Rockwell TCP Server AOI Addressing

[BKuhlly]

I am very new to Modbus and the industry, so forgive me if I am missing something obvious. I have known Modbus register addresses coming from a device. These addresses are on the scale of 33000 and higher. I was wondering how I can read/write to these addresses when the data type is INT[1024]. Thank you in advance!

 

[drbitboy]

Welcome to the forum. You picked a great first query, so down the rabbit hole you go ... .

You are new to Modbus so it is not surprising that some aspects of your question are inconsistent, so I cannot answer with certainty, but I will make a few general statements first:

• Typically, a Modbus Master (Client) device makes a read or write request of a Modbus Slave (Server) device; the Slave responds with data values if the request was a read, and with confirmation of success or failure if the request was a write. There are other types of request, but reads or writes seems to fit the question.
  • So if the device that is not the CompactLogix "has" the data values, then it is the Slave/Server; the CompactLogix will be the Master/Client device and make the request, to which the Slave/Server device will make a response.
  • If the CompactLogix "has" the data values, then it is the Slave/Server device; the other device will be the Master/Client device and make the request, to which the Slave/Server device will make a response.
• The greatest number of 16-bit registers' values that can be read in a single Modbus request/response pair is 125. To get 1024 INTs (16-bit signed integers) will require at least nine requests
  • eight @ 125 registers + one @ 24 registers, assuming the register values reside in contiguous addresses of at least 125 or 24 for each request).

Now to attempt to untangle the details of your query.

• The thread title is "Rockwell TCP Server AOI," which sounds like the CompactLogix "has" the data and would be the server, but you also say "know Modbus register addresses coming from a device," which sounds like the non-CompactLogix device "has" the data and would be the server.
• Also, Modbus register "addresses" do not "come from a device;" the value of a registart at a register address could come from a Slave device. This could be but a semantic thing but to understand what you want it needs to be resolved: which device maintains a value at "addresses" 33000 and higher?
• You mention "register" and want to write values to an array 16-bit INTs; it it safe to assume these are 16-bit registers, either Input Registers or Holding Registers, on the Slave device, and perhaps are these Holding Registers because Input Registers cannot be written to?
• The address "33000" has a lot of ambiguity:
  • it could refer to the register at an offset of 33000 (or 32999) from the "first" register of either the Input Registers or Holding Registers on the Slave device
  • or it could refer to the register at an offset of 3000 (or 2999) from the first Input Register on the Slave device, where the leading 3 of 33000 is a device convention that indicates these data are in Input Registers, rather than part of an actual address.
  • I doubt the latter is the case because you say you want to read and write those data, and Modbus cannot write to Input Registers.

I am not trying to give you a hard time; I hope the general statements above let you at least move onto the next step: define unambiguously which device is the Modbus Master/Client making data requests (probably, but not necessarily, the CompactLogix), and which device is the Modbus Slave/Server that "owns" the data and responds to the data requests (probably some non-CompactLogix device like a power meter or some such). Perhaps the simplest solution would be to give the specific make and model of the two devices you want to communicate via Modbus, and over what medium (RTU or TCP; probably TCP, per the thread title).

 

[nicherbert]

I would also add to @drbitboy comment and say that while the addresses are in the range of 33000 and of type INT[1024], this is only saying that there are 1024 registers, likely starting at address 33000. So the range would be 33000-34023. If you do not need all of those data points, you can simply read/write (if it is a holding register) the registers that you need. So, for example, if you only need register 5-10, then you only need to scan registers 33004-33009 (or 33005-33010 depending if it's 1 or 0 based). You could also just scan each register separately.

The other thing to keep in mind as you go through this. While the registers are INT's (16 bits), the order of the byte should be verified as well. So do some testing to confirm the low and high order bytes to ensure the data elements match what you expect. Also check the 0 vs 1 based address, as that will also cause some confusion, but is easily fixed with your testing of 2 consecutive registers with known data.

Best of luck on your journey!

 

[BKuhlly]

Welcome to the forum. You picked a great first query, so down the rabbit hole you go ... .

You are new to Modbus so it is not surprising that some aspects of your question are inconsistent, so I cannot answer with certainty, but I will make a few general statements first:

• Typically, a Modbus Master (Client) device makes a read or write request of a Modbus Slave (Server) device; the Slave responds with data values if the request was a read, and with confirmation of success or failure if the request was a write. There are other types of request, but reads or writes seems to fit the question.
  • So if the device that is not the CompactLogix "has" the data values, then it is the Slave/Server; the CompactLogix will be the Master/Client device and make the request, to which the Slave/Server device will make a response.
  • If the CompactLogix "has" the data values, then it is the Slave/Server device; the other device will be the Master/Client device and make the request, to which the Slave/Server device will make a response.
• The greatest number of 16-bit registers' values that can be read in a single Modbus request/response pair is 125. To get 1024 INTs (16-bit signed integers) will require at least nine requests
  • eight @ 125 registers + one @ 24 registers, assuming the register values reside in contiguous addresses of at least 125 or 24 for each request).

Now to attempt to untangle the details of your query.

