Modbus - Data?

So I am currently trying to put together a small interface panel based on a Siemens IM151-8 CPU which is planned to take the Modbus data from a third party slave device.

I have a list of the Modbus registers and want to map these from stored data area for transfer to rest of site via Ethernet!

This I am hoping can be based on the Siemens Sample program 'zXX21_11_1SI_Modbus' which takes the data and puts into an array!

I only need to read data from the slave device. What I can't work out is how the list of modbus registers relates to the Array! And hence where required data is located!

Any help advice examples would be greatly appreciated!

I had the same problem understanding register addresses.
I wanted to read real values starting at register 70201, the next real value being at register 70203. To do this I used:
Function Code = 4
Bit Start Adr = C8 in hex (200 decimal, not 201 as I expected)
Bit Count = 48

The thing that really caught me out was the bit start address being one out. Also my comms would fail completely if I started at a register address half way through a real value (e.g. 70202), or if I did not ask for a whole number of real values (e.g. 4 bytes, 8 bytes etc in the bit count)

Hope that is of some help.
Phill

So if I want to read values from 40001 I would use the following;
Function Code = 3
Bit Start Address = 02 in Hex (2 decimal, not 1 as expected)
Bit Count = ?? (Relates to number of registers)

I am toying with the idea of reading a whole list of registers in one hit (say 54 values) or weather to write a loop to get the values one at a time as required by changing the start address each time so I basically just pick out the data required and store as required!

Starting to get my head round this a bit more, slowly, but getting there.

I know nothing about Siemens specifics as a Modbus master (like where you put the data after you read it), but I can comment on Modbus slaves in general.

1) Function codes
The function code used depends on the slave.

Function code 04 reads input registers
Function code 03 reads holding registers.

In some slaves, those are identical. Some slaves only implement holding registers. The difference might be a input register is the raw counts of an analog value, whereas the holding register is the scaled value conversion, for instance, to temperature in degrees C.

Slave documentation almost always states which function codes are supported.

2) (4)xxxx
The leading numeral in the address is not part of the Modbus message, it's there to identify the type of memory.
3xxxx is data in input registers
4xxxx is data in holding registers
Why the 04 function code addresses 3xxxx and the 03 function code addresses the 4xxxx memory is a mystery.

I put the leading numeral in parentheses, for example (4)0108, to set it apart from the indexed offset that is the functional addressing component.

3) The dreaded one offset
Modbus is plagued by the dreaded one offset issue.
Addresses typically start at 0000
registers typically start at 0001
But the terminology is often confused, sometimes the documentation author doesn't understand it, whatever.

The point is, the data's there and sometimes it takes experimentation to determine exactly where it resides. But once you've cracked the code for a given slave, then all the other register addressing follows suit.

It's imperative to read a known data value (other than zero) from a register to confirm that one is reading the correct register. Many times unused registers are initialized with zero, so it's a bad idea to test a location if the data is a zero.

4) You get what you ask for
Some slaves are smart enough to flag a read of a single register that amounts to a half of a 2 register 32 bit floating point value, but most are not.

Most slaves will return whatever register values are requested and let the master sort out (interpret) what the data means. That's because Modbus does NOT define data formats, that task is left up to the slave implementer and finally to the guy who reads the data with a master and has to make sense of it.

Modbus is just a mule that carries data. The Modbus mule generally doesn't know whether its load is pickaxes, water canteens, beans or salt pork and doesn't care, it just carries its load (data) back and forth.

5) Bulk reads
Whether one performs multiple transactions for small amounts of data (single values) or bulk reads of multiple data values depends on the timing requirements and the tools available in the master.

Most implementers I've talked with prefer to read a large quantity data, multiple values, then pick out what is useful, rather than making multiple read transactions to get small amounts of targeted data. But it depends on what you're working with.

Multiple transactions will take longer because of the overhead in request time and turn around times. Sometimes that's critical, other times it doesn't matter. Some slaves cannot process more than one read request per second, so 8 reads could take 8 seconds to complete, whereas the 8 needed values spread amongst 52 registers could easily be read in one transaction in one second.

Be aware that some slaves limit the number of registers that can be returned in one transaction.
I know of a couple that can only handle one single value as a write value per transaction (function codes 06 or 16 decimal).

6) My question - bit count
Is the Siemens truly asking for a bit count of the returned values? Where 48 bits would be 3 contiguous (adjacent) Modbus input/holding registers of 16 bits each?

Ignore the Bits was a confusion on my part !
BYTE; Slave Address (set to 01 to read Modbus slave 1)
BYTE; Function Code (set to 03 to read holding registers)
BYTE; Start Address (set to 0 to start at 40001)
INT; Number of Registers (set to ?)

So I want to read registers 40001 to 40400, i.e. 399 registers so would assume I set 399 as number of registers? Regardless of data type?

Will repeat this in a header for the digital values and toggle between the two area on a timer basis, reading each area sequentially.

