Manually interpreting EDS File

AmazingNoob

Member
A
Join Date
Aug 2016
Location
asia
Posts
14
Hi there,

I am trying to determine the input, output, and config assembly and entering it into a beckhoff plc, and couldn''t get proper active connection.

As i was looking at the Path:
"20 04 24 66 2D 00 [Param4] 2D 00 [Param3]"; $ Path

Config assembly: 102 (Dec) (66 Hex)
Input assembly : 101 (Refer to Param3: Would value be 101 Dec???)
Output assembly: 100 (Refer to Param4: Would value be 100 Dec???)


Code: 
[Params]
        Param1 =
                0,                      $ reserved, shall equal 0
                ,,                      $ Link Path Size, Link Path
                0x0000,                 $ Descriptor
                0xC7,                   $ Data Type
                2,                      $ Data Size in bytes
                "Input Size",           $ name
                "",                     $ units
                "",                     $ help string
                0,64,64,                $ min, max, default data values
                ,,,,                    $ mult, div, base, offset scaling
                ,,,,                    $ mult, div, base, offset links
                ;                       $ decimal places
        Param2 =
                0,                      $ reserved, shall equal 0
                ,,                      $ Link Path Size, Link Path
                0x0000,                 $ Descriptor
                0xC7,                   $ Data Type
                2,                      $ Data Size in bytes
                "Output Size",          $ name
                "",                     $ units
                "",                     $ help string
                0,64,64,                $ min, max, default data values
                ,,,,                    $ mult, div, base, offset scaling
                ,,,,                    $ mult, div, base, offset links
                ;                       $ decimal places
        Param3 =
                0,                      $ reserved, shall equal 0
                ,,                      $ Link Path Size, Link Path
                0x0000,                 $ Descriptor
                0xC7,                   $ Data Type
                2,                      $ Data Size in bytes
                "Input Assembly ID",    $ name
                "",                     $ units
                "",                     $ help string
                100,768,101,            $ min, max, default data values
                ,,,,                    $ mult, div, base, offset scaling
                ,,,,                    $ mult, div, base, offset links
                0;                      $ decimal places
        Param4 =
                0,                      $ reserved, shall equal 0
                ,,                      $ Link Path Size, Link Path
                0x0000,                 $ Descriptor
                0xC7,                   $ Data Type
                2,                      $ Data Size in bytes
                "Output Assembly ID",   $ name
                "",                     $ units
                "",                     $ help string
                100,769,100,            $ min, max, default data values
                ,,,,                    $ mult, div, base, offset scaling
                ,,,,                    $ mult, div, base, offset links
                0;                      $ decimal places

[Connection Manager]
        Connection1 =
                0x04010002,             $ 0-15    = supported transport classes
                                        $ 16      = trigger: cyclic
                                        $ 17      = trigger: change of state
                                        $ 18      = trigger: application
                                        $ 19-23   = trigger: reserved
                                        $ 24      = transport type: listen-only
                                        $ 25      = transport type: input-only
                                        $ 26      = transport type: exclusive-owner
                                        $ 27      = transport type: redundant-owner
                                        $ 28-30   = reserved
                                        $ 31      = Client = 0 / Server = 1
                0x44640405,             $ 0       = O->T fixed size supported
                                        $ 1       = O->T variable size supported
                                        $ 2       = T->O fixed size supported
                                        $ 3       = T->O variable size supported
                                        $ 4-5     = O->T number of bytes per slot (obsolete)
                                        $ 6-7     = T->O number of bytes per slot (obsolete)
                                        $ 8-10    = O->T Real time transfer format
                                        $ 11      = reserved
                                        $ 12-14   = T->O Real time transfer format
                                        $ 15      = reserved
                                        $ 16      = O->T connection type: NULL
                                        $ 17      = O->T connection type: MULTICAST
                                        $ 18      = O->T connection type: POINT2POINT
                                        $ 19      = O->T connection type: reserved
                                        $ 20      = T->O connection type: NULL
                                        $ 21      = T->O connection type: MULTICAST
                                        $ 22      = T->O connection type: POINT2POINT
                                        $ 23      = T->O connection type: reserved
                                        $ 24      = O->T priority: LOW
                                        $ 25      = O->T priority: HIGH
                                        $ 26      = O->T priority: SCHEDULED
                                        $ 27      = O->T priority: reserved
                                        $ 28      = T->O priority: LOW
                                        $ 29      = T->O priority: HIGH
                                        $ 30      = T->O priority: SCHEDULED
                                        $ 31      = T->O priority: reserved
                ,Param2,,               $ O->T RPI, size, format
                ,Param1,,               $ T->O RPI, size, format
                ,,                      $ config #1 size, format
                ,,                      $ config #2 size, format
                "I/O Connection",       $ Connection Name
                "",                     $ help string
                "20 04 24 66 2D 00 [Param4] 2D 00 [Param3]";    $ Path
 
