Skills / PLC Programming Basics / PLC Technician Foundations / PLC Programming Basics
PLC Programming Basics

PLC Programming Basics

100 min read Training Guide

An introduction to programmable logic controllers covering hardware components, input/output wiring, ladder logic fundamentals, and basic troubleshooting techniques.

Table of contents

PLC Programming Basics

Programmable logic controllers (PLCs) are the brains behind nearly every automated industrial process. From simple conveyor start/stop control to complex multi-axis motion systems, PLCs execute the logic that keeps factories running. As an industrial electrician or controls technician, PLC skills are among the most valuable and in-demand capabilities you can develop. This guide covers PLC hardware, I/O wiring, ladder logic programming, timers, counters, the scan cycle, and troubleshooting techniques you will use on the job.

What is a PLC and Why Does It Matter?

A PLC is a ruggedized industrial computer purpose-built to read inputs from field devices (sensors, switches, pushbuttons), execute a stored program, and control outputs (motors, valves, lights, solenoids). PLCs replaced hardwired relay panels starting in the late 1960s, and they now control virtually every automated process in manufacturing.

Why PLCs replaced relay logic:

  • A program change requires reprogramming, not rewiring
  • One PLC replaces dozens or hundreds of physical relays, timers, and counters
  • PLCs provide diagnostics, data logging, and communication that relays cannot
  • PLCs are more reliable with fewer mechanical parts to fail
  • Changes and additions are faster and cheaper

Major PLC manufacturers:

  • Allen-Bradley / Rockwell Automation (CompactLogix, ControlLogix, MicroLogix, PLC-5) - dominant in North America
  • Siemens (S7-1200, S7-1500, S7-300/400) - dominant in Europe and widely used globally
  • Mitsubishi (FX series, Q series, iQ-R series) - common in Asia and automotive
  • Omron (CJ2, NJ/NX series) - common in packaging and material handling
  • Schneider Electric (Modicon M340, M580) - common in process industries

As an apprentice, you are most likely to encounter Allen-Bradley and Siemens. The concepts are the same across all brands - only the software interface and specific instruction names differ.

PLC Hardware Components

Power Supply

Converts facility power (120V AC or 240V AC) to the low-voltage DC (typically 24V DC) that the PLC electronics require. In modular PLC systems, the power supply is a separate module. In compact PLCs, it is built in.

Sizing the power supply: Add up the current draw of the CPU, all I/O modules, and any field devices powered from the PLC supply. Size the power supply with at least 20% headroom above the calculated total.

CPU (Processor)

The CPU is the brain of the PLC. It:

  • Executes the user program stored in memory
  • Manages all I/O communication
  • Handles peer-to-peer and network communication
  • Performs self-diagnostics and fault reporting
  • Runs the scan cycle continuously

CPU selection factors: Memory size (how large a program and how much data), scan speed (how fast it executes), communication ports (Ethernet, serial, DeviceNet), and I/O capacity (how many modules it can support).

Input Modules

Input modules receive signals from field devices and convert them to digital values the CPU can process.

Digital (discrete) inputs:

  • Read on/off signals from pushbuttons, limit switches, proximity sensors, photoelectric sensors, and relay contacts
  • Typically 24V DC (sinking or sourcing) or 120V AC
  • LED indicator on the module lights when the input is active
  • Input filtering (debounce time) prevents false readings from contact bounce or electrical noise - typically 1-10 ms

Analog inputs:

  • Read continuously variable signals from instruments
  • Common signal types:
    • 4-20 mA current loop (most common in process control)
    • 0-10V DC voltage
    • RTD (Resistance Temperature Detector) - for precision temperature measurement
    • Thermocouple - for high-temperature measurement
  • Resolution: 12-bit (4,096 counts), 14-bit (16,384 counts), or 16-bit (65,536 counts)
  • Scaling: The program must convert the raw count to engineering units. For a 4-20 mA input measuring 0-100 PSI: 4 mA = 0 PSI (raw count 0 or 6,242 depending on module), 20 mA = 100 PSI (raw count 4,095 or 31,208)

Output Modules

Output modules receive commands from the CPU and control field devices.

