Modbus is a serial communication protocol developed by Modicon published by Modicon® in 1979 for use with its programmable logic controllers (PLCs). In simple terms, it is a method used for transmitting information over serial lines between electronic devices. The device requesting the information is called the Modbus Master and the devices supplying information are Modbus Slaves. In a standard Modbus network, there is one Master and up to 247 Slaves, each with a unique Slave Address from 1 to 247. The Master can also write information to the Slaves.
Modbus is an open communications protocol commonly used in industrial manufacturing that allows for communication between devices. With Modbus, devices from different manufacturers can be integrated in to the same device management system. Modbus also enables remote read and write functionality from a device.
Modbus is used to gather data from many different devices for simultaneous observation, configuration, or data archiving. If you have a large campus with many buildings, or even buildings spread across a region, Modbus can be used to monitor those buildings from one central point.
Modbus is an open protocol, meaning that it’s free for manufacturers to build into their equipment without having to pay royalties. It has become a standard communications protocol in industry, and is now the most commonly available means of connecting industrial electronic devices. It is used widely by many manufacturers throughout many industries. Modbus is typically used to transmit signals from instrumentation and control devices back to a main controller or data gathering system, for example a system that measures temperature and humidity and communicates the results to a computer. Modbus is often used to connect a supervisory computer with a remote terminal unit (RTU) in supervisory control and data acquisition (SCADA) systems. Versions of the Modbus protocol exist for serial lines (Modbus RTU and Modbus ASCII) and for Ethernet (Modbus TCP).
Each slave in a network is assigned a unique unit address from 1 to 247. When the master requests data, the first byte it sends is the Slave address. This way each slave knows after the first byte whether or not to ignore the message.
CRC stands for Cyclic Redundancy check. It is two bytes added to the end of every Modbus message for error detection. Every byte in the message is used to calculate the CRC. The receiving device also calculates the CRC and compares it to the CRC from the sending device. If even one bit in the message is received incorrectly, the CRCs will be different and an error will result.
A Modbus map is simply a list for a slave device that defines
- What the data is (eg. pressure or temperature readings)
- Where the data is stored (which tables and data addresses)
- How the data is stored (data types, byte and word ordering)
Some devices are built with a fixed map that is defined by the manufacturer. While other devices allow the operator to configure or program a custom map to fit their needs.
Since a single byte is normally used to define the slave address and each slave on a network requires a unique address, the number of slaves on a network is limited to 256. The limit defined in the modbus specification is even lower at 247.
To get beyond this limit, a modification can be made to the protocol to use two bytes for the address. The master and the slaves would all be required to support this modification. Two byte addressing extends the limit on the number of slaves in a network to 65535.
By default, the Simply Modbus software uses 1 byte addressing. When an address greater than 255 is entered, the software automatically switches to 2 byte addressing and stays in this mode for all addresses until the 2 byte addressing is manually turned off.
TCP/IP is the common transport protocol of the Internet and is actually a set of layered protocols, providing a reliable data transport mechanism between machines. Ethernet has become the de facto standard of corporate enterprise systems, so it comes as no surprise that it has also become the de facto standard for factory networking. Ethernet is not a new technology. It has matured to the point that the cost of implementing this network solution has been dropping to where its cost is commensurate with those of today’s field-buses.
Using Ethernet TCP/IP in the factory allows true integration with the corporate intranet and MES systems that support the factory. To move Modbus into the 21st century, an open Modbus TCP/IP specification was developed in 1999. The protocol specification and implementation guide are available for download (www.modbus.org/specs).
Combining a versatile, scaleable, and ubiquitous physical network (Ethernet) with a universal networking standard (TCP/IP) and a vendor-neutral data representation, Modbus gives a truly open, accessible network for exchange of process data. It is simple to implement for any device that supports TCP/IP sockets.
Modbus TCP/IP has become ubiquitous because of its openness, simplicity, low-cost development, and minimum hardware required to support it. There are several hundred Modbus TCP/IP devices available in the market – more being developed each year. It is used to exchange information between devices, monitor, and program them. It is also used to manage distributed I/Os, being the preferred protocol by the manufacturers of this type of devices.
