7/31/2019 Modbus Protocol En
1/28
Modbus Protocol Basics January 2006
TOLED
Being able to approach theimplementation of the Modbusprotocol on various physicalmedia like serial link, EthernetTCP-IP or Modbus Plus
Modbus Protocol Basics
B
C
D
Duration: 40 min. Expert, Teaching: Philippe WarinProduction: Schneider-Electric
Syntax of the Main Requests
Origins and Operating Principles
Implementation Classes
A
Main Function Codes
7/31/2019 Modbus Protocol En
2/28
Modbus Protocol Basics January 2006
TOLED
ORIGINS AND OPERATING PRINCIPLES
B
C
D Syntax of the Main Requests
Origins and Operating Principles
Implementation Classes
A
Main Function Codes
Origins and Operating Principles
7/31/2019 Modbus Protocol En
3/28
Modbus Protocol Basics January 2006
TOLED
Modbus is a messaging protocol
Created in 1978 by Modicon
- Its origins
Widely used in industry
1978
Open and easy to implement
http://images.google.fr/imgres?imgurl=http://cncpartsnortheast.com/Modicon%2520Logo.jpg&imgrefurl=http://cncpartsnortheast.com/&h=22&w=114&sz=2&tbnid=vvJD08zsk7gJ:&tbnh=15&tbnw=78&start=5&prev=/images%3Fq%3Dlogo%2Bmodicon%26hl%3Dfr%26lr%3D%26sa%3DN7/31/2019 Modbus Protocol En
4/28
Modbus Protocol Basics January 2006
TOLED
- Modbus and the OSI model
Modbus is based on the client/server communication model
OSI model
Layer 7
Used by
various media
Serial link
Master/Slave
RS232, RS485
Modbus Plus
Token ring
Modbus
Ethernet TCP/IP
and other links:infrared,
radio, etc
7/31/2019 Modbus Protocol En
5/28
Modbus Protocol Basics January 2006
TOLED
- Modbus in network architectures
Modbus can be used in numerous network architectures
Modbus on
Ethernet TCP-IP
Modbus Plus Modbus
on RS232
Modbus
on RS485
7/31/2019 Modbus Protocol En
6/28
Modbus Protocol Basics January 2006
TOLED
- Modbus uses the Client/Server concept
Request
How fast is themotor running?
Response
1,000 rpm
The Server is the entity that
provides the service
The Client is the entity
requesting a service
Client Server
7/31/2019 Modbus Protocol En
7/28
Modbus Protocol Basics January 2006
TOLED
- PDU = Protocol Data Unit
A unique message format independent of the lower layers.
PDU = Protocol Data Unit
FunctionCode DataAddress Error check
Additional datadepending on the
function code
Identifies thetarget
Validity check
The format of the "Address" and "Error check" fields depends onthe network media used
byte
= 1 to 127Action toperform
7/31/2019 Modbus Protocol En
8/28
Modbus Protocol Basics January 2006
TOLED
- Error free transaction sequence
Client Server
Initialises the data1
Performs requested action3
Handles the response6
Initializes the response4
FunctionCode
Request data
2 Sends the request
1 - 127 Additionalinformation
Request
Response
Function
CodeResponse data
Sends the response5
Equals the request'sfunction code
Requesteddata
7/31/2019 Modbus Protocol En
9/28
Modbus Protocol Basics January 2006
TOLED
- Transaction sequence with an error
Client Server
Initialises the data1
Detects an error in the requested action3
Handles the response6
Initialises error message data4
Exception
function code
Exception Code
Sends the error message5
Exception function code= Function Code + 80H
Value from 129 to 255
The Exception Codeshows the reason forrejection
Request
Response
FunctionCode
Request data
2 Sends the request
1 - 127 Additionalinformation
7/31/2019 Modbus Protocol En
10/28
Modbus Protocol Basics January 2006
TOLED
- Detailed operation, server endAwait request
reception
Function codevalidation
Data addressvalidation
Data valuevalidation
Run function
Send Modbusresponse
Exception code = 1
Exception code = 2
Exception code = 3
Exception code =4, 5 or 6
Send exceptionresponse
Invalid
Valid
Valid
Valid
Valid
Invalid
Invalid
Invalid
Reception
7/31/2019 Modbus Protocol En
11/28
Modbus Protocol Basics January 2006
TOLED
MAIN FUNCTION CODES
B
C
D Syntax of the Main Requests
Origins and Operating Principles
Implementation Classes
A
Main Function CodesMain Function Codes
7/31/2019 Modbus Protocol En
12/28
Modbus Protocol Basics January 2006
TOLED
- The three function code categories
Public
Public
Validated by the Modbus.org organisation
Publicly documented
Guaranteed to be unique
Public
Public
Can be implemented without agreement from Modbus.org
Not guaranteed to be unique
Used by certain companies and not available
1
65
72
100
110
127
Reserved
User defined
User defined
User defined
FunctionCodes
7/31/2019 Modbus Protocol En
13/28
Modbus Protocol Basics January 2006
TOLED
- The four types of accessible variables
Discrete InputsDiscrete
inputs
Coils
Input Registers
Holding Registers
Bit Read only
Bit Read/Write
Word Read only
Word Read/Write
Applicationmodifiable data
Applicationmodifiable data
Analogue inputsfor example
Possible table overlapping.Up to 65,536 variables.
