Lead: ModBus network is an industrial communication system, which is composed of programmable controllers and computers with intelligent terminals connected through public lines or local dedicated lines. Its system structure includes both hardware and software. It can be applied to various data acquisition and process monitoring. The ModBus network has only one host and all communications are sent by him. The network can support as many as 247 remote slave controllers, but the actual number of slaves supported is determined by the communication equipment used. With this system, each PC can exchange information with the central host without affecting each PC performing its own control tasks. Understand how the Modbus communication protocol works. You can use a variety of third-party software to conduct communication tests at the site. The Modbus protocol includes ASCII, RTU, TCP, etc. It does not specify the physical layer. This protocol defines the message structures that the controller can recognize and use, regardless of the network through which they communicate. The standard Modicon controller uses RS232C for serial Modbus. Modbus's ASCII and RTU protocols define the structure of messages and data, commands, and methods to answer. Maser/Slave mode is used for data communication. The Master sends a data request message. The Slave can send data to the Master after receiving the correct message. In response to the request; Master can also send a message directly modify the Slave side of the data to achieve two-way read and write. The Modbus protocol needs to verify the data. In addition to the parity check in the serial protocol, the ASCII mode uses the LRC check, and the RTU mode uses the 16-bit CRC check. However, the TCP mode does not specify the check, because the TCP protocol is a Connection-oriented, reliable protocols. In addition, Modbus adopts the master-slave mode to send and receive data periodically. In actual use, if a Slave site is disconnected (such as a fault or shutdown), the master can diagnose it. When the fault is repaired, the network can be automatically connected. Therefore, the reliability of the Modbus protocol is better. For the Modbus ASCII, RTU and TCP protocols, where the TCP and RTU protocols are very similar, we simply remove the RTU protocol's two-byte checksum and add five 0s and one 6 at the start of the RTU protocol. And can be sent out through the TCP/IP network protocol. 1 Communication transmission method: Communication transmission is divided into independent information headers and transmitted coded data. The following definition of the communication transmission mode is also compatible with the ModBus RTU communication protocol: Initial structure = ≥ 4 bytes of time Address code = 1 byte Function code = 1 byte Data area = N bytes Error check = 16-bit CRC code End structure = ≥ 4 bytes of time Address Code: The address code is the first byte of the communication transmission. This byte indicates that the slave set by the user to set the address code will receive the message sent by the master. And each slave has a unique address code, and the response loopback starts with the respective address code. The address code sent by the master indicates the slave address to be sent to, and the address code sent by the slave indicates the slave address returned. Function code: The second byte of communication transmission. The ModBus communication protocol defines function numbers 1 to 127. This instrument uses only some of its function codes. As the host requests the sending, the function code is used to tell the slave what to do. As a slave response, the function code sent by the slave is the same as the function code sent from the master and indicates that the slave has responded to the master for operation. If the highest bit of the function code sent by the slave is 1 (for example, the function code is large at the same time 127), it means that the slave does not respond to the operation or send an error. Data area: The data area differs depending on the function code. The data area can be the actual value, the set point, the address the host sends to the slave or the slave sends to the host. CRC code: Two-byte error detection code. 2 Communication Protocol: When the communication command is sent to the instrument, the device that matches the corresponding address code receives the communication command, removes the address code, reads the information, and if there is no error, executes the corresponding task; then returns the execution result to the sender. The returned information includes the address code, the function code for executing the action, the result data after the action is performed, and the error check code. If you make a mistake, no information is sent. 1. Information frame structure Address Code Function Code Data Area Error Check Code 8 bits 8 bits N × 8 bits 16 bits Address Code: The address code is the first byte (8 bits) of the information frame, from 0 to 255. This byte indicates that the slave set by the user to receive the address will receive the message sent by the master. Each slave must have a unique address code, and only slaves that match the address code can respond to a loopback. When the slave sends back information, the equivalent address code indicates where the message came from. Function code: The function code sent by the host tells the slave what task to perform. The function codes listed in Table 1-1 have specific meanings and operations. Data area: The data area contains the return information that needs to be executed by the slave or collected by the slave. This information can be numerical values, reference addresses, and so on. For example, if the function code tells the slave to read the register value, the data area must contain the start address and