Best Practices
Implement ZTP in a secure and private environment. Any public access may compromise the security of the switch, as follows:
Since ZTP is enabled only on the factory default configuration of the switch, DHCP snooping is not enabled. You must manage the Rogue DHCP server.
The DHCP offer is in plain data without encryption. Therefore, the offer can be listened by any device on the network and they can in turn obtain the AirWave information.
The TLS certificate of the server is not validated by the switch during the HTTPs check-in to AirWave. The AirWave server is in the private environment of the switch.