When it comes to choosing a network for your device, Modbus TCP/IP offers several significant advantages:
- Simplicity: Modbus TCP/IP simply takes the Modbus instruction set and wraps TCP/IP around it. If you already have a Modbus driver and you understand Ethernet and TCP/IP sockets, you can have a driver up and running and talking to a PC in a few hours. Development costs are exceptionally low. Minimum hardware is required, and development is easy under any operating system.
- Standard Ethernet: There are no exotic chipsets required and you can use standard PC Ethernet cards to talk to your newly implemented device. As the cost of Ethernet falls, you benefit from the price reduction of the hardware, and as the performance improves from 10 to 100 Mb and soon to 1 Gb, your technology moves with it, protecting your investment. You are no longer tied to one vendor for support, but benefit from the thousands of developers out there who are making Ethernet and the Internet the networking tools of the future. This effort has been complemented opportunely with the assignment of the well-known Ethernet port 502 for the Modbus TCP/IP protocol.
- Open: The Modbus protocol was transferred from Schneider Electric to the Modbus Organization in April 2004, signaling a commitment to openness. The specification is available free of charge for download, and there are no subsequent licensing fees required for using Modbus or Modbus TCP/IP protocols. Additional sample code, implementation examples, and diagnostics are available on the Modbus TCP toolkit, a free benefit to Modbus Organization members and available for purchase by nonmembers
- Availability of many devices: Interoperability among different vendors’ devices and compatibility with a large installed base of Modbus-compatible devices makes Modbus an excellent choice.
Modbus TCP/IP is an Internet protocol. The fact that TCP/IP is the transport protocol of the Internet automatically means that Modbus TCP/IP can be used over the Internet. It was designed to reach this goal. In practical terms, this means that a Modbus TCP/IP device installed in Europe can be addressed over the Internet from anywhere in the world. The implications for an equipment vendor or an end-user are endless. Performing maintenance and repair on remote devices using a PC and browser reduces support costs and improves customer service. Logging onto a plant’s control system from home allows the maintenance engineer to maximize his plant’s uptime and reduces time in the field. Managing geographically distributed systems becomes easy using commercially available internet/intranet technologies.
Since Modbus TCP/IP is simply Modbus protocol with a TCP wrapper, it is very simple for existing Modbus devices to communicate over Modbus TCP/IP. A gateway device is required to convert from the current physical layer (RS232, RS485 or others) to Ethernet and to convert Modbus protocol to Modbus TCP/IP. Such a gateway device could be implemented using a PC. Commercial products to do this are available from several different manufactures. The Modbus device database can help you identify gateways and other Modbus devices.
Modbus Protocol is a messaging structure developed by Modicon in 1979. It is used to establish master-slave/client-server communication between intelligent devices. It is a de facto standard, truly open and the most widely used network protocol in the industrial manufacturing environment. It has been implemented by hundreds of vendors on thousands of different devices to transfer discrete/analog I/O and register data between control devices. It’s a lingua franca or common denominator between different manufacturers. One report called it the “de facto standard in multi-vendor integration”. Industry analysts have reported over 7 million Modbus nodes in North America and Europe alone.
A master-slave technique is one in which only one device (the master) can initiate transactions (queries). The other devices (the slaves) respond by supplying the requested data to the master, or by taking the action requested in the query. Typical master devices include touch screens or PCs running Wonder ware, Intellection or Lab VIEW while slaves include PLCs and smart devices such as PID controllers or meters.
RS232 outputs cannot be connected together. To create a network the devices must use a RS-485 network and have a unique slave address.
These are standards for serial communications that define the pin outs, cabling, signal levels, transmission baud rates and parity checking.
- RS-232 only allows for one master and one slave and is limited to distances of up to 15 meters.
- RS-422 can address up to 10 slaves using four wires (full duplex) and has a distance capacity of 4000 feet.
- RS-485 can address up to 32 slaves using either a two wire (half duplex) or four wire system (full duplex) and has a distance capacity of 4000 meters.
A common mistake is to confuse the electrical standard with the protocol. Protocols define how the data is structured while the electrical standards determine how the data is physically transmitted. There are many different protocols (i.e. Modbus, DF1, AS511) that can be used on RS-232, RS-422 or RS-485 wired systems.
- RS-232 only allows for one slave.