read length of the register to read. For different slaves, the address and data information are different. Error check code: The host or slave can use the check code to judge whether the received information is wrong. Sometimes, due to electronic noise or some other interference, the information will change slightly during the transmission process. The error check code ensures that the host or the slave does not work on the information that is wrong during the transmission. This increases the security and efficiency of the system. The error check uses the CRC-16 check method. Note: The format of the information frame is basically the same: address code, function code, data area and error check code. 2. Error check The redundant cyclic code (CRC) contains 2 bytes, ie 16-bit binary. The CRC code is calculated by the sending device and placed at the end of the sent message. The device receiving the information recalculates the CRC code of the received message and compares the calculated CRC code with the received one. If the two do not match, it indicates an error. 3 Modbus support function code: 4 function code command explain: Among these function codes, the longer ones are the 1, 2, 3, 4, 5, and 6 function codes, which can be used to read and write the digital and analog quantities of the lower unit. Order No. 1,01, read and write digital registers (coil status): Computer Send Command: [Device Address] [Command Number 01] [Higher 8 Bits of Start Register Address] [Low 8 Bits] [High 8 Bits of Register Reads] [Low 8 Bits] [Low 8 Bits of CRC Checksum] ] [High 8 bits of CRC check] Example: [11][01][00][13][00][25][CRC low][CRC high] The meaning is as follows: <1> Device Address: Multiple devices can be attached to a 485 bus. The device address here indicates which device you want to communicate with. The example is intended to communicate with the 17th (decimal 17 is hexadecimal 11). <2> Command number 01: The command number for reading a digital quantity is fixed at 01. <3> Start address High 8 bits, low 8 bits: Indicates the start address of the switch to be read (start address is 0). For example, the starting address in the example is 19. <4> The number of registers is 8 bits high and 8 bits low: it indicates how many switches are read from the start address. The example is 37 switches. <5> CRC check: This is until the check has been performed from the beginning. Device response: [Device address] [Command number 01] [Number of bytes returned] [Data 1] [Data 2] ... [Data n] [High 8 bits of CRC check] [Low of CRC checksum 8-bit] Example: [11][01][05][CD][6B][B2][0E][1B] [CRC high] [CRC low] The meaning is as follows: <1> The device address and command number are the same as above. <2> Number of returned bytes: The number of bytes of data, that is, the value of n in data 1, 2...n. <3> Data 1...n: Since each data is an 8-bit number, each data represents 8 switch values. Each bit is 0 to indicate that the corresponding switch is off, and 1 indicates that it is closed. For example, in the example, it indicates that the number 20 (index number 19) switch is closed, 21 is open, 22 is closed, 23 is closed, 24 is open, 25 is open, 26 is closed, 27 is closed... If the requested switch is not 8 In the integral multiple, the high part of the last byte is meaningless and is set to zero. <4> CRC check is the same as above. Command No. 2,05, write digital quantity (coil status): Computer sends command: [Device address] [Command number 05] [The register address to be placed higher 8 bits] [Low 8 bits] [The lower data 8 bits are higher] [Low 8 bits] [Low 8 bits of the CRC checksum] Bit] [High 8 bits of CRC check] Example: [11][05][00][AC][FF][00][CRC high][CRC low] The meaning is as follows: <1> The device address is the same as above. <2> Command number: The command number for writing a digital quantity is fixed at 05. <3> The register address to be set lower is 8 bits, and the lower 8 bits indicate the address of the switch to be placed underneath. <4> The lower data is 8-bits high, and the lower 8-bits are: Indicates the state of the switch that needs to be set. The example is to close the switch. Note that it can only be [FF][00] here to indicate close [00][00] to indicate that it is open, and other values ​​are illegal. <5> Note that this command can only be set under one switch. Device response: If the command sent by the computer is returned successfully, it will not respond. Command No. 3, No. 03, read and write analog registers (hold registers): Computer Send Command: [Device Address] [Command Number 03] [Higher 8 Bits of Start Register Address] [Low 8 Bits] [High 8 Bits of Register Reads] [Low 8 Bits] [High 8 Bits of CRC Checksum] ] [Low 8 bits of CRC check] Example: [11][03][00][6B][00][03][CRC high][CRC low] The meaning is as follows: <1> The device address is the same as above. <2> Command number: The command number for reading analog is fixed at 03. <3> Start address High 8 bits, low 8 bits: Indicates the start address of the analog to be read (start address is 0). For example, the start address is 107. <4> The number of registers is 8 bits high and 8 bits low: it indicates how many analog values ​​are read from the start address. In the example, there are 3 analog quantities. Note that an analog needs to return two bytes in the returned information. Device response: [Device address] [Command number 03] [Number of bytes returned] [Data 1] [Data 2] ... [Data n] [High 8 bits of CRC check] [Low of CRC checksum 8-bit] Example: [11][03][06][02][2B][00][00][00][64][CRC high][CRC low] The meaning is as follows: <1> The device address and command number are the same as above. <2> Number of returned bytes: The number of bytes of data, that is, the value of n in data 1, 2...n. In the example, 3 analog data are returned. Since one analog signal requires 