https//www.racom.eu/eng/support/protocols_docum/bc126a_profibus.html
1. Introduction
Almost all Profibus equipment supports PROFIBUS DP-V0, which is why we decided on
implementing this protocol. We do not support the multimaster mode or the PROFIBUS-
FMS protocol. The PLC with the DP-V1 version can be adapted for working with the
DP-V0 version by modifying the GSD file, see below.
The PROFIBUS-DP radiomaster reads the pre-configured part of the memory (cache)
from the PROFIBUS-DP slave and stores the resulting data in the (cache) memory of
the Radiomaster CU. As soon as a change is detected in the stored data or once the
set time has elapsed the data is sent via the MORSE radio network to the designated
address in the Radioslave CU. Analog and digital data and alarms are securely
transferred in this way. The central PROFIBUS-DP Radioslave receives data from up
to 256 stations simultaneously (according to the number of transmitted modules).
This data is available for the PROFIBUS-DP master, which can read it via the serial
link. Transfer in the opposite direction (from the central PROFIBUS-DP master to
PROFIBUS-DP slave) occurs in the same way.
MORSE MORSE
PROFIBUS-DP PROFIBUS-DP PROFIBUS-DP PROFIBUS-DP
master sim Radioslave Radiomaster slave sim
PLC CU CU PLC
______ \|/............. \|/
| | RS485 _|_ : _|_ ___
| |-------| | : | | RS485 | |
|______| |___| : |___|---------|___| addr.03
addr.02 690F0002 : 690F0003 |
SPe0tM SPe0tS : SPe0tM | SPe0tS
(A)ddr:02 (A)ddr:02 : (A)ddr:02 | (A)ddr:02
(B)ase:03 (B)ase:03 : (B)ase:03 | (B)ase:03
(N)um: 03 (N)um: 03 : (N)um: 02 | (N)um: 01
: |
: |
: | ___
: | | |
: ----|___| addr.04
:
: SPe0tS
: (A)ddr:02
: (B)ase:04
: (N)um: 01
:
:...... \|/
_|_ ___
| | RS485 | |
|___|---------|___| addr.05
690F0005
SPe0tM SPe0tS
(A)ddr:02 (A)ddr:02
(B)ase:05 (B)ase:05
(N)um: 01 (N)um: 01
PLC timeout (n)et timeout (l)ink timeout transfer parameters
(s)hort net timeout link (d)elay
request, data OUT ---> |
68 1D 1D 68 03 02 5D 0000FFFF 000000FF 00000000
00000000 00000000 00000000 00FF 5E 16
SD2 - Start separator, 0x68
LE - Length (byte) including fields DA,SA,FC,DATA, range 4 to 249
DA - Destination address
SA - Source address
FC - Frame Control, 5D or 7D, see Profibus specification
DATA - Transmitted data, 1 to 246 bytes
FCS - Frame Check Sequence
ED - Stop separator, 0x16
A fixed length frame containing no data serves for testing the functionality of the
station:
|SD1/8|DA/8|SA/8|FC/8|FCS/8|ED/8|
10 03 02 49 4E 16
SD1 - start separator, 0x10
DA - destination address
SA - source address
FC - Frame Control
FCS - Frame Check Sequence
ED - stop separator, 0x16
A fixed length frame with data:
|SD3/8|DA/8|SA/8|FC/8|DATA/64|FCS/8|ED/8|
A2 03 02 .. .... .. 16
SD1 - Start separator, 0xA2
DA - Destination address
SA - Source address
FC - Frame Control
DATA - Transmitted data, 8 byte
FCS - Frame Check Sequence
ED - stop separator, 0x16
A token frame in multimaster mode transfers control to the next master:
|SD4/8|DA/8|SA/8|
DC 02 02
SD4 - Start separator, 0xDC
DA - Destination address
SA - Source address
3. Example of Communication
On making a connection the configuration is first ascertained and then internal
protocol parameters are automatically set. The following example captures the
already steady state of data transfer (data exchange) to the Radioslave CU port:
08:22:02.320 rx;i 35 | S01
681D 1D68 0302 5D00 00FF FF00 0000 FF00 0000 0000 0000 0000 0000 0000 0000 0000
FF5E 16
08:22:02.321 tx 43 | S01
6825 2568 0203 0800 0000 0000 1D00 00FF FF00 1D00 0000 0000 0000 0000 0000 0000
0000 0000 FF00 1D00 FF60 16
08:22:02.406 rx;i 6 | S01
1003 0249 4E16
08:22:02.406 tx 6 | S01
1002 0300 0516
08:22:02.468 rx;i 3 | S01
DC02 02
08:22:02.636 rx;i 35 | S01
681D 1D68 0302 7D00 00FF FF00 0000 FF00 0000 0000 0000 0000 0000 0000 0000 0000
FF7E 16
08:22:02.637 tx 43 | S01
6825 2568 0203 0800 0000 0000 1D00 00FF FF00 1D00 0000 0000 0000 0000 0000 0000
0000 0000 FF00 1D00 FF60 16
We can more easily monitor the content of data frames which are stored in cache
memory using the function "d(A)ta req" a "d(a)ta resp" in the protocol parameters:
>>A
>>cmd 03:Profi fun 00:03027D 0000 FFFF 0000 00FF 0000 0000 0000 0000 0000 0000 0000
0000 00FF
Here a "data request" frame was sent from PLC Master to PLC Slave, from address 02
to address 03.
