric Engineering personnel from the stakeholders. Should any of the agencies
want this work to be performed, it is suggested that a more detailed review be performed prior to assigning
the work to a contractor or consultant, although with the contingency amount included, it is felt that this is a
good budgetary estimate (see Table 7-1: Engineers Cost Estimate). To support the FHWA Open Bid Policy,
all recommendations were developed from a vendor agnostic perspective. Only brand names were identified
to obtain a MSRP for budgetary purposes.
Metric Engineering met with both Collier County and City of Naples personnel to identify their current and
future network designs and requirements. After careful discussions with the stakeholders, Cisco Systems
and ITS Express or similar equipment were proposed by the stakeholders, as upgrade equipment. For
budgetary purposes, Cisco was used due to being a preferred router vendor of Collier County along with ITS
Express being the preferred Layer 2 switch vendor for the City of Naples. To develop a budgetary estimate
for furnishing, installing and configuring the recommended network equipment based on this document these
vendors are used for the legacy equipment replacement for both stakeholders. The benefit of deploying the
existing vendor equipment is the familiarity of the CLI and the ability for each stakeholder to assist the other,
if additional assistance is needed. One of the requirements that the City of Naples requested, is that the
proposed Layer 2 switch be equipped with an internal optical by-pass feature. The optical by-pass failsafe
feature will allow the optical signal to be transmitted even if the in-line network switch were to lose power.
The ITS Express 8012-24+ will be soon replaced with ITS Express 8012-24+ V3 switch. Both models will be
equipped with the optical by-pass feature and the costs for each model will be the same if either model is
purchased. The ITS Express 8012-24+ will be recommended for all edge switching locations at all cabinet
locations within Collier County and the City of Naples.
Regional ITS Network Review | Recommendations Report
39
Table 7-1 : Engineers Cost Estimate
Regional ITS Network Review | Recommendations Report
A-1
Appendix A - Regional Partner Network Topologies
Regional ITS Network Review | Recommendations Report
A-2
Regional ITS Network Review | Recommendations Report
A-3
Regional ITS Network Review | Recommendations Report
A-4
Regional ITS Network Review | Recommendations Report
A-5
Regional ITS Network Review | Recommendations Report
A-6
Regional ITS Network Review | Recommendations Report
B-1
Appendix B - Regional Partner IP Address Schema
The Regional IP Address Schema will be submitted separately due to the sensitive information and network
security concern.
Regional ITS Network Review | Recommendations Report
C-1
Appendix C - Summary of Recommendations
The matrix below provides a mapping of the areas of improvements discovered and ITS recommended strategy. Note that there may be more than one strategy defined for a single item and there can also be a strategy that may apply across multiple scope
items discovered.
Table C-1 : Summary of Recommendations
Section
ID Discovered Concerns Recommendation
Identifier Recommendations
Benefit Agency
3.1.1.4
No Firewall was proposed for Regional Partner
external connections.
Cyber threats can be either transmitted form
or to the project stakeholders.
3.2.1.4
Suggest purchasing a new firewall
appliance and installing this device in-
line with the proposed stakeholder
connection at the Alligator Alley Toll
Plaza MHUB.
Protect the Department from unwanted stakeholder
cyber threats and to provide a routed demarcation
point.
FDOT
District
One
3.1.2.1
The Layer 2 field rings are comprised of multiple
switch vendors such as Cisco 2955 and
RuggedCom RS900G switches.
In some cases, various vendors implement
Layer 2 protocols differently, which causes
compatibility issues between the switches and
cause network disruptions.
3.2.2.1
Recommend replacing RuggedCom
RS900G with updated port capacity, for
the optical bypass feature. Also,
suggest replacing the Layer 2 Cisco
2955s. Last date of all support services
for the C2955 was on July 31, 2018.
Allows the Layer 2 switch to pass optical traffic if the
switch were to lose power or fail. Additionally, due to
the switches being the end of life, if either unit
experienced a hardware failure, the County would not
received support or a replacement switch.
Collier
County
3.1.2.1
Numerous core networking equipment are
performing unnecessary switching and routing. The
core network in the TMC has two (2) Cisco
ME3400E switches, one (1) Cisco C3560 switch,
one (1) Cisco C2950 switch, one (1) HP 2530-24G
switch, one (1) RuggedCom RS900G switch and
one (1) Cisco ASA 5506 firewall.
