Communication protocols

and it's applications

Modbus, Profibus and Profinet

Eng. Ragab Abd Elwanees

Contact: https://www.linkedin.com/in/ragab-abdelwanees
Contents
1. Modbus
• Modbus Communication
• Modbus RTU
• Modbus RTU Applications (App1, App2, App3, App4)
• Modbus ASCII
• Modbus TCP/IP
• Modbus TCP/IP characteristics
• Modbus TCP/IP simulation (App1 , App2)
• Comparison between Modbus RTU, ASCII and TCP-IP

2. Profinet
• Profinet communication
• Profinet Configuration
• Profinet Applications (App1 , App2)

3. Profibus
• Profibus communication
• Profibus Applications (App1)
• Comparison between Profinet and Profibus
Communication networks

• communication networks may be used in control systems to pass data between field devices and PLCs,
between different PLCs, or between PLCs and personal computers used for operator interface, data
processing and storage, or management information.

• although a communications circuit can involve only two pieces of equipment with a circuit between them,
the term network typically refers to connecting many devices together to permit the sharing of data
between devices over a single circuits.

Eng. Ragab Abd Elwanees

 The data transmission modes

The data transmission modes can be characterized in the following three types based on the direction of exchange of
information:

Simplex Half-Duplex

Simplex is the data transmission mode in which the data can
flow only in one direction, the communication is
unidirectional. In this mode, a sender can only send data but
can not receive it. Similarly, a receiver can only receive data
but can not send it.
Half-Duplex is the data transmission mode in which the data
can flow in both directions but in one direction at a time. It is
also referred to as Semi-Duplex. In other words, each station
can both transmit and receive the data but not at the same
time. When one device is sending the other can only receive
and vice-versa.

Eng. Ragab Abd Elwanees

 Full-Duplex
Full-Duplex is the data transmission mode in which the data can flow in both directions at the same time. It is bi-directional in
nature. It is two-way communication in which both the stations can transmit and receive the data simultaneously.

Serial Mode Parallel communication

The Serial data transmission mode is a mode in which the
data bits are sent serially one after the other at a time over
the transmission channel
In parallel communication the various data bits are
simultaneously transmitted using multiple communication
links between sender and receiver. Here, despite using a
single channel between sender and receiver, various links are
used and each bit of data is transmitted separately over all
the communication link.

Eng. Ragab Abd Elwanees

Eng. Ragab Abd Elwanees
 Types of serial ports
There are several types of data communication interfaces, each of which is designed for specific applications based
on the required set of parameters and protocol structure. Serial data interfaces include RS-232, RS485, RS-422,
CAN, I2C, I2S, LIN, SPI, and SMBus,

RS232

Eng. Ragab Abd Elwanees

RS422
RS485

Eng. Ragab Abd Elwanees

 What is communication protocol?
The Communication protocols is the way to trans-receive the data. with a set of rules that sends or receives between two or
more devices.
The communication protocol is the media or channel between two or more communicating devices.

Modbus Protocol

Modbus is a communication protocol developed in 1979 by Modicon (Schneider). In simple terms, it is a method used for
transmitting information over serial lines between electronic devices. The device requesting the information is called the
Modbus Master and the devices supplying information are Modbus Slaves. In a standard Modbus network, there is one
Master and up to 247 Slaves, each with a unique Slave Address from 1 to 247. The Master can also write
information to the Slaves

Eng. Ragab Abd Elwanees

Modbus protocol principle
• The Modbus Serial Line protocol is a Master-Slaves protocol. Only one master (at the same time) is connected to the bus
• A Modbus communication is always initiated by the master. The slave nodes will never transmit data without receiving a
request from the master node.
• The slave nodes will never communicate with each other. The master node initiates only one MODBUS transaction at the
same time.
• the master can send a request to all slaves.
• No response is returned to broadcast requests sent by the master. The broadcast requests are necessarily writing
commands.
• All devices must accept the broadcast for writing function. The address 0 is reserved to identify a broadcast exchange.

