As 511
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View As 511 as PDF for free.
More details
- Words: 1,179
- Pages: 7
SIMATIC AS511 Protocol
Date :
27/01/2001
Prepared by :
Cesar Garcia
Original information :
http://www.runmode.com http://members.xoom.it/cattaneo_plc. 0.1.0
Version :
SIEMENS SIMATIC S5 AS511 (Programming port) protocol description INTRODUCTION Information about the AS511 protocol from Siemens, is very difficult to find. This information is take from http://www.runmode.com, and http://members.xoom.it/cattaneo_plc. I add some information that I found using this protocol. 1. Siemens data frame. Siemens data frame is not usual, open your port with:
Item
value
Speed
9600 baud
Data
8 bits
Stop
1 bit
Parity
EVEN
DLE (10hex) is a control character, used to inform the receiver that the following char is to be considered a control character and not a data byte. In other words, DLE is a software switch within the AS511 protocol to divide control and data bytes.Whenever a DATA byte containing the value 10hex is to be sent, the sender must DOUBLE the char. This means that to send a data byte 10hex, the sender must send 10hex 10hex (DLE DLE). he receiver must consider the thing, so a single DLE will mean a protocol signal, while two consecutive DLE are to be interpreted as a SINGLE data byte containing the 10hex value. This is a little tricky, since the receiver NEVER knows exactly how many bytes to expect. Take also note that the AG can answer DLE NAK instead of DLE ACK if the requested operation can not be carried out. In this case, the PG must abort the communication and wait for 500ms before attempting a new communication. The value of 500mS is also applied as timeout value in case of missing response from the partner.This also means that no "holes" of 500mS (or more) are allowed during a communication (e.g. within a DB_READ function). To read or write a datablock value, you need to know its address in PLC memory. Therefore you must invoke B_INFO function to know the address, then you can call DB_READ or DB_WRITE by giving the initial and final address of the area to be read or written.
Be aware that in SIMATIC the LSB/MSB bytes order is reversed: SIMATIC: 15..............0 BYTE 0 BYTE 1
www.plctools.org
SIMATIC AS511 Protocol
INTEL: 15..............0 BYTE 1 BYTE 0
To obtain the correct integer value of a dataword, the user must therefore: - swap the received bytes and - swap the bytes before sending them to the PLC
////////////////////////////////////////////////////////////////////////////// B_INFO input: block number output: initial address of DW0 in AG
TIP When I start working whit this information, I test different codes for the block identification, the firts byte in the header section. You can use the following codes: IDDB = 1 IDSB = 2 IDPB = 4 IDFB = 8 IDOB = 48 IDFX = 76 IDDX = 144
Data blocks Estructured block Program block Function block Cyclical block Extended function block Extended data blocks
PG AS (hex) (hex) ---------------------- function start -------02 ----> STX <---10 DLE <---06 ACK 1A ----> B_INFO function code = 1Ah <---02 STX 10 ----> DLE 06 ----> ACK <---16 AG answer=16h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- header info -------01 ----> ID=01h for Datablock XX ----> DB number (0..255) 10 ----> DLE 04 ----> EOT <---10 DLE
www.plctools.org
SIMATIC AS511 Protocol <---06 ACK ---------------------- data -------<---02 STX 10 ----> DLE 06 ----> ACK <---00 NUL <---XX DB initial address <---XX <---70 synchronization code: 70 70 <---70 <---41 block ID and DB number : 41 XX <---XX <---XX PG ID code: XX XX <---XX <---XX library number: XX XX <---XX <---XX block length (words): XX XX <---XX <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- terminate -------<---02 STX 10 ----> DLE 06 ----> ACK <---12 AG "end of transmission" code: 12h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ////////////////////////////////////////////////////////////////////////////// DB_READ input: initial address in AG final address in AG output: contents of datawords
TIP You can used the DB_READ function, for read the information of any memory position in the PLC.
PG AS (hex) (hex) ---------------------- function start -------02 ----> STX <---10 DLE <---06 ACK 04 ----> DB_READ function code = 04h <---02 STX 10 ----> DLE 06 ----> ACK www.plctools.org
SIMATIC AS511 Protocol <---16 AG answer=16h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- header info -------XX ----> initial address in AG: XX XX XX ----> XX ----> final address in AG: XX XX XX ----> 10 ----> DLE 04 ----> EOT <---10 DLE <---06 ACK ---------------------- data -------<---02 STX 10 ----> DLE 06 ----> ACK <---00 NUL <---00 NUL <---00 NUL <---00 NUL <---00 NUL <---XX first byte of data <---XX <---XX ... ... <---XX <---XX <---XX last byte of data <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- terminate -------<---02 STX 10 ----> DLE 06 ----> ACK <---12 AG "end of transmission" code: 12h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK
////////////////////////////////////////////////////////////////////////////// DB_WRITE input:
- initial address in AG - contents of datawords
output: - none
www.plctools.org
SIMATIC AS511 Protocol
TIP You can used the DB_WRITE function, for read the information of any memory position in the PLC.
