Chapter 2
Module Features
22
Restrictions Imposed By Implicit Protected Mode
Protected Mode prevents access to services that are not required after the device is
configured and in normal operation. Protected Mode disables features that can make the
device vulnerable to disruptive actions. By doing so, Protected Mode helps to reduce the attack
surface.
When it is in Implicit Protected Mode, the module prevents execution of the following tasks:
•
Change Ethernet configuration settings, such as port speed
•
Change IP settings, such as IP address, mask, and DHCP mode
•
Disable or re-enable Ethernet ports
•
Update the module firmware revision
•
Perform remote module resets
•
Change configuration on Quality of Service (QoS) and Time Sync
•
Disable or enable the HTTP server
•
Change channel operation mode (with certain exceptions on Class B pin 2 channels)
Restrictions Imposed By Explicit Protected Mode
Protected Mode prevents access to services that are not required after the device is
configured and in normal operation. Protected Mode disables features that can make the
device vulnerable to disruptive actions. By doing so, Protected Mode helps to reduce the attack
surface.
When it is in Explicit Protected Mode, the module prevents execution of the following tasks:
•
Change Ethernet configuration settings, such as port speed
•
Change IP settings, such as IP address, mask, and DHCP mode
•
Disable or re-enable Ethernet ports
•
Update the module firmware revision
•
Perform remote module resets
•
Change configuration on QoS and Time Sync
•
Disable or enable the HTTP server
Perform Tasks When Restricted
If the module is in Protected Mode and you attempt to perform any of the restricted tasks, you
are alerted that such a task cannot be performed because the module is in Protected Mode.
IMPORTANT Protected Mode restrictions are not configurable.
If the module is not in Protected Mode, the module accepts attempts to perform the tasks that
are described previously.
For example, after the module is initially powered up, but no I/O connections are established
yet, the module is not in Explicit Protected Mode. You can attempt to update the module
firmware revision and the module accepts the attempt.
If the module enters Protected Mode each time the module powers up, check the
application controllers to determine if there are active I/O connections that are
opened through the module.
Rockwell Automation Publication 5032-UM001A-EN-P - April 2023