Eng. Ragab Abd Elwanees

 Modbus protocol versions

Several versions of Modbus have been developed to suit the transmission medium being used. Most common are:
▪ RTU
▪ ASCII
▪ TCP/IP

Eng. Ragab Abd Elwanees

 How data transfer in Modbus

The data transmitted from the master device to the slave device by a message; This message contains
all the data you need
Application Data Unit (ADU)

Address
write

Function

Protocol Data Unit Read

(PDU)
Data

Check Error

Eng. Ragab Abd Elwanees

Protocol Data Unit (PDU)
the Protocol Data Unit (PDU) plays a crucial role in the exchange of data between devices

Function : Indicates the type of operation to be performed (e.g., read, write , diagnose)
Data: Contains the data associated with the function code, such as the address of the data to be read or written and the actual
data values.

Ex: | 0x03 | 0x00 0x6B |

Application Data Unit (ADU)

Application Data Unit (ADU) is the complete message that is sent between a master and a slave device.

Device Address : Identifies the slave device.

PDU : Contains the function and data.
Error Checking Field : Used to detect errors in
transmission.
Each device has its own address. Data is sent to the slave's address and it responds with a message containing its
address
Eng. Ragab Abd Elwanees
 Error Checking Field

LRC (Longitudinal Redundancy Check):

• Simpler: Easier and faster to compute.
• Less Robust: Suitable for simpler communication environments.
• Use Case: Commonly used in Modbus ASCII communication.

CRC (Cyclic Redundancy Check):

• Complex: More complex but highly effective.
• More Robust: Detects a wider range of errors.
• Use Case: Commonly used in Modbus RTU communication and other robust protocols.

Eng. Ragab Abd Elwanees

 Modbus RTU

Eng. Ragab Abd Elwanees

 Modbus RTU
Modbus RTU (Remote Terminal Unit) :typically for use over RS- 232 single-ended or RS-485 differential lines, uses binary
coding and CRC error checking.
Uses a master-slave architecture, Only one master and up to 247 slave devices, After 32 slaves, a repeater is used to increase
the number.

Master/Slave

• Only one master and slaves up to 247, you can use more than one master, but mast separate them to not work at the same
time “interlock”
• Every slave has a unique address start from 1
What about address 0??
address 0 has a special purpose for broadcast:
Broadcast Communication:
Purpose: Used for broadcast messages.
Function: Allows the master to send a message to all slave devices on the network simultaneously.
Responses: Slave devices do not respond to broadcast messages. This prevents collision and ensures efficient communication

ADU For Modbus RTU

Device Address : Identifies the slave device.

PDU : Contains the function and data.
Error Checking Field (CRC) : Used to detect errors in
transmission.

Eng. Ragab Abd Elwanees

 Modbus RTU Frame format

Eng. Ragab Abd Elwanees

Start
• The Modbus RTU standard prescribes a silent period corresponding to 3.5 characters between each message, to be able fo
figure out where one message ends and the next one starts.
• The silent period after the message to the slave is the responsibility of the slave.
• The silent period after the message from the slave has previously been implemented in Minimal Modbus by setting a
generous timeout value, and let the serial read() function wait for timeout

Eng. Ragab Abd Elwanees

Address
Modbus Address: Modbus message starts with 8 bit target address. This can take any value from 0 to 247. Here 0 is
used as broadcast address and rest are used as unique device addresses

Eng. Ragab Abd Elwanees

Function
• The type of register being addressed by a Modbus request is determined by the function code. The most common codes
include 3 for "read holding registers", and may read 1 or more. Function code 6 is used to write a single holding register.
• Function code 16 is used to write one or more holding registers

Eng. Ragab Abd Elwanees

Modbus RTU Setup
1. Identify the Components:
• Master Device: Typically a PLC, HMI, or SCADA system.
• Slave Devices: Sensors, actuators, drives, or other Modbus-enabled devices.

2. Choose the Communication Medium:

• RS232: Suitable for short distances (up to 15 meters).
• RS485: Ideal for longer distances (up to 1200 meters) and multiple devices.