>>a
>>cmd 02:Profi fun 00:020308 0000 0000 001D 0000 FFFF 001D 0000 0000 0000 0000 0000
0000 0000 0000 00FF 001D 00FF
The "data response" frame comes from PLC Slave 03 to PLC Master 02
4. Setting Protocol Parameters
Module SCC1 RS485 is used in radiomodem MR400. We select a signalling rate of 19200
or 93700bps.
Profibus uses the parity "EVEN" setting and one full stop bit, i.e.:
s(T)op:OFF fr(A)gs:7+9/16
SCCs:
n m g b p8 i s XRC D G o
(0)RS232 ASYNC SW 19200N81 5 1600 --- D 0 MARS-A
(1)RS485 ASYNC SW 19200E81 5 1600 --- D 0 PROFIBUS
(2)RS232 ASYNC SW 19200N81 5 1600 --- D 0 MARS-A
(3)RS232 ASYNC SW 19200N81 5 1600 --- D 0 MARS-A
de(f)ault (r)ead (w)rite
(I)nit (S)ync
(q)uit
>>1
Serial Communication Channels:
i(n)t:RS485 (m)ode:ASYNC dia(g):SW
(b)it/s:19200 (p)ar:EVEN (8)bit:ON s(T)op:OFF fr(A)gs:7+9/16
RX (i)dle:5 RX buf (s)ize:1600
TX idl(e):OFF
Handshake: (X)on/Xoff:OFF (R)TS:OFF (C)TS:OFF
C(D):ON (G):0000
pr(o)tocol PROFIBUS parame(t)ers
ext clocks t(x):OFF (r)x:OFF sync (w)ord:7E7E
SC(M):B131 (d)sc: 3835
(I)nit (W)rite
(q)uit
>>
Note -
When using the MR25 we use a "OPI232/485pc" converter (=Profibus compatible), which
is equipped with keying control on the RS485 link with a CTS signal (terminal K on
OPI235/485pc) and switchable terminator resistors according to the Profibus-DP
specification. For a Profibus rate of 93750bps set SCC to 93700bps:
SCCs:
(1)RS485 ASYNC NORM 93700E81 5 1600 --- D 0 PROFIBUS
Protocol Parameters:
PROFIBUS parameters:
(m)ode :RADIOSLAVE (wired to master)
(M)aster
(S)lave
(q)uit
>>
----------------------
(m) - Select CU mode :
----------------------
mode
(m) RADIOMASTER (wired to slave) - CU connected to PLC Slave
(s) RADIOSLAVE (wired to master) - CU connected to PLC Master
Other modes simulate the behaviour of various types of PLC Profibus in the CU:
(7) MASTER SIMULATOR S7
(S) SLAVE SIMULATOR S7
(C) MASTER SIMULATOR CI851
(c) SLAVE SIMULATOR CI851
(4) MASTER SIMULATOR CI854
(0) SLAVE SIMULATOR CI854
(q)uit
>>
-----------------------------------------------------------
(M) - Parameters of radiomaster CU and master simulator CU:
-----------------------------------------------------------
RadioMaster param.
Center (A)ddr:0002
Points (B)ase:0003 (N)um:1
(n)et timeout:10s
(s)hort net timeout:1000ms
(l)ink timeout:100ms
link (d)elay:50ms
sl(e)ep timeout:30s
(C)hange detector:ALL
(M)in hysteresis:0000
A(b)b behavior:ON
(D)ebug filter:0
(S)tate
(q)uit
>>
Center (A)ddr:0002 - address of central radioslave CU, lower part of MORSE address
Points (B)ase:0003 - addresses of connected points of PLC slave must create a
continuous numerical range; the lowest of these addresses is written here
(N)um:1 - number of PLC slave
Items (B)ase, (N)um a in menu (S)tate (N)o describe:
For Radioslave and Master simulator
- all PLCs connected via the radio network to Radioslave CU
for Radiomaster - only PLC connected via RS485 to Radiomaster CU
for Slave simulator - only this one Slave
For this reason, for example, the (N)o determining the same PLC can be different in
the Radiomaster and Radioslave menu, see example in the initial diagram.
