Host Engineering Forum
 
*
Welcome, Guest. Please login or register.
Did you miss your activation email?
April 22, 2018, 09:34:15 am


Login with username, password and session length


Pages: [1]
  Print  
Author Topic: Reverse Engineering and tap-in to DL205 via Modbus  (Read 299 times)
sdrevik
Newbie
*
Posts: 5


« on: April 10, 2018, 04:30:46 pm »

Good day, all- hoping someone can point us in the right direction.   We've been asked to take data off an already-running DL205 in an application.   The device has an HMI connected to the CPU but an open H2-ECOM100 device on the end.   We are well-versed in Modbus/TCP.

So, our questions are:
- It appears digital ins/outs have a default Modbus mapping, using command 02 to read the X0-X17 inputs, status of the Y outputs, etc.  (Correct?)

Question#2: is there a default mapping for analog input modules like the F2-8AD4DA and F2-D4THM?   Or does it depend whether someone has written logic to move those inputs into V-memory?

If there is default mapping for everyone, is there anything to do on the ECOM100 other than set the IP address?
Logged
plcnut
Hero Member
*****
Posts: 775



« Reply #1 on: April 10, 2018, 10:27:14 pm »

Regarding #2:
There is no default mapping for analog IO...
But: The pointer to the address where the data is stored IS in a known location. Please see the manual for the analog card, and you will find a table that will tell you the memory location for the pointer that coincides with the slot the module is in. Be aware that the pointer value will be in octal (if my memory serves me correctly).
Logged

Circumstances don't determine who we are, they only reveal it.

~Jason Wolthuis
sdrevik
Newbie
*
Posts: 5


« Reply #2 on: April 12, 2018, 08:58:47 am »

Thanks.   So, do you think it's safe to program the E100 module  (that appears to be unused) for Modbus slave without affecting any of the existing control logic in the main CPU?
Logged
franji1
Bit Weenie
Host Moderator
*****
Posts: 2285



WWW
« Reply #3 on: April 12, 2018, 11:46:52 am »

I presume you are doing READs only.  WRITEs would definitely affect the control logic behavior.
Logged

sdrevik
Newbie
*
Posts: 5


« Reply #4 on: April 12, 2018, 02:33:42 pm »

Correct, we just want to read the status of digital inputs/outputs and the analog inputs.   No-touchy.  Smiley
Logged
Greg
HOS†ech
Host Moderator
*****
Posts: 525


Hmmm...


WWW
« Reply #5 on: April 16, 2018, 09:57:20 am »

If you go to our website (hosteng.com), and in the left pane click on FAQs, then select the ECOM/ECOM100 as the product, then scroll down to FAQ0038 you can download a PDF file that has the ECOM100 Modbus TCP Client/Server mapping in a chart/table. In your case you would only concern yourself with the SERVER chart. It shows, when using a particular Modbus Function Code, exactly what portion of memory in the PLC you will be reading/writing.
Logged

There are two types of people in the world; those that can extrapolate from incomplete data sets.
ATU
Internal Dev
****
Posts: 1459


YKPAIHA


WWW
« Reply #6 on: April 16, 2018, 06:17:49 pm »

Which CPU do you have?  Hopefully its not a 230.
Logged
sdrevik
Newbie
*
Posts: 5


« Reply #7 on: April 17, 2018, 12:34:43 pm »

205.   We may need to find a consultant more knowledgeable to jump in between us and the end user.   We just want to get a Modbus port into the system without breaking it.  Smiley
Logged
ATU
Internal Dev
****
Posts: 1459


YKPAIHA


WWW
« Reply #8 on: April 17, 2018, 03:28:46 pm »

205 is a description the general Rack system. Look on the CPU, its either a 230,240, 250, 250-1 or a 260 or a Domore.
Logged
sdrevik
Newbie
*
Posts: 5


« Reply #9 on: April 20, 2018, 10:21:09 pm »

Ah yes  nice, thanks its a D2-250-1
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM