Siemens Plc Slot Numbering

admin  3/28/2022
75 Comments

S7comm (S7 Communication) is a Siemens proprietary protocol that runs between programmable logic controllers (PLCs) of the Siemens S7-300/400 family.

  1. Siemens Plc Slot Numbering Machine
  2. Siemens Plc Slot Numbering Software

A Siemens PLC: S7-300, -400, -1200, or -1500. → Connection between the Ewon Flexy and the Siemens PLC must be done through Ethernet protocol. For polling tags over MPI, see “Polling Data from Siemens PLC using MPI protocol” from Related Documents, p. → The device will have its registers read by the tags configured in the IO server of the. Siemens S7-300 Which connects to Siemens S7-300 PLCs over Ethernet. Siemens S7-400 Which connects to Siemens S7-400 PLCs over Ethernet. On the New Device page, leave all the default values and type in the following fields: Name: S71200 Hostname: type the IP address, for example 10.20.4.71. Range begins with the expandable brick type PLC, the G7 series. To the compact, slot and rack in the mid-range, the G6 series, through to the high-end G4 series. From the 10 I/O brick style G7 to the 1024 I/O Multi-rack and slot G4 PLC, IMO have got it covered! The complete G-Series range is programmed through the IEC61131-3 compliant software.

It is used for PLC programming, exchanging data between PLCs, accessing PLC data from SCADA (supervisory control and data acquisition) systems and diagnostic purposes.

The S7comm data comes as payload of COTP data packets. The first byte is always 0x32 as protocol identifier. Special communication processors for the S7-400 series (CP 443) may use this protocol without the TCP/IP layers.

OSI layer

Protocol

7

Application Layer

S7 communication

6

Presentation Layer

S7 communication

5

Session Layer

S7 communication

4

Transport Layer

ISO-on-TCP (RFC 1006)

3

Network Layer

IP

2

Data Link Layer

Ethernet

1

Physical Layer

Ethernet

To establish a connection to a S7 PLC there are 3 steps:

  1. Connect to PLC on TCP port 102
  2. Connect on ISO layer (COTP Connect Request)
  3. Connect on S7comm layer (s7comm.param.func = 0xf0, Setup communication)

Step 1) uses the IP address of the PLC/CP.

Step 2) uses as a destination TSAP of two bytes length. The first byte of the destination TSAP codes the communication type (1=PG, 2=OP). The second byte of the destination TSAP codes the rack and slot number: This is the position of the PLC CPU. The slot number is coded in Bits 0-4, the rack number is coded in Bits 5-7.

Step 3) is for negotiation of S7comm specific details (like the PDU size).

History

The protocol is used by Siemens since the Simatic S7 product series was launched in 1994. The protocol is also used on top of other physical/network layers, like RS-485 with MPI (Multi-Point-Interface) or Profibus.

Protocol dependencies

S7 communication consists of (at least) the following protocols:

Tool

  • COTP: ISO 8073 COTP Connection-Oriented Transport Protocol (spec. available as RFC905)

  • TPKT: RFC1006 'ISO transport services on top of the TCP: Version 3', updated by RFC2126

  • TCP: Typically, TPKT uses TCP as its transport protocol. The well known TCP port for TPKT traffic is 102.

Example traffic

Wireshark

The S7comm dissector is partially functional.

Preference Settings

(XXX add links to preference settings affecting how PROTO is dissected).

Example capture file

  • SampleCaptures/s7comm_downloading_block_db1.pcap s7comm: connecting and downloading program block DB1 into PLC

  • SampleCaptures/s7comm_program_blocklist_onlineview.pcap s7comm: connecting and getting a list of all available block in the PLC

  • SampleCaptures/s7comm_reading_plc_status.pcap s7comm: connecting and viewing the PLC status

  • SampleCaptures/s7comm_reading_setting_plc_time.pcap s7comm: connecting, reading and setting the time of the PLC

  • SampleCaptures/s7comm_varservice_libnodavedemo.pcap s7comm: running libnodave demo with S7-300 PLC, using variable-services with several areas

  • SampleCaptures/s7comm_varservice_libnodavedemo_bench.pcap s7comm: running libnodave demo benchmark with S7-300 PLC using variable-services to check the communication capabilities

Display Filter

A complete list of PROTO display filter fields can be found in the display filter reference

Show only the S7comm based traffic:

Capture Filter

You cannot directly filter S7comm protocols while capturing.