3. Communication Parameters:
• Slave address (0-247) Address 0 is reserved for broadcast messages
• Baud Rate: Common values are 9600, 19200, or 38400 bps ( choose the minimum required baud rate)
• Data length: 7 or 8 (Usually 8 bits).
• Parity: is an error-checking method used in serial communication to ensure data integrity during transmission.

Eng. Ragab Abd Elwanees

 ― None - No error detection, fastest and simplest.
― even - Adds a bit to ensure an even number of 1s, provides basic error detection
― odd - Adds a bit to ensure an odd number of 1s

• Stop Bits: 0 or 1 or 2.(the time takes between data)

❑ 1 Stop Bit: Provides a balance between speed and reliability. Suitable for most general-purpose serial communication.
❑ 2 Stop Bits: Offers better data integrity and error detection at the cost of slightly slower transmission. Ideal for critical
applications where data integrity is more important

Standard RTU
RTU , E , 8 , 1 , 9600
Baud Rate

Stop Bits

Data length
even
 Modbus RTU
Applications

Eng. Ragab Abd Elwanees

Application 1 : communication between S7-1200 PLC and ATV 12 Drive

Master Configuration
Create data block to send and receive data in it

Eng. Ragab Abd Elwanees

Master Code
Network 1 Network 3: Frequency Reference

Network 2: Run command Network 4: frequency Output

 Master Code
Network 5: Output Current Network 6: OUTPUT Voltage

Eng. Ragab Abd Elwanees

Application 2 : communication between two s7 1200 PLC

Read/Write Register

Eng. Ragab Abd Elwanees

 Master Configuration
Create data block to send and receive data in it

Eng. Ragab Abd Elwanees

Master Code
Network 1 Network 3 : Write register 40011

Network 2 : Read register 40001 Network 4

 Slave Configuration
Create a data block for the slave to read and write in
it

Eng. Ragab Abd Elwanees

Slave Code

Network 1
Network 3

Network 2
Application 3 : communication between Lumel P18D and S7 1200 PLC
This image illustrates how to set up a Modbus RTU RS485 communication system using a Lumel P18D sensor
along with its wiring and communication settings

Eng. Ragab Abd Elwanees

 Outputs:
• ENO (Enable Output): Indicates if the function block is active.
• DONE: Shows completion status, which is set to false here.
• ERROR: Indicates if an error has occurred, also set to false here.
• STATUS: Provides a status code, set to 16#0.

Extract Register address from Manual

• Temperature register address is 7002, humidity is 7004

• Data length: 32-bit = 2 word
Rember that: Modbus address for s7 1200:
Read and Write holding registers
• 40001 to 49999 or
• 400001 to 465535
Is this case: Read and Write holding registers for s7 1200 plc:
• 47003 - measured temperature
• 47005 - measured relative humidity

Registers addresses
Eng. Ragab Abd Elwanees
 Common Steps of communication
The S7 1200 does not support Modbus but support Profinet, so an external module must be added to the PLC to use
Modbus.

The communication board is added in the indicated place. It has its own processor for sending and receiving. It is used if
• It depends on the CPU's ability to send and receive. the network to which the PLC is connected is large.

Eng. Ragab Abd Elwanees

Master Code
Network 1 Network 3

Network 4

Network 2
 Network 7
Network 5

Network 6
Network 8

Eng. Ragab Abd Elwanees

 Network 11
Network 9

Network 12
Network 10

Network 13

Eng. Ragab Abd Elwanees

Application 4 : communication between Danfoss FC51 drive and S7 1200 PLC
Extract Register address from Manual

Frequency Converter Control Word (FC Profile) Frequency Converter Status Word (FC Profile) Modbus Holding Register Numbers for Input and Output Data

Value send to register

• 047C hex (1148 dec) = Start • 043C hex (1084) = Ramp stop • reverse start 847C HEX (33916 DEC)
 Master Code
Network 1 Network 3

