What is Modbus? | Function code| CRC | Coil Address

What is Modbus?

Modbus is a serial communication protocol developed by Modicon, published by Modicon® in 1979, for use with programmable logic controllers (PLC). In simple words, it is a method for transmitting information over serial lines between electronic devices.

The device requesting information is called Modbus Master and the devices providing information are called Modbus Slaves. In a standard Modbus internet network, there may be a Master and Slave, each with 1 to 247 different Slave

What is it used for?

Modbus is an open protocol, which means that manufacturers are free to build Modbus without having to pay copyright to their hardware.

Modbus has become a standard communication protocol in the industry and is now the connection point for widely used industrial electrical devices. It is used by most manufacturers in many industries.

It is used for signal transmission from Modbus device and control devices to main controller or data acquisition systems. For example, a system measures temperature and humidity, then sends the results to the computer.

Modbus generally connects the central computer to the Remote Connection Unit (RTU) for centralized control and data collection. Modbus protocol versions serial lines ( Modbus RTU and Modbus ASCII) and Ethernet Available for (Modbus TCP).

How does it work?

It is transmitted over serial lines between Modbus devices. The easiest installation, two devices, one Master one Slave, connects the serial ports on it with a single cable.

This data is sent in one and zero series, called bits. Each bit is sent as voltage.

The zeros are sent as positive voltage and the ones as negative voltage.

Lice are sent very quickly. The transmission rate is generally 960 baud (the amount of bits per second).

What is Hexa decimal?

When solving problems, it may be helpful to see that raw data is transmitted. The bits are shown as hexadecimal (16 strings) because it is difficult to read a long and zero string. Each 4-bit block is represented by one of 16 characters from 0 to F.

0001 = 1  0101 = 5  1001 = 9  1101 = D

0010 = 2 0110 = 6  1010 = A  1110 = E

0011 = 3  0111 = 7  1011 = B   1111 = F

Each block of 8 bits (called bytes) is shown in pairs with one of 256 characters from 00 to FF.

How is Data Stored in Standard Modbus ?

The information is stored in four different charts on the Slave device.

Two tables store on / off status values   (coils), the other two store numerical values   (register).

Coils and registers each have read-only and read-write charts. Each chart has 9999 values. Each coil or contact is 1 bit and a data address is allocated between 0000 and 270E.

Each Register is 1 word = 16 bits = 2 bytes, and also has a data

address between 0000 and 270E.

Coil / Register
Type  Chart Number
1-9999 0000 to 270E ReadWrite Discrete Output Coils
10001-19999 0000 to 270E ReadOnly Discrete Input /Contacts
30001-39999 0000 to 270E ReadOnly Analog Input/Registers
40001-49999 0000 to 270E ReadWrite Analog Output/Holding Registers

because they do not really appear in messages. Data addresses are used in messages.

For example; The first Holding Register has 40001 number and

0000 data address.

The difference between these two values   is offset.

Each chart has a different offset. 1, 10001, 30001 and 40001.

What is Slave ID?

Each Slave in a network has its own address number ranging from 1 to 247. When the master requests data, Slave’s address information is the first byte sent. Thus, each Slave knows

whether to ignore the message after the first byte.

What is Function Code?

The second byte sent by the master is called the function code.

These numbers inform the slave about the chart it will access

and whether it will read it or write it to it.

Function Code  Action  Table Name
01 (01 hex) Reader Discrete Output Coils
05 (05 hex) Write single Discrete Output Coil
15 (0F hex) Write multiple Discrete Output Coils
02 (02 hex) Reader Discrete Input Contacts
04 (04 hex) Reader Analog Input Registers
03 (03 hex) Reader Analog Output Holding Registers
06 (06 hex) Write single Analog Output Holding Register

What is CRC?

CRC stands for Cyclic Reduncany check. CRC is two bytes added to the end of each modbus message for error checking.

Each byte in the message is sent to calculate the CRC. The receiving device also calculates the CRC and compares it to the CRC from the sending device. If even one bit in the message is received incorrectly, CRCs will be different and an error will occur.

