RTA gateways now support access to the S7 data table. That means that we can move data between EtherNet/IP devices, barcode readers, Modbus RTU nodes, Modbus TCP Clients, and Siemens PLCs.
To do this properly, a user needs to understand how a Siemens PLC organizes its data table. This article provides a quick introduction to the data table of Siemens PLCs. For more detailed information, contact your Siemens distributor.
Siemens controllers aren’t that different from other controllers: the programmable controller memory is segmented into areas related to controller operation and programming. There are six important memory areas in a Siemens S7 PLC:
I | Input |
Q | Output |
M | Memory Bit |
DB | Data Block Memory |
T | Timers |
Q | Counters |
S7 Family Memory Areas
You’ll note that the Timers (T) and Counters (C) are grayed out, indicating that those features are deprecated and are being replaced. Both T and C memory areas continue to be used in some of the old S7-300 and S7-400 programs and might still be available if you copy one of those old programs into a newer controller. In general, it is best to discontinue using these memory areas when implementing Timers or Counters.
All memory areas of a Siemens PLC are addressed (except for the data block memory) using a 32-bit byte address starting at address zero. Data block memory in older controllers is addressed using a 48-bit byte address and in newer controllers with a tag name.
The I, Q, and M memory areas are addressed using an area designation, a data size identifier, and a 32-bit byte offset. Data size identifiers include standards like “B” for byte, “W” for word, and “DW” for double word. Some examples include:
IB200 | The byte at byte offset 200 (201st byte) |
IW200 | The word at byte offset 200, the first half of which includes IB200 |
ID200 | The double word at byte offset 200, made up of IW200 and IW202 and the first byte of which contains IB200 |
Addressing each area of the data table using byte offsets is a unique feature of Simatic address table addressing. Other controllers use either word offsets or allow the programmer to use multiple offset types, which can lead to a lot of memory overlap issues.
Bits can be addressed by forming an address without a size identifier. I0.1 is the second bit of the first input byte. Q200.7 is the last bit of the 201st byte in the output address table. Bits can only be addressed within a byte using bit addresses 0 to 7.
Data block memory is used in all Simatic controllers, but access to the data block memory in newer controllers uses tags. In older controllers, data block memory is identified with a data block number and element ID (DBxx.DByy z) where xx is the data block number, yy is the memory size (X-bit, B-byte, W-Word, D-Double) and z is the byte offset into the data block. Some examples include:
DB1.DBW 0 | Data Block 1, byte offset 0, addressed as a word |
DB5.DBB 2 | Data Block 5, byte offset 2, addressed as a byte |
DB1.DBX 4.1 | Data Block 1, byte offset 4, bit 1, addressed as a bit |
In older controllers, all data blocks are allocated and controlled by the user program. The user must track what data blocks are used and how the memory within the data block is used.
The number of data blocks varies with the memory available in a particular controller. In some of the newer controllers, TIA keeps track of data blocks and their contents, leading to many fewer programming errors.
You can find many S7 Controller gateways on the RTA website. Some of the products you will find there include:
Accessing Modbus RTU Slave devices from a Siemens S7 PLC
Make your Siemens S7 PLC look like an EtherNet/IP Adapter
Transfer ASCII data into an S7 PLC