0 Introduction
With the development of computer and communication technologies, the diversification and informatization of PLC modules, and the widespread application of distributed control systems with PLCs as the basic control units in the field of automation, there is an urgent need for a bus suitable for long-distance digital communication. Based on the RS422 standard, EIA developed an RS485 bus standard that supports multiple nodes, long distances, and high receiver sensitivity. EIA used to add the prefix RS (an abbreviation of Rcommende Standard) to all its standards, so many engineers have continued to use this name. Because of the long distance (1200m), multiple nodes (32), and low transmission line cost of RS485, EIA's RS485 has become the preferred standard for data transmission in industrial applications.
Our factory has 18 electric actuator commissioning lines distributed across several areas in three workshops. Each commissioning line is controlled by a PLC and HMI. To centrally manage commissioning data, verify the correctness of commissioning results, and monitor the commissioning lines, the 18 PLCs are connected to a computer via an RS485 bus, forming a distributed monitoring system. Data communication enables data sharing between the computer and PLCs, achieving centralized management and decentralized control of the commissioning process. Communication between the computer and the various PLC substations is a crucial aspect of the system. This paper details the development of a host computer communication system based on the RS485 bus using VB, and outlines the design and practical application of the PLC's free port communication protocol. This can serve as a reference for application examples designed for various host computer, PLC, and HMI communication systems, and can also be used as a platform for engineering project training and teaching in courses such as testing technology and automation design.
1 RS485 network configuration
The RS485 standard uses a balanced transmit, differential receive transceiver to drive the bus. Like RS422, it can interconnect multiple (up to 32) RS485 interfaces. However, the connection is simpler; just connect the "+" terminals to "+" terminals and the "-" terminals to "-" terminals of each interface. These two wires form the RS485 "physical bus." These interconnected RS485 interfaces are physically equal, but logically one is dominant and the others are subordinate. Communication also follows a master-call, slave-responder model.
The hardware configuration of the control system is shown in Figure 1. The host computer is a computer, and the slave computers use Siemens S7-200 series PLCs. Each PLC is directly connected to the RS485 bus via communication port 0. The host computer is connected to the RS485 bus via an RS232/485 converter, forming a 1:N communication mode. In the control system, the main task of the host computer is to acquire data information from the debugging line and monitor the debugging process. The main task of the slave computers is to automatically control the debugging process, send debugging data to the host computer, and execute commands from the host computer.
Figure 1 Network Diagram
2. Communication between computer and PLC
Communication between the host computer and the PLC is essentially the exchange of commands and responses between the computer and the PLC's communication module. The slave computer has initial transmission priority, sending all debugging data to the host computer. The host computer determines which debugging line sent the data based on the received data, analyzes the data, and then responds by sending back data and commands. The slave computer only receives data sent to itself. Communication is conducted in units of "frames," which are divided into data frames and response frames. Data frames are sent from the PLC to the host computer; response frames are commands and judgment signals automatically sent by the host computer to the PLC after receiving a data frame. All instruction codes, characters, and data are sent and received in hexadecimal code.
The S7-200 series PLC offers two communication modes: Point-to-Point (PPI) communication, used for communication between the PLC and its programmer or Siemens HMI products; and Freeport mode, which is fully user-defined, allowing users to specify their own communication protocol. PPI mode only allows communication in PLC STOP mode, while Freeport mode only allows communication in PLC Run mode. Before using Freeport mode, the serial port must be initialized. Initialization of the S7-200 PLC is achieved by setting the special flag SMB30.
2.1 PLC Sending Commands
The S7200 series PLC has a dedicated send command for sending data, with the following format:
XMTTABLEPORT
XMTTABLEPORTTABLE specifies the number of bytes (i.e., data length) to be sent, with a maximum of 255. The data to be sent must be stored after the TABLE. For example, if the TABLE's storage area is VB600, the data storage format for sending "MESSAGE" is shown in Figure 2. PORT specifies the communication port; in this project, it is set to 0. When data is being sent, the PLC's special flag SM4.5 is 0; after sending, SM4.5 is 1. Therefore, post-transmission processing can be performed by checking the status of SM4.5.