Digital (discrete) outputs:

  • Turn devices on and off: motor starters, solenoid valves, pilot lights, horns, relays
  • Types:
    • Relay output - A mechanical relay inside the module. Can switch AC or DC at various voltages. Slower switching speed (10-20 ms). Limited cycle life (100,000 to 10 million operations). Best for infrequent switching.
    • Transistor (DC) output - Solid-state, switches DC only. Very fast (microseconds). Unlimited cycle life. Best for high-speed applications (pulse outputs, fast sequencing).
    • Triac (AC) output - Solid-state, switches AC only. Fast switching but generates more heat than transistor outputs.

Analog outputs:

  • Send continuously variable signals to control devices
  • Common signal types: 4-20 mA, 0-10V DC
  • Used to control: VFD speed references, proportional valves, damper actuators, SCR power controllers

Communication Modules

Connect the PLC to other devices and networks:

  • Ethernet/IP - The dominant industrial Ethernet protocol for Allen-Bradley systems. Carries both control data and information data on standard Ethernet infrastructure.
  • PROFINET - Siemens' industrial Ethernet protocol
  • Modbus TCP - An open protocol running on Ethernet, widely supported by many manufacturers
  • DeviceNet - A fieldbus network for connecting I/O, sensors, and actuators (Allen-Bradley ecosystem)
  • PROFIBUS - Siemens' fieldbus network
  • Serial (RS-232/RS-485) - Older but still common for connecting instruments, barcode scanners, and legacy devices

Input/Output (I/O) Wiring

Proper I/O wiring is critical for reliable operation. Poor wiring causes intermittent faults that are extremely difficult to troubleshoot.

Sinking vs. Sourcing

This describes the direction of current flow relative to the I/O module:

  • Sourcing output - The output module provides (sources) current to the field device. Current flows FROM the output terminal, THROUGH the load, TO the common (0V). Most common in North America.
  • Sinking output - The output module receives (sinks) current from the field device. Current flows FROM the power supply, THROUGH the load, TO the output terminal.
  • Sourcing input - The input module provides current to the sensor. The sensor completes the path to common when activated.
  • Sinking input - The input module receives current from the sensor. The sensor provides current from the power supply when activated.

The rule: Match sinking outputs to sourcing inputs, and sourcing outputs to sinking inputs. Many modern modules are configurable for either mode.

Wiring Best Practices

  • Use shielded cable for analog signals. Ground the shield at ONE end only (typically at the PLC) to prevent ground loops.
  • Separate power wiring from signal wiring. Run them in separate conduits or cable trays. Keep at least 12" separation between power and signal cables running in parallel.
  • Use ferrules on stranded wire. Ferrules prevent stray strands that can cause short circuits in terminal blocks.
  • Label every wire at both ends with the I/O address (e.g., I:1/0 for input module 1, terminal 0).
  • Use surge suppression on outputs driving inductive loads (contactors, solenoids). A diode (DC) or RC snubber (AC) across the coil prevents voltage spikes that damage output modules.
  • Fuse individual outputs or groups of outputs to protect the module from short circuits in the field wiring.

Common I/O Wiring Example: Proximity Sensor to PLC Input

A typical 3-wire NPN proximity sensor (sinking type) connected to a sourcing PLC input:

  • Brown wire (power +) connects to +24V DC supply
  • Blue wire (power -) connects to 0V DC (common)
  • Black wire (signal) connects to the PLC input terminal
  • When the sensor detects a target, the black wire is pulled to 0V (sinking current from the PLC input)
  • The PLC input LED turns on, and the corresponding bit in the input image table turns ON (1)

Tip from the field: When a sensor is not working, check these things in order: (1) Is the sensor getting power? Measure 24V between brown and blue at the sensor. (2) Is the sensor detecting the target? Most sensors have an indicator LED. (3) Is the signal reaching the PLC? Measure voltage at the PLC input terminal. (4) Is the PLC seeing the input? Check the module LED and the input status in the programming software.

Ladder Logic Programming

Ladder logic is the most widely used PLC programming language. It was designed to resemble the relay logic diagrams that electricians already knew, making the transition from hardwired relay panels to PLCs easier.

Program Structure

A ladder logic program consists of horizontal "rungs" between two vertical "power rails." Each rung contains:

  • Conditions (left side) - Input instructions that evaluate to TRUE or FALSE
  • Actions (right side) - Output instructions that execute when the conditions are met

The program executes from top to bottom, left to right, in a continuous loop.

