Detailed explanation of Modbus RTU protocol

Detailed explanation of Modbus RTU protocol

2020-08-05 17:31: 44Zongheng Intelligent Control 5

MODBUS_RTU communication protocol

MODBUS_RTU communication protocol (this agreement adopts master-slave question and answer method)

PDM series meters/transmitters: PDM series meters/transmitters adopt a brand-new design, which revolutionizes the concept of traditional electricity meters; it has multi-function, high precision, digital, programmable, compact structure and multi-screen display. Features, it can meet the future demand for electricity meters in the power industry.

MODBUS communication protocol: The ModBus communication protocol allows PDM series instruments/transmitters to communicate with programmable sequence controllers (PLC), RTU, SCADA systems, DCS or third parties from many internationally renowned brands such as Schneider, Siemens, AB, GE, etc. Information exchange and data transmission between ModBus compatible monitoring systems.

PDM series instruments/transmitters can form a power monitoring system by simply adding a set of computer (or industrial computer)-based monitoring software (such as Kingview, in ouch, FIX, synall, etc.).

Extensive system integration: PDM series instruments/transmitters provide standard RS-485/422 communication interface and ModBus communication protocol. This communication protocol has been widely used as a system integration standard in the power industry and industrial control industry at home and abroad.

Type and format of communication data: Information transmission is asynchronous and in bytes.exist

The communication information transmitted between the master station and the slave station is in 11-bit word format:

Word format (serial data) 11-bit binary

Start bit 1

Data bits 8 bits

Parity bit 1 bit: With parity bit/None: No parity bit

Stop bit 1 bit: with parity bit/2 bits: without parity bit

● Communication data (information frame) format

Data format: Address code Function code Data area Error checking

Data length: 1 byte 1 byte N bytes 16-bit CRC code (redundant cycle

code)

Note

1. 1 byte consists of 8-bit binary numbers (that is, 8 bits).

2. ModBus is a registered trademark of Modicon Company.

3. “Slave machine” in this document refers to PDM.

1. Communication information transmission process:

When the communication command is sent from the sending device (host) to the receiving device (slave), the slave that meets the corresponding address code receives the communication command and reads the information according to the function code and related requirements. If the CRC check is correct, the corresponding task, and then returns the execution results (data) to the host. The returned information includes address code, function code, data after execution and CRC check code. If the CRC check fails, no information will be returned.

1.1 Address code:

The address code is the first byte (8 bits) of each communication information frame, from 0 to 255. This byte indicates that the slave with an address set by the user will receive the information sent by the master. Each slave must have a unique address code, and only the slave that matches the address code can respond to the feedback message. When the slave sends back information, the data sent back start with their respective address codes. The address code sent by the master indicates the slave address to be sent to, and the address code returned by the slave indicates the slave address sent back. The corresponding address code indicates where the information came from.

1.2 Function code:

It is the second byte transmitted in each communication information frame. ModBus communication protocol can define function codes from 1 to 127. PDM series instruments/transmitters only use part of the function codes. Sent as a host request, the function code is used to tell the slave what action it should perform. As a slave response, the function code returned by the slave is the same as the function code sent from the host, and indicates that the slave has responded to the host and has performed relevant operations.

Table 8.1 Some function codes of MODBUS

Function code definition operation (binary)

02 Read switch input Read one or more switch status input data

01 Read switching output Read one or more switching output status data

03 Read register data Read data from one or more registers

05 Write switch output to control the “close/open” output of a relay

06 Write a single register Write a set of binary data into a single register

10 Write multiple registers Write multiple sets of binary data to multiple registers

1.3 Data area:

The data area includes what information needs to be sent back from the slave or what action needs to be performed. This information can be data (such as: switch input/output, analog input/output, register, etc.), reference address, etc. For example, if the host tells the slave to return the value of the register (including the starting address of the register to be read and the length of the read register) through function code 03, then the returned data includes the data length and data content of the register. For different slave machines, the address and data information are different (a communication information table should be given).