Figure 2 PLC sending information
If an interrupt service routine is connected to the end-of-transmission event, an interrupt will be generated when the last character in the buffer is sent (interrupt event 9 for port 0 and interrupt event 26 for port 1).
2.2 PLC receiving instructions
The format of the receive command is: RCVTABLEPORT
The receive command enables you to receive a buffer of one or more bytes, up to a maximum of 255 bytes. Figure 3 shows the format of the receive buffer. If an interrupt service routine is connected to the receive message completion event, the S7-200 will generate an interrupt (interrupt event 23 for port 0, interrupt event 24 for port 1) when the last character in the buffer has been received. Alternatively, you can receive information by monitoring SMB86 (port 0) or SMB186 (port 1) without using an interrupt. This byte is not 0 when the receive command is not activated or has been aborted; it is 0 when receiving is in progress.
Figure 3 Receiving Information
2.3 Special Registers and Related Bits
SMB30 controls the communication mode of Free Port 0, and SMB130 controls the communication mode of Free Port 1. You can write to and read from SMB30 and SMB130. As shown in Table 1, these bytes set the operation mode of free port communication and provide a choice between the free port or the protocols supported by the system.
Communication Receive Character Buffer SMB2: SMB2 is a transient register used to store the current character received in freeport communication mode. The user should retrieve the contents from here in the next step and control the received characters one by one from SMB2 into the receive buffer through programming.
Communication verification result flag SMB3.0: The PLC verifies the received data according to the parity check method specified in SMB30. If an error is found during verification, the PLC automatically sets SMB3.0 to 1; SM3.0=0 indicates that the parity check is correct. Based on this flag, the PLC can decide whether to accept or reject the current information. Furthermore, in case of an error, this error bit can be sent to the other party to request a retransmission.
Operating mode flag SM0.7: The 57-200 series PLC can only communicate in free port mode when it is in RUN mode, and can only communicate in PPI mode when it is in ST6P mode. When the PLC is in RUN mode, SM0.7=1, otherwise SM0.7=0. Therefore, the free port communication can be turned on or off by checking the status of SM0.7.
Transmitter null flag SM4.5 and transmit/receive instructions: When transmitting data, the special memory bit SM4.5 = 0. After transmission is complete, SM4.5 = 1. Therefore, post-transmission processing can be performed by judging the status of SM4.5, or it can be handled directly by the transmit interrupt.
Table 1 Special Memory Bytes SMB30
3. Host Computer Programming
In a Windows environment, various software development platforms are available for implementing data communication between a host computer and a PLC. Visual Basic is particularly convenient for writing communication software, requiring minimal programming effort and offering high visualization capabilities. In particular, it provides the MSComm communication control, which facilitates communication between multiple PLCs. The MSComm control has many important properties, among which the most crucial are:
(1) CommPort: Sets and returns the communication port number;
(2) SetTIngs: Sets and returns the baud rate, parity, data bits, and stop bits as a string;
(3) PortOpen: Sets and returns the status of the communication port (opens or closes a communication port);
(4) InBufferCount: Returns the number of bytes received in the receive buffer;
(5) Input property: Reads data from the receive buffer;
(6) Output property: Writes a string to the transmit buffer.
The flowchart of the communication process between the computer and the PLC is shown in Figure 5. The following is the main communication program between the computer and the PLC at station 5.
3.1 Initialize the communication port
PrivateSubForm_Load0
MSComm1.CommPort=1 // Use serial port 1
MSComm1.SetTIngs="9600, e, 7, 1" // 9600 baud rate, even parity, 7 data bits, 1 stop bit
MSComm1.InBufferCount=0 // Clear the receive buffer
MSComm1.InputLen=0 // Read the entire contents of the buffer during input.
MSComm1.PortOpen=True // Open the communication port
3.2 Sending control commands
PrivateSubSend_Click()
HD="5" + "FF" + "WW" + "A" + "M0100" + "01" + Data // Send to PLC station 5
Write = Chr(5) + HD + SumChk(HD) + Chr(13) + Chr(10) // Form the control command word, where DataW is the key.