Basic Instructions

Examine If Closed (XIC): --| |--

  • A normally open contact in the logic
  • TRUE when the associated bit (input, output, or internal) is ON (1)
  • Use when you want the rung to be true when something is active

Examine If Open (XIO): --|/|--

  • A normally closed contact in the logic
  • TRUE when the associated bit is OFF (0)
  • Use when you want the rung to be true when something is inactive (stop buttons, safety interlocks, normally closed sensors)

Output Energize (OTE): --( )--

  • Turns the output ON when the rung is TRUE, OFF when the rung is FALSE
  • Non-retentive: does not remember its state through a power cycle
  • The most common output instruction

Output Latch (OTL): --(L)--

  • Turns the output ON when the rung is TRUE
  • STAYS ON even when the rung goes FALSE (retentive)
  • Requires a separate OTU (unlatch) instruction to turn it off

Output Unlatch (OTU): --(U)--

  • Turns OFF a latched output when its rung is TRUE
  • Only affects OTL outputs

Important: Never use the same output address on two separate OTE instructions in the same program. The second rung will always overwrite the first (last rung wins). Use OTL/OTU pairs or internal bits with logic to avoid this.

Timers

Timer On-Delay (TON):

  • Starts timing when the rung goes TRUE
  • The .DN (done) bit turns ON when the accumulated value reaches the preset value
  • The .TT (timer timing) bit is ON while the timer is actively counting
  • The .EN (enable) bit is ON when the rung is TRUE
  • If the rung goes FALSE before the timer completes, the accumulated value RESETS to zero
  • Preset value is in milliseconds (Allen-Bradley) or typically configurable time base
  • Use case: Delay starting a process after a condition is met (e.g., wait 5 seconds after a conveyor starts before activating the glue gun)

Timer Off-Delay (TOF):

  • The .DN bit is ON when the rung is TRUE
  • When the rung goes FALSE, the timer starts counting
  • The .DN bit turns OFF when the accumulated value reaches the preset
  • If the rung goes TRUE again before timing completes, the timer resets
  • Use case: Keep a cooling fan running for 60 seconds after a motor stops

Retentive Timer On-Delay (RTO):

  • Same as TON, but the accumulated value does NOT reset when the rung goes FALSE
  • The accumulated value accumulates across multiple TRUE periods
  • Requires a RES (reset) instruction to reset the accumulated value
  • Use case: Track total run time of a motor for maintenance scheduling

Counters

Count Up (CTU):

  • Increments the accumulated value by 1 each time the rung transitions from FALSE to TRUE (rising edge)
  • The .DN bit turns ON when the accumulated value reaches the preset value
  • Does NOT reset automatically - requires a RES instruction
  • Use case: Count parts on a conveyor; when count reaches 12, actuate the box-closing mechanism

Count Down (CTD):

  • Decrements the accumulated value by 1 on each FALSE-to-TRUE transition
  • The .DN bit turns ON when the accumulated value reaches the preset value (or zero/negative)
  • Use case: Count down remaining parts in a hopper

Comparison and Math Instructions

Comparison instructions evaluate conditions:

  • EQU (Equal): TRUE when Source A = Source B
  • NEQ (Not Equal): TRUE when Source A does not equal Source B
  • GRT (Greater Than): TRUE when Source A > Source B
  • LES (Less Than): TRUE when Source A < Source B
  • GEQ (Greater Than or Equal)
  • LEQ (Less Than or Equal)

Math instructions perform calculations:

  • ADD: Destination = Source A + Source B
  • SUB: Destination = Source A - Source B
  • MUL: Destination = Source A x Source B
  • DIV: Destination = Source A / Source B
  • MOV: Copy a value from Source to Destination
  • SCL: Scale a raw value (commonly used for analog I/O conversion)

Program Organization

Well-organized programs are easier to troubleshoot and maintain:

  • Use subroutines/routines to organize code by function (e.g., Conveyor_Control, Packaging, Fault_Handling)
  • Add rung comments explaining what each rung does and why
  • Use descriptive tag names (Conveyor_1_Running, not O:2/0)
  • Group related logic together and use rung separators or headers
  • Keep rung logic simple - if a rung is too complex to understand quickly, break it into multiple rungs with intermediate bits

The Scan Cycle

The PLC executes its program in a continuous loop called the scan cycle:

  1. Input scan - Read the physical state of all input modules and copy them to the input image table in memory. This is a snapshot - the inputs are frozen during program execution.
  2. Program scan - Execute every rung of the program from top to bottom, left to right. Results are written to the output image table in memory (not directly to physical outputs).
  3. Output scan - Copy the output image table to the physical output modules. All outputs update simultaneously.
  4. Housekeeping/Communication - Handle network communication, HMI updates, diagnostics, and internal bookkeeping.

