Choosing a Programmable (Logic) Controller (PLC) for Experimentation

Introduction

Once upon a time, approximately 20 years ago, I was considering to start a business together with a friend of mine to make a Programmable Logic Controller (PLC). We decided to do something else, but I kept it in my mind. Recently I was checking second hand market for some electronic devices, and I saw many Siemens SIMATIC S7 units at reasonable prices. So I said to myself why not, lets buy one and check it out. The decision was easy but the purchase required some research, and then learning about the PLC required even more research.

I have been preparing a post about this but it was getting longer and longer and taking more and more time. So I decided to divide it to multiple parts. This is about what I purchased and why. It might sound strange why I write about purchasing something but it is a little confusing for someone with zero PLC experience. I would benefit from reading a post like this.

Attention: I have no affiliation with Siemens. I have no previous experience with any PLC. I have looked at Siemens SIMATIC products only from a computing or software point of view, not from its capabilities for industry.

Documents

A few documents are very helpful:

• Catalog ST 70, SIMATIC Products for Totally Integrated Automation: A master catalog, 1664 pages, shows all products

• SIMATIC S7-300 CPU 31xC and CPU 31x: Installation, Operating Instructions: describes installation, including wiring and addressing

• SIMATIC S7-300 Module data, Equipment Manual: describes the I/O modules

What is a PLC ?

Wikipedia page says:

A programmable logic controller (PLC) or programmable controller is an industrial computer 
that has been ruggedized and adapted for the control of manufacturing processes, 
such as assembly lines, machines, robotic devices, or any activity that requires 
high reliability, ease of programming, and process fault diagnosis.

I always thought it is Programmable Logic Controller hence the acronym PLC, but IEC 61131 standard also uses Programmable Controller which actually makes sense since such devices now does more than just “Programmable Logic” if it means just boolean functions. However, it seems the acronym is still PLC, probably not to confuse it with PC (Personal Computer). Basically Programmable Controller and Programmable Logic Controller seems to be interchangable.

Although wikipedia description above seems to refer a specific hardware (a ruggedized industrial computer adapted for the control..), actually there is no need for a PLC to be a specific hardware, as IEC 61131-1:2003 says:

The functionality of a programmable controller can be performed as well on a specific hardware
and software platform as on a general-purpose computer or a personal computer with industrial
environment features. This standard applies to any products performing the function of PLCs
and/or their associated peripherals.

However, even if the main controller can be a general-purpuse computer or a PC, due to the needs of electrical connections and the environments these devices are working, there is naturally a need for “industrial environment features”, so it is not surprising to find specific (not general purpose) hardware controllers.

Why SIMATIC ?

I think (based on some market research data publicly available) Siemens have around 1/3 market share and they are the market leader in this area. So it makes sense to look at the products from Siemens which are under SIMATIC brand.

SIMATIC is a registered trademark of Siemens, and it is a created from two words: SIemens and autoMATIC. It is registered in 1958! Siemens has an official history page here: SIMATIC throughout history.

There are many SIMATIC products. The latest SIMATIC generation is called S7, and it is launched in 1994 with S7-200, S7-300 and S7-400 series. An update to these series, S7-1200 and S7-1500 are launched in 2012. There is also LOGO! series with limited capability compared to S7 controllers.

Which SIMATIC series ?

There are so many choices, I guess because their use can range from a very simple automation task (like a traffic light or a simple lift) to a very complex task (think about a real factory). There are:

Simple controllers:

• LOGO!: a very simple controller. Not expensive even a new one.

Basic controllers:

• S7-200: simple but a proper controller, available in second hand market, not expensive.

• S7-1200: new, more expensive then LOGO!. It is the new version of S7-200.

Advanced controllers:

• S7-300: low to medium performance controller. Available in second hand market with reasonable price (e.g. close to the price of a new LOGO! module).

• S7-400: medium to high performance controller with advanced features. More expensive than S7-300 in second hand market. I think comparing to S7-300, less is available in second hand market.

• S7-1500: new, quite expensive. It is the new version of S7-300 and S7-400.