7/31/2019 Modbus Protocol En
14/28
Modbus Protocol Basics January 2006
TOLED
Decimal Hex.
Discrete inputs Read Discrete Inputs 02 02
Read Coils 01 01
Write Single Coil 05 05
Write Multiple Coils 15 0F
Input registers Read Input Registers 04 04Read Holding Registers 03 03
Write Single Register 06 06
Write Multiple Registers 16 10
Read/Write Multiple Registers 23 17
Mask Write Register 22 16
Read FIFO queue 24 18
Function Code
Coils
Holding registers
Bit
access
Word
access
- Public function codes for accessing variables
7/31/2019 Modbus Protocol En
15/28
Modbus Protocol Basics January 2006
TOLED
Sub
codeDecimal Hex. Decimal
Read File record 20 14 06
Write File record 21 15 06
Read Exception status 07 07
Diagnostic 08 08 00 to 18
Get Com Event Counter 11 0B
Get Com Event Log 12 0C
Report slave ID 17 11
Read Device Identification 43 2B 14
Other Encapsulated Interface Transport 43 2B
File record
access
Diagnostic
Function code
- Other public function codes
7/31/2019 Modbus Protocol En
16/28
Modbus Protocol Basics January 2006
TOLED
IMPLEMENTATION CLASSES
B
C
D Syntax of the Main Requests
Origins and Operating Principles
Implementation Classes
A
Main Function Codes
Implementation Classes
7/31/2019 Modbus Protocol En
17/28
Modbus Protocol Basics January 2006
TOLED
to guarantee equipment interoperability
List of services to implement in line with target applications
Messaging DeviceManagement
Modbus protocol is a part of these services
- Transparent Ready Implementation Classes
7/31/2019 Modbus Protocol En
18/28
Modbus Protocol Basics January 2006
TOLED
Belonging to a class only if all of the required characteristics are
supported.
- Rules and Vocabulary
Three classes dependant on the function levels implemented.
Basic Regular Extended
A device can also support characteristics of a higher class.
An embeddedfunction level model
7/31/2019 Modbus Protocol En
19/28
Modbus Protocol Basics January 2006
TOLED
- Messaging Classes
Messaging classes are identical for both Client and Server
Basic
Regular
Extended
CF 03: Read Holding RegistersCF 16: Write Multiple Registers
CF 01: Read Coils
CF 02: Read discrete inputsCF 15: Write Multiple CoilsCF 08: Diagnostic
CF 20: Read File Record
CF 21: Write File Record
Access toregisters
only
Basic +Access to bits ifnecessary andto diagnostics if
serial link
Regular +Access
to files
Write Single Register and Write Single Coil are strongly recommended for servers(to ensure compatibility with former products).
