MODBUS

PROTOCOL
 FUNDAMENTALS OF
MODBUS
• Modbus is a serial communication protocol
developed and published by Modicon® in 1979 for
use with its programmable logic controllers (PLCs)
• Modbus is an open protocol and standard
communications protocol in the industry
• Versions of the Modbus protocol exist for serial lines
(Modbus RTU and Modbus ASCII) and for Ethernet
(Modbus TCP)
MODBUS SERIAL AND OSI
MODEL
MODBUS TCP AND OSI
MODEL
Layer OSI Function Modbus Function
5,6,7 Application Modbus Application
Protocol
4 Transport Transmission Control
Protocol
3 Network Internet Protocol
2 Data link IEEE 802.3
1 Physical IEEE 802.3
 MODBUS OPERATION

• Modbus is transmitted over serial lines between

devices
• The simplest setup would be a single serial
cable connecting the serial ports on two devices, a
master and a slave
• A typical transmission speed is 9600 baud (bits per
second)
 DATA STORAGE IN
STANDARD MODBUS
• Information is stored in the slave device in four
different tables
• Two tables store on/off discrete values (coils)
and two store numerical values (registers)
• Each table has 9999 values
• Each coil or contact is 1 bit
• Each register is 1 word = 16 bits = 2 bytes
 DATA STORAGE IN
STANDARD MODBUS
Coil/Register Data Addresses Type Table Name
Numbers
00001–09999 0000 to 270E Read-write Discrete output
coils
10001–19999 0000 to 270E Read-only Discrete input
contacts
30001–39999 0000 to 270E Read-only Analog input
registers
40001–49999 0000 to 270E Read-write Analog output
holding registers
 MASTER–SLAVE
CONFIGURATION
• At a particular time, only one master is connected to
the bus
• 247 maximum number slave nodes are connected to
the same serial bus
• The slave nodes never transmit data without
receiving a request from the master node
• The slave nodes never communicate with each
other
 MASTER–SLAVE
CONFIGURATION
• The master node issues a MODBUS request to the
slave nodes in two modes:
1. Unicast mode
 MASTER–SLAVE
CONFIGURATION
2. Broadcast mode
• The broadcast requests are necessarily writing
commands
 MASTER–SLAVE
CONFIGURATION

• The address 0 is reserved as the broadcast address.

• All slave nodes must recognize the broadcast address
• The MODBUS master node has no specific address;
only the slave nodes must have an address.
 FUNCTION CODE

This number tells the slave which table to access and

whether to read from or write to the table
 CYCLIC REDUNDANCY
CHECK (CRC)
• CRC stands for cyclic redundancy check
• It is 2 bytes added to the end of every Modbus
message for error detection
• Every byte in the message is used to calculate the
CRC
• The receiving device also calculates the CRC and
compares it to the CRC from the sending device
 SERIAL TRANSMISSION
MODES
1. RTU mode
2. American Standard Code for Information
Interchange (ASCII) mode
1. RTU TRANSMISSION
MODE
2. ASCII TRANSMISSION
MODE
 MODBUS MAP

• What the data is (e.g., pressure or temperature

readings)
• Where the data is stored (which tables and data
addresses)
• How the data is stored (data types, byte, and word
ordering)
• Some devices are built with a fixed map that is
defined by the manufacturer
MODBUS TCP FRAME

MBAP HEADER
 MODBUS TCP FRAME
• A new 7-byte header called the MBAP header (Modbus Application
Header) is added to the start of the message
• Transaction Identifier: 2 bytes set by the Client to uniquely identify
each request. These bytes are echoed by the Server since its
responses may not be received in the same order as the requests.
• Protocol Identifier: 2 bytes set by the Client. Modbus TCP = 00 00
• Length: 2 bytes identifying the number of bytes in the message to
follow.
• Unit Identifier: 1 byte set by the Client and echoed by the Server for
identification of a remote slave connected on a serial line or on
other buses
 MODBUS TCP FRAME

• Modbus RTU request for the content of analog output

holding registers # 40108 to 40110 from the slave device with
address 17
11 03 006B 0003 7687
11: The SlaveID Address (17 = 11 hex)
03: The Function Code (read Analog Output Holding Registers)
006B: The Data Address of the first register requested. (40108-
40001 = 107 =6B hex)
0003: The total number of registers requested. (read 3 registers
40108 to 40110)
7687: The CRC (cyclic redundancy check) for error checking
 MODBUS TCP FRAME
• Removing the Slave ID and CRC gives the PDU:
03 006B 0003
• Adding MBAP header gives the ADU:
0001 0000 0006 11 03 006B 0003
0001: Transaction Identifier
0000: Protocol Identifier
0006: Message Length (6 bytes to follow)
11: The Unit Identifier (17 = 11 hex)
03: The Function Code (read Analog Output Holding Registers)
006B: The Data Address of the first register requested. (40108-40001 =
107 =6B hex)
0003: The total number of registers requested. (read 3 registers 40108 to
40110)
TCP/IP WRAPPER
Modbus EIA-485 (2 kabel)
Modbus EIA-485 (4 kabel)
Modbus TCP
ARDUINO MODBUS

1. Modbus Serial

2. Modbus TCP (with Ethernet

Shield)