Scan time is the total time for one complete cycle. Typical scan times range from 1 ms to 50 ms depending on program size and CPU speed. Monitor scan time to ensure it stays within acceptable limits - an increasing scan time may indicate a problem.

Important implication: Because inputs are read once per scan and outputs are written once per scan, events that occur faster than the scan time may be missed. For high-speed applications (counting fast pulses, detecting brief events), use high-speed counter modules or interrupt routines.

PLC Troubleshooting

Online Monitoring

The most powerful troubleshooting tool is going online with the PLC using the programming software and watching the logic execute in real time:

  • Highlighted (TRUE) contacts show you which conditions are met
  • Non-highlighted (FALSE) contacts show you which conditions are blocking the rung
  • You can monitor data values (timer accumulators, counter values, analog readings) in real time
  • Cross-reference tells you every rung where a specific address is used - invaluable for tracing logic

Forcing I/O

You can manually force inputs and outputs to a specific state for testing:

  • Force an input ON to simulate a sensor activating (when the physical sensor is not available or accessible)
  • Force an output ON to verify a field device operates (bypassing the program logic)

EXTREME CAUTION with forces:

  • Forces override ALL program logic - the forced state persists regardless of what the program says
  • A forced output can start equipment unexpectedly
  • Forces remain active even through power cycles on most PLCs
  • Always have a spotter at the machine when forcing outputs
  • Remove ALL forces when done testing - leftover forces cause mysterious problems
  • Most PLCs show a "FORCES ACTIVE" indicator on the CPU - check for this regularly

Common PLC Problems and Solutions

Input not responding:

  1. Check the physical sensor/switch (multimeter at the sensor)
  2. Check the wiring (continuity from sensor to PLC terminal)
  3. Check the module LED (should light when the field device activates)
  4. Check the input status in the software (go online and monitor)
  5. If the LED lights but the software does not show it, the module may be faulty

Output not activating:

  1. Check the program logic online - is the rung TRUE?
  2. Check for forces that may be overriding the output
  3. Check the module LED (should light when the output is commanded ON)
  4. Check voltage at the output terminal (with the output ON)
  5. Check the field wiring from the output terminal to the device
  6. Check the output fuse (if fused at the module)

PLC in fault:

  1. Read the fault code from the CPU (check the programming software or HMI)
  2. Common faults:
    • I/O communication error: A module is not responding. Check module seating and connections.
    • Watchdog timeout: Program scan took too long. Check for infinite loops or excessive program size.
    • Memory error: Program memory corruption. May need to reload the program.
    • Major fault recoverable: Clear the fault, verify operation. Check the fault log for the root cause.
    • Major fault unrecoverable: Cycle power. If it persists, the CPU may need replacement.

Documentation

Always have these documents available when troubleshooting:

  • Ladder logic printout (or laptop with programming software)
  • I/O address list mapping each input and output to its physical device
  • Electrical drawings showing field wiring
  • P&ID (Piping and Instrumentation Diagram) showing the process
  • Sequence of operations describing what the machine should do

Tip from the field: Before you change anything in a PLC program, save a backup copy of the current program. Label it with the date and "before changes." If your changes cause problems, you can always go back to the known working version.

Key Takeaways

  • PLCs read inputs, execute a program, and control outputs in a continuous scan cycle
  • Ladder logic uses relay-style symbols that are intuitive for electricians - XIC, XIO, OTE are the foundation
  • Timers and counters extend the logic to handle time-based and count-based operations
  • Always follow lockout/tagout procedures and use extreme caution when forcing I/O
  • Proper I/O wiring (correct sinking/sourcing, shielded analog cables, surge suppression on outputs) prevents the majority of nuisance faults
  • Go online and monitor the program in real time - this is your most powerful troubleshooting tool
  • Always save a backup before making program changes
Previous Guide Industrial Electrical Systems Overview
Next Guide Basic Math for the Trades