Modicon created the serial communication protocol known as Modbus and released it in 1979 for use with its programmable logic controllers (PLCs). It is a technique to transmit data over serial lines between electronic devices. The devices supplying the information are referred to as Modbus Slaves, while the device requesting the information is known as the Modbus Master. A typical Modbus network has one Master and up to 247 Slaves, each with a unique Slave Address ranging from 1 to 247. Information can also be written to the Slaves by the Master. For a comprehensive overview, you can visit the Modbus Wikipedia page.
Modbus RTU and Modbus TCP/IP are the two most widely used of these.
It is a serial communication protocol that links various devices on the same network and enables inter-device communication.
Schneider Automation’s Modbus Messaging Implementation Guide details a modified protocol designed specifically for use over TCP/IP. Visit www.modbus.org/specs.php to access the official Modbus specification. These key distinctions between Modbus RTU and Modbus TCP are listed here.
MODBUS has a distinct addressing pattern. Every value in a Modbus device is stored at a specific address. For instance, a Volt A-N value will only be stored by an EATON power metre at Modbus address 40001.
There four Modbus DATA Type
| Types of Modbus Data | Data format and common name | Address where they begin | Type |
|---|---|---|---|
| Modbus Coils | Bits, Binary values | 00001 | This type of data can be provided by an I/O system. |
| Digital Inputs | Binary values | 10001 | This type data can be changed by an application layer. |
| Analog Inputs | Binary values | 30001 | This type of data can be provided by an I/O system. |
| Modbus Registers/ Holding registers | Analog values | 40001 | This type data can be changed by an application layer. |
Utilising the gateway‘s Ethernet port, the Modbus device can be connected. We can run a query with any standard Modbus Scanner to extract the value from a Modbus device. All requests are routed through TCP/IP on the registered port 502.
How is data stored in Standard Modbus?
The Slave device stores information in four different tables.
In two tables, discrete on/off values (coils) are stored, and in the other two, numerical values (registers). Each coil and register has its own read-only and read-write table.
Each table has 9999 values.
Each coil or contact is 1 bit and assigned a data address between 0000 and 270E.
Each register is 1 word = 16 bits = 2 bytes and also has data address between 0000 and270E.
| Coil/Register Numbers | Data Addresses | Type | Table Name |
|---|---|---|---|
| 1-9999 | 0000 to 270E | Read-Write | Discrete Output Coils |
| 10001-19999 | 0000 to 270E | Read-Only | Discrete Input Contacts |
| 30001-39999 | 0000 to 270E | Read-Only | Analog Input Registers |
| 40001-49999 | 0000 to 270E | Read-Write | Analog Output Holding Registers |
Since Coil/Register Numbers do not appear in the actual messages, they can be regarded as location names. In the messages, the Data Addresses are utilised.
For instance, the Data Address for the first Holding Register, 40001, is 0000.
The offset is defined as the difference between these two values.
The offset varies for every table. 1, 10001, 30001 and 40001.
A unique unit address between 1 and 247 is given to each slave in a network. The Slave address is the first byte the master sends when making a data request. This way, each slave can decide whether to ignore the message after the first byte.
Simply put, a Modbus map is a list of slave devices that specifies:
– what the data is (for example, pressure or temperature readings)
– where the data is stored (which tables and data addresses)
– how the data is stored (data types, byte and word ordering)
Some devices have a fixed map that the manufacturer predetermines, while other devices let the user programme or customise a map to meet their specific needs.
MODBUS networks use two error-checking methods: parity checking
Parity Checking
A MODBUS device can be set to check for even or odd parity or to check for no parity at all. This determines how the character’s data frame’s parity bit is set. The number of 1 bits in each character frame’s data section is counted, depending on whether even or odd parity checking is chosen. In RTU mode, each character contains 8 bits. As a result, the total number of 1 bits will either be even (even parity) or odd (odd parity), depending on whether the parity bit is set to 0 or 1.
If you encounter specific issues, you may find answers on Stack Overflow.
The LRC—Longitudinal Redundancy Check (ASCII Mode Only) The character frame in ASCII transmission mode has an LRC field as the final field before the CRLF characters. Except for the starting colon character and the final CRLF pair of characters, this field contains two ASCII characters representing the outcome of a longitudinal redundancy calculation for all fields.
