MODBUS

• Modbus is a communication protocol developed by Modicon for the use of it’s PLCs. Since it was royalty free, it became the de facto standard communication in industry
• Modbus is just a language or protocol. There is Modbus through many mediums such as:-
• RS422 – By differential voltage
• RS484 – 24V = 1, 0V = 0, Long Distance
• RS232 – 12V = 1, 0V = 0, More pins, short distance, less noise, faster
• Wireless
• Modbus the concept of Master and Slave.
• Master
• In the Modbus world, MODBUS MASTER is akin to a MODBUS CLIENT
• Master is normally the main PLC or DCS. Slave is normally subsystem (which can also be another PLC) or devices.
• Master will always ask something from the slave
• The master will broadcast a single signal to all connected on the line
• The command data will contain
• The first number is the Modbus flags and register (
• Coil Status - 0 – Read/Write binary input (1 or 0)
• Input Status Flag – 1 – Read only by DCS
• Input Registers – 3 – Read only by 16 bit data value (Value between 0 – 255)
• Holding Registers – 4 – Read/Write by 16 bit data
• The next number is the Address is 8 bits from 0 – 256 (8 bits)
• Slave address (4 bit)
• Function Code (Read or write)
• Data
• Error Check
• Slave cannot ask from master. But slave will respond to the data
• The DCS master will have a Modbus mapping
• Slave
• In the Modbus world, MODBUS SLAVE is akin to MODBUS SERVER
• The slave is normally the devices or sub systems (which is usually another PLC)
• Based on Modbus standards, the slave must provide its data in tables
• There must exist 4 Tables
• Coil (which is digital output/Coil Status) – READ/WRITE
• Has value 1/0
• Each Address location is 1 BIT
• Contact (digital/discrete input/input status) – READ
• Has value 1/0
• Each Address location is 1 BIT
• Analog Input / Input Registers – READ
• Has value 0-65535 (16bits) in Hex, this is 0-FFFFF
• Each Address location is 16 BITs (1 WORD)
• Holding Registers/ Analog Output – READ/WRITE
• Has value 0-65535 (16bits) in Hex, this is 0-FFFFF
• Each Address location is 16 BITs (1 WORD)
• Each table can store up to 9999 Data.
• WHY 9999? Modbus wanted to limit the address space to 5 characters
• To get data, one has to specify the address which is in the form of HEX 0-270E (Hex 270E = 9998)
• Each table starts with a Prefix
• 0 for Coil,
• 1 for Contact
• 3 for Analog Input
• 4 for Holding Registers
• What if a device has more than 9999 data? You can’t have more than 9999, this is just how Modbus has specified it
• 0 Based or 1 Based Addressing
• This is an issue where there is a difference between the Register Number and Address
• Typical Scenario for zero based addressing
• In a Modbus Server or Slave, a user sets the register 40001 to a value
• In the Modbus Client or Master, to access this value, the client needs to call Address 0, instead of address 1.
• This is called zero based addressing, where the address starts at zero.
• Zero based addressing is the MODBUS STANDARD, however MAJORITY device manufacturers DO NOT use this. This is because it is easier where the register number matches the address number.
• Modbus does not specify any data type. Hence the 16 bit registers can be interpreted as anything
• One confusion is with regards to FLOATING POINT or REAL Numbers. Most manufacturers will use 32 Bit floating point, which is an IEEE754 standard.
• BYTE SWAP AND WORD SWAP
• While integrating the value of a Modbus register, sometimes the bits can be swapped. There are two methods of swapping, the BYTE SWAP AND WORD SWAP
• BYTE SWAP
• The two bytes in a word is Swapped (A Word is 16 Bit and a Byte is 8 bits)
• Before
• 
• After
• 
• WORD SWAP
• Word swaps are only applicable to register interpretations that take more than 1 register, such as 32 bit Integers, 64 bit float or 32 Bit floats
• The words are swapped if there are 2 words (like in a 16 bit integer). If there are more than two words (like a 64 bit float), it is reversed.
• Before
• 
• After
• 
• BYTE SWAP + WORD SWAP
• If both are applied, the result will be like all Bytes are reversed
• Before:
• 
• After:
• 
• In MODBUS RTU network, a maximum is 247 nodes per network. However for MODBUS TCP, there is no such limitation
• Slave address is set during configuration
• In most cases sub system manufacturers have already set all the subsystem addresses connected to the system
• The subsystem manufacturer will give the address to the DCS vendor
• Modbus Mapping
• A process on the master
• for configuring the names each Modbus Address

RS232

• RS232 is a serial communication standard which is on the physical layer of communication
• It defines signal type, voltage, connector pins and maximum cable capacitance
• Properties
• Signal is +12v to -12v
• Data is transmitted in inverted logic, 12v = 0 and -12v = 1
• Data is transmitted from LSB to MSB (LSB is transmitted first)
• 4 Parameters need to be specified on both transmitting end (for transmitting the signal) and receiving end (for receiving the signal)
• Baud Rate (roughly equalt to bits/s) of Transmission, Normally is 9600
• Data bits
• Number of them, either 7 or 8, normally 8
• Parity
• Optional
• Can be either None, Even or Odd (Normally none)
• Stop Bits
• Number of bits to use to indicate a stop. Can be either 1 or 2 (Normally 1)
• For a 9600 baud rate, if a character is 8 bits. Plus 1 bit Start, 2 bit stop = 11 bits. The fastest is 9600/11 = 872 characters per second