One of the things I love the most about working with industrial control systems in the OT (Operational Technology) environment is that you never do the same thing every day.
One day you may be troubleshooting operational issues, and the next day you are building HMI (Human Machine Interface ) graphic displays for a new control system that you are soon to implement.
Then, next week you could be installing three new network switches to expand your network even further than it previously ventured into your facility.
In another words, we get to wear a lot of hats and do many different things. We get to learn many different areas of expertise and some we are better at than others.
If you are in a control engineering position, then chances are, your networking knowledge has increased more and more with each passing year.
In the networking realm of process control, if you are using Rockwell products in your facility, then chances are, you could be using their Stratix line of EtherNet switches.
In this article, we are going to discuss setting up a password for your Stratix switch.
The Stratix line of switches uses the Cisco IOS, so configuring a Stratix switch is the same as configuring most other Cisco switches.
Rockwell has a web browser setup feature and it is perfectly fine to use that, but here we are going to work with the command line interface. This will allow you to see the difference in the type of password commands that you can use.
Let’s look at a few options for setting the password.
Option 1: Set the enable password without encryption
The password is stored in clear plain text in the configuration file. I do not recommend using this option for obvious reasons. Anyone that sees the configuration file, now has your password.
The command is:
The result is: (#Show Run)
Option 2: Set the enable password with encryption
The password is stored in MD7 hash text in the configuration file. This option is better than option 1, but I do not recommend using this option as there is a better option available.
The command to enable password encryption is:
This changes your clear text password to an MD7 has in the configuration file as shown below.
The result is: (#Show Run)
Option 3: Set the enable secret password with encryption
The password is stored in MD5 hash text in the configuration file. This is the best option to use as MD5 hash is much more difficult to break.
That one little word “Secret” makes a big difference in the security of your switch.
The command is:
You can see here how much better the encryption of the password is.
The result is: (#Show Run)
Important Tip – All Options: Save your changes
Use this command to save the changes in your switch (or they will be lost during the next reboot):
- Switch#copy running-config startup-config
Conclusion:
If you are new to setting up a Stratix switch, then hopefully this article will give you a tip in setting a password that will be stored in configuration in a way that cannot be easily taken by an “over the shoulder” type of hack.
There are many options and configuration settings in the Stratix switch and we will likely cover some of them in another article. After making changes to your switch, don’t forget to save your changes!
Written by Brandon Cooper
Senior Controls Engineer and Freelance Writer
Have a question? Join our community of pros to take part in the discussion! You'll also find all of our automation courses at TheAutomationSchool.com.
Sponsor and Advertise: Get your product or service in front of our 75K followers while also supporting independent automation journalism by sponsoring or advertising with us! Learn more in our Media Guide here, or contact us using this form.
- Rockwell Patch Rollup – How To Download and Install (2022) - August 4, 2022
- Studio 5000 – Resolve .Net Framework 3.5 Installation Error 0x80D05001 - July 26, 2022
- Studio 5000 – v34: What’s New - May 9, 2022