This explanation seems very unlikely to me, and doesn’t really pass the sanity test. CIP and Ethernet/IP are published standards. Arbitrarily enforcing those would mean they weren’t standards. I think it’s more likely that the EDS files are wrong and they’re blaming Rockwell.
 
There is a tool offered by the ODVA called EZ-EDS (as in Easy EDS), which is the official editor and syntax checker for EDS files. It lets you see the contents of the EDS file within correct and easy to see property pages.
You can request this for free from the link below:
https://www.odva.org/subscriptions-services/additional-tools/request-ez-eds/

To your questions:
Input assembly : 101 (Refer to Param3: Would value be 101 Dec???)
Output assembly: 100 (Refer to Param4: Would value be 100 Dec???)
Click to expand...
I would need to get the full EDS file to be 100% sure but I think the answer is yes. If you see the path for "Connection 1" that you provided:
"20 04 24 66 2D 00 [Param4] 2D 00 [Param3]"; $ Path
Click to expand...
The "2D" is the prefix for a 16-bit Connection Point in a CIP logical segment. In addition, Param4's default value is 100 (decimal) and Param3's default value is 101 (decimal). So yes, 100 and 101 are decimal values.
But this does not explain what the reason for not getting the active connections that are expected.
Since you are using a Beckhoff PLC, I would recommend you install Wireshark and see what is the response from the Ethernet/IP adapter to the scanners Connection Manager's forward open request. The Wireshark add-ion for EtherNet/IP is, in my opinion, very polished and status responses come with an English explanation, identical for practical purposes to the contents of the EtherNet/IP specification. I anticipate you will get a very accurate explanation for the error response the Ethernet/IP adapter is sending to the scanner.

2023-01-09LogicalSegment_ConnectionPoint.png
 
When using the wireshark, I'm guessing I also would need to have a TAP or mirror to perform this?

Also, where can i get this wireshark eip addon?
 
AmazingNoob said:
When using the wireshark, I'm guessing I also would need to have a TAP or mirror to perform this?

Also, where can i get this wireshark eip addon?
Click to expand...

I think Alfredo misspoke. I believe he meant to say that the dissector for EIP is very good, which is built into Wireshark. I'm sure he'll correct me if I'm wrong.
 
dmroeder said:
I think Alfredo misspoke. I believe he meant to say that the dissector for EIP is very good, which is built into Wireshark. I'm sure he'll correct me if I'm wrong.
Click to expand...
I agree with dmroeder's comment above. The EtherNet/IP dissector is built-in Wireshark. It works in Windows and Linux versions of Wireshark.

With regards to the need for an Ethernet TAP, if the TwinCAT Ethernet/IP scanner and Wireshark are running on the same computer you do not need the Ethernet TAP. It depends of course on whether the plant manager will allow installing Wireshark on the PLC, and there may be good reasons for not installing unnecessary software on the TwinCAT PLC. If Wireshark is running on a separate computer, if the switching hub is not a managed kind of device and does not support mirroring port functionality, then yes, you would need an Ethernet tap.

Finally, I have not used TwinCAT with EtherNet/IP although I do have experience with EtherCAT. I do have a lot of experience with CODESYS EtherNet/IP scanner. With CODESYS engineering tool in online mode, for the Ethernet/IP adapter in question, the status page will show the same extended status information as Wireshark would show. If you need more help on this I can show you a screenshot of a connection intentionally incorrectly configured so you can see an example of how it looks in CODESYS. I understand CODESYS and TwinCAT are very similar in some PLC functionalities so this may be helpful. I would need some time though. I could have this uploaded by the end of the day here in Japan.
 
Thank you for everyone reply.
Is there any software that I can use to test & poke some data from my laptop to the eip hardware without a plc ethernet/ip?
 
