Best Practices

  • Implement ZTP in a secure and private environment. Any public access may compromise the security of the switch, as follows:
    • Since ZTP is enabled only on the factory default configuration of the switch, DHCP snooping is not enabled. The Rogue DHCP server must be manually managed.

    • The DHCP offer is in plain data without encryption. Therefore, the offer can be listened by any device on the network and they can in turn obtain the AirWave information.

    • The TLS certificate of the server is not validated by the switch during the HTTPs check-in to AirWave. The AirWave server must be hosted in a private and secure environment of the switch.