MPLS NETWORK FAQ (FREQUENTLY ASKED QUESTIONS)

V1- 022601 ISP 2-591 (6/11) V2 -031505 R-061711

1

Q01. What components/services are provided with the MPLS circuit order? A. Installation, maintenance and monitoring of the digital data circuit and router. Q02. What components are the Agency responsible for? A. The agency is responsible for: ΤLAN wiring between the router and Agency devices used to access LEADS and Livescan

applications. ΤInside wiring if the telephone company did not extend the Demarc. ΤNetworking components such as hubs, switches, router, Firewall to create a local area network

when multiple devices are used. ΤAgency devices (Computers, Printers) used to access Leads and Livescan applications. Q03. Is a Firewall required when an agency utilizes an existing Local Area Network or Wide Area

Network? A. A Firewall is an optional network component that can perform NAT and/or control data traffic

that passes between the Agencies network and the MPLS network. Agencies with existing networks will probably employ a Firewall to further safeguard their networks and related components. If the Public Internet is accessed from PC=s on the same LAN as the LEADS 2000 Devices, a Firewall between the LAN and the Public Internet is REQUIRED.

Q04. IS LEADS 2000 Accessible via the Public Internet or Dial-up? A. No. LEADS 2000 can only be accessed through the CMS MPLS Network. That access may be

obtained directly through the purchase of a circuit or through agreement with another entity which has access to the CMS MPLS Network.

Q05. How long after the circuit order has been placed will the router be installed? A. It estimated to take 45 days after the order forms are received by Illinois State Police personnel. Q06. What is the order of events after a MPLS circuit is ordered? A. 1. A telephone technician will install the circuit.

2. A CMS technician will install the router and test connectivity to verify the complete installation. Steps 1 thru 3 normally occur in a 14 day period. Note: The technicians are instructed to phone the Agency contacts listed on the circuit order form prior to arriving onsite to perform any work.

Q07. Where should the circuit be installed? A. At the Agency's Demarc location. This is usually the area where all the phone/data circuits enter a

building. Q09. Where should the router be located? A. The location of the router will vary from Agency to Agency.

MPLS NETWORK FAQ (FREQUENTLY ASKED QUESTIONS)

V1- 022601 ISP 2-591 (6/11) V2 -031505 R-061711

2

Note: Refer to the router location examples at the end of this FAQ to help determine where to locate the router.

Q10. What TCP/IP addressing scheme will be used? A. A 10.x.y.z IP address scheme will be assigned to each Agency. All traffic sent to the state via the

MPLS network must have the source address within the assigned IP address range. Agencies with an existing LAN who wish to maintain their existing addressing scheme will be required to employ NAT.

Q11. What addresses are within the IP address range. A. The valid address range will be from 10.x.y.1 thru 10.x.y.254. The router will be assigned 10.x.y.1.

The agency will control the assignment of the remaining addresses. ISP recommends that the IP addresses below 10.x.y.11 be used for network components such as hubs, switches, routers or Firewalls. The first device would be assigned 10.x.y.11 when following this recommendation.

Q12. What is NAT? A. NAT stands for Network Address Translation. NAT is used to translate one IP address to another.

NAT can be used to allow multiple PCs to share a single Internet / Intranet connection. It can also be used as a security tool by shielding the IP addresses of devices within the intranet. If hackers don't know a PCs address, then it's harder to attack it.NAT can also be used for IP address management. You can keep private IP addresses on the intranet or parts of an intranet and never have to worry about changing them to communicate across the MPLS network. Without NAT, you would have to change all the PC's individual addresses.NAT functionality can be found in routers, Firewalls, and NAT-only devices.

Q13. Is a unique IP address required for each PC executing the Leads 2000 software on an Agencies

network? A. A unique IP address for each Leads 2000 PC is required when NAT is not used. Unique IP

addresses are not required when utilizing a NAT technique referred as 'hiding behind an address' or Port Address Translation (PAT).

Q14. Can an agency utilize DHCP on their network when utilizing Leads 2000 software? A. Yes. Static IP addresses are not required for PCs utilizing the Leads 2000 software.

NOTE: Static IP addresses are required for Leads interfaces and Livescan devices. Q15. Is Domain Name Service (DNS) required for LEADS 2000 Access? A. Yes. DNS provides name resolution which is necessary for LEADS 2000 to function. There are a

number of alternatives an agency can choose when deciding how to implement DNS. Consult the LEADS 2000 Domain Name Service (DNS) Frequently Asked Questions for more details.

Q16. Where can answers to Livescan questions be located?

MPLS NETWORK FAQ (FREQUENTLY ASKED QUESTIONS)

V1- 022601 ISP 2-591 (6/11) V2 -031505 R-061711

3

A. Questions concerning Livescan are directed to ISP Bureau of Identification, (815) 740-5160. Q17. Where can answers to Leads 2000 questions be located? A. Questions concerning Leads 2000 are directed to the LEADS 2000 Hot Line: 1-866-LEADS00 (866-532-3700). Q18. Is it possible for multiple agencies to share a single MPLS Connection? A. Yes, agencies may decide to consolidate their resources to order a single MPLS Circuit. The

agencies will than have to put the necessary LAN or WAN in place to ensure that all agencies wishing to access the Circuit are able to do so.

Q19. How is billing handled for multiple agencies sharing a single MPLS Circuit? A. CMS will Bill agencies that ordered the circuit. It is the responsibility of this agency to distribute

the cost among the agencies sharing access.

MPLS NETWORK FAQ (FREQUENTLY ASKED QUESTIONS)

V1- 022601 ISP 2-591 (6/11) V2 -031505 R-061711

4

ROUTER LOCATION EXAMPLES Note: The router needs to be located in a secure location where authorized personnel can access to assist the phone company personnel to correct connectivity problems. Agencies with 1 device (i.e., LEADS 2000 PC, LEADS interface or Livescan machine): Router can be located in a wiring closet or near the device. A regular (straight thru) ethernet cat-5 cable will be used to connect the router to an ethernet hub or switch. Another regular (straight thru) ethernet cat-5 cable will be used to connect the hub or switch to the device. If a hub or switch is not used, an ethernet cat-5 'crossover' cable must be used to connect the one device to the ethernet port on the router. Agencies with 2 or more devices without an existing LAN: The router can be located in a wiring closet or near some devices. A regular (straight thru) ethernet cat-5 cable will be used to connect the router to an ethernet hub or switch. The devices will be connected to the hub or switch using regular ethernet cables. The hub or switch can be located where it lends to optimizing the cable runs. The hub can be next to multiple devices with a long cable to the router. Agencies with multilple devices located on existing LAN or WAN: Check with your Agency's network personnel for recommendations. A location should be picked that facilitates connection between the state frame router and your existing LAN/WAN. Typically the ethernet port on the MPLS router will be connected to a Firewall or other device to perform network address translation to convert the Agency's existing IP address scheme to the MPLS assigned 10.x.y.z address scheme. Agencies wishing to share a single MPLS Circuit: The Circuit and Router will be installed at the Agency which has applied for the MPLS Circuit. Connectivity between other agencies wishing to use this circuit is the responsibility of the agencies involved. CMS will bill only the agency which ordered the MPLS Circuit.