This video will go over the basic
characteristics of the Modbus protocol, with special emphasis for Rockwell
Automation users. We’ll be covering some of the broad
differences between Modbus over serial and over Ethernet. We’ll also discuss the different wiring
standards for serial communications. Next, we’ll cover the dynamics of Modbus
as a Master and Slave network over serial and as a Client and Server
over Ethernet. We’ll delve into my Modbus data
addressing and the associated function codes and breakdown coils, bits, bytes, and registers. We’ll also talk about float and double integer values and how
they’re handled by my Modbus. First, a brief history lesson. Modbus is a serial communications
protocol developed by Modicon in 1979. It was created specifically for use in
Modicon PLC’s for industrial applications. Today
it is an open protocol, used by a wide range of
automation products. Modbus can be used over Ethernet as
well as serial cable. There are three major types or
variations of the Modbus protocol: Modbus ASCII, Modbus RTU, and Modbus TCP/IP. Modbus was originally developed using ASCII characters to encode messages and this version of the protocol is
still in use today. Modbus RTU is, by far, the most
common implementation, using binary coding and CRC error
checking. The two modes are incompatible so a device configured for ASCII mode cannot communicate with one using RTU. Modbus RTU devices typically use one of three electrical interfaces, RS232, RS485 and RS422. RS232 is a simple point to
point arrangement. If you only need to connect one device
to another, and the distance between the two devices
is less than 50 feet, or 15 meters, then RS232 will do the job. To connect more than two devices on the
same line, and/or have a distance greater than 50
feet, you should use RS485 or RS422 For a master communicating with
multiple slave devices, RS485 is by far the most popular method. This standard can support up to 32 nodes over a range up to 4,000 feet, roughly 1200 meters without a repeater. The speed that Modbus messages are sent
at is referred to as the baud rate or bit per second. All devices on an RTU
network must use the same baud rate. Different devices support different
transmission speeds, but between 9,600 and 19,200 bps is a typical range. Modbus modules can be configured from
as low as 300 to as high as over a 100,000. A Modbus serial
network has a master device that issues commands to the slave devices. The slaves will not transmit information
unless they receive a command to do so from the master. There can only be one
master on a network and a maximum up 247 slaves, each with a unique slave ID from 1 to 247. RS485 cannot drive more than 32 nodes in a single
single segment; so for the rare application that needs more
than 32 nodes, a repeater is required. The master, can write data to the slaves as well as read data from them. SCADA/HMI systems, typically would be
the master, communicating with a series of Modbus slave devices. Here is a diagram of a serial network
where the master is connected to a slave which is then daisy chained along to all the other
slaves on the line. The devices must be connected in a daisy
chain manner; they cannot be connected in a star
topology. Modbus over Ethernet operates exactly
like it sounds: Modbus devices using regular Ethernet
cables and switches to communicate with each other. The big difference with Modbus TCP/IP
is that an MBAP header or Modbus
application header is added to the star each message. The
slave ID at the beginning at the message is removed as well as the cyclic redundancy check
at the end. The MBAP header contains all the
identifying information needed to route the data to the addressed device. Modbus uses port 502 for TCP/IP
communication. this is important if your data needs to
go through a firewall. ProSoft uses that port for MBAP messaging specifically. Modbus serial messages can also be sent
as regular RTU messages encapsulated inside and Ethernet TCP/IP packet. Encapsulated messages can use any port,
but ProSoft products are set to use port 2,000 by default. Note that MBAP and RTU encapsulation are not compatible; devices must be set to use one or the
other. MBAP messaging is by far the most
popular Modbus TCP/IP communication method. So, for this video, we will be focusing on Modbus RTU and Modbus TCP/IP using the MBAP. Modbus TCP/IP uses the terms client
and server instead of master and slave. The TCP/IP
network consists of the client connected to a switch or series of switches, to which all the servers on the network
are also connected. Modbus TCP/IP devices use Internet
Protocol addressing and require a subnet mask. The IP address
and subnet mask are both represented by for 8-bit numerical group
or octets. The IP addresses the location of a particular device on a network and
the subnet masks serves to simplify the task of routing traffic within the network. If
you don’t know your IP addressing your IT group or network administrator
will let you know the IP addresses and subnet mask your devices will need. The default gateway is optional and not
required for networks that do not use a default gateway. Again you can consult your IT group or
network administrator. Now let’s talk about modbus’
eccentric addressing system and the different data
tables. There are four tables where information
is stored. Two tables store simple discrete values
called coils and two store numerical 16-bit
values known as registers. For each type data
there is one read only table and one read write table. There are no tables for
32-bit data types because back when Modbus was defined, double integers and floating-point
values were not available in PLC’s. There is a way to use those data types
though, we’ll get to that in a moment. Each
table has a maximum love 9,999 addresses. Data table addresses 1 through 9,999 are the read write table for coils, addresses 10,001 through 19,999 are the read only for discrete inputs. Data table addresses 30,001 through
39,999 are the read only for input registers and addresses 40001 through 49,999 are the read write table for holding
registers. At this point it might be helpful to
explain the terms used for data types in Modbus. Coils in discrete inputs are the Modbus vernacular for 1-bit
of data or in Rockwell terms a bool; basically on or
off. A register is the term for 1 word or 16-bits or 2-bites of data or in Rockwell terms an INT. There are no registers for floats or double integers
although, they can be sent by dividing them into two registers.
Float values are any real number with a decimal point
that is represented by a 32-bit register. Double integers,
or DINT’s are simply two 16-bit values stacked
together, also represented by 32-bits. This presents
a small problem since Modbus does not have a float or DINT data type. The solution, obviously enough, is that did 32-bit
value is broken into 2 separate 16-bit registers and then recombined into a 32-bit real
value. This is accomplished by copying the two
16-bit registers to 1 REAL tag in the Rockwell processor. Modbus
function codes are simple numerical codes that tell the slave
which table to access and whether to read or write to
that table. Each function code relates to a specific
data table address range. For instance, function code 1 is the
code to read and individual bit status Function code 16 is the code to write multiple holding registers. Here are some
of the most commonly used function codes. Modbus as a protocol
does not define exactly how the data should be stored in registers. Different vendors have different ways of
storing and transmitting data. Some devices will transmit the higher byte
first, followed by the lower byte. Others will do
it the other way around. By the same token, when registers are
combined to represent 32-bit real values, some devices will transmit the higher
16-bit in the first register and the lower 16-bits in the second register. Other vendors do it the other way around.
The order that bytes or words are sent in doesn’t matter as long as the
receiving device knows which way they are ordered. If the data is not appearing correctly because the byte or word order is
incorrect; ProSoft products feature a byte and words swap function which
will reverse the order in which the data is stored and sent, resolving the issue instantly. To wrap up, we’ll take a look at Modbus
RTU message being sent from a master out to a slave device. The message
contains the slave ID of the device the command is intended
for, the function code to read or write data and the message data itself. Once the
slave receives the command, it will return the requested data to the master
in the case of read command, or it will write the data
to its own database and send an echo of the original message back to the Master to confirm that the message was received.
We hope this video gives you a better understanding of Modbus serial and TCP/IP. For additional training
videos using Modbus and other protocols in Rockwell Automation Systems, visit our website at www.Prosoft-technology.com – Happy Training!


Leave a Reply

Your email address will not be published. Required fields are marked *