Due to the amount of TMC equipment that can
switch or route, additional network latency can
be caused including communication failure
due to equipment malfunction.
3.2.2.1
Proposed routers are fully Layer 3
capable to move to route off the field
networks out to MHUB locations from
TMC.
If a network misconfiguration occurs in the field,
creating a broadcast storm, the core router’s
performance will be negatively impacted, moving all
routing to the MHUB locations to mitigate the current
single point of failure at the TMC for all routing.
Collier
County
3.1.2.1
Each MHUB was found to be a non-redundant Layer
2 connection from the TMC core network with all
routing taking place at the TMC.
If a MHUB were to fail, it would potentially
hinder ITS communications to all downstream
MHUBs causing an unwanted network outage.
3.2.2.1 Adding redundant MHUB point-to-point
links.
Will increase system resiliency to fiber cuts and
equipment failures at the MHUB locations. Collier
County
3.1.2.1
MHUB3 was found to have two (2) Cisco ME3400E
switches which supplies local HUB switch rings and
two (2) non-redundant connections to additional
hubs. One link to MHUB4 and one link to MHUB5.
By having two (2) switches and non-redundant
connection at the core routers, this equipment
configuration can cause a single point of
failure and potential network failure, due to all
routing occurs at the TMC location.
3.2.2.1 Consolidation of fiber connections. By consolidating the connections, it would allow for
future expansion using existing equipment if needed. Collier
County
Regional ITS Network Review | Recommendations Report
C-2
Section
ID Discovered Concerns Recommendation
Identifier
Recommendations
Benefit Agency
3.1.2.1 The ITS network are comprised of Cisco ME3400E
switches at the core and MHUB levels which are
EOL.
Due to the switches being the end of life, if
either experienced a hardware failure, the
County will not receive support or a
replacement switch
3.2.2.1
Suggest replacing the Cisco
ME3400Es. Last day of software
maintenance releases will be October
3, 2019. End of Sale for ME3400s was
October 3, 2018.
Due to the switches being the end of life either
experienced a hardware failure, the County would not
receive support or a replacement switch. Collier
County
3.1.2.1 No network redundancy was identified between
MHUB 5 and the TMC.
If a fiber optic cable cut would occur, no
redundant optical path is available to reroute
within the network
3.2.2.1
Utilize fiber along CR951 from MHUB5
to the ESC to provide a redundant
routed path from MHUB5 to the TMC
by way of the ESC.
A redundant optical connection would allow for the
primary connection to be lost and no impacts would be
seen by the end users.
Collier
County
3.1.2.1 No current method of video routing was identified in
the County core configurations.
Collier County would be able to send or
receive any partner video streams.
3.2.2.1
Deploy the County owned Cisco 6509-
E to enable MSDP capabilities as the
existing Cisco ME3400Es do not
support MSDP.
Collier County would be able to send or receive any
partner video streams. Collier
County
3.1.2.4 No current user authorization or authentication is
deployed.
No centralized method to provide user
credentials and access to the device. 3.2.2.4
Install a RADIUS server for user
authentication.
Have the ability to manage all ITS/TOR/Active Directory
from a single location and interface. Collier
County
3.1.2.4
A router was found attached to the TMC core which
supplies a secure tunnel for Apollo Street Light
System.
The Apollo router is managed and accessed
by the vendor. An external internet connection
is managed by a third party and Collier County
does not have access to Apollo router causing
a network security concern.
3.2.2.4 Obtain network management and
control this router. Reconfigure with
proper network security protocols.
Will allow Collier County to mitigate external internet
threats which could be introduced by the third party
vendor. Collier
County
3.1.2.4 Collier County utilizes default user accounts for a
number of ITS devices.
Using default equipment usernames and
passwords is a network security concern
because an unauthorized user can gain
access by a simple internet search
3.2.2.4 Eliminate default user credentials and
assigning each user a unique
username and password.
This will prevent any user from retrieving the default
credentials from the internet and using these identified
credentials to access the ITS network.
Collier
County
3.1.3.1
ITS network is comprised of two (2) core Layer 3
Cisco ME3400G switches located at City of Naples’
TMC.