PG AS (hex) (hex) ---------------------- function start -------02 ----> STX <---10 DLE <---06 ACK 03 ----> DB_WRITE function code = 03h <---02 STX 10 ----> DLE 06 ----> ACK <---16 AG answer=16h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- header info -------XX ----> initial address in AG: XX XX XX ----> ---------------------- data -------XX ----> first byte of data XX ----> XX ----> ... ... XX ----> XX ----> XX ----> last byte of data 10 ----> DLE 04 ----> EOT ----> 10 DLE ----> 06 ACK ---------------------- terminate -------<---02 STX 10 ----> DLE 06 ----> ACK <---12 AG "end of transmission" code: 12h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK //////////////////////////////////////////////////////////////////////////////
TIP Sys_par give you the information about the address of I/O, flags, counters and timers. You can use the DB_READ and DB_WRITE, to modify this memory address.
//////////////////////////////////////////////////////////////////////////////
www.plctools.org
SIMATIC AS511 Protocol SYS_PAR input:
output: - address of I/O, flags, counter and timers.
PG AS (hex) (hex) ---------------------- function start -------02 ----> STX <---10 DLE <---06 ACK 03 ----> SYS_PAR function code = 03h <---02 STX 10 ----> DLE 06 ----> ACK <---16 AG answer=16h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK 00 ----> NULL 00 ----> NULL 10 ----> DLE 04 ----> EOT <---10 DLE <---06 ACK <---02 STX 10 ----> DLE 06 ----> ACK ---------------------- data -------<---00 NUL <---00 NUL <---00 NUL <---00 NUL <---00 NUL <---XX AdrPAE <---XX AdrPAE <---XX AdrPAA <---XX AdrPAA <---XX AdrM <---XX AdrM <---XX AdrT <---XX AdrT <---XX AdrZ <---XX AdrZ <---XX AdrIAData <---XX AdrIAData ..... ..... 26 Don´t care bytes. ..... <---XX PLCType ..... ..... 7 Don´t care bytes. www.plctools.org
SIMATIC AS511 Protocol ..... <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- terminate -------<---02 STX 10 ----> DLE 06 ----> ACK <---12 AG "end of transmission" code: 12h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ////////////////////////////////////////////////////////////////////////////// end of document
www.plctools.org
Date :
27/01/2001
Prepared by :
Cesar Garcia
Original information :
http://www.runmode.com http://members.xoom.it/cattaneo_plc. 0.1.0
Version :
SIEMENS SIMATIC S5 AS511 (Programming port) protocol description INTRODUCTION Information about the AS511 protocol from Siemens, is very difficult to find. This information is take from http://www.runmode.com, and http://members.xoom.it/cattaneo_plc. I add some information that I found using this protocol. 1. Siemens data frame. Siemens data frame is not usual, open your port with:
Item
value
Speed
9600 baud
Data
8 bits
Stop
1 bit
Parity
EVEN
DLE (10hex) is a control character, used to inform the receiver that the following char is to be considered a control character and not a data byte. In other words, DLE is a software switch within the AS511 protocol to divide control and data bytes.Whenever a DATA byte containing the value 10hex is to be sent, the sender must DOUBLE the char. This means that to send a data byte 10hex, the sender must send 10hex 10hex (DLE DLE). he receiver must consider the thing, so a single DLE will mean a protocol signal, while two consecutive DLE are to be interpreted as a SINGLE data byte containing the 10hex value. This is a little tricky, since the receiver NEVER knows exactly how many bytes to expect. Take also note that the AG can answer DLE NAK instead of DLE ACK if the requested operation can not be carried out. In this case, the PG must abort the communication and wait for 500ms before attempting a new communication. The value of 500mS is also applied as timeout value in case of missing response from the partner.This also means that no "holes" of 500mS (or more) are allowed during a communication (e.g. within a DB_READ function). To read or write a datablock value, you need to know its address in PLC memory. Therefore you must invoke B_INFO function to know the address, then you can call DB_READ or DB_WRITE by giving the initial and final address of the area to be read or written.
