Announcement

Collapse
No announcement yet.

Fetch/Write DB Memory From a Siemens S7-300/400 PLC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fetch/Write DB Memory From a Siemens S7-300/400 PLC

    Hi all,
    Does anyone have any experience with Siemens S7-300/400 PLC interaction over TCP ?

    I have made a little progress in Fetching and Writing DB memory locations with PB,but i have steped into a paradox.
    If i want to Fetch a value from the PLC memory i send over the ethernet via TCP a 16 byte header with the appropriate command and the PLC respondes with the result.
    But when i want to write a DB memory location i have to send the appropriate command (16 bytes header + Data) twice (2 times) to get a responce and i don't know if this is normal or not since there is very little information out there from Siemens.The funny thing is that this trick works even if i send the twin commands in one go,that is the string that i send using TCP Send contains the command 2 times. (eg if the command is A5123456 i send A5123456A5123456).
    Plus i would very much appreciate if anyone has the complete command over TCP spec.

    Thanks
    Stavros
    Last edited by Stavros A Petridis; 16 Nov 2008, 08:34 AM.
    Byte Hunters of the World Unite.

  • #2
    Mystery Solved

    Well ,mystery solved.
    I found in the Siemens site a document buried deeper than Hitler.
    My problem was that the Fetch/Write commands for DB memory of S7 are inherited from S5 which is a word not a byte machine.I was sending number of bytes to be written and the PLC was expecting number of words,so you can figure out what was happening next
    Byte Hunters of the World Unite.

    Comment


    • #3
      Stavros, I applaud you for figuring out how to talk directly to the PLC from PB and sidestepping the manufacturers' bloated, over-complicated and expensive run-time systems. I have done the same for Allen-Bradley, which I work with most of the time, but occasionally I have to dip my toe into S5 and S7. It's not that complicated if you can find the right documentation - the trouble is that the manufacturers normally don't want you to find the documentation! I found Wireshark invaluable when working out how to do it with A-B.
      - LJ

      Comment


      • #4
        a document buried deeper than Hitler.
        Wait??? Hitler is buried??? I thought he was still roaming the tunnels and hiding out in South America somewhere????

        I agree with Laurence about
        I applaud you for figuring out how to talk directly to the PLC from PB and sidestepping the manufacturers' bloated, over-complicated and expensive run-time systems.
        When its just a matter of communication protocol sometimes I think companies go above and beyond to confuse you just because they do not fully understand the protocol themselves.(or only understand one language and fake it for the the other languages)

        All too often (usually the bigger controller companies) although they have documentation, it seems their train of thought is
        1. Hardware - Make it work
        2. Software - 1 language (usually C) and the rest are an after thought of "Heres a sample"
        3. Documentation - Another after thought and geared for 1 language after thought
        4. Publishing that documentation.....It may be there but the goal is to get you to buy the product. Making it work is an after thought because you already bought the product so they got their #$$$$$
        After all this typing....you can't tell I have a burr in my side with 2 particular companies and their software can you????
        Engineer's Motto: If it aint broke take it apart and fix it

        "If at 1st you don't succeed... call it version 1.0"

        "Half of Programming is coding"....."The other 90% is DEBUGGING"

        "Document my code????" .... "WHYYY??? do you think they call it CODE? "

        Comment


        • #5
          Thanks guys for your replies.
          Laurence thanks for your tip about Wireshark

          One Tip for S5 and S7:
          In the 16-byte header there are 2 fields (address and length) that are integer.
          When talking with a S5 you should pass the integer value as {Hi-Byte Lo-Byte} BUT when talking to a S7 you should pass it {Lo-Byte Hi-Byte}.
          This is the Siemens idea of compatibility
          Last edited by Stavros A Petridis; 24 Nov 2008, 09:11 AM.
          Byte Hunters of the World Unite.

          Comment


          • #6
            hello stavros

            I'm trying to read DB from S7-400 PLC with delphi, but I dont know what to send to the CP 443 card to make the fetch/write commands.

            Is it a string with commands you just send?

            any chance you will show some of your code?

            regards
            michael

            Comment

            Working...
            X