By having two (2) switches and non-redundant
connection at the core routers, this equipment
configuration can cause a single point of
failure and potential network failure, due to all
routing occurs at the TMC location.
3.2.3.1
Utilize two (2) new Cisco C3850s in a
stack to manage as one (1) logical
switch while providing physical
redundancy for the field ITS rings.
Provides network resiliency in the form of redundant
routing engines and network expansion flexibility with
minimal impact to a configuration City of
Naples
3.1.3.1
Most of the ITS field rings terminate both sides of
the ring on one of the ME3400Gs.
Since each ITS terminates on a single
ME3400G, if one router would fail, Ethernet
communications would be halted.
3.2.3.1
Ensure all field rings are diverse across
Cisco C3850s switches.
This will ensure if one of the stacked chassis switches
fails it will fail over to a single router no physical
intervention is required.
City of
Naples
Regional ITS Network Review | Recommendations Report
C-3
Section
ID Discovered Concerns Recommendation
Identifier
Recommendations
Benefit Agency
3.1.3.1 Network Equipment Concern – Current Cisco
ME3400Gs are EOL.
Due to the switches being the end of life, if
either experienced a hardware failure, the City
of Naples will not receive support or a
replacement switch.
3.2.3.1
Upgrade the EOL Cisco ME3400G
switches to an updated model with
upgraded features.
Due to the switches being the end of life, if either
device experienced a hardware failure, the City of
Naples would not received support or a replacement
switch.
City of
Naples
3.1.3.1 Network devices do not have a redundant power
source at all locations.
Loss of power will result in a loss of ITS
network device communication.
3.2.2.2 Install Uninterrupted Power Supplies at
all MHUB Locations and TMC.
Will keep equipment operational during power outage
and clean power when cabinet is connected to an
external generator.
Collier
County
3.1.3.4 No network demarcation point was established for
the routed connection from Collier County.
By having a network demarcation point, it will
allow the City of Naples to mitigate or
disconnect from Collier County if a broadcast
storm was detected.
3.2.3.4
Purchase and install a firewall to use
as a demarcation point for routed
connection from Collier County.
To protect City of Naples from unwanted stakeholder
cyber threats and to provide a routed demarcation
point.
City of
Naples
3.1.3.4 No network demarcation point was established for
the routed connection from the City of Naples Police
Department.
By having a network demarcation point, it will
allow the City of Naples to mitigate or
disconnect from the police department if a
broadcast storm was detected.
3.2.3.4
Purchase and install a firewall to use
as a demarcation point for routed
connection from the City of Naples
Police Department.
To protect City of Naples from unwanted stakeholder
cyber threats and to provide a routed demarcation
point.
City of
Naples
3.1.3.4 City of Naples utilizes default user accounts for a
number of ITS devices.
Using default equipment usernames and
passwords is a network security concern
because an unauthorized user can gain
access by a simple internet search
3.2.3.4 Eliminate default user credentials and
assigning each user a unique
username and password.
This will prevent any user from retrieving the default
credentials from the internet and using these identified
credentials to access the ITS network.
City of
Naples
3.1.3.4 No current user authorization or authentication is
deployed.
No centralized method to provide user
credentials and access to the device. 3.2.3.4
Install a RADIUS server for user
authentication.
