One of the things I love the most about working with industrial control systems in the OT (Operational Technology) environment is that you never do the same thing every day.

One day you may be troubleshooting operational issues, and the next day you are building HMI (Human Machine Interface ) graphic displays for a new control system that you are soon to implement.

Then, next week you could be installing three new network switches to expand your network even further than it previously ventured into your facility.

Image by Brandon Cooper

In another words, we get to wear a lot of hats and do many different things. We get to learn many different areas of expertise and some we are better at than others.

If you are in a control engineering position, then chances are, your networking knowledge has increased more and more with each passing year.

In the networking realm of process control, if you are using Rockwell products in your facility, then chances are, you could be using their Stratix line of EtherNet switches.

In this article, we are going to discuss setting up a password for your Stratix switch.

The Stratix line of switches uses the Cisco IOS, so configuring a Stratix switch is the same as configuring most other Cisco switches.

Rockwell has a web browser setup feature and it is perfectly fine to use that, but here we are going to work with the command line interface. This will allow you to see the difference in the type of password commands that you can use.

Let’s look at a few options for setting the password.


Option 1: Set the enable password without encryption

The password is stored in clear plain text in the configuration file. I do not recommend using this option for obvious reasons. Anyone that sees the configuration file, now has your password.

The command is:

Image by Brandon Cooper

The result is: (#Show Run)

Image by Brandon Cooper



Option 2: Set the enable password with encryption

The password is stored in MD7 hash text in the configuration file. This option is better than option 1, but I do not recommend using this option as there is a better option available.

The command to enable password encryption is:

Image by Brandon Cooper

This changes your clear text password to an MD7 has in the configuration file as shown below.

The result is: (#Show Run)

Image by Brandon Cooper


Option 3: Set the enable secret password with encryption

The password is stored in MD5 hash text in the configuration file. This is the best option to use as MD5 hash is much more difficult to break.

That one little word “Secret” makes a big difference in the security of your switch.

The command is:

Image by Brandon Cooper

You can see here how much better the encryption of the password is.

The result is: (#Show Run)

Image by Brandon Cooper


Important Tip – All Options: Save your changes

Use this command to save the changes in your switch (or they will be lost during the next reboot):

  • Switch#copy running-config startup-config

Conclusion:

If you are new to setting up a Stratix switch, then hopefully this article will give you a tip in setting a password that will be stored in configuration in a way that cannot be easily taken by an “over the shoulder” type of hack.

There are many options and configuration settings in the Stratix switch and we will likely cover some of them in another article. After making changes to your switch, don’t forget to save your changes!

Written by Brandon Cooper
Senior Controls Engineer and Freelance Writer

Have a news tip? Share it with us here.
Have a question on this topic? Click here to scroll down to the comment link
Enjoy the benifits of membership! Insider news, rewards, & more: Patreon.com/automation

Brandon Cooper


Click HERE to scroll down to view or leave comments


Leave A Blog Reply Here

Please enter your blog comment!
Please enter your name here