S7comm uses port 102, so it is possible to capture S7comm data by using the capture filter

External links

  • RFC1006ISO Transport Service on top of the TCP Version: 3, based on ISO 8073

  • RFC905ISO Transport Protocol Specification ISO DP 8073

  • Siemens - Information about the properties of the S7 protocolWhat properties, advantages and special features does the S7 protocol offer - Siemens Industry Online Support

Discussion

Nowadays, multiple companies are manufacturing and designing the programmable logic controller (PLC) software as well as hardware devices.

In an earlier article, we have seen topmost PLC brands and their useful software. Here, we are going to study PLC rack of the hardware devices which are mostly used in the industrial environment.

Generally, Fixed PLC and Modular PLC types of PLC are constructed. But, modular PLC is mostly used in the industrial environment.

Sometimes, modular PLC is known as Rack-mounted PLC because, both are having the same functions.

Let’s starts from the basics of rack and chassis of PLC.

What is PLC Rack?

PLC rack and chassis are mostly used in the Modular PLC or Rack Mounted PLC hardware.

Rack and chassis acts as a backbone of the PLC hardware system. It is helpful for assembling the modular PLC hardware modules.

Definition of PLC Rack:

PLC rack or chassis is a hardware assembly that plugs communicating modules together (like input, output, CPU, power supply, communication, and additional function modules) in a single frame.

Siemens plc slot numbering tool

If you look at the below PLC designing structure, it looks more like a rack or chassis.

From the above diagram, you can see the multiple input or output modules that are plugged together in the same rack or chassis of modular PLC.

In the PLC rack, the power supply module provides the required level of the regulated power to the different input-output modules through the backplane bus system.

Rack Mounted or Modular PLC Block Diagram

There is a standard card where all the modules gets deployed to communicate through the rack.

With the help of rack and chassis, modules can be easily communicated to the other connected modules in the PLC system.

What are the types of Rack used in Modular PLC?

The modular PLC rack provides power and interconnectivity between multiple connected modules through the backplane.

Based on the backplane, rack are classified into different parts.

  1. Active Backplane
  2. Passive Backplane

1. Active Backplane

Active backplane consists of multiple slots and additional circuitry. It can easily control all communication between the slots.

Siemens plc slot numbering tool

Active backplane is mostly used in the Siemens (S7-400) PLC. Siemens (S7-400) PLC module can be placed into three different types of the rack.

  1. Central Rack (CR)
  2. Universal Rack (UR)
  3. Expansion Rack (ER)

These three main types of PLC rack are used in the modular PLC or Rack mounted PLC.

2. Passive Backplane

Passive backplane consists of only slots. This is no additional circuit. It is mostly used in the Siemens (S7-300) PLC.

What are the difference between Rack and Chassis of PLC?

PLC Rack and chassis has little difference. Otherwise, both are doing the same work.

Slot

Let’s see the main difference between the rack and chassis of PLC.

  • PLC Rack:

The rack of PLC is a hardware device that holds together communicating modules in a single frame.

Rack is cabinet for placing the modules. It comes in a different sizes like 9 slots,18 slots, etc.

  • PLC Chassis:

Siemens Plc Slot Numbering Machine

The chassis of PLC is a piece of hardware which has multiple slots for inserting the different or additional modules.

In the PLC system, there are different slots for chassis available. If the user wants additional chassis, we can connect them by using chassis interconnecting cables.

What is the Purpose of Rack or Chassis in PLC?

PLC rack and chassis has multiple functions to use.

  • Rack or chassis distributes power in the PLC.
  • It provides interconnectivity between connecting I/O PLC modules.
  • In rack-mounted PLC, we can easily modify or expand input and output modules.
  • It acts as a communication link between communicating modules.
  • In any fault condition, we can easily remove and replace the individual module through PLC rack or chassis.

Hope you understand the difference between the rack and chassis of plc with the help of a circuit diagram of the rack-mounted PLC systems.

Interested to learn about software-based PLC programming? I have a curated tutorial on ‘[Step-by-Step] How to Learn PLC Programming at Home for Free?‘.

If you have any quires, you can freely ask with me by commenting below. If you find this tutorial helpful, kindly share it.

Happy PLC Learning!

I have completed master in Electrical Power System. I work and write technical tutorials on the PLC, MATLAB programming, and Electrical on DipsLab.com portal.

Siemens Plc Slot Numbering Software

Sharing my knowledge on this blog makes me happy. And sometimes I delve in Python programming.