- RS-422 can address up to 10 slaves.
- RS-485 can address up to 32 slaves.
The address can be a unique number between 1 and 247 for all these systems.
- For an RS-232 connection the maximum distance is 15 meters.
- For RS-422 and RS485 connections the maximum distance is 4000 meters.
- Repeaters can be used to increase the distance.
A shielded #18AWG cable with twisted pairs is recommended. The shield should be grounded on one end only.
ASCII (American Standard Code for Information Interchange) uses 10 bits of data comprised of 7 data bits, 1 parity bit, 1 start bit and 1 stop bit. It uses LRC (Longitudinal Redundancy Check) for error checking. The advantage of ASCII is it allows up to 1 second time intervals to occur between character transmissions without generating an error. It’s most useful when communication is slow.
RTU mode (Remote Terminal Unit) contains 4 bit hex characters divided up into 8 data bits, 1 parity bit, 1 start bit, and 1 stop bit. It uses CRC (Cyclical Redundancy Check) for error checking. RTU has the advantage that it can send more data in the same amount of time but it has to be in a continuous stream (no delays between characters).
This is a single bit of information indicating either an ON (1) or OFF (0) state. Types of coils include valve states, alarms/warnings and status.
This is a 16-bit data field. The data can be in binary (decimal), hex or BCD format. Types of register data include temperatures, pressures, times and PID variables.
Some Modbus master devices compute register locations differently so the actual address might be shifted by one. This is often referred to as “adding the offset”.
The best way to do this is to have a separate computer/laptop with the ability to monitor MODBUS by acting as a Master station.
The only cable required to test MODBUS is a three conductor, wired to one end with a standard 9 pin connector for the computer com port and the other end loose to tie into the customer interface terminals The 9 pin terminal 2 is Rx, terminal 3 is Tx, and 5 is GND (or Common). So the Rx on one end goes to the TX on the other and vice versa, and the GND goes to GND.
To test an RS485 connection first establish that the RS232 side is working by disconnecting the RS232/485 converter and testing by the above method. Once the RS232 side is confirmed as working the only way to verify the RS485 connection with a PC is to use another RS232/485 converter to convert the signal back into a RS232 signal that the PC can read. A converter on another PLC can be used for testing but the RS232 side of the converter must be disconnected first before using the PC.
I’m Getting Communication Time Out Errors And I Can’t Get The Device To Communicate With My Software? What Could Be Wrong?
- Transmit and receive signals can often be verified by watching the transmit and receive lights on the Modbus components.
- The communication parameters are not set up correctly on the device. Check the settings match for slave address, baud rate, stop bit and parity.
- Make sure the host software has the same configuration
- The transmit and receive wires are crossed. Try switching the wires as it will not cause any damage.
- Check the conductivity on each wire for loose connections or broken wires.
- High power lines or improper grounding is causing noise in the system. Are the communication cables shielded and is the shield grounded on one end.
- The addressing may be off by one depending upon how the host software handles addressing.
- Slow communications may delay updates on MODBUS data.
- Host software is not configured to continually poll for new readings.
- The data format may be set up incorrectly. Refer to the user manual’s MODBUS table for the data formatting.
- Typically the data will be in binary/decimal format. In certain situations the data may be in hexadecimal.
- Some data has implied decimal places so that a value of 432.1 will be 4321 in MODBUS.
- Some large numbers may require two addresses. This is called a double word. The low address (word) will contain the first four places while the higher address (word) will contain the upper four digits. For a quick conversion take the (high word X 10000) + low word.
- Sometimes scaling is required to derive the proper number. The scaling is indicated on the MODBUS table where the actual data is given and then the scale value. For example, if the actual reading is from 0 to 4095 and the scaling is from 0 to 100 then the actual value will have to be divided by 40.95 to get the proper scaling.
Modbus TCP is an open protocol and is widely used across building automation, intelligent buildings, and industrial automation networks.
The Modbus RTU protocol itself was designed based on devices with a 16-bit register length. Consequently, special considerations were required when implementing 32-bit data elements. This implementation settled on using two consecutive 16-bit registers to represent 32 bits of data or essentially 4 bytes of data. It is within these 4 bytes of data that single-precision floating point data can be encoded into a Modbus RTU message.