-
Implement ZTP in a secure and private environment. Any public access may compromise the security of the switch, as follows:
-
Since ZTP is enabled only on the factory default configuration of the switch, DHCP snooping is not enabled. You must manage the Rogue DHCP server.
-
The DHCP offer is in plain data without encryption. Therefore, the offer can be listened by any device on the network and they can in turn obtain the AirWave information.
-
The TLS certificate of the server is not validated by the switch during the HTTPs check-in to AirWave. The AirWave server is in the private environment of the switch.
-