What are the Formats of Modbus Commands and Responses?

You can find examples of requests and responses in the table below.

Data Addresses Reader Write Single Write Multiple
Discrete Output Coils 0xxxx FC01 FC05 FC15
Discrete Input Contacts 1xxxx FC02 NA NA
Analog Input Registers 3xxxx FC04 NA NA
Analog Output Holding Registers 4xxxx FC03 FC06 FC16

What are the Data Types?

The example of FC03 shows that register 40108 contains AE41,which has a conversion of 16 bits to 1010 1110 0100 0001.

Register 40108 can be defined as any of these 16-bit (16-bit) data.

A 16-bit unsigned integer (an integer between 0 and 65535)

Contents of register 40108 AE41 = 44,609 (conversion from hex to decimal)

A 16-bit unsigned integer (an integer from -32768 to 32767)

AE41 = -20,927 (conversion from hex to decimal, when finished -32767 then 65536)

A two-character ASCII string (2 letters)

AE41 = ® A

A discrete on / off value (like a 16-bit integer, the value runs as 0 or 1.Here the hax data is 0000 or 0001)

Also, Register 40108 can combine with 40109 to create any of

the following 32-bit data:

A 32-bit unsigned integer (a number between 0 and 4,294,967,295)

40108,40109 = AE41 5652 = 2,923,517,522

A 32-bit unsigned integer (a number between -2,147,483,648 and 2,147,483,647)

AE41 5652 = -1,371,449,774

A 32-bit single precision IEEE floating number.This is a mathematical formula that provides a 7 digit 32 bit function to any real number (decimal point number). bytes and 2 letters.

One 4-character ASCII string (4 letters)

AE41 5652 = ® AVR

More registers can be combined to create longer ASCII strings.

Each register consists of two ASCII characters (2 bytes).

What does Byte and Letter Order (word ordering) mean?

Modbus advertisements do not fully explain how the data is stored in the register. Therefore, manufacturers applied Modbus to their hardware to store and transmit the high byte first and then the low byte. (AE before 41)

Alternatively, others store and transmit the low and then the high byte. (41 before AE)

Similarly, when registers are combined as 32-bit data types,some devices store the higher 16-bit data (high word) first and then the remaining low data (5652 after AE41) others do the opposite (5652 ‘ after AE41)

It does not matter in which order the Byte or words are sent, if the receiving device knows what form it will be.

For example; If the number 2,923,517,522 is sent as 32 bit unsigned integer, it can be sent as one of the 4 different combinations below.

AE41 5652 high byte first high word first

5652 AE41 high byte first low word first

41AE 5256 low byte first high word first

5256 41AE low byte first low word first

What is Modbus Map (Map)?

  • What the data is (eg pressure or temperature readings)
  • Where data is saved (which chart and data addresses)
  • How data is saved (data types, byte and letter order)

Some devices are installed on a fixed device defined by the manufacturer, while others allow the customer to configure or program the device to meet their needs.

What’s the Difference Between Modbus ASCII and Modbus RTU?

 Must read our complete article on this topic : Link

What is Extended Register Address?

Since analog output registers are from 40001 to 49999, it means there can be no more than 9999 registers. While this is sufficient for most applications, sometimes it is useful to have more registers.

If we make the remaining addresses from 270F to FFFF efficient, then 65536, in other words, more than six times registers will be available in total. This expands the number of registers from 40001 to 105536.

Most Modbus software drivers (for Master PCs) offer a limited range from 40001 to 49999, in which case access to extended registers on slave devices cannot be accessed. And most slave

devices do not support maps using extended regsiters. On the other hand, some slave devices support these registers, while some master softwares provide access, if specially written.

How Does 2-byte Slave Addressing Work?

The number of slaves on the network is limited to 256 because it is used to define the single byte slave address and assign a To overcome this limitation, the protocol can be modified to use two bytes in the address.

All masters and slaves must support this change. 2-byte addressing increases the number of Slaves on the network to 65535.

Leave a Comment