Have the ability to manage all ITS/TOR/Active Directory
from a single location and interface. City of
Naples
IE-3300-8T2S-E SD-IE-4GB IE3300-DNA-E IE3300-DNA-E-3Y IEM-3300-ST= PWR-IE65W-PC-AC= C9500-24Y4C-A CON-SSSNT-C95024YA C9500-NW-A SC9500HUK9-1612 C9K-PWR-650WAC-R C9K-PWR-650WAC-R/2 CAB-9 K 12A-NA C9K-F1-SSD-BLANK C9500-DNA-24Y 4C-A C9500-DNA-L-A-3Y NETWORK-PNP-LIC C9300-48P-A CON-SSSNT-C93004PA C9300-NW-A-48 S9300UK9-166 PWR-C1-715WAC-P PWR-C1-715WAC-P/2 CAB-TA-NA SSD-120G EXHIBIT "Q" Revised Equipment List Price Estimate ~fi~'~;·~~~-?.t/t'f i1~ Catalyst IE3300 Rugged Series Modular System, NE IE 4GB SD Memory Card for IE Cisco DNA Essentials license for IE3300 Series IE 3300 DNA Essentials, 3 Year Term license Catalyst IE3300 Rugged 8 Port GE Copper Exp Module PoE AC Input Power Module for IE3000/2000 SubTotal Catalyst 9500 24x1/10/25G and 4-port 40/100G, Advantage SOLN SUPP 8X5XNBD Catalyst 9500 24-port 25/100G only, Adva C9500 Network Stack, Advantage Cisco Catalyst 9500H XE.16.12 UNIVERSAL 650W AC Config 4 Power Supply front to back cooling 650W AC Config 4 Power Supply front to back cooling Power Cord, 125VAC 13A NEMA 5-15 Plug, North America Cisco pluggable SSD storage C9500 DNA Advantage, Term License Cisco Catalyst 9500 DNA Advantage 3 Year License Network Plug-n-Play License for zero-touch device deployment Catalyst 9300 48-port PoE+, Network Advantage SOLN SUPP 8X5XNBD Catalyst 9300 48-port PoE+, Network Adva C9300 Network Advantage, 48-port license CAT9300 Universal image 715W AC 80+ platinum Config 1 Power Supply 715W AC 80+ platinum Config 1 SecondaryPower Supply North America AC Type A Power Cable Cisco pluggable USB3.0 SSD storage Intersection Switches 36 Intersection Switches Intersection Switches Core replace 6500 (Sups) 12 36 DC Catalyst 9300 blades copper 56 35 35 N/A 35 35 49 NIA 14 21 14 14 7 14 14 N/A 3 14 12 N/A 14 14 14 14 14 14
STACK-T1-50CM 50CM Type 1 Stacking Cable -14 CAB-SPWR-30CM Catalyst Stack Power Cable 30 CM -14 C9300-DNA-A-48 C9300 DNA Advantage, 48-Port Term Licenses --14 C9300-DNA-A-48-3Y C9300 DNA Advantage, 48-Port, 3 Year Term License 36 N/A C 1-ADD-OPTOUT Cisco ONE Add-On Session Opt Out (No Fulfillment) -21 C9300-NM-8X Catalyst 9300 8 x 1 OGE Network Module --14 NETWORK-PNP-LIC Network Plug-n-Play License for zero-touch device deployment -3 VSS 9500's QSFP-100G-CU1M= 100GBASE-CR4 Passive Copper Cable, 1m -35 SubTotal EOC C9300-24T-A Catalyst 9300 24-port data only, Network Advantage --14 CON-SSSNP-C93002TA SOLN SUPP 24X7X4 Catalyst 9300 24-port data only, Network 12 N/A C9300-NW-A-24 C9300 Network Advantage, 24-port license --14 S9300UK9-166 CAT9300 Universal image --14 PWR-C1-350WAC-P 350W AC 80+ platinum Config 1 Power Supply -14 CAB-TA-NA North America AC Type A Power Cable --14 PWR-C1-350WAC-P/2 350W AC 80+ platinum Config 1 Secondary Power Supply -14 C9300-SSD-NONE No SSD Card Selected -14 C9300-STACK-NONE No Stack Cable Selected --14 C9300-SPWR-NONE No Stack Power Cable Selected --14 C9300-DNA-A-24 C9300 DNA Advantage, 24-port Term Licenses --14 C9300-DNA-A-24-3Y C9300 DNA Advantage, 24-Port, 3 Year Term License 36 NIA C9300-NM-8X Catalyst 9300 8 x 10GE Network Module -14 NETWORK-PNP-LIC Network Plug-n-Play License for zero-touch device deployment -3 SubTotal Hub switches (Fiber