Final thing is when should the read be active? I assume the following:
1. Set send data (say every 1 second)
2. Commands received at slave
3. Pulse off = Data Read from slave?

Or is write/ read active at same time that is to say I send data and when function code received at slave the data is read instantaneously in effect?

Thanks for advice so far this has been well received and very intuitive!

One final point of confusion, data is stored in 16 bit registers, some places seem to describe this as 32 bit integer! In the format High Byte & Low Byte. Great get that for a double register.

So if I have a list of say 1,2,3,4 as modbus registers is each register 16 bits? Or each register 32 bits?

I am assuming that data can be written into either the low byte of high byte of a register (lets say register 1 and 2) as two separate variables for example Volts (1) and Current (2) and interpreted at the master as two seperate variable in in Modbus Register 1 and 2 respectively?

1) The number of registers to be read in one transaction

>Your INT; Number of Registers (set to?)

I assume that you are referring to the expected number of register values to be read and returned.

The Modbus message includes the total number of 8 bit bytes, a byte count, where each holding register is 16 bits or 2 bytes. If you want to read 10 registers, that's 20 bytes.

Whether your master asks for bytes or registers is unique to the master. I don't know what yours asks for.

That's why I asked about your calling that a 'bit count' in the first post, which would be very unusual. I've never seen a master ask for the number of bits to be returned.

2) maximum number of registers in one read transaction

You can't read 400 registers in a single transaction.

The Modbus Standard actually says "The maximum size of a modbus frame is 256 bytes".
This refers to the slave address (1 byte), the function code (1 byte), the data (0-252 bytes) and the CRC (low and hi, 2 bytes)

252 bytes is 126 (16 bit) registers. So, the maximum number of registers in one read transactions (by Modbus standard) is 126, if the slave supports that number.

But many slaves will not support that. The maximum number is slave dependent.

3) 32 bit words, like long integers or 32 bit IEEE floating point values require two Modbus registers.

Some flow meters use 64bit floating point for more significant digits.

I have heard of two 8 bit value integer values being placed in a single Modbus register, one high order, one low order, so that one has to unpack the register and shift bits around to get at the data, but I wonder why when memory is so cheap each value isn't packed into a standard holding register as a 16 bit integer padded with high order zeros.

[FONT=&quot]I have been assured by the supplier that the registers are 32 bits so would therefore assume as you state they are sent as two Modbus registers, hence meaning to read 400 registers is not 400 words but 800 words![/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]First of all is there a problem using the standard blocks for this for Modbus? Particularly on the ET200S, if not then I can adapt my program to read double the number of words and try to deconstruct the data. I have the following example from the supplier of the data format.[/FONT]
[FONT=&quot]01 – Byte 0 - Slave Address [/FONT]
[FONT=&quot]-------------------------------------------------------------------------------------[/FONT]
[FONT=&quot]03 – Byte 1 - Function Code [/FONT]
[FONT=&quot]------------------------------------------------------------------------------------[/FONT]
[FONT=&quot]00 – Byte 2 - Staring address of first register high byte[/FONT]
[FONT=&quot]BD - Byte 3 - Starting address of first register low byte[/FONT]
[FONT=&quot]------------------------------------------------------------------------------------[/FONT]
[FONT=&quot]00 - Byte 4 - Number of registers being requested high byte[/FONT]
[FONT=&quot]01 – Byte 5 - Number of registers being requested low byte[/FONT]
[FONT=&quot]-------------------------------------------------------------------------------------[/FONT]
[FONT=&quot]14 – Byte 6 - Checksum high byte[/FONT]
[FONT=&quot]2E – Byte 7 - Checksum low byte[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]The reply format is[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]01 – Byte 0 – Slave Address[/FONT]
[FONT=&quot]------------------------------------------------------------------------------------[/FONT]
[FONT=&quot]03 – Byte 1 – Function Code[/FONT]
[FONT=&quot]------------------------------------------------------------------------------------[/FONT]
[FONT=&quot]04 – Byte 2 - Number of bytes in reply[/FONT]
[FONT=&quot]------------------------------------------------------------------------------------[/FONT]
[FONT=&quot]00 – Byte 3 - Data Byte 1 (MSB)[/FONT]
[FONT=&quot]00 – Byte 4 - Data Byte 2[/FONT]
[FONT=&quot]4D – Byte 5 - Data Byte 3[/FONT]
[FONT=&quot]1C – Byte 6 - Data Byte 4 (LSB)[/FONT]
[FONT=&quot]------------------------------------------------------------------------------------[/FONT]
[FONT=&quot]CE – Byte 7 - Checksum high byte[/FONT]
[FONT=&quot]AA – Byte 8 - Checksum low byte[/FONT]
[FONT=&quot]This more or less conforms to the detail on page 150 of the manual with the exception of the checksums etc. , I am assured that I can read more than one register at a time![/FONT]

Modify the request for the number of registers to the maximum that the slave can process.

Modbus max is either 252 or 250 bytes, 125 or 126 registers, 7Dh or 7Eh