I am using libnodave and s7netplus to read and write data blocks to my simatic s7-300.
Everything is working fine but I want to understand how libnodave or s7netplus are workingso that I can implement something similar in c++ or c# myself based on plain tcp/ip sockets, just for fun.
On the library websites or source code itself I could not find any information about how they are implemented only that they are using tcp/ip sockets (I know in libnodave you can also use other ways but for now I am only focused on tcp/ip).
On my researches on other websites I found that I can use open tcp/ip or modbus tcp/ip.
But I could not really find any specifications related to simatic s7-300 which are telling me how to establish a connection or what to send to start a data transfer....
Please don't understand me wrong.
For example for modbus tcp/ip itself I can find specifications but these specifications are not telling me anything about what to send to the plc if I want to read 10 bytes from data block 17 or write 3 bytes to data block 1.
So my question is which possibilities on top of tcp/ip I have to exchange data from a pc with my plc and where I can find exact specifications related to simatic s7-300?
The communication protocol to a Siemens PLC is discribed on the site of Snap7.
http://snap7.sourceforge.net/siemens_comm.html
(Maybe better to use Snap7 instead of Libnodave for support of newer PLC's!)
Related
My question is quite simple. Is it possible to communicate TwinCat PLC simulation (TwinCat 3 on normal PC) with real siemens S7-1200 over MODBUS TCP?
From what I've gathered, PC without Intel chipset network card prevents you from using protocols like EtherCat or Profibus. Nowhere in documentation is stated that Modbus TCP requires such card.
I've been trying to use Modbus TCP sample program from Beckhoff site for two days now, with no success. TCPView shows that connection between server (PC with TwinCat) and client (S7-1200) is "established" and even some packets are being exchanged. I'm pretty sure that the adressess and lengths and all that stuff are correct, yet TwinCat still gives me ERROR 26.
On the Siemens side MB_Client shows 7004 then 7005 and 7006 one after the other with no data coming to my array.
Is there something to do on the TwinCat side other than coping the sample code and changing the parameters, that i need to do? (I also set up the server with TcModbusSrvCfg.exe)
Sorry for the long post. If you have any ideas about what else i can do, plaase share.
Like Kolyur said, please check that TF6250 is installed on your machine.
As complement of Cliff response here are 3 tools to check your Modbus protocol on both sides :
Ananas,
Modbus Doctor,
Modbus Twin Request
Which Modbus function did you implement you could just try a simple Modbus write register (function 16).
My question is quite simple. Is it possible to communicate TwinCat PLC
simulation (TwinCat 3 on normal PC) with real siemens S7-1200 over
MODBUS TCP?
In answer to your question. Yes!! Absolutely you can!!
Is there something to do on the TwinCat side other than coping the
sample code and changing the parameters, that i need to do? (I also
set up the server with TcModbusSrvCfg.exe)
So part of your problem may be in this statement here. Using TcModbusSrvCfg.exe sets up the TwinCat PC Modbus TCP server, but the sample code provided in the manual is the TwinCat program acting as a Modbus TCP client. From your question it isn't 100% clear to me what you are trying to achieve.
The manual in section 2 (page 8 at the time of writing) shows the two different ways it can be setup. In the picture below;
the red line with a (1) next to it shows TwinCAT acting as a Modbus TCP Server, and
the red line with a (2) next to it shows TwinCAT acting as a Modbus TCP Client.
From your question it sounds like you have setup a Modbus Client on your siemens. If this is the case, you do not need to implement any example code in your TwinCAT program. The example code provided in the manual is for when Twincat is acting a Modbus Client. I think what you are probably looking for is to follow what is in section 4.
From a high level, the TwinCAT Modbus TCP server maps Modbus Registers to TwinCAT Memory areas. You would need to create TwinCAT tags and assign these tags to the appropriate memory areas. You can view the default mapping in section 4.3 or you can use the "Export Configuration" function on the Configuration tool to export an XML file where you can customize your mapping, and then import it again and apply the changes.
I don't know a lot about seimens, but to me it sounds as if your siemens client is actually connecting to the TwinCAT modbus server, however you have not created the relevant TwinCAT tags at the appropriate memory areas/address. If you want the seimens to read data from TwinCAT, then you will need to populate data in tags assigned to the memory areas in TwinCAT. If you want the siemens to write data to TwinCAT, then you will need to add tags in TwinCAT (again at the correct memory area) to view the data.
If however you do want TwinCAT to act as a client connect to a modbus server, you would need to following section 6.
Seems like the problem has to do directly with the configuration of your conection, the hardware itself shouldn't cause any problems with the connection and just like -kolyur said, for test you should deactivate the pc firewall.
As for the modbus server setup, you have to run the "TcModbusSrcCfg.exe"in your computer and set default parameters (to use your computer as server trough port 502), once you make a sucessfull conection with the PLC Siemens at port 502 (default configuration) you can try to modify the program.
