Modbus

[lfe]

Well, Ethernet/IP is not free of ambiguities either.

Under the name Ethernet/IP, Rockwell uses several protocols:
At the plant level, the protocol for PLC5 and Micrologix is different than that of CLX, which in turn is also different than that used by Micro800, and Rockweell calls them all Ethernet/IP

Even the CLX one, which would seem the most standard, has small differences with the one used by Omron.

 

[JeffKiper]

Rockwell uses CSP (PLC5) ,PCCC (Micrologix and SLC) is basically DF1 over Ethernet, EthernetI/P, CIP Ethernet, etc....

 

[Lare]

On Modbus RTU RS485 A and B signal line order isn't standardized, neither RS485 pinouts on different manufactures and connectors
On modbus TCP you need to know if communication is TCP or RTU over TCP. (It isn't allways clear).
Register offset can vary and also supported modbus functions. Same manufactures can have different modbus mappings which can vary between firmware or different devices
(ex. ABB VFDs have different modbus register mappings according which ACS model you have).
How many words and bits you can read or write on modbus query can vary (there is max limit,but not all devices support max. modbus register lenght for messages)
Don't assume that all registers are readable if there is spaces between data. Manufacturer A can have spare / free modbus registers mapped even that if there isn't data. Manufacturer B can have only certain registers used and you need different modbus query after space between data even that there is one register not mentioned between data areas.
Byte order isn't standard if data isn't 16bits (Reals, double integers bytes can vary and data needs manipulation on other end.)
Bit order inside words can vary depending endianess.

 

[ryangriggs]

That is one place I would disagree a little. With Modbus there is no such thing as "Always" between vendors. If you can remember that, it gets easier.

Agreed. But I can't edit my previous post: the edit window has expired. Not sure why they implemented this limitation.

 

[lfe]

Modbus RTU does not define what physical connection is used, much less how it is wired, it will probably be RS232, 422 or 485
But always with 8 data bits, since to save bytes Modbus transmits the pure binary value, not its ASCII representation.

Modbus RTU over TCP is not a standard protocol.

 

[nicherbert]

I have found many times that the Modbus addresses given by the manufacturer are one greater than the actual addresses you must send to the device to request that particular register. For example, the CLICK PLC Tag Browser lists DS1 as Modbus address 400001, but to read this register you must request address "0".

I think the problem a lot of people get into and don't fully understand, and documentation doesn't help, is that in Modbus, you have both a register and an address. In the old days, you dealt directly with Addresses, and in computer world, everything is 0 based. Registers are usually 1 based. Because of this, and the slight difference in definition, this has caused confusion. Just be aware of the issue, and you should be fine figuring out any issues you encounter, but be sure to test consecutive registers to ensure you are getting what you expect.

As an aside, while many people just "add 1" to the address, better practice would be to see if your software will automatically adjust the values for you. Typically, there is a setting for 1 vs 0 based addressing somewhere. It is better to keep the values the same on your side and the PLC/device side so people don't get confused.

One other point to make. Modbus will support 16 and 32-bit values, but not 64-bit natively. If you run into a situation where you have a 64-bit value (double precision float, a long INT, or something like that), just remember you need to tell modbus to scan 4 words (16-bit x 4) and then figure out how to "put it back together" to get what you want. I ran into a situation like this where we were scanning a 64-bit accumulator and had to piece it together so we could actually read it. Likewise, if you are doing STRINGS, this is also just consecutive registers, with 2 characters per word (each character is 1 byte, or 8-bits), you just need to read multiple registers to get the full string, which typically what I have found, defaults to 16 characters, or 8 words normally (you can make them longer or shorter, but you need to define it that way). If you have control over the end device, this is a great way to ensure you have all of your 0 vs 1 addressing, byte and word swapping correct.

 

[Strickland701]

Not to be a Killjoy but what are you planning to use Modbus for ? It is ideal to connect hardware to a PLC or Hardware to a PC etc. But as a transimission protocol between 2 PCs or PLC and and PC or PLC & HMI it is far from ideal. It works and has worked for years, that part of the problem, it is legacy but there are better more modern ways of doing things.

The modbus is to collect data from the IO in the oilfields