These are the main series, but S7 CPU also have standard, compact, technology, fail-safe and SIPLUS models. Basically, compact CPUs include some integrated I/O (so they can be used out of box without buying any additional signal modules), technology CPUs include some additional functions, fail-safe CPUs include more safety features and SIPLUS CPUs can be used in harsh environments (e.g. with non-standard temperature, vibration and shock).

Based on the above information, and the availability and the prices, I decided to get a S7-300 series, either a standard or a compact CPU, but again there are many options. Looking at the datasheets, I find CPU 312 (and 313) to be limited, and CPU 314 to have many features found in higher models. So I think CPU 314 is the sweet spot. This decision is purely based on CPU capabilities, depending on your needs you might be OK with LOGO! or S7-200 or you might want to check S7-400 or the new S7-1200 or S7-1500.

S7-300 has enough (much more than you would actually need for fun) complexity but a reasonable price in the second hand market.

Which CPU 314 ?

I think CPU 314C-2 DP is great, because it is a complete and compact package including both Digital Input and Output and Analog Input and Output. The only missing thing is Ethernet connectivity, but it can be added with a communications processor (CP module) or if you find a good price CPU 314C-2 PN/DP is an option including the Ethernet connectivity.

Because CPU 314 is only a CPU, so there is no I/O, it can be found cheaper and you can add which modules you want later.

In addition to I/O, CPU 314C-2 DP (and also CPU314C-2 PN/DP) includes technological functions for positioning, counting, frequency measurement, pulse width modulation and PID control. With CPU 314, you need to get function modules (FM) for these capabilities.

The decision between these three would be based on availability, price and additional modules required and their availability and prices.

What kind of I/O modules are there ?

In addition to CPU, there are:

• power supply (PS) modules: these convert the mains voltage (120/230Vac) to 24Vdc.
• signal modules (SM): these are the I/O modules with multiple digital inputs or outputs, or analog inputs and outputs
• function modules (FM): these are special purpose modules such as for time critical tasks that cannot be accomplished by using signal modules
• communication processors (CP): these modules provide a way of communication such as with ethernet
• interface modules (IM): these connect the expansion racks to the main rack with the CPU

PS and IM are probably not needed for experimentation. A few SMs are a must, one CP is probably a must. FMs might be extra, when one is found for a good price I guess.

SMs have many options with different electrical properties (solid state vs. relay output, sinking vs. sourcing, normal vs. high speed, analog input-output with different bits/resolution etc.).

How modular is the S7-300 series ?

It is very modular. A single S7-300 CPU can control 4 racks of modules where each rack can contain 8 modules, so in total 32 modules where a signal (I/O) module can have many (e.g. 32 digital) inputs and outputs, so it is a lot of inputs and outputs.

In a single rack, you can connect 8 modules to the CPU in a daisy chain (A connects to B, B to C, C to D etc.) on a backplane bus (the connector has 14-pins). This is a proprietary bus and there is no technical information about it.

The basic configuration (so called single-tier) has one central processing unit (CPU), and optionally a power supply (PS) module for the CPU. The power supply converts mains voltage (230V) to DC 24V for the CPU and any other module that needs extra power input.

When 8 modules are not enough, you can create an expansion rack again with a maximum of 8 modules. The racks are connected to the CPU module with interface modules (IM) -each rack should have an IM-. An S7-300 CPU supports 3 expansion racks in addition to the central rack (with the CPU) so in total 4 racks.

One of the main differences between LOGO!, S7-300 and S7-400 is modularity. LOGO! is pretty limited, S7-300 is enough for many whereas S7-400 is extremely modular.

The interface modules (IM) basically extend the backplane bus, so even the largest system here is connected locally, and controlled directly by the CPU. If there is a remote location, or more I/O is needed, it is also possible to use distributed I/O using PROFIBUS or PROFINET, just like a computer network. Then the CPU (which is called PROFIBUS DB master or PROFINET IO controller) can control remote modules connected to a PROFIBUS DP slave or a PROFINET IO device such as Siemens ET200 series.

How is the power supplied ?