The Beckhoff documentation already tells you the libraries, functions and values you should use for a default connection, just make sure you follow the server configuration steps, cause' in the past I had many issues with modbus just for not setting the modbus server right
I used this sample FB for modbus communitation to read from a Modbus Festo Master for IO Modules if you want to compare your variable values.
I am currently learning about networking. I am going through the TCP IP and OSI model and try to pick apart what protocol belongs to which layer. I am a bit confused over Media Access Control. Does it just refer to the hardware id of the network card or is it the name of the protocol responsible for it? I tried to find any RFCs for MAC on IETF to provide some definitions for me, but I couldn't find anything.
"MAC" stands for media access control - it's a sublayer of the data link layer (L2) in the OSI model.
One of the most popular protocols in this layer is Ethernet which covers the physical layer and the data link layer. You can find all about Ethernet at IEEE 802.3 (requires registration but is free).
Another extremely popular L1/L2 protocol stack is WiFi (IEEE 802.11) but that's a lot more complicated and hard to start with.
No, the MAC is not a protocol in that you won't find any 'MAC spec' that you can implement. MACs are typically embedded in hardware devices and expose functionality to send and receive frames to the media that they're controlling.
How they expose that functionality is up to the manufacturer of the MAC. They don't follow any standard protocol. You might find simple SPI interfaces, register-based access, DMA transfer or others.
I am using an embedded microprocessor to communicate with a SIM900 GPRS modem. The sim900 has an embedded tcp/ip stack but no embedded PPP stack, and my embedded environment has neither of these stacks.
With other devices I have followed these steps:
at+cgdcont="IP","internet",,
atd*99***1#
called a PPP function that took take care of the login to the APN (and presumably the authentication & LCP etc).
called a TCP function that connected to the remote server.
But now I have to do the PPP part myself. so I am at a loss locating all the necessary information.... can anyone point me in the right direction?
when I use hyperterm so as to see what happens with ATD*99***1# it connects and returns a lot of PPP frames which i suppose i have to write a module to deal with. But I did notice, on a number of sites, that the login to the APN is not mentioned at all, so is there a way of bypassing the login?
When I follow the example in the SIM900 docs, I get an error indicating (quite rightly) that the PDP is deactivated...
I think my original question was really 2 questions...
1) does one need to write an APN logon module when using the onboard TCP functions of the GPRS module?
- the answer here is NO. The module takes care of that....see cmd AT+cstt="apn","user","pwd".
2) where can one find opensource code for a PPP stack?...that remains unanswered.
The 1.4.1 release and some older versions of LWIP have an implementation of PPP in it. Not certain if it can easily be used standalone though. You might still be able to decouple it from LWIP and use it.
Could i inject packets to Linux TCP stack without modifying the ethernet driver? Could i do this with using a library or sth ?
Thank you,
If by 'inject packets to Linux TCP stack' you mean send some data that the Linux kernel will treat as a frame coming from an Ethernet interface then you can use a 'tap' device. If an IP packet (layer 3) is good enough, then use a 'tun' device.
http://en.wikipedia.org/wiki/TUN/TAP
http://www.kernel.org/pub/linux/kernel/people/marcelo/linux-2.4/Documentation/networking/tuntap.txt
Libnet
Libnet is a generic networking API that provides access to several protocols. It is not designed as a 'all in one' solution to networking. Currently many features that are common in some network protocols are not available with Libnet, such as streaming via TCP/IP. We feel that Libnet should not provide specific features that are possible in other protocols. If we restrict Libnet to the minimal needed to communicate (datagram/packets) then this allows it to support more interfaces.
Otherwise, if you're just wondering about injecting hand-crafted packets into the network, read the man pages and look for online help with raw sockets. Some good places to start are man 7 raw, man packet, and there are some ok tutorials at security-freak.net, though the code there is not written particularly well for my tastes.
I'm doing a project where I must write a network library for a device connected to a Windows machine. The complication comes in that I may only communicate with the device using ethernet frames. So there is no TCP/UDP/IP at all. I don't think the bind/listen/accept approach can be applied here, but maybe I am wrong. Also, there is no routing or switching involved.
I have a few questions. How do I use a socket to communicate with this device? Does winsock have any support for just frames? I haven't been able to find many resources on this. Does anyone have any ideas about how I should proceed?
Is using sockets even a good idea or can I just send out the information with the appropriate headers?
Use WinPCap, it has an an API to send and listen to raw data.
You can build your communicate layer with it.
Give the WinAoE code a look-see - it says it lets Windows talk to ATA over Ethernet devices which means it has to communicate without any of the upper layers of the network stack.
Edited:
As near as I can tell, if you want to send raw ethernet frames, you want NdisSend and friends.
As well as winpcap and NDIS you could also look at raw sockets which are a standard part of the Windows API and don't require you to write driver code http://msdn.microsoft.com/en-us/library/ms740548(v=vs.85).aspx.