(n)et timeout:10s
interval between messages sent over the radio network, this interval is
applied if no change in data occurred or if change detection (C) is off
(s)hort net timeout:1000ms
shortest interval between messages, prevents network overloading during
frequent data changes
(l)ink timeout:100ms
interval between communication on the radiomaster-slave and master-
radioslave link, see Help (l): (19200bps:100ms, 93750bps:20ms)
link (d)elay:50ms
minimum delay between the end of receipt and the beginning of next
transmission to the line, see help (d): (19200bps:50ms, 93750bps:10ms)
sl(e)ep timeout:30s
after a restart M, RS or RM a 30 s pause is generated in RM on the RS 485
link for the respective Slave. The pause forces it to restart its "state
machine" so that new parameters can be set up.
(C)hange detector:ALL
reactions to changes in input data are optional:
(o) OFF - none, data only transmitted in the interval (n)et timeout
(a) ALL - each change causes transmission RM -> RS
(e) EXT - only transmits upon exceeding the hystereses defined in menu SXX
(M)in hysteresis:0000
the change in input data must achieve at least this value in order to cause
transmission, protection against setting too low values in SXX.
A suitable combination of parameters provides a simplified solution to the problem
of hysteresis, e.g.:
(n)et timeout:10s
(s)hort net timeout:500ms
(C)hange detector:ALL
Here transmission to the centre occurs after a change in input data. Changes in the
following 500ms do not bring about transmission, but the first next change does. If
the state of inputs does not change data is sent to the centre every 10s.
A(b)b behavior:ON
ON - for ABB PLC
OFF - for Siemens PLC
(D)ebug filter:0
for servicing purposes
(S)tate
diagnostic information about the state of the protocol and transmitted data
---------------------------------------------------------
(S) - parameters of radioslave CU and slave simulator CU:
---------------------------------------------------------
RadioSlave param.
Center (A)ddr:0002
Points (B)ase:0003 (N)um:1
(n)et timeout:10s
(s)hort net timeout:1000ms
B(r)oadcast:OFF
A(b)b behavior:ON
(D)ebug filter:0
(S)tate
(q)uit
>>
Meaning of items analogous to those in the (M)aster menu.
The period of communication on RS485 link is not configured and is controlled from
the PLC master.
B(r)oadcast:OFF
OFF - broadcasts not sent
ON - transmits, settings in menu "Be" and "FIe" also required
A(b)b behavior:ON
In the initial phase of "data exchange" the PLC Master sends a data request
about which RS still doesn't have a response from the PLC Slave. On setting
parameters:
OFF - for Siemens PLC - Radioslave replies "E5" and Master continues in
transmitting "data exchange"
ON - for ABB PLC - PLC does not understand "E5" message, which is why the
Radioslave does not reply
-----------------------------
(S)tate - diagnostic data:
-----------------------------
Profibus State of Slave (N)o.:0
(S)tatus
d(a)ta resp
d(A)ta req
D(1) resp
(p)arset
(c)onfig
D(2) resp
data (r)ef
data (h)yst
(q)uit
>>
Parameter (N)o.:0 selects communication with Slave Simulator number 0. From the
set of diagnostic parameters we present:
S
>>slave No0 state:6 rtleft:22 a:2 d:3
The value of the parameter "slave No0 state:" = 6 indicates that standard "data
exchange" is taking place. A value other than 6 indicates that one of the
preparation phases of communication is taking place.
Function "d(a)ta resp" is used to show data IN, which comes from the Slave PLC to
the Master PLC:
a
>>cmd 02:Profi fun 00:020308 0000 0000 001D 0000 FFFF 001D 0000 0000 0000 0000 0000
0000 0000 0000 00FF 001D 00FF
00: - Slave PLC No 0
02 - dst address = Master PLC 02
03 - src address = Slave PLC 03
08 - frame control
0000 0000 001D... data IN follows configured according to "(c)onfig"
Function "d(A)ta req" is used to show data OUT sent from the Master PLC to the
Slave PLC:
A
>>cmd 03:Profi fun 00:03027D 0000 FFFF 0000 00FF 0000 0000 0000 0000 0000 0000 0000
0000 00FF
00: - Slave PLC No 0
03 - dst address = Slave PLC 03
02 - src address = Master PLC 02
7D - frame control
0000 FFFF 0000...data OUT according to "(c)onfig"
The "(c)onfig" function provides the ascertained configuration of the Slave PLC.