only) C9500-16X-E Catalyst 9500 16-port 1 0Gig switch, Essentials -14 CON-SSSNT-C95016EX SOLN SUPP 8X5XNBD Catalyst 9500 16-port 10Gig switch, Netw 12 N/A C9500-NW-E C9500 Network Stack, Essentials -14 S9500UK9-1612 Cisco Catalyst 9500 XE 16.12 UNIVERSAL -14 PWR-C4-950WAC-R 950W AC Config 4 Power Supply front to back cooling -14 PWR-C4-950WAC-R/2 950W AC Config 4 Power Supply front to back cooling -14 CAB-TA-NA North America AC Type A Power Cable -14 C9500-NM-BLANK Catalyst 9500 network module blank cover --14 C9500-DNA-16X-E C9500 DNA Essentials, Term licenses --14 C9500-DNA-L-E-3Y DNA Essentials 3 Year License 36 N/A
NE1WORK-PNP-LIC SFP-1 0G-LR-S= SFP-1 0G-SR-S= L-ISE-BSE-PLIC L-ISE-BSE-P2 R-ISE-VMS-K9= CON-ECMUS-RISEV9SM L-AC-PLS-LIC= L-AC-PLS-1Y-S1 L-ISE-TACACS-ND= FPR2130-FTD-HA-BUN FPR2130-NGFW-K9 CON-SNT-FPR2130W CAB-AC SF-F2K-TD6.3-K9 FPR2K-SSD200 FPR2K-SLIDE-RAILS FPR2K-NM-BLANK FPR2K-PSU-BLANK FPR2K-FAN FPR2K-PWR-AC-400 FPR2K-SSD-BBLKD L-FPR2130T-TMC= L-FPR2130T-TMC-3Y SF-FMC-VMW-2-K9 CON-ECMUS-SFMMCVWK FXM-2000 Network Plug-n-Play License for zero-touch device deployment 10GBASE-LR SFP Module, Enterprise-Class 10GBASE-SR SFP Module, Enterprise-Class SubTotal Cisco ISE Base License Cisco ISE Base License -Sessions 250 to 499 Hub to DC 10G 9300's to 9500's ISE Base Auth/AuthZ 3 14 14 3 3 ISE Small VM's (Radius server for all switches, non endpoints, De· Cisco ISE Virtual Machine Small SOLN SUPP SWSS Cisco ISE Virtual Machine Small Cisco AnyConnect Plus Term License, Total Authorized Users Cisco AnyConnect Plus License, 1YR, 25-99 Users Cisco ISE Device Admin Node License SubTotal Cisco Firepower 2130 Threat Defense Chss,Subs HA Bundle Cisco Firepower 2130 NGFW Appliance, 1 U, 1 x NetMod Bay SNTC-8X5XNBD Cisco Firepower 2130 NGFW Appliance, 1 U, AC Power Cord (North America), C13, NEMA 5-15P, 2.1 m Cisco Firepower Threat Defense software v6.3 for FPR2100 Firepower 2000 Series SSD for FPR-2130/2140 Firepower 2000 Slide Rail Kit Firepower 2000 Series Network Module Blank Slot Cover Firepower 2000 Series Chassis Power Supply Blank Slot Cover Firepower 2000 Series Fan Tray Firepower 2000 Series 400W AC Power Supply Firepower 2000 Series SSD Slot Carrier Cisco FPR2130 Threat Defense Threat, Malware and URL License Cisco FPR2130 Threat Defense Threat, Malware and URL 3Y Subs Cisco Firepower Management Center, (VMWare) for 2 devices SOLN SUPP SWSS Cisco Firepower Management Center, (VMWa SubTotal 12 Remote access VPN 12 3 NIA 3 N/A TACACS (Device Admin) per ISE VM 12 36 12 3 N/A 14 N/A 7 14 14 14 14 14 14 14 14 3 N/A 3 N/A HUB Cabinets and Accessories, UPS System and Batteries (4 hour Uninterupted Power Supply (UPS) System -N/A
105 Ah XTV Batteries Southern Manufacturing Valid through: FOB Point: None Fiber Optic testing Networking Contingency Notes UPS Batteries providing a minimum of 4 hours runtime under load ITS Fiber Optics HUB Cabinet (Climatized) SubTotal N/A N/A Total Pric HUB Cabinets and Accessories, UPS System and Batteries (4 hour Fiber Optics Testing/ Splicing/ Reconfiguration -N/A Network Testing/ Configuration I Field Deployment Contingency Costs SubTotal N/A N/A The Grant amount is $1,108,409.00. The revised estimated cost is $ 1,115,402.54. This leaves a shortfall of $6,993.54, which will have to be made up with County funds.