Network 4

Network 2

Network 5

Eng. Ragab Abd Elwanees

Network 6 Network 9

Network 7

Network 8
 Modbus ASCII

Eng. Ragab Abd Elwanees

 Modbus ASCII
Modbus ASCII also for use over RS-232 or RS-485 lines, uses ASCII characters instead of binary, making it more readable but
less efficient, and it uses less effective LRC error checking. ASCII mode uses ASCII characters to begin and end messages
whereas RTU uses time gaps of 3.5 character times for framing. Modbus ASCII messages require twice as many bytes to transmit
the same content as a Modbus RTU message

Modbus ASCII frame Structure

Eng. Ragab Abd Elwanees

 Start Character:
• Represented by a colon (:).
• Indicates the beginning of a new message.
LRC (Longitudinal Redundancy Check):
• It consists of 2 ASCII characters.
• Used for error checking to ensure data integrity.
End Characters:
• Represented by a Carriage Return (CR) and Line Feed (LF).
• Marks the end of the message.

Eng. Ragab Abd Elwanees

 RTU vs ASCII
Message Delimiting
• In Modbus RTU, bytes are sent consecutively with no space in between them with a 3-1/2 character space between messages
for a delimiter. This allows the software to know when a new message is starting.
• Any delay between bytes will cause Modbus RTU to interpret it as the start of a new message. This keeps Modbus RTU from
working properly with modems.
• Modbus ASCII marks, the start of each message with a colon character " (hex 3A).The end of each message is terminated
with the carriage return and line feed characters (hex OD and OA). This allows the space between bytes to be variable making
it suitable for transmission through some modems.
Split Data bytes
• In Modbus ASCII, each data byte is split into the two bytes representing the two ASCII characters in the Hexadecimal
value. For example:
 RTU vs ASCII
• The range of data bytes in Modbus RTU can be any characters from 00 to FF.
• The range of data bytes in Modbus ASCII represent only the 16 hexadecimal characters. Therefore, every data byte in
Modbus ASCII must be one of these16

Error Checksum - LRC Calculation

• As mentioned earlier, each Modbus RTU message is terminate with two error checking bytes called a CRC or Cyclic
Redundancy Check. Similarly, Modbus ASCII is terminated with an error checking byte called an LRC or Longitudinal
Redundancy Check.

Eng. Ragab Abd Elwanees

Eng. Ragab Abd Elwanees
 Modbus TCP-IP

Eng. Ragab Abd Elwanees

 Modbus TCP-IP
Modbus TCP/IP is a simple Modbus protocol running on Ethernet over a TCP interface. Modbus is an application protocol that
assigns the ways of managing and passing data between various layers without being affected by the protocol used by the next
immediate layer.

• The MBAP header is used to provide information required for communications at the application layer of the Modbus TCP
protocol.
• It contains metadata, such as transaction ID, protocol ID, and message length, which are crucial for managing the
communication process.

Eng. Ragab Abd Elwanees

 Modbus RTU vs TCP-IP
• The Modbus TCP command consists of a portion of the Modbus RTU message and a special header.
• From the Modbus RTU message, the Slave ld. address at the beginning and the CRC checksum at the end are removed,
which forms the PDU, the Protocol Data Unit.

Eng. Ragab Abd Elwanees

 Modbus RTU vs TCP-IP
• Transaction Identifier: 2 bytes are set by the Master to uniquely identify each request. Can be any. These bytes are
repeated by the Slave device in the response, since the responses of the Slave device may not always be received in the
same order as the requests.•
• Protocol Identifier: 2 bytes are set by the Master, will always be 00 00, which corresponds to the Modbus protocol.
• Length: 2 bytes are set by the Master, identifying the number of bytes in the message that follow. It is counted from Unit
Identifier to the end of the message.
• Unit Identifier: 1 byte is set to Master. It is repeated by the Slave device to uniquely identify the Slave device.

Eng. Ragab Abd Elwanees

 Modbus RTU vs TCP-IP
• In an Ethernet network, the device address is its IP address. Typically, devices are on the same subnet, where IP
addresses differ by the last two digit 192.168.1.20 when using the most common subnet mask 255.255.255.0.