The resulting form depends on the type of PLC, e.g. here is form for the ABB PLC:
c
>>cmd 06:Profi fun 00:83827D 3E3E D1C0 C1C2 C0C1 C9C0 C8C1
IN datalen=2raw(D1)
IO:OUT datalen=2rawIO:IN datalen=3raw(C0C1C2)
IO:OUT datalen=2rawIO:IN datalen=10raw(C0C1C9)
IO:OUT datalen=9rawIO:IN datalen=2raw(C0C8C1)
>>
"d(a)ta resp" from this PLC contains 2+3+10+2=17 words of input data. Data from
digital and analog inputs are not distinguished here.
Form for one specific Siemens PLC application:
c
>>cmd 06:Profi fun 8001:84825D 3E3E 0400 00AD C404 0000 8B41 0400 008F C043 0300
9FC3 8303 00AF D843 4700 15C5 8343 0025 E0
FREE SLOT(040000ADC4)
FREE SLOT(0400008B41)
FREE SLOT(0400008FC0)
IN datalen=4Byte (4303009FC3)
OUT datalen=4Byte (830300AFD8)
IN datalen=8Words(43470015C5)
OUT datalen=4Words(83430025E0)
>>
The configuration of the selected Slave PLC number 1 (No.:1 v menu "SPe0tMS") is
represented. Three slots are empty, followed by IN and OUT modules and the length
of the respective data. "d(a)ta resp" will contain 4+8=12 words of input data.
--------------------------
HYSTERESIS of Transmission
--------------------------
For configuration of analog data transmission hysteresis it is necessary to find
out the data structure "d(a)ta resp" of a specific PLC. For example, data generated
by the simulator from the menu "SPe1tm0" - SLAVE SIMULATOR CI854 is structured
according to the specific ABB PLC:
"SPe1tSSa" - d(a)ta resp
>>cmd 02:Profi fun 00:020308 0000 0000 001D 0000 FFFF 001D 0000 0000 0000 0000 0000
0000 0000 0000 00FF 001D 00FF
Serially number individual bytes:
fun 00:020308 0000 0000 001D 0000 FFFF 001D 0000 0000 0000 0000 0000 0000 0000 0000
0 1 2 3 4 5 6 7 8 9 A B C D E F 11 13 15 17 19 1B 1D
00FF 001D 00FF
1F 21 22
From the configuration of PLC modules it is found that number 9,A bytes are digital
input data, and words beginning with bytes number F,11.13.15.17.19.1B,1C are data
of eight analog inputs.
We can now compile a packet which defines hysteresis for the RadioMaster CU. The
packet structure is shown in menu "SXe1p", example:
PROFIBUS HYSTERESIS:
format:|res/12|num/4|[|type/8|res/2|items/6|doff/8|dsi/8|hdata|]
(n)um:0
(1):0108 (2):0F10
(3):0010 (4):0010
(5):0010 (6):0010
(7):0010 (8):0010
(9):0010 (a):0010
(b):0202 (c):0902
(d):FFFF (e):0000
(f):0000 (g):0000
(h):0000
(q)uit
>>
res/12 - 0 - reserve
num/4 - 0x 2 - number of entered data types (analog, digital...)
type/8 - 0x01 - analog data type
res/2 - 0 - reserve
items/6 - 0x 8 - number of words in "d(a)ta resp", which carry data of analog
inputs AI
doff/8 - 0x0F - offset, serial number of first byte of data for AI
dsi/8 - 0x10 - datasize, dsi=2*items, length of block of AI data in bytes
hdata/dsi*8 - 0010 0010 0010 0010 0010 0010 0010 0010
- hysteresis for AI0 to AI7, once exceeded data is sent to RS
in EXT mode
type/8 - 0x02 - digital data type
res/2 - 0 - reserve
items/6 - 0x 2 - number of bytes in "d(a)ta resp", which carry data each for 8 DI
doff/8 - 0x09 - offset, serial number of first byte of data for digital inputs DI
dsi/8 - 0x02 - datasize, dsi=items, length of block of DI data in bytes
hdata/dsi*8 - FFFF
- the mask determines which digital inputs are read from
the DI module
The compiled packet looks as follows:
0002 0108 0F10 0010 0010 0010 0010 0010 0010 0010 0010 0202 0902 FFFF
It is written in the PROFIBUS HYSTERESIS menu step by step using parameters
(n),(1),(2)...