The PDM series instrument/transmitter adopts Modbus communication protocol. The host (PLC, RTU, PC, DCS, etc.) can read its data register at will by using the communication command (function code 03) (see the appendix for its data information table). The data register of the PDM series instrument/transmitter stores hundreds of electrical quantities (such as current, voltage, power, 0~31st harmonic components, etc.), and they are all 16-bit (2 bytes) binary data. , and the high-order bit comes first; the maximum number of registers that can be read at one time (that is, the number of various types of power) is 50.

The command format of PDM response is slave address, function code, data area and CRC code. The data in the data area are all two bytes, with the high-order bit first (except for electrical energy).

Note: 1. PDM-820AC/ACM/ACR, PDM-800AC/ACM tools

There are “03”, “06” and “10” function codes;

2. If PDM adopts MODBUS ASCII communication protocol, its communication data format is; 7

Data bits, 1 stop bit, even parity.

2. Introduction to MODBUS function codes

2.1 Function code “02”: Read one or more switch status inputs

For example: the host wants to read the input status of switch DI1-DI4 with address 01.

The address and data of the slave (PDM) data register are:

Starting bit address DI register data (hexadecimal) Remarks 0000 0B

The status of DI1/DI2/DI4 is “1”, and the status of DI3 is “0”

The message format sent by the host:

Number of bytes sent by the host Information sent Remarks

Slave address 1 01 is sent to the slave with address 01

Function code 1 02 reads switch input status

Starting BIT bit 2 0000 The starting BIT bit address is 0000

Read data length 2 0004 Read 4-way switch input status bits

CRC code 2 79C9 The CRC code is calculated by the host

The message format returned by the slave (PDM) response:

Slave response number of bytes returned information remarks

Slave address 1 01 comes from slave 01

Function code 1 02 reads switch input status

Data length 1 01 1 byte (8 BIT bits)

DI status data 1 0B DI register content

CRC code 2 E04F The CRC code is calculated by the slave machine

2.2 Function code “01”: Read the status of one or more switch outputs

For example: the host wants to read the output status of switch DO1 and DO2 with address 01.

The address and data of the slave (PDM) data register are:

Starting bit address DO register data (hexadecimal) Remarks

0000 02 DO2 output status is “1”, DO1 output status

Status is “0”

The message format sent by the host:

Number of bytes sent by the host Information sent Remarks

Slave address 1 01 is sent to the slave with address 01

Function code 1 01 reads switch output status

Starting BIT bit 2 0000 The starting BIT bit address is 0000

Read data length 2 0002 Read 2 relay output status bits

CRC code 2 BDCB The CRC code is calculated by the host

The message format returned by the slave (PDM) response:

Slave response number of bytes returned information remarks

Slave address 1 01 comes from slave 01

Function code 1 01 reads switch output status

Data length 1 01 1 byte (8 BIT bits)

DO status data 1 02 DO register content

CRC code 2 D049 The CRC code is calculated by the slave machine

2.3 Function code “03”: Read multiple register inputs

For example: the host wants to read the number of 3 slave registers with address 01 and starting address 0116.

according to.

The address and data of the slave (PDM) data register are:

Register address Register data (hexadecimal) Corresponding PDM power

0116 1784UA

0117 1780UB

0118 178A UC

The message format sent by the host:

Number of bytes sent by the host Information sent Remarks

Slave address 1 01 is sent to the slave with address 01

Function code 1 03 Read register

Starting address 2 0116 Starting address is 0116

Data length 3 0003 Read 3 registers (6 bytes in total)

CRC code 2 E5F3 The CRC code is calculated by the host

The message format returned by the slave (PDM) response:

Slave response number of bytes returned information remarks

Slave address 1 01 comes from slave 01

Function code 1 03 Read register

Read word 1 06 3 registers total 6 bytes

Register data 1 2 1784 The contents of the memory at address 0116

Register data 2 2 1780 The contents of the memory at address 0117

Register data 3 2 178A The content of the memory at address 0118

CRC code 2 5847 The CRC code is calculated by the slave machine

2.4 Function code “05”: write 1 switch output (“remote control”)

Example 1: Switch output point DO1, its current status is “minute”, the host wants to control this relay

The device “joins”.