• The interface is an Ethernet network, the data transfer protocol is TCP / IP.
• The TCP port used is: 502

The following is an example of a Modbus RTU request for obtaining

the Al value of the holding registers from registers # 40108 to 40110
with the address of the device 17
11 03 006B 0003 7687

Eng. Ragab Abd Elwanees

 Modbus RTU vs TCP-IP
• We drop the address of the Slave ld. device and the CRC checksum and get the PDU: 03 006B0003

03 0068 0003

• At the beginning of the received PDU message, a new 7-byte header is added, which is called MBAP Header (Modbus
Application Header). This header has the following data

0001 0000 0006 11 03 0068 0003

Eng. Ragab Abd Elwanees

 Network Layer
• Transferring data from one source to another. Only the source knows the content of the data and the network is responsible
for the transfer
• PLC1 send data to PLC2, through TCP/IP as layers not physical layer because it is more complex to be layer, TCP/IP
replace master slave to client server

Eng. Ragab Abd Elwanees

 TCP/IP Layers
• Transport Layer: This layer ensures that Modbus application protocol data is transmitted correctly.
• Internet Layer: This layer represents the TCP protocol, which ensures that data packets are reliably delivered. It establishes
connections, manages data flow, and performs error-checking.
• Network Layer: The network layer is part of the Modbus software module, and includes the Internet Protocol (IP), which
routes data packets across the network to their destination and is responsible for sending data to the ethernet layer.
• Ethernet Hardware/Firmware: At the base level, Ethernet hardware handles the physical and data link layers of network
communication. This includes the transmission and reception of raw data packets over the network.

• Modbus sends data to Ethernet, which is responsible for connecting the data.
 Modbus TCP/IP Characteristics

• Can have multiple clients and servers

• Can delay with multiple requests for multiple clients at the same time
• Device can act as a Modbus client and server at the same time
• A Modbus client can initiate several Modbus messages with a remote server without waiting for the end of the previous one.
• A TCP/IP network can have Modbus compliant devices as well as non-Modbus devices use Unit ID to define it
• The IP Address is used to identify any device on a TCP/IP network, whether Modbus or non-Modbus

Eng. Ragab Abd Elwanees

 Ethernet Physical Layer

• Unlike RS485 in TCP/IP, the clients can send data through the ethernet at the same time, which can cause network failure.
To avoid this, Ethernet operates with CSMA/CD.
• CSMA/CD is effective in reducing collisions and ensuring fair access to the network. However, its efficiency decreases as
the network load increases, leading to more collisions and retransmissions.
• Example: Device 1 wants to send data on the network and finds it idle. At the same time, device 2 wants to send data on
the network and finds it idle. So, each device starts sending data. A collision occurs between the data and the transmission
stops. Both devices wait a random period before trying to resend.

Eng. Ragab Abd Elwanees

 Query-Response Cycle (TCP/IP Frame)

• Transaction Identifier: It is used to match requests and responses. It allows the client to link the response to the request so
that the requests arrive in the order in which they were sent,
• Protocol Identifier: Identifies the protocol being used. For Modbus, this value is always set to 0.
• Length: Specifies the number of bytes remaining in the message, following the length field.
• Unit ID: Used to define a remote server on a non-TCP/IP network

Eng. Ragab Abd Elwanees

Query-Response Cycle (TCP/IP Frame)

Query frame Response

Transaction Identifier: [1][0] Transaction Identifier: [1][0]
Protocol Identifier: [0][0] Protocol Identifier: [0][0]
Length: [0][6] Length: [0][5]
Unit ID: [22] Unit ID: [22]
Function Code: [4] Function Code: [4]
Data: [0][18][0][1] Data: [2][0][35]

Note: The value of transaction Identifier expresses the number of the request sent from the server. The first request might
have a Transaction Identifier of 1, the second request 2, and so on.
 Modbus TCP-IP
Simulation