As far as I know, all S7-300 CPUs are powered with 24Vdc voltage. They are supposed to go together with the Power Supply (PS) module, which has a mains level input (230Vac) and one or more 24Vdc output. However, just for experimenting, PS is not needed. PS requires 230Vac connection, assuming you keep these on your desk, it is not very safe as the connection is made with open wires not with a power connector like a computer. You can use any 24Vdc adapter with appropriate power output (I use a 24Vdc/2.5A), and connect it directly to the CPU and any other module which needs it. For example CP 343-1 Lean also requires a separate 24Vdc supply.

A small note, there is no power on/off switch on CPU. I think because it is supposed to be powered with a PS, and PS has a power switch. If you do not use a PS, it is very useful to put an inline switch to the power adapter cable.

Be aware there is a need for multiple 24Vdc and multiple ground connections also for I/O modules.

Anything to know about wiring ?

All I/O connections to S7-300 I/O modules are made directly with a bare wire or with a wire ferrule. The connectivity is done through a removable front connector on the I/O module. There are either 20-pole (one column) or 40-pole (two column) front connectors and for each type there are screw terminals and fast connect connectors which have no screws.

Maybe bare wire is OK but I find it extremely useful to use wire ferrule. I am using 22 AWG wire and an appropriate size ferrule for every connection. So my recommendation would be at least black and red color 22 AWG stranded wire (a few other colors might be helpful), a wire ferrule crimping tool/plier and a bag of wire ferrules (you will need many).

Not very perfectly but jumper wires used for prototyping can also be used for example when connecting something to a protoboard.

How all the modules are physically staying together ?

There are rails and S7-300 modules can be mounted to that. Each module has a rail mounting screw that keeps it quite stable on the rail. If you have I/O modules, it is a good idea to mount them to the rail, as there is nothing other than the bus connector holding them together. There are different lengths rails.

Which software/IDE do I need to program the PLC ? Is it free ?

This is a very important question.

The software to program these products (LOGO! or S7) are not free. The software for LOGO! is different than S7 series and it is not expensive. To be honest, the software for S7 series is a bit confusing because it seems to be there is or there was a transition. It is called STEP 7, and the latest version was STEP 7 5.x. Now, it is called Step 7 (TIA Portal) and its current version is 17. There are also two types of Step 7 (TIA Portal), Basic and Professional. You have to check which version you need depending on the PLC you have.

Unfortunately the license might be more expensive than the (used) hardware you are planning to buy, so I highly advise you resolve the software and the license issue first.

How do I upload the program to PLC and how to debug ?

For programming, you need a way to connect your PC to the PLC. All CPUs contain MPI interface (more on interfaces soon, MPI is like a serial port). The easiest way is to get a Siemens S7 PC Adapter USB.

S7-300 has no memory for program storage. An MMC is a must for S7-300 to run.

Is MPI the only interface ?

No. There are different interfaces to connect a PLC to a PC (for programming/debugging) or to connect a PLC to another PLC system (this can be very complex in large installations):

• MPI: Multi-Protocol Interface is a Siemens proprietary interface.

• PROFIBUS: PROcess FIeld BUS is an industry standard.

• PROFINET: PROcess FIeld NETwork is an industry standard.

MPI and PROFIBUS use DB9 connection with RS-485, whereas PROFINET uses RJ45 interface. There are also speed difference between them, MPI is usually the slowest one and PROFINET the fastest.

PROFINET is one of the protocols of -I think an umbrella term- Industrial Ethernet.

In order to connect your PC to S7 for programming, debugging or diagnostics through MPI (or PROFIBUS), you need an adapter. You can use PROFINET connection directly with an available network port on the PC. However, you need to setup S7 first, so having the above mentioned USB-MPI adapter at hand is probably a must. After the configuration and when everything works as expected, PROFINET can be used.

The entry level S7-300 CPUs support 187.5 kbit/s with MPI but up to 12 Mbit/s with PROFIBUS. You can configure the PROFIBUS interface and use that one for programming too. I tried this but I do not know why the MPI connection was more stable than PROFIBUS, so I kept using MPI rather than PROFIBUS.