2 bytes, a total of 6 bytes are used. <3> Data 1...n: Where [Data 1][Data 2] is the upper 8 bits and the lower 8 bits of the first analog value, [Data 3][Data 4] is the second analog quantity. High 8 and low 8 and so on. The values ​​returned in the example are 555,0,100 respectively. <4> CRC check is the same as above. Command Nos. 4, 06 to write a single analog register (hold register): The computer sends the command: [Device Address] [Command Number 06] [The register address to be placed higher 8 bits] [Low 8 Bits] [The lower data 8 bits high] [Low 8 Bits] [High 8 of the CRC checksum Bit] [Low 8 bits of CRC check] Example: [11][06][00][01][00][03][CRC high][CRC low] The meaning is as follows: <1> The device address is the same as above. <2> Command number: The command number for writing an analog quantity is fixed at 06. <3> The register address to be set lower is 8 bits, and the lower 8 bits indicate the address of the analog register to be set. <4> The lower data is 8 bits high, and the lower 8 bits are: Indicates that the analog data needs to be set. For example, set the value of register 1 to 3. <5> Note that this command can only set one analog state. Device response: If the command sent by the computer is returned successfully, it will not respond. Commands 5 and 16 to write multiple analog registers (holding registers): Computer sends command: [Device address] [Command number 16] [Register address to be placed lower 8 bits high] [Low 8 bits] [Number of data high 8 bits] [Number of data low 8 bits] [Lower data height 8] Bit] [Low 8 bits] [...] [...] [High 8 bits of CRC check] [Low 8 bits of CRC check] Example: [11][16][00][01][00][01][00][05][CRC high][CRC low] The meaning is as follows: <1> The device address is the same as above. <2> Command number: The command number for writing analog is fixed at 16. <3> The register address to be set lower is 8 bits, and the lower 8 bits indicate the address of the analog register to be set. <4> The number of data to be placed below is 8 bits, and the lower 8 bits indicate the number of data to be placed, which is 1 here. <5> The lower data is 8 bits high, and the lower 8 bits are: Indicates that the underlying analog data needs to be set. For example, the value of register 1 is set to 5. Device Response: If the computer successfully returns the following command, it will not respond. Device response: [Device address] [Command number 16] [The register address to be placed higher 8 bits] [Low 8 bits] [Data quantity high 8 bits] [Data quantity low 8 bits] [High 8 bits of the CRC checksum ] [The lower 8 bits of the CRC check], the above example returns: [11][16][00][01][00][01] [CRC high] [CRC low] Basic Physics Experiment Instrument Series Basic physics experiment instrument series, used in physics laboratories of colleges and universities. Basic Physics Experiment Instrument,Light And Optical Instruments,Optical Viewing Instrument,Microscope Light Source Instrument Yuheng Optics Co., Ltd.(Changchun) , https://www.yhencoder.com
function code name effect 1 Reading coil status Get the current state of a set of logic coils (ON/OFF) 2 Read input status Get the current state of a set of switch inputs (ON/OFF) 3 Read holding register Get the current binary value in one or more holding registers 4 Read input register Get the current binary value in one or more input registers 5 Strong single coil Forcing a logic coil on and off 6 Preset single register Loading a Binary Value into a Holding Register 7 Read abnormal state Get 8 internal coils on and off status, the address of these 8 coils is determined by the controller 8 Return diagnostic check Send diagnostic check messages to slaves to evaluate communication processing 9 Programming (484 only) Enable the host to simulate the programmer, modify the PC slave logic 10 Inquiries (only for 484) Enables the host to communicate with a slave that is executing a long program task and probes whether the slave has completed its operation task. This function code is only sent after the message containing the function code 9 is sent. 11 Read event count Allows the host to issue a single challenge and then determine if the operation was successful, especially if the command or other response produces a communication error 12 Reading communication event records However, the host retrieves each slave's ModBus transaction transaction event record. If a transaction is completed, the record will give the relevant error 13 Programming (184/384 484 584) Enables Host Simulator Programmer Function to Modify PC Slave Logic 14 Inquiry (184/384 484 584) Enables the host to communicate with the slave that is performing the task, and periodically inquires whether the slave has completed its program operation. This function code must be sent only after the message containing the function 13 is sent. 15 Forced multiple coils Forcing a series of continuous logic coils on and off 16 Preset multiple registers Loading specific binary values ​​into a series of consecutive holding registers 17 Report slave identifier Enables the host to determine the type of the addressed slave and the status of the slave's operational indicator 18 (884 and MICRO 84) Enables the host to simulate programming functions and modify PC state logic 19 Reset communication link After a non-modifiable error occurs, the slave is reset to a known state and the sequence bytes can be reset. 20 Read common parameters (584L) Display data information in extended memory file twenty one Write common parameters (584L) Write common parameters to extended storage files, or modify them 22 to 64 Reserved for extended functions 65-72 Reserved for use by user functions Reserved code for user functions 73~119 Illegal function 120 to 127 Reserved Reserved for internal function 128 to 255 Reserved For abnormal response