Be aware that in SIMATIC the LSB/MSB bytes order is reversed: SIMATIC: 15..............0 BYTE 0 BYTE 1
www.plctools.org
SIMATIC AS511 Protocol
INTEL: 15..............0 BYTE 1 BYTE 0
To obtain the correct integer value of a dataword, the user must therefore: - swap the received bytes and - swap the bytes before sending them to the PLC
////////////////////////////////////////////////////////////////////////////// B_INFO input: block number output: initial address of DW0 in AG
TIP When I start working whit this information, I test different codes for the block identification, the firts byte in the header section. You can use the following codes: IDDB = 1 IDSB = 2 IDPB = 4 IDFB = 8 IDOB = 48 IDFX = 76 IDDX = 144
Data blocks Estructured block Program block Function block Cyclical block Extended function block Extended data blocks
PG AS (hex) (hex) ---------------------- function start -------02 ----> STX <---10 DLE <---06 ACK 1A ----> B_INFO function code = 1Ah <---02 STX 10 ----> DLE 06 ----> ACK <---16 AG answer=16h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- header info -------01 ----> ID=01h for Datablock XX ----> DB number (0..255) 10 ----> DLE 04 ----> EOT <---10 DLE
www.plctools.org
SIMATIC AS511 Protocol <---06 ACK ---------------------- data -------<---02 STX 10 ----> DLE 06 ----> ACK <---00 NUL <---XX DB initial address <---XX <---70 synchronization code: 70 70 <---70 <---41 block ID and DB number : 41 XX <---XX <---XX PG ID code: XX XX <---XX <---XX library number: XX XX <---XX <---XX block length (words): XX XX <---XX <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- terminate -------<---02 STX 10 ----> DLE 06 ----> ACK <---12 AG "end of transmission" code: 12h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ////////////////////////////////////////////////////////////////////////////// DB_READ input: initial address in AG final address in AG output: contents of datawords
TIP You can used the DB_READ function, for read the information of any memory position in the PLC.
PG AS (hex) (hex) ---------------------- function start -------02 ----> STX <---10 DLE <---06 ACK 04 ----> DB_READ function code = 04h <---02 STX 10 ----> DLE 06 ----> ACK www.plctools.org
SIMATIC AS511 Protocol <---16 AG answer=16h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- header info -------XX ----> initial address in AG: XX XX XX ----> XX ----> final address in AG: XX XX XX ----> 10 ----> DLE 04 ----> EOT <---10 DLE <---06 ACK ---------------------- data -------<---02 STX 10 ----> DLE 06 ----> ACK <---00 NUL <---00 NUL <---00 NUL <---00 NUL <---00 NUL <---XX first byte of data <---XX <---XX ... ... <---XX <---XX <---XX last byte of data <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- terminate -------<---02 STX 10 ----> DLE 06 ----> ACK <---12 AG "end of transmission" code: 12h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK
////////////////////////////////////////////////////////////////////////////// DB_WRITE input:
- initial address in AG - contents of datawords
output: - none
www.plctools.org
SIMATIC AS511 Protocol
TIP You can used the DB_WRITE function, for read the information of any memory position in the PLC.
PG AS (hex) (hex) ---------------------- function start -------02 ----> STX <---10 DLE <---06 ACK 03 ----> DB_WRITE function code = 03h <---02 STX 10 ----> DLE 06 ----> ACK <---16 AG answer=16h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- header info -------XX ----> initial address in AG: XX XX XX ----> ---------------------- data -------XX ----> first byte of data XX ----> XX ----> ... ... XX ----> XX ----> XX ----> last byte of data 10 ----> DLE 04 ----> EOT ----> 10 DLE ----> 06 ACK ---------------------- terminate -------<---02 STX 10 ----> DLE 06 ----> ACK <---12 AG "end of transmission" code: 12h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK //////////////////////////////////////////////////////////////////////////////
TIP Sys_par give you the information about the address of I/O, flags, counters and timers. You can use the DB_READ and DB_WRITE, to modify this memory address.
//////////////////////////////////////////////////////////////////////////////
www.plctools.org
SIMATIC AS511 Protocol SYS_PAR input:
output: - address of I/O, flags, counter and timers.
PG AS (hex) (hex) ---------------------- function start -------02 ----> STX <---10 DLE <---06 ACK 03 ----> SYS_PAR function code = 03h <---02 STX 10 ----> DLE 06 ----> ACK <---16 AG answer=16h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK 00 ----> NULL 00 ----> NULL 10 ----> DLE 04 ----> EOT <---10 DLE <---06 ACK <---02 STX 10 ----> DLE 06 ----> ACK ---------------------- data -------<---00 NUL <---00 NUL <---00 NUL <---00 NUL <---00 NUL <---XX AdrPAE <---XX AdrPAE <---XX AdrPAA <---XX AdrPAA <---XX AdrM <---XX AdrM <---XX AdrT <---XX AdrT <---XX AdrZ <---XX AdrZ <---XX AdrIAData <---XX AdrIAData ..... ..... 26 Don´t care bytes. ..... <---XX PLCType ..... ..... 7 Don´t care bytes. www.plctools.org
SIMATIC AS511 Protocol ..... <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ---------------------- terminate -------<---02 STX 10 ----> DLE 06 ----> ACK <---12 AG "end of transmission" code: 12h <---10 DLE <---03 ETX 10 ----> DLE 06 ----> ACK ////////////////////////////////////////////////////////////////////////////// end of document
www.plctools.org
Related Documents
As 511
December 2019 23
511
May 2020 23
511-s
October 2019 32
Surahinaampage476-511
July 2020 8
Lenin-vol3-p510-511
July 2020 5
511-1187-1-sm.pdf
May 2020 4More Documents from "Tiiactya Njhowtheowwangblieber"
Symaxprotocol
December 2019 10
As 511
December 2019 23
Lista Ad Ven Actualizada Enero 2009
December 2019 18
Control De Calidad
June 2020 10