:,<:f~°it~~{i~~l?f:~t;;; .· °:tt1lfft<%)" '~:j~ 2,960.00 250 1,332.00 55.00 333,000.00 360.00 250 162.00 55.00 40,500.00 0.00 250 0.00 55.00 0.00 420.00 250 189.00 55.00 47,250.00 1,859.00 100 836.55 55.00 83,655.00 595.00 250 267.75 55.00 66,937.50 571,342.50 21,600.00 2 9,720.00 55.00 19,440.00 2,134.00 2 1,685.86 21.00 3,371.72 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 2,100.00 2 945.00 55.00 1,890.00 0.00 4 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 7,100.00 2 3,195.00 55.00 6,390.00 0.00 2 0.00 55.00 0.00 10,030.00 2 4,513.50 55.00 9,027.00 823.33 2 650.43 21.00 1,300.86 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 1,250.00 2 562.50 55.00 1,125.00 0.00 4 0.00 55.00 0.00 1,500.00 2 675.00 55.00 1,350.00
100.00 2 45.00 55.00 90.00 95.00 2 42.75 55.00 85.50 0.00 2 0.00 55.00 0.00 3,770.00 2 1,696.50 55.00 3,393.00 0.00 2 0.00 55.00 0.00 2,550.00 2 1,147.50 55.00 2,295.00 0.00 2 0.00 55.00 0.00 373.00 2 167.85 55.00 335.70 50,093.78 5,015.00 1 2,256.75 55.00 2,256.75 661.73 1 522.77 21.00 522.77 0.00 1 0.00 55.00 0.00 0.00 1 0.00 55.00 0.00 0.00 1 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 650.00 1 292.50 55.00 292.50 0.00 1 0.00 55.00 0.00 0.00 1 0.00 55.00 0.00 0.00 1 0.00 55.00 0.00 0.00 1 0.00 55.00 0.00 2,010.00 1 904.50 55.00 904.50 2,550.00 1 1,147.50 55.00 1,147.50 0.00 1 0.00 55.00 0.00 5,124.02 16,535.01 6 7,440.75 55.00 44,644.50 1,356.69 6 1,071.79 21.00 6,430.74 0.00 6 0.00 55.00 0.00 0.00 6 0.00 55.00 0.00 0.00 6 0.00 55.00 0.00 2,100.00 6 945.00 55.00 5,670.00 0.00 12 0.00 55.00 0.00 0.00 6 0.00 55.00 0.00 0.00 6 0.00 55.00 0.00 1,000.00 6 450.00 55.00 2,700.00
0.00 6 0.00 55.00 0.00 2,079.00 12 935.55 55.00 11,226.60 728.00 4 327.60 55.00 1,310.40 71,982.24 0.00 1 0.00 55.00 0.00 5.82 300 2.62 55.00 786.00 vice Admin Only) 6,700.00 2 3,015.00 55.00 6,030.00 1,608.00 2 1,270.32 21.00 2,540.64 0.00 50 0.00 55.00 0.00 6.00 50 2.70 55.00 135.00 10,000.00 2 4,500.00 55.00 9,000.00 18,491.64 0.00 1 0.00 55.00 0.00 29,995.00 2 13,497.75 55.00 26,995.50 2,400.00 2 1,896.00 21.00 3,792.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 0.00 2 0.00 55.00 0.00 27,536.25 2 12,391.31 55.00 24,782.62 500.00 1 225.00 55.00 225.00 120.00 1 94.80 21.00 94.80 55,889.92 Runtime Minimum) 0.00 7 1,350.00 0.00 9,450.00
0.00 0.00 14 4 275.00 10,000.00 Product Total Service Total : Subscription Total 0.00 0.00 e: (Includes HUB Cabinets and Accessories, UPS System and Batteries) Runtime Minimum) 0.00 0.00 0.00 4 • Revised equipment list which refers to Cisco equipment is based on the following criteria: 1. Functionality 2. Best of breed -Cisco sets the Standards for Networking Total Price: 5% 20% 10% 0.00 0.00 0.00 3,850.00 40,000.00 53,300.00 669,315.45 18,053.53 85,555.12 826,224.10 41,311.21 165,244.82 82,622.41 289,178.44 1,115,402.54 1,108,409.00 3. Security -The ability for an organization such as Cisco to respond to security exploits of their code in a timely manner and to assist their customers in implementing system recovery 4. Customer Support and Training 5. Cost 6. Innovation 7. Integration 8. Forward compatibility