7/31/2019 Modbus Protocol En
20/28
Modbus Protocol Basics January 2006
TOLED
- Device Management Classes
Device Management classes are identical for Client and Server
Basic
Regular
Extended
CF 43: Read Device IdentificationSub code 14Level 1 access
CF 43: Read Device IdentificationSub code 14Level 2 access
CF 43: Read Device Identification
Sub code 14Level 3 access
Access toVendor Name,Product Codeand Version
Basic +Access to Vendor
URL, Product Name,Model Name, UserApplication Name
Regular +Access private objects
depending on product
7/31/2019 Modbus Protocol En
21/28
Modbus Protocol Basics January 2006
TOLED
SYNTAX OF THE MAIN REQUESTS
B
C
D Syntax of the Main Requests
Origins and Operating Principles
Implementation Classes
A
Main Function Codes
Syntax of the Main Requests
7/31/2019 Modbus Protocol En
22/28
Modbus Protocol Basics January 2006
TOLED
- Read Holding Registers
Request:
FunctionCode
03
Number ofregisters to
read
1 byte 2 bytes 2 bytes
Response:
Number ofbytes read
FunctionCode
03
Valueof the firstregister
1 byte 2 bytes 2 bytes
Valueof the lastregister
2 bytes
Addressof the firstregister
0 to 65535 n = 1 to 125
2 x n 0 to 65535 0 to 65535
7/31/2019 Modbus Protocol En
23/28
Modbus Protocol Basics January 2006
TOLED
- Write Multiple Registers
Request:
FunctionCode
16
Number ofregisters to
write
1 byte 2 bytes 2 bytes
Response:
Addressof the firstregister
FunctionCode
16
Number ofregisterswritten
1 byte 2 bytes 2 bytes
Addressof the firstregister
Number ofbytes to
write
1 byte
Value of thefirst register
2 bytes
Value of thelast register
0 to 65535 n = 1 to 123 2 x n 0 to 65535 0 to 65535
0 to 65535 n = 1 to 123
2 bytes
7/31/2019 Modbus Protocol En
24/28
Modbus Protocol Basics January 2006
TOLED
- Write Single Register
Request:
FunctionCode
06
1 byte 2 bytes
Response:
Address of theregister
Value of theregister
2 bytes
0 to 65535 0 to 65535
FunctionCode
06
1 byte 2 bytes
Address of theregister
Value of theregister
2 bytes
0 to 65535 0 to 65535
7/31/2019 Modbus Protocol En
25/28
Modbus Protocol Basics January 2006
TOLED
- Read Coils
Request:
FunctionCode
01
Number ofdigital outputs
to read
1 byte 2 bytes 2 bytes
Response:
Numberof bytes read
FunctionCode
01
Value ofthe first byte
1 byte 1 byte 1 byte
Value ofthe last byte
1 byte
Address of thefirst digital
output
0 to 65535
n/8 + 1 if R 0 to 255 0 to 255
n =1 to 2000
7/31/2019 Modbus Protocol En
26/28
Modbus Protocol Basics January 2006
TOLED
- Read Discrete inputs
Request:
FunctionCode
02
Number ofdigital inputs to
read
1 byte 2 bytes 2 bytes
Response:
Number ofbytes read
FunctionCode
02
Value ofthe first byte
1 byte 1 byte 1 byte
Value ofthe last byte
1 byte
Address of thefirst digital
input
0 to 65535
n/8 + 1 if R 0 to 255 0 to 255
n =1 to 2000
7/31/2019 Modbus Protocol En
27/28
Modbus Protocol Basics January 2006
TOLED
- Write Multiple Coils
Request:
FunctionCode
15
Number ofdigital outputs
to write
1 byte 2 bytes 2 bytes
Response:
Address of thefirst digital
output
FunctionCode
15
Number ofdigital outputs
written
1 byte 2 bytes 2 bytes
Address of thefirst digital
output
Number ofbytes to
write
1 byte
Value ofthe first byte
1 byte
Value ofthe last byte
0 to 65535 n/8 + 1 if R 0 to 255 0 to 255
0 to 65535 n =1 to 1968
1 byte
n =1 to 1968
7/31/2019 Modbus Protocol En
28/28
Modbus Protocol Basics January 2006
TOLED
- Read Device IdentificationRequest:
FunctionCode
43
1 byte
Response:
Sub funct.Code
14
1 byte
Access
Level
1 byte
Identification
object address
1 byte Access levels:1: Basic2: Regular3: Extended4: Individual
FunctionCode
43
1 byte
Sub funct.
Code 14
1 byte
AccessLevel
1 byte
Implementationclass supported
1 byte
Splitresponse
1 byte
If split, addressof next object
Number ofidentification
objects
1 byte 1 byte
1 byte
Address
object mLength
object mValue of object
m
1 byte n bytes
1 to 4 m =0 to 255
1 to 4 1 to 3 0 = no255 = yes
1 to 255 1 to 255
m = 0 to 255 n = 1 to 255
1 byte
Add. object
m+1Len. object
m+1Value of object
m+1
1 byte n bytes
Top Related