PROFINET interface is usually not available directly on S7-300 CPUs, or the ones with integrated PROFINET interface is expensive. Finding a communication processor, like CP 343-1 Lean, with PROFINET interface is probably cheaper. Ethernet connection then can be used for programming also. As far as I can see, the new S7 series 1200 and 1500 have PROFINET interface integrated.

What should I be aware of when buying these second-hand ?

There are a few things you should be aware of:

• As I mentioned before, the software is not free. So it is better to find out first which software you will use, as it might limit your options for the hardware or adjust your budget accordingly.

• It is possible to upgrade the firmware (operating system) of the CPU. Considering S7-300 is a pretty old system, you can come across with units in second-hand market that are pretty old. There are two ways to upgrade the firmware: 1) with MMC, 2) online through the PC connection. Unfortunately (1) requires you to have a large MMC and a way to write files to MMC. Large MMC is expensive, and a device to write the files to MMC (such as USB-Prommer) is even more expensive. So it is basically too expensive to get these to use just once or twice. Unfortunately (2) can be done only after a particular version of the firmware. So it is the best if you can learn the firmware version of the CPU from the seller and check if this can be upgraded online.

• All CPUs require a SIMATIC MMC (Micro Memory Card) to work. If you buy it without an MMC, you have to buy it later and it can be expensive (additional shipment cost etc.). So it is best to buy the CPU with an MMC. There are various sizes, from 64KB to a few MBs. 64KB is enough just for trying a few things.

What do I miss if I get a CPU 314, some I/O modules and a CP module for Industrial Ethernet ?

These are the capabilities you will not be able to see:

• IRT (Isocronous Real-Time) Communication: This is the “real” real-time communication that modifies layer-2 in Ethernet to provide time slices. It requires a communication interface that is capable of IRT, and also a switch that is capable of IRT. Not surprisingly, both are quite expensive (probably each costs more than the total cost of a CPU+I/O modules system).

• Fail-safe System (F-system): For a fail-safe system, you need a fail-safe CPU (F-CPU) which runs the safety (user) program and fail-safe I/O (F-I/O). As you guess, these are special hardware and expensive.

Anything else to be aware of ?

Since the I/O modules are 24Vdc based, for a digital input, 24Vdc means 1/high. Naturally this is not appropriate if you want to send signals from small computer like devices or even from signal generators. An easy solution is to use an optocoupler which can support 24Vdc and reasonably fast. I am using a Vishay VOD3120AD.

Summary

You need these in any case:

• 24Vdc adapter
• 22 AWG wire (red/black, maybe more colors). Optionally wire ferrule and crimping tool.
• PC Adapter USB (there are many alternatives with different prices, original one is a bit expensive, a reasonable after-market product is probably OK)
• MMC
• Bus connectors if you have I/O modules (these are usually sent with the I/O module but make sure when buying)
• Rail if you have I/O modules
• Optocoupler if you want to interface 5V or 3.3V devices with the PLC (naturally you need a resistor, protoboard etc. to be able to use the optocoupler)

The minimum and probably most cost-effective purchase is to get:

• CPU 314C-2 DP

(I purchased one with 64KB MMC for ~350 USD)

Another option:

• CPU 314
• an SM 321 digital input and an SM 322 digital output module
• an SM 331 analog input and an SM 332 analog output module

(I purchased one of this setup together with CP 343-1 Lean with 512KB MMC for ~400 USD)

If you want ethernet connectivity:

• CP 343-1 Lean (or CP 343-1, CP 343-1 Lean is cheaper)

(usually if you buy this alone it is more expensive, if you can buy together with CPU it can effectively be cheaper)

(just for your information, a CPU 314C-2 PN/DP with ethernet ports are recently sold for ~750 USD on ebay, so it is a very good option but it is still expensive)

If you want an industrial switch:

• SCALANCE X208, this is the entry level managed switch. There are cheaper versions but they are unmanaged. As I prefer a managed one, this is my choice.

(I purchased one for 90 USD)