Siemens S7

The Siemens S7 protocol provides communication with Siemens S7 series PLCs over TCP/IP. It runs on the ProfiNET (Process Field Network) industrial ethernet standard and uses port 102 by default.

inSCADA supports the S7 protocol in Client role only.

Supported PLC Series

• Siemens S7-300
• Siemens S7-400
• Siemens S7-1200
• Siemens S7-1500

Data Model

Connection (IP, port, rack, slot)
└── Device
    └── Frame (Data Block — S7 memory area)
        └── Variable (address + data type)

Configuration

Connection

Parameter	Example	Description
Protocol	S7	Protocol selection
IP Address	192.168.1.1	PLC IP address
Port	102	S7 port (default: 102)
Rack	0	PLC rack number (default: 0)
Slot	0	PLC slot number (0 for S7-1200/1500, 2 for S7-300/400)
Timeout	5000 ms	Connection timeout duration
Connection Type	S7_BASIC	Connection type

Connection Types

Type	Description
PG	Programming device connection
OP	Operator panel connection
S7_BASIC	Standard S7 connection (default)

Device

Parameter	Example	Description
Scan Time	1000 ms	Scan period
Scan Type	PERIODIC	PERIODIC or FIXED_DELAY

Frame (Data Block)

Parameter	Example	Description
Type	DB	Memory area type (see below)
Start Address	0	Starting byte address
Quantity	100	Number of bytes to read
DB Number	8	Datablock number (for DB and DI types only)

Memory Areas (Frame Types)

Type	Description	Usage
DB	DataBlock (Peripheral I/O) Area	Most common — Global Data Block
DI	DataBlock Area	Instance Data Block
DB_LOCAL	DataBlock (local) Area	Local Data Block
MK	Marker (Flags) Area	Marker area (M)
PE	PE (Inputs) Instance Area	Input area (I)
PA	PA (Outputs) Instance Area	Output area (Q)
TM	S7 Timer Area	Timer
CT_INPUTS	S7 Counter Area	Counter
SYS_INFO	System Information	System information
SYSTEM_FLAGS	S7 Counters	System flags
TM_IEC	IEC Counters (200 Family)	IEC counters
TM_V	IEC Timers (200 Family)	IEC timers
ANALOG_INPUTS	Analog Inputs (200 Family)	Analog input
ANALOG_OUTPUTS	Analog Outputs (200 Family)	Analog output

Tip

The DB (DataBlock) type is used in most applications. You can read/write data by creating a Global DB in the PLC program and entering its number, start address, and byte count in inSCADA.

Variable

Parameter	Example	Description
Start Address	0	Byte offset within the frame
Bit Offset	0	Bit offset (for BIT type, 0-7)
Type	REAL	S7 data type
Max Len	0	Maximum length for string variables

Supported Data Types

Data Type	Size	Description
BIT	1 bit	Single bit (Bool) — accessed via Bit Offset
BYTE	8 bit	Unsigned 8-bit integer
WORD	16 bit	Unsigned 16-bit integer
INT	16 bit	Signed 16-bit integer
DWORD	32 bit	Unsigned 32-bit integer
DINT	32 bit	Signed 32-bit integer
REAL	32 bit	32-bit floating point (Float)
LREAL	64 bit	64-bit floating point (Double)
DATETIME	8 byte	Date and time
S7STRING	Variable	S7 string format
S7WSTRING	Variable	S7 wide string format

Address Calculation Example

S7 addressing is byte and bit based. Variable addresses are calculated relative to the start address of the Frame:

Frame: DB8, Start Address: 0, Quantity: 100

Variable examples:
├── DB8.DBX0.0  → Start: 0, Bit Offset: 0, Type: BIT    (first bit)
├── DB8.DBX0.1  → Start: 0, Bit Offset: 1, Type: BIT    (second bit)
├── DB8.DBB2    → Start: 2, Type: BYTE                    (3rd byte)
├── DB8.DBW4    → Start: 4, Type: WORD                    (5th-6th byte)
├── DB8.DBD8    → Start: 8, Type: REAL                    (9th-12th byte)
└── DB8.DBD12   → Start: 12, Type: DINT                   (13th-16th byte)

Siemens TIA Portal Settings

Some settings need to be configured on the PLC side for communication with the S7 protocol. These settings apply to TIA Portal V12 and later versions.

1. Disabling Optimized Block Access

On S7-1200 and S7-1500 PLCs, the optimized block access feature of Global DBs is enabled by default. This feature must be disabled for communication with inSCADA:

1. Double-click the relevant DB (Data Block) in TIA Portal
2. Open the DB’s Properties window
3. In the Attributes tab, uncheck the “Optimized block access” option
4. Save the DB and download to the PLC

Important

If optimized block access is not disabled, inSCADA cannot address correctly and incorrect data will be read. This setting must be configured separately for each Global DB.

2. Full Access Level Setting

The PLC access level must be configured to allow external communication:

1. Go to the CPU Properties section in TIA Portal
2. Open the Protection & Security tab
3. Set the Access Level to “Full access (no protection)“

3. PUT/GET Permission

The S7 protocol works with the PUT/GET mechanism. This feature must be enabled on the PLC:

1. Go to the CPU Properties section in TIA Portal
2. In the Protection & Security tab
3. Enable (check) the “Permit access with PUT/GET communication from remote partner” option

Note

Without PUT/GET permission, inSCADA connects but cannot read/write data. The connection appears as “Connected” but variable values are not updated.

Summary: TIA Portal Checklist

#	Setting	Location	Status
1	Optimized block access	DB Properties → Attributes	☐ Disabled
2	Access Level	CPU Properties → Protection	☐ Full access
3	PUT/GET permission	CPU Properties → Protection	☐ Enabled

Frame Parameters Detail

Minutes Offset

The Minutes Offset parameter applies a minute-based offset to timestamps read from the PLC. For example, if the PLC runs in UTC time and inSCADA needs to display local time:

• For UTC+3 (Turkey): 180 (3 hours × 60 minutes)
• To set the time back, use a negative value: -60 (1 hour back)
• Default: 0 (no offset)

Scan Time Factor

The Frame’s scan period is calculated by multiplying the Device’s Scan Time value:

Frame Scan Time = Device Scan Time × Scan Time Factor

For example, if Device Scan Time = 1000 ms and Frame Scan Time Factor = 5, this frame is scanned every 5 seconds. For slow-changing data, increasing the factor reduces unnecessary communication overhead.