// The data to be written, SumChk(RD) is the checksum function.
MSComm1.Output=Write // Send control commands to PLC at station 5
Do
XY=MSComm1.Input // Receive PLC response
RD_date = RD_date + XY
LoopUnTIlRight(RD_date,2)=Chr(13)&Chr(10)
Rd = Left(RD_date, 5) // Retrieve the first 5 characters of the response string
IfRd=Chr(6)+“02FF”Then
MsgBox "Control command received"
Else
MsgBox "Communication Error"
EndIf
EndSub
3.3 Read the status information of the debug line
PrivateSubD_A()
RD=“05”+“FF”+“WR”+“A”+“DO0000”+“01”
Read=Chr(5)+RD+SumChk(RD)+Chr(13)+Chr(10)
MSComm1.Output=Read // Send command to read data from PLC station 5
Do
ch=MSComm1.Input // Receive PLC response
R_Answer=R_Answer+ch
LoopUnTIlRight(R_Answer,2)=Chr(13)&Chr(10)
RA = Left(R_Answer, 5) // Retrieves the first 5 characters of the PLC response string
If RA = Chr(2) + "02FF" Then // Check if the reading is correct
MSComm1.Output = Chr(6) + "02FF" // Correct, sending to PLC
Confirmation signal DataR = Mid(R_Answer, 6, 4) // Retrieve data
DataR = Val(&H + DataR) // Convert data to decimal
Else
MsgBox "Error reading data"
EndIf
EndSub
4 PLC Programming
The PLC controls the debugging line through a program, and the resulting debugging results are stored in 255 bytes starting with VB100. This article mainly describes the communication process, which also involves data translation. For example, if the debugging torque value is stored in VW200, then VB200 needs to be multiplied by 256 and then added to VB201. The translation of floating-point numbers is more complex and will not be described in detail here. The main function is to send a string of debugging data to the host computer and receive the host computer's judgment and commands regarding the test results. The following section explains the communication process in conjunction with the relevant PLC program.
4.1 Main Program
LDI0.1 // Transmit Control
EU
CALL Send: SBR1 // Store the debugged data in the table, ready to call the subroutine to send.
4.2 Receiving Subroutine
SBR0:
LDSM0.0
MOVB9, SMB30 // Initialize port 0
MOVB16#F0, SMB87 // Initialize RCV information control byte, enable RCV
//Detect the end character of the information, and check the free line information condition.
MOVB16#05, SMB88 // Only receives data sent to this station (taking station 5 as an example)
MOVB16#0A, SMB89 // Receive Enter key, end of received data
MOVB5, SMB90 // Set idle line timeout to 5ms
MOVB10, SMB94 // Set the maximum number of characters to 10
ATCHINT_0:INT0, 23 // Receive complete, interrupt 0 executed
ENI // Enable User Interruption
RCVVB600, 0 // Receives data through port 0 and stores it in the byte starting with VB600.
4.3 Sending Subroutine
SBR1:
LDSM0.0
MOVB2#01101001, SMB30 // Initialize port 0, 9600 baud, 7 data bits, even parity
MOVB255, VB1000 // Total data bits sent
ATCHINT_1:INT1, 9 // Send completed, interrupt 1 executed
ENI // Enable User Interruption
XMTVB100, 0 // Sends data via port 0, sending bytes starting with VB100.
4.4 Interrupt Subroutines
Interrupt subroutine INT0:
LDSM0.0
MOVBVB602, QB0 // Response: Command received
Interrupt subroutine INT1:
LDSM0.0
CALL receive: SBR0 // Puts the PLC in receive mode
5. Conclusion
Actual operation of the system has shown that the distributed monitoring system built using the RS-485 bus has simple hardware connections, quick programming, and can easily realize network communication between computers and multiple PLCs. Compared with the Profibus-DP built using the fieldbus module EM277 and the Ethernet module EM243-I, it greatly reduces costs and is not limited by the limitation of only 8 stations being able to use PCAccess. More than a year of operation has shown that it is stable and reliable and can well meet the requirements of the monitoring system.