Cyclical Redundancy Check (CRC) based error checking is included in RTU Mode message frames. A message frame’s error-checking field holds a 16-bit value (two 8-bit bytes) representing the outcome of a Cyclical Redundancy Check (CRC) calculation on the message contents.
The Master’s second byte is the Function code. The slave is instructed by this number to read from or write to the table and to access the appropriate table.
| Function Code | Action | Table Name |
|---|---|---|
| 01 (01 hex) | Read | Discrete Output Coils |
| 05 (05 hex) | Write single | Discrete Output Coil |
| 15 (0F hex) | Write multiple | Discrete Output Coils |
| 02 (02 hex) | Read | Discrete Input Contacts |
| 04 (04 hex) | Read | Analog Input Registers |
| 03 (03 hex) | Read | Analog Output Holding Registers |
| 06 (06 hex) | Write single | Analog Output Holding Register |
| 16 (10 hex) | Write multiple | Analog Output Holding Registers |
| Code | Name | Meaning |
|---|---|---|
| 01 | ILLEGAL FUNCTION | The function code received in the query is not an allowable action for the server (or slave). This may be because the function code is only applicable to newer devices, and was not implemented in the unit selected. It could also indicate that the server (or slave) is in the wrong state to process a request of this type, for example because it is unconfigured and is being asked to return register values. |
| 02 | ILLEGAL DATA ADDRESS | The data address received in the query is not an allowable address for the server (or slave). More specifically, the combination of reference number and transfer length is invalid. For a controller with 100 registers, the PDU addresses the first register as 0, and the last one as 99. If a request is submitted with a starting register address of 96 and a quantity of registers of 4, then this request will successfully operate (address-wise at least) on registers 96, 97, 98, 99. If a request is submitted with a starting register address of 96 and a quantity of registers of 5, then this request will fail with Exception Code 0x02 “Illegal Data Address” since it attempts to operate on registers 96, 97, 98, 99 and 100, and there is no register with address 100. |
| 03 | ILLEGAL DATA VALUE | A value contained in the query data field is not an allowable value for server (or slave). This indicates a fault in the structure of the remainder of a complex request, such as that the implied length is incorrect. It specifically does NOT mean that a data item submitted for storage in a register has a value outside the expectation of the application program, since the MODBUS protocol is unaware of the significance of any particular value of any particular register. |
| 04 | SLAVE DEVICE FAILURE | An unrecoverable error occurred while the server (or slave) was attempting to perform the requested action. |
| 05 | ACKNOWLEDGE | Specialized use in conjunction with programming commands. The server (or slave) has accepted the request and is processing it, but a long duration of time will be required to do so. This response is returned to prevent a timeout error from occurring in the client (or master). The client (or master) can next issue a Poll Program Complete message to determine if processing is completed. |
| 06 | SLAVE DEVICE BUSY | Specialized use in conjunction with programming commands. The server (or slave) is engaged in processing a long–duration program command. The client (or master) should retransmit the message later when the server (or slave) is free. |
| 08 | MEMORY PARITY ERROR | Specialized use in conjunction with function codes 20 and 21 and reference type 6, to indicate that the extended file area failed to pass a consistency check The server (or slave) attempted to read record file, but detected a parity error in the memory. The client (or master) can retry the request, but service may be required on the server (or slave) device. |
| 0A | GATEWAY PATH UNAVAILABLE | Specialized use in conjunction with gateways, indicates that the gateway was unable to allocate an internal communication path from the input port to the output port for processing the request. Usually means that the gateway is not configured correctly or is overloaded. |
| 0B | GATEWAY TARGET DEVICE FAILED TO RESPOND | Specialized use in conjunction with gateways, indicates that no response was obtained from the target device. Usually means that the device is not present on the network. |
ProtoConvert offers outstanding solutions for every type of protocol such as ‘Modbus’, ‘BACnet’, ‘LonWorks‘, ‘SNMP‘, etc. Explore our gateway page for details or send an inquiry for personalized assistance. Visit our Protoconvert Home page for more information about our services. Also Check out our All Tutorials page for more helpful guides. Learn more about our mission on our About Us page.