Eng. Ragab Abd Elwanees

 Modbus TCPIP Simulations

Used Tools:
• CAS Modbus Scanner
• MODSIM32
• MODSCAN3

Eng. Ragab Abd Elwanees

 Introduction to Modscan32 (Master)
ModScan32's support for Modbus RTU, Modbus ASCII, and Modbus TCP/IP makes it a powerful tool for testing,
troubleshooting, and monitoring MODBUS devices across different communication mediums and network setups.
• Operates as a MODBUS Master, allowing communication with MODBUS slave devices
• Show data of slave device
Slave Unit ID

Register Address

Eng. Ragab Abd Elwanees

Introduction to Modsim32 (Slave)

• Operates as a MODBUS slave, simulating data that can be accessed by a MODBUS master
• Send data to slave device

NOTE: to connect to the program you need to know the address of your computer, to connect them as TCP/IP
1. Open CMD
2. Write ipconfig
3. Get your address “IPv4 Address”
 Connecting Modbus Simulators via TCP/IP

Modsim32 as Server (Slave) and Modscan32 as Client (master)

1. Modsim32

Connection Connect Modbus TCP/IP

Eng. Ragab Abd Elwanees

2. Modscan32

Eng. Ragab Abd Elwanees

• Double click on (1) then you can change value of register
• The new value sends to Moddcan32 to monitor it when press Update
Note: - Modbus32 just support 4 functions
• Read Coil Status
• Read Input Status
• Read Holding Registers
• Read Input Registers
Not Support
• Force Single Coil
• Preset Single Register
Use CAS Modbus Scanner
Eng. Ragab Abd Elwanees
 CAS Modbus Scanner

Eng. Ragab Abd Elwanees

Eng. Ragab Abd Elwanees
 Press on Poll
to send value
Select task

Eng. Ragab Abd Elwanees

 Configuring the DL05 PLC for Modbus TCP/IP Communication
Common steps in configuring Modbus
1. Locate the appropriate Communications port and configure it for the Modbus protocol.
How?
• Device documentation (port configuration).
• Device configuration software.
2. Get the Modbus memory map for the device.
How?
Device documentation (Register addresses and descriptions for data communication).
Configuration of IP Address on my laptop Using my PC as a Modbus client

Find this and

click on it

Eng. Ragab Abd Elwanees

For PLC on documentation

Use Modscan32 for plc as server

Eng. Ragab Abd Elwanees

Now the PLC is connected to your PC via TCP/IP, you can control it
Eng. Ragab Abd Elwanees
 Comparison between Modbus RTU, ASCII and TCP-IP

Eng. Ragab Abd Elwanees

 Profinet

Eng. Ragab Abd Elwanees

 Eng. Ragab Abd Elwanees

Profinet
Profinet (Process Field Network) is an industry technical standard for data communication over Industrial Ethernet. It's designed
for collecting data from, and controlling equipment in industrial systems, with a particular strength in delivering data under tight
time constraints.

• Profisafe: A safety protocol ensuring secure data exchange,

connected to the PROFINET network.
• IO-Link: A point-to-point communication protocol for sensors and
actuators, connected to the network.
• HART: A protocol for smart field devices, connected to the network
to ensure comprehensive data exchange.
 Mechanism
• IO-Controllers: These are the central units (such as PLCs, DCSs, or IPCs) that manage the communication within the network.
• IO-Devices: These are the field devices (such as sensors, actuators, and I/O modules) that interact with the IO-Controllers.
• Communication Channels: PROFINET employs different communication channels to handle various types of data exchange,
including TCP/IP for non-time-critical tasks and Real-Time (RT) and Isochronous Real-Time (IRT) for time-critical
communication.

How Profinet Employs TCP/IP

Profinet employs TCP/IP (Transmission Control Protocol/Internet Protocol) primarily for non-time-critical tasks. This allows
PROFINET to take advantage of the reliability and wide adoption of TCP/IP for specific types of communication within an
industrial network.

Eng. Ragab Abd Elwanees

 Eng. Ragab Abd Elwanees

Profinet Layer
Profinet leverages the ISO/OSI model to structure its communication protocols, ensuring efficient and reliable data transfer
within industrial automation systems.

Cyclic and Acyclic

PROFINET, communication can be classified into cyclic and acyclic types.