• The thread title is "Rockwell TCP Server AOI," which sounds like the CompactLogix "has" the data and would be the server, but you also say "know Modbus register addresses coming from a device," which sounds like the non-CompactLogix device "has" the data and would be the server.
• Also, Modbus register "addresses" do not "come from a device;" the value of a registart at a register address could come from a Slave device. This could be but a semantic thing but to understand what you want it needs to be resolved: which device maintains a value at "addresses" 33000 and higher?
• You mention "register" and want to write values to an array 16-bit INTs; it it safe to assume these are 16-bit registers, either Input Registers or Holding Registers, on the Slave device, and perhaps are these Holding Registers because Input Registers cannot be written to?
• The address "33000" has a lot of ambiguity:
  • it could refer to the register at an offset of 33000 (or 32999) from the "first" register of either the Input Registers or Holding Registers on the Slave device
  • or it could refer to the register at an offset of 3000 (or 2999) from the first Input Register on the Slave device, where the leading 3 of 33000 is a device convention that indicates these data are in Input Registers, rather than part of an actual address.
  • I doubt the latter is the case because you say you want to read and write those data, and Modbus cannot write to Input Registers.

I am not trying to give you a hard time; I hope the general statements above let you at least move onto the next step: define unambiguously which device is the Modbus Master/Client making data requests (probably, but not necessarily, the CompactLogix), and which device is the Modbus Slave/Server that "owns" the data and responds to the data requests (probably some non-CompactLogix device like a power meter or some such). Perhaps the simplest solution would be to give the specific make and model of the two devices you want to communicate via Modbus, and over what medium (RTU or TCP; probably TCP, per the thread title).

Thank you so much for this response! I really appreciate it. Let me know if I'm way off in the following:

I think I have it figured out now. The main issue was that I was thinking the controller needed to be a server, when it really needed to be a client the whole time. Making the controller (GuardLogix 5580) a client allowed me to select the BeginningAddress from the AOI. This allowed me to reach registers well above the 1024 limit I thought I originally had.

A little more background for future readers: I was given a paper that showed many tables including Modbus Register and Object Name/Description. There were 6 tables, broken into Analog Inputs/Outputs, Binary Inputs/Outputs, and Multi-State Inputs/Outputs. All of the Modbus Registers were in the range of either 3xxxx (Input Registers) or 4xxxx (Holding Registers). Side note: I found it interesting that they used an entire 16-bit register to represent the binary inputs/outputs. Anyways, I was tasked with using Modbus Protocol over ethernet (or Modbus TCP/IP). I knew an AOI existed, but got confused on whether I needed the SERVER or the CLIENT. Once I knew I needed a client, it was mostly smooth sailing

Regarding the 33000 address, I learned the leading 3 represented that it was an Input Register and I misunderstood this concept in my original post. This value can ONLY be READ (there was no writing to these values). Only Function Code, or Transaction Type, 04 (Read Input Registers) is allowed for this.

A slightly different approach regarding 4xxxx registers, or Holding Registers. The possible function codes are 03 (Read Holding Registers), 06 (Write a Single Holding Register), and 16 (Write Multiple Holding Registers).

On a completely different note, this AOI was put in a periodic task at 1000ms. I kept getting Sts_Overload (with only 1 transaction of 1 register) and discovered that my period was too long...? When I shortened the period to 100ms, the Sts_Overload went away. So I have no idea why that is but hopefully someone else can learn from my trials.

Best,
BK

 

[BKuhlly]

I would also add to @drbitboy comment and say that while the addresses are in the range of 33000 and of type INT[1024], this is only saying that there are 1024 registers, likely starting at address 33000. So the range would be 33000-34023. If you do not need all of those data points, you can simply read/write (if it is a holding register) the registers that you need. So, for example, if you only need register 5-10, then you only need to scan registers 33004-33009 (or 33005-33010 depending if it's 1 or 0 based). You could also just scan each register separately.

The other thing to keep in mind as you go through this. While the registers are INT's (16 bits), the order of the byte should be verified as well. So do some testing to confirm the low and high order bytes to ensure the data elements match what you expect. Also check the 0 vs 1 based address, as that will also cause some confusion, but is easily fixed with your testing of 2 consecutive registers with known data.

Best of luck on your journey!

I appreciate your advice! I will definitely be on the lookout for this stuff as I continue with this project.

 

[idiotsecant]

Is this an intellectual exercise or an actual production scenario? If the former, great. keep on keeping on. If the latter, you should probably be using a dedicated protocol convertor card. Prosoft makes several of them. It will handle the details of the protocol without making whoever inherits this from you pull their hair out.

 

[Contr_Conn]

There is a simple explanation why 1000ms task does not work:
The default transaction rate is also 1000ms.
It means that transaction is expected to complete in 1000ms or Overlap occurs.
Each transaction takes 8 scans
It means that with task rate 1000ms , each transaction should be changed to 8000ms or more,
Then, if you have more than one transaction, they all executed one after another so you need to multiply scans by the number of transactions. That is why recommended task rate 10-50ms.
The performance numbers are in the manual.

 

[DwSoFt]

Is this an intellectual exercise or an actual production scenario? If the former, great. keep on keeping on. If the latter, you should probably be using a dedicated protocol convertor card. Prosoft makes several of them. It will handle the details of the protocol without making whoever inherits this from you pull their hair out.

The Prosoft cards are also confusing to those who dont understand them honestly, and are not the best option like they once were IMO.
I would much rather recommend a Redlion DA, and it also wont take up a slot in the chassis like most Prosoft cards do and can do many other things as well, as well as other protocols.

The Logix Modbus AOI's are handy when last minute, someone adds Modbus to the scope. The TCP version also doesnt work on the older Compactlogix or the older Ethernet cards in Controllogix, you need the newer ones that support "Sockets".