top of page

Setting Up PLCSim Advanced with distributed communication (using ESXi)

Dec 5, 20235 min read

Siemens PLCSim Advanced is a software tool that allows you to simulate and test your PLC programs on a virtual controller without the need for any real hardware. It supports various types of S7-1500 and ET 200SP controllers, as well as secure communication, OPC UA, and an extensive API for connecting to plant or machine simulations.

Some of the use case scenarios and benefits of Siemens PLCSim Advanced are:

  • You can create and test complex applications that involve multiple controllers, distributed I/O, and communication networks in a virtual environment.

  • You can perform comprehensive function simulation and validation of your PLC logic, as well as debugging and troubleshooting of errors.

  • You can integrate your PLC program with external simulation tools, such as MATLAB/Simulink, Plant Simulation, or Unity, to create realistic and dynamic models of your system or machine.

  • You can reduce the development time and cost of your PLC projects, as well as the risk of errors and failures in the real operation.

Siemens PLCSim Advanced is a powerful and flexible tool that can help you to design, test, and optimize your PLC programs in a safe and efficient way. It is compatible with TIA Portal projects from versions V14 to V17, and supports CPU firmware versions from V1.8 to V2.9. This becomes really useful when developing applications that are meant to aggregate data from various PLCs to test machine learning models and data aggregation functions. At ThetaPhi we use PLCSim Advanced regular during edge application development and testing, so keeping with our motto of sharing what we learn, in this post I’ll go over how to setup your PLCSim advanced v4.0 on a VM running on VMWare ESXi host.


Before getting stuck in lets quickly look at what the target architecture is:


Target Architecture
Target Architecture

The VM running the PLCSim advanced does not need two virtual NICs as shown in the architecture for this setup to work. Only shown here because that is the setup I needed.


We want to run multiple PLCs with different IP address and get the data to the (virtual) industrial edge device using the Siemens S7 Connector. We also want to be able to download the code to the PLCs from the engineering PC running TIA v16. In this post I will only cover the ESXI networking and PLCSim Advanced setup. We’ll cover how to setup the S7 Connector in a separate post in the future.


So how does this magic actually happen? PLCSim Advanced is a PLC emulator. The emulated PLCs network interface (always port X1) is connected to the virtual PLC ethernet switch created as part of the PLCSim advanced setup. The traffic from this virtual switch is routed to the physical switch using NPCAP(Wincap for PLCSim Advanced v3.0).


It is important to understand how it works to make sure we enable the right configurations on the virtual switch / port group on ESXi . In this setup we have created a PLC network (192.168.100.0/24) but our simulated PLC might need to be on a separate network/subnet. PLCSim advanced allows us to do that (using the PLCSIM virtual switch) but in order for the traffic to get to the PLCSim virtual switch we have to allow the traffic to go through the virtual switch created on ESXi. This is enabled by setting the port group used by the VM1 to allow promiscuous mode. In an Ethernet local area network, promiscuous mode ensures that every data packet that is transmitted is received and read by a network adapter. This means the adapter does not filter packets regardless of the originating address/subnet. Instead, it passes each packet on to the operating system (OS) or any monitoring application installed on the network.


As mentioned before PLCSim Advanced creates an emulated network interface complete with a MAC address, IP and subnet configurations for each PLC. These emulated interfaces are connected to the PLCSim virtual ethernet switch. The traffic from the switch is routed to the physical NIC. So the traffic originating from a virtual PLC would have a different originating MAC address to the traffic generated by the OS. By default ESXi would drop these packet to protect against MAC address impersonation but we want to allow this traffic through so we can communicate with the emulated PLCs. So we have to set the Forged transmit option to "allow" for the port group used for the VM(s). If you don’t, the ESXi host compares the source MAC address being transmitted by the guest operating system with the effective MAC address for its virtual machine adapter to see if they match. If the addresses do not match, the host drops the packet.


With the theory out of the way, let us begin by creating a virtual switch in the ESXi host. First we need a virtual switch, lets add it to the Virtual switches with 2 uplink ports (physical NICs):


Create an ESXi Virtual switch for PLC

We’ll leave all other settings to default including security:

Security settings for the PLC virtual switch
Security settings for the PLC virtual switch

You should now have the following Virtual switches (as a minimum):

Esxi Virtual switches

With the Virtual switch created we need to create a port group that we want to use for communications to the simulated PLCs (note the security options):

Port group for PLC Sim advanced

You should now have the following port groups (as a minimum):

ESXi Port groups

Once the port group is created we can assign it to the VMs’ virtual NICs:

Assign Port group to VM NICs

I have assigned the port group to the Virtual Industrial Edge device VM as well. Now our "PLC_vSwitch" in ESXi looks like this:

PLC vSwitch on ESXi after setup

With that our virtual network setup is complete and we can move on to setting up the PLCSim advanced.


Assuming that you have already installed PLCSim Advanced on the VM, you should have a PLCSim Virtual switch available in network adapters:

PLCSim Virtual Switch

Change the IPv4 setting to static and assign an address that is accessible from outside the VM. I will assign it an address from my “PLC network”:

IP Settings for PLCSIM Virtual Switch

In the configurations for the EtherNet adapter that you want to use for communications to the simulated PLCs enable NPCAP driver and the PLCSIM Virtual Switch:

VM EtherNet Adapter

Once again set the IPv4 settings so it is accessible from the associated network:

IP Settings for VM EtherNet Adapter for PLCSIM Advanced

Now we can start our PLC instances. Lets create the first instance (test_plcsim) on 10.10.1.2. In PLCSim Advance Control Panel enable the "Virtual Eth. Adapter", select the physical interface to link to, enter the PLC interface details can click start:

Create an instance on PLCSIM Advanced

The instance should take a few seconds to start up once it’s ready you should see it in the control panel (I have created 2 on separate networks):

PLCSIM Advanced Running Instances

With the instances running you should be able to connect and download to either from TIA portal running on any PC on the network. Here is snapshot from my TIA portal application running on the engineering workstation shown on the architecture drawing at the start:

Accessible PLCSIM Instances

You can see both of my simulated instances listed as accessible. “plc_sim1” already has a program downloaded and running on it. I have also connected to the Virtual Industrial Edge device using the S7 connector running as a separate VM on ESXi host:

Data from PLCSIM Instance in Common Configurator

This setup allow us to deploy multiple PLCs with different IP addresses and connect them to TIA portal or the industrial edge device to test out the PLC program and the edge application together as you might encounter them on a site.


Hope you found this post helpful and keep an eye out on our future post where we detail how to setup the S7 connector to get data from multiple simulated PLCs.

209 views0 comments

Comments

bottom of page