The control commands are:

“FF00” means the control relay is “closed”;

“0000” is the control relay “minute”;

The message format sent by the host:

Number of bytes sent by the host Information sent Remarks

Slave address 1 01 is sent to the slave with address 01

Function code 1 05 writes switch output status

Output BIT bit 2 0000 corresponds to the output relay BIT bit (DO1)

Control command 2 FF00 controls the relay output to be “on” status bit

CRC code 2 8C3A The CRC code is calculated by the host

The message format returned by the slave (PDM) response:

The format and data content of the message sent by the host are exactly the same.

Example 2: Switch output point DO2, its current status is “closed”, and the host wants to control this relay

The device “points”.

Message format sent by the host

Number of bytes sent by the host Information sent Remarks

Slave address 1 01 is sent to the slave with address 01

Function code 1 05 writes switch output status

Output BIT bit 2 0001 corresponds to the output relay BIT bit (DO2)

Control command 2 0000 controls the relay output to be “on” status bit

CRC code 2 9C0A The CRC code is calculated by the host

The message format returned by the slave (PDM) response:

CRC code calculated by the host

The message format returned by the slave (PDM) response:

The format and data content of the message sent by the host are exactly the same.

2.6 Function code “10”: Write multiple registers

The host uses this function code to save multiple data to the data memory of the PDM table.

The register in the Modbus communication protocol refers to 16 bits (ie 2 bytes), and the high-order bit is first.

In this way, the memory of PDM is two bytes.Since the Modbus communication protocol allows up to

Save 60 registers, so PDM allows up to 60 data registers to be saved at one time.

For example: the host wants to save 0064, 0010 into the slave registers with addresses 002C, 002D

Go (slave address code is 01). After the communication data is saved, the PDM with address 002C/002D

The information stored in the table is:

Address originally stored data (hexadecimal)

002C 04B0

002D 1388

The message format sent by the host:

CRC code calculated by the host

The message format returned by the slave (PDM) response:

Slave response number of bytes number of bytes example

Slave address 1 01 comes from slave 01

Function code 1 10 Write multiple registers

Starting address 2 002C The starting address is 002C

Save data word length 2 0002 Save 2 word length data

CRC code 2 8001 CRC code calculated by the slave machine

3. Error check code (CRC check):

4. Processing of communication error information and data:

When the PDM table detects an error other than the CRC code error, it must send a message back to the host

information, the highest position of the function code is 1, that is, the function code returned from the slave to the host is sent by the host.

Add 128 based on the function code sent.The following codes indicate that an unexpected error occurred

born.

If the information received by PDM from the host has CRC errors, it will be ignored by the PDM table.

The format of the error code returned by PDM is as follows (except CRC code):

Address code: 1 byte

Function code: 1 byte (the highest bit is 1)

Error code: 1 byte

CRC code: 2 bytes.

The PDM response returns the following error code:

81. Illegal function code. The function code received is not supported by the PDM table.

82. Illegal data location.The specified data location exceeds the scope of the PDM table

around.

83. Illegal data value.The data value received from the host exceeds the PDM phase

The data range of the corresponding address.

Шлюз DTU/Edge Gateway/IoT-платформа/шлюзовой модуль

Tags: Modbus RTU protocolRTU serial port format

  • Detailed explanation of Modbus RTU protocol [2020-08-05]

  • Предыдущая статья : История развития коммуникаций
  • Следующая статья : What are link addresses and running addresses in embedded systems

Свяжитесь с нами