Cyclic Communication
• Purpose: Used for regular, consistent data exchange.
• How It Works: Data is transmitted at regular intervals,
regardless of whether the data has changed. This ensures a
predictable and reliable communication pattern, which is
crucial for real-time control processes.
• Example: An IO-Controller regularly polls data from IO-
Devices to monitor sensor values and control actuators in a
production line.
Acyclic Communication
• Purpose: Used for sporadic, on-demand data exchange.
• How It Works: Data is transmitted only when needed, such as
for diagnostics, parameter changes, or configuration tasks.
This type of communication is less predictable but more
efficient for tasks that do not require constant updates.
• Example: A maintenance engineer sends a request to an IO-
Device to retrieve diagnostic information or change parameter
setting.
 Real Time (RT) and Isochronous Real Rime (IRT)
The time varies depending on the application used, as shown in the following image.
Real Time
• Purpose: RT is designed for standard automation tasks that require timely and
deterministic data exchange.
• Performance: It provides predictable communication with typical cycle times ranging
from a few milliseconds to tens of milliseconds.
• Usage: RT is suitable for tasks such as monitoring and controlling sensors and
actuators, where consistent updates are important but not extremely time sensitive.
• Example: In a manufacturing plant, RT is used to monitor the status of conveyor
belts, sensors, and other equipment to ensure smooth operation.

Isochronous Real-Time (IRT)

• Purpose: IRT is used for applications that require extremely precise and synchronized
communication, often down to the microsecond level.
• Performance: It allows for highly deterministic communication with cycle times as low as
sub-millisecond.
• Usage: IRT is ideal for high-performance applications such as motion control, robotics, and
synchronized multi-axis movements.
• Example: In a robotic assembly line, IRT ensures that all robotic arms and equipment
operate in perfect synchronization to achieve precise and coordinated movements.

Eng. Ragab Abd Elwanees

 Ethernet Frame

Preamble (7 Bytes):
• Purpose: Synchronizes the receiving device's clock with the sender's clock, ensuring proper timing for the data
transmission.
Start Frame Delimiter (SFD) (1 Byte):
• Purpose: Indicates the start of the frame.
• Destination MAC Address (6 Bytes):
• Purpose: Specifies the MAC address of the receiving device.
• Details: Unique identifier for the network interface of the destination device.
Source MAC Address (6 Bytes):
• Purpose: Specifies the MAC address of the sending device.
• Details: Unique identifier for the network interface of the source device.
Ether Type (2 Bytes):
• Purpose: Indicates the protocol type being carried in the payload.
• Details: Examples include 0x0800 for IPv4, 0x0806 for ARP, and 0x86DD for IPv6.
Frame Check Sequence (FCS) (4 Bytes):
• Purpose: Ensures data integrity by verifying that the frame has not been corrupted during transmission.
• Details: A cyclic redundancy check (CRC) value calculated from the frame's contents.
Eng. Ragab Abd Elwanees
 Profinet applications

Eng. Ragab Abd Elwanees

Profinet Configuration
• Two PLC With different IP

• Allow PUT/GET Communication on PLC

Eng. Ragab Abd Elwanees

 • Connection PLC

Eng. Ragab Abd Elwanees

 Profinet Application(app1)

• PUT Block (Used to send data) • Configuration PUT Block

• ADDR_1: Pointers to the areas on the partner CPU to which the data will be written.
• SD_1: Pointers to the areas on the local CPU which contain the data to be sent.

Eng. Ragab Abd Elwanees

 • Get Block (Receive data) • Configuration PUT Block

• ADDR_1: Pointers to the areas on the partner CPU that are to be read.
• RD_1: Pointers to the areas on the local CPU in which the read data is entered.

