See Other Government Stories

California Department of Fish and Wildlife

California Department of Fish and Wildlife

Highlights

The California Department of Fish and Wildlife manages and protects the state's diverse fish, wildlife, plant resources, and native habitats. The department deployed Cisco Meraki APs, switches, security appliances, and mobile device management across a variety of sites throughout California. Given the remoteness of many locations, performance, ease of use, and scalability were important factors for the team in selecting a network solution.


Original Networking Challenges


  • Multiple remote locations and a small IT team required centralized management for ease of network configurations and troubleshooting
  • Reliable network connection and device visibility needed for devices connecting at over 115 distributed sites


Why Cisco Meraki


  • Supplemental resiliency allows remote sites to still operate in the event of a state-wide outage at the core
  • Flexibility to bring up and troubleshoot remote sites from anywhere via the cloud-based dashboard
  • Various levels of admin privileges for segmented IT support staff
  • Inventory tracking of network hardware and devices with Meraki Systems Manager

“With Meraki, you can combine switches and security appliances all in one network view and get a nice, consolidated experience.” - Erik Davis, Network Projects Consultant

The Deployment


  • Mix of indoor and outdoor MR family access points with separate SSIDs for testing networks and planning new sites
  • One-third of users based in Sacramento headquarters, one-third in branch locations around the state, and one-third in remote locations and field offices
  • Core MX400 security appliance located at HQ as a hub, with branch and remote sites using MX60(W), MX80, or MX90 security appliances for site-to-site VPN connectivity to core
  • Systems Manager MDM installed to easily manage all department devices, such as iPads used by field scientists, with visibility into software property and device location


Results


  • Corporate users access network through 802.1X with RADIUS authentication, no bandwidth or SSID availability restrictions
  • Guest users log onto a password protected network with Layer 3 firewall rules blocking access to the local LAN
  • Hub-and-spoke VPN tunnels traffic to the core to access centralized services such as content filtering
  • Plan to add MS switches in a move to 802.1X to regulate devices/access on corporate network