Note
- on entering the PROFIBUS HYSTERESIS menu its contents need to be read from the
flash memory: "SXe r 1p" and on leaving store again using the "w" or "W" command.
Init and Sync commands are not used here.
After saving hysteresis we can activate it in radiomaster RM:
SPe1tMCe -> Change detector EXT
RM then transmits to RS only if there was a greater change in input data than the
set hysteresis for the respective AI. In RM menu:
SPe1tMM -> Min hysteresis:0000
It is possible to set the minimum hysteresis that must be exceeded in order for
sending data to RS. This minimum hysteresis is only a complement of menu SXe, which
must also be filled in.
Packet generation for testing hysteresis is possible in the slave simulator from
menu SPe1tSS
....
(n)o.:0 (g)et ai value
(o)ff:15 (s)et to (v)alue:2222 (simulator only)
(q)uit
>>
(o)ff:15 - serial number of first byte generated,
same as "doff/8" in menu "SXe1p"
(v)alue:2222 - prepared value, hex
(s)et to - entering of preparation value
(n)o.:0 - number of simulated AI, which we can read
(g)et ai value - reading:
>>slave No0
AI :2222.i.e 30.681180% ... content of AI0 and its relative size
REF:0000.i.e 0.000000% ... value last sent, used in RM
HYS:0010.i.e 0.056180% ... specified hysteresis
>>
Example of reading "(g)et ai value" in RM. Also need to fill in hysteresis in SXe:
>>master No0
AI :2225.i.e 30.691713% ... current state, hysteresis not exceeded
REF:2222.i.e 30.681180% ... last state sent to RS
HYS:0010.i.e 0.056180% ... hysteresis
>>
--------------
PLC Parameters:
--------------
1)
Recommended parameters for PLC Profibus DP-V0:
min Tsdr > 66 tbit
max Tsdr > min Tsdr
Tqui = 1 tbit
Tset = 65 tbit
Tslot = 500 tbit
2)
Some PLCs use Profibus version DP-V1, which transmits certain additional
information. This PLC can be set for work with version DP-V0, which supports the
Profibus protocol for MORSE. A change concerns the configuration file GSD, which is
entered in the PLC Master.
For example, in file "SI01801X.GSE", which the Simatic PLC uses, the following
marked rows need to be marked as notes (;):
Max_User_Prm_Data_Len=179
Ext_User_Prm_Data_Const(0)=0x00.0x00.0x08
Ext_User_Prm_Data_Const(3)=0x08.0x81.0x00.0x00.0x40.0x00.0x00.0x80
Ext_User_Prm_Data_Ref(10)=3
; DPV1 key words:
; Diag_Update_Delay=7
; DPV1_Slave=1
; C1_Read_Write_supp=1
; C1_Max_Data_Len=240
; C1_Response_Timeout=20
; Diagnostic_Alarm_supp=1
; Process_Alarm_supp=1
; Pull_Plug_Alarm_supp=1
; Extra_Alarm_SAP_supp=1
; Alarm_Type_Mode_supp=1
; WD_Base_1ms_supp=1
; Check_Cfg_Mode=1
; Publisher_supp=1
;"Deselect diagnostic blocks"
Ext_User_Prm_Data_Ref(8)=511
Ext_User_Prm_Data_Ref(8)=512
------------------
Activation Process
------------------
1) Select MORSE addresses for the proposed network configuration, see diagram on
page 1.
2) The CU must contain at least version L664 firmware. MR400 is used with a RS485
module (or MR25 and converter OPI232/485profibus DP compatible).
3) Check the connection in the MORSE network using command !h address.
4) In menu SPe select protocol RS485, signalling rate 19200 or 93700 according to
the PLC, parity Even, 1 stop bit, see page 4.
5) Connect RS485, LED RxD and TxD indicate communication by flashing.
6) Monitor operation on the SCC channel. In the initial phase of communicate
parameter setting data is exchanged. The complete M-RS-RM-S route must be connected
in order to successfully set parameters. After completion data exchange looks like
that on page 3.
7) Using the repeated command SPe1tMSS or SPe1tSSS we can check if the protocol
reached "state:6", which is the steady operating state.
7) Using command SPe1tMSa we can monitor data read from Slave number "(N)o." in
this menu, and using command SPe1tMSA we can monitor data transmitted from the
center.
4. History
This description is valid from version sw 664.