Eng. Ragab Abd Elwanees

 Profinet Application(app2)
Profinet IO Device (Ethernet Connection)

Eng. Ragab Abd Elwanees

 • Active IO Device in Slave PLC

Eng. Ragab Abd Elwanees

 Sending data between master (QW200) and slave (IW200)

• Insert data want to send or receive in Transfer Area

Eng. Ragab Abd Elwanees

 Sending data from master (QW200) to slave (IW200)
• Master OB1 Code

• Slave OB1 Code

Eng. Ragab Abd Elwanees

 Sending Data from slave to master
• Slave OB1 Code

• Master OB1 Code

Eng. Ragab Abd Elwanees

 Profibus

Eng. Ragab Abd Elwanees

 Profibus DP
Profibus : Process Fieldbus
DP : Decentralized Periphery (I/O Modules)
Profibus DP is an Open Protocol, the standard is maintained by Profibus & Profinet International (PI)
• A Profibus system uses a bus master to poll slave devices distributed in multi-drop fashion on an RS485 serial bus.
• A Profibus DP network typically has only one Master device.
• Profibus is a master/slave protocol.
• The total maximum number of addressable devices that can be connected to a single Profibus DP network is 32 and each
device must have a unique address, to use more than 32 use Profibus repeater until 9 repeaters reach to 128 devices,
repeater no address

Eng. Ragab Abd Elwanees

 How to assign an address to a Profibus device
• Software method: Using software programming
• Hardware method: Using a key on the device through which you select the device’s address

Note:
• Address 127 is used for broadcast. No Profibus DP Slave device should have this address.
• Address 126 is the hardware address for slaves whose address is set using software.
• Address 0 is reserved for the programming device (PC).

Communication port parameter

• Baud Rate: Determines the speed of data transmission, typically ranging from 9600 to 12 Mbps.
• Data Bits: Usually 8 bits per character (not change in Profibus).
• Parity: Can be none, even, or odd, used for error checking (Always even in Profibus).
• Stop Bits: Typically, 1 or 2 bits to signal the end of a data character (Always 1 in Profibus).

Eng. Ragab Abd Elwanees

 Note:
• When setting up the Baud Rate of the network, all you must do is to set the Baud Rate on the Profibus DP master. When
the network is started, all the Profibus DP slaves will auto-detect the baud rate being used, and begin communication, this
means that there is no need to set the baud rate on any of the Profibus DP slave devices

Cables and Termination

Eng. Ragab Abd Elwanees

 Eng. Ragab Abd Elwanees
Segment Length Baud Rate
• Segment: the distance between two repeaters or the distance between PC and repeater

Bus Terminal Switch

• It helps with connecting devices and disconnecting the device in case of a problem.
• Connector must be plugged into a powered device to enable bus termination.
 Profibus with plc
With long distances, we do not use wire to connection device with plc because of cost for that using communication like Profibus

ET200SP
• It is an interface model that is considered a complement to the PLC and connects to the I/O cards.

• After connecting the I/O cards, a model server module must be used so that the device knows that the cards
have been connected.

Eng. Ragab Abd Elwanees

 • The first card must be potential card take 24v and supply the rest of the cards.

Note
You may have more than one power card, the location of which is determined by the hardware engineer. In most cases, the
difference between each card and the next is 4 cards.

Eng. Ragab Abd Elwanees

 How to set address of device
1. Using Switch connected to ET200S With the address specified in the software

2. Using ET200S module direct

• Do not prefer this method because cutting the RS cable will

lead to the system collapsing

3. Hybrid method

• Some devices are connected to the PLC at the factory, and some are connected to
the I/O located at a long distance, and the I/O is connected to the PLC via the RS
cable
• The same problem if cable disconnected loses some device

Eng. Ragab Abd Elwanees

 Profibus applications

Eng. Ragab Abd Elwanees

 Connection Two PLC With Profibus
• One PLC is master, and one is slave

Eng. Ragab Abd Elwanees

 • Specify the address that will be sent from the master and that the master will receive from the slave.

• In Slave Properties

Eng. Ragab Abd Elwanees

Code for Sending data from master to slave
Master OB1

Slave OB1

Eng. Ragab Abd Elwanees

 Comparing between Profibus and Profinet

Eng. Ragab Abd Elwanees

 Thank You

Contact: https://www.linkedin.com/in/ragab-abdelwanees Eng. Ragab Abd Elwanees