This ODVA/Molex EtherNet/IP tool does not support implicit messaging.
You can use CODESYS which has a Windows soft PLC application that works for about one hour in evaluation mode. Works very similar to TwinCAT, at least from a GUI point of view.
Or you can use TwinCAT which works for 7 days after installation without a license. If you uninstall and reinstall TwinCAT it will work again for 7 days.

I have never used this tool in depth. The EIPScanner is free from Nimbus Control.
https://github.com/nimbuscontrols/EIPScanner

There is a tool by Pyramid Solutions that can do implicit messaging but it is not free.
https://pyramidsolutions.com/produc...t-testing-tools/ethernetip-scanner-simulator/
 
AmazingNoob said:
And on the data, i would like to trigger high byte 5, bit0. How do i do that?
Click to expand...
You can do this by means of explicit messaging with the Molex tool.
Using the Explicit Message tab, select Set Attribute Single command.
Select Class ID 4, which is the Assembly Object class.
Select the assembly ID for the desired output assembly instance.
Select Attribute ID 3, which is the "data" instance attribute ID for the assembly object.
And then write the data you want to send in the Data (hex) box.
For example, if my PC was connected to a device with IP address 192.168.1.195 which supported output assembly instance 100 with 4 bytes, the below screen would allow writing 0xafbeadde by means of explicit messaging.

2023-01-11_SetAttributeSingle.png
 
AmazingNoob said:
And on the data, i would like to trigger high byte 5, bit0. How do i do that?
Click to expand...
Use first GetAttributeSingle to the same instance so can write the same value for the data other than the data you need to change, the high byte 5, bit 0. Remember EtherNet/IP process data is transmitted in little-endian order.
 
Thanks Alfredo.
I tried getAttributeSingle, it works, and populated the Response table.
But, when i tried 0x10 Set Attribute Single, I get warning
"CIP Status = 8 (0x08) Ext = None => Service not supported"

NIkyYRxvkm.png
 
Last edited:
You need to write data in all the spaces, not only the 5th byte. And you need to write the exact number of bytes. no more and no less. That is why I said you need to do getAttributeSingle first. So you write back the same information you read for bytes 1, 2, 3, and 4. If data for byte 5 is one (1), you have to write "01" not "1". And if the connection has more than 5 bytes you have to add this information too.
Now you have to make sure this is an output assembly. It is not possible to SetAttriuteSingle to an input assembly.
 
Now i see why get and set later.
when i did a get, it filled up to 68bytes which is interesting.
With a PLC, I only had to set 64 in/out bytes.
Does this mean, my data actually starts at byte 5 since the first 4 is padded possibly ?

Here is the get image:
https://pasteboard.co/q0sIgtTo1ii7.png

Should i do a set this way?
I still get error "CIP Status = 8 (0x08) Ext = None => Service not supported"
https://pasteboard.co/31PawW9VYOTU.png (With padding)
https://pasteboard.co/JB8F7wRQYWpa.png (No Padding)


This is what i have in PLC and it works when i set the local:o_Output[5].0
https://pasteboard.co/uxM0PlW5jAEC.png
 

Similar Topics

D
Manually dobbing in plc outputs help please!
To quickly test a plc output which is wired to a relay do I dob a cable between the output and 24vdc+ source I.e something with 24vdc+ live such...
Replies
6
Views
701
parky
P
E
manually reset pulse timer before end of counter
Hello everyone‚ Fairly new to PLC prog I seek your advise concerning what is said in my thread title; I program using workbench components; I...
Replies
1
Views
1,258
parky
P
einnh
Manually reading or mapping EDS files. (Rockwell)(Studio)(Ethernet/IP)
We have a customer that requires a CISCO network switches by government regulation. We are using a IE-4000-8GT4G-E industrial network switch. I...
2 3
Replies
37
Views
18,720
tmur
T
M
Siemens Drive Monitor - manually Run
Dear Sirs, I have several Siemens MasterDrives (of dubious parentage) and I'm not sure if they are operational or not. I have an old laptop...
Replies
9
Views
2,810
JRW
JRW
C
ControlLogix - Manually Tune SIP Axis for Maintaining Position Against a Load
I need to increase a servo motor's ability to hold a load in place when work is being performed against it. This project is in a metal forming...
Replies
0
Views
1,401
CevinMoses
C
Back
Top Bottom