Modbus protocol was originally developed by Modicon company. Now MODBUS is the most popular protocol in the world in the industrial field. Support traditional RS-232, RS-422, RS-485 and Ethernet devices. With it, the control equipment produced by different manufacturers can be connected into an industrial network for centralized monitoring. When communicating on the network, MODBUS protocol determines that each controller needs to know their device address, identify the message sent by the address, and decide what action to produce. If a response is required, the controller will generate a response and send it to the interrogator using the Modbus protocol.
Modbus protocol includes ASCII, RTU, TCP, etc., and no physical layer is specified. The protocol defines the message structure that the controller can recognize and use, no matter what network they communicate through. The serial controller of Modicon is realized by using the serial standard of Modicon. The ASCII and RTU protocols of Modbus specify the structure of messages and data, command and answer mode. The data communication adopts maser / slave mode. The master end sends data request message. After receiving the correct message, the slave end can send data to the master end to respond to the request; The master terminal can also send messages directly to modify the data of the slave terminal to realize two-way reading and writing.
The Modbus protocol needs to verify the data. In addition, MODBUS uses the master-slave mode to send and receive data regularly. In actual use, if a slave station is disconnected (such as fault or shutdown), the master can diagnose it, and when the fault is repaired, the network can be connected automatically. Therefore, the reliability of Modbus protocol is good.
Comparison between ASCII protocol and RTU protocol:
agreement Start tag End tag check transmission efficiency Program processing
ASCII : (colon) CR,LF LRC low Intuitive, simple and easy to debug
RTU nothing nothing CRC high Not intuitive, slightly complex
LRC check: the LRC field is a byte containing an 8-bit binary value. The LRC value is calculated by the transmitting device and put into the message frame. The receiving device calculates the LRC in the process of receiving the message and compares it with the value in the LRC domain in the received message. If the two values are different, it indicates an error. LRC verification is relatively simple. It is used in ASCII protocol to detect the contents in the message field except the starting colon and the ending carriage return line number. It just takes the inverse plus 1 after stacking each data to be transmitted according to bytes.
CRC check: the CRC field is two bytes and contains a 16 bit binary value. It is calculated by the transmission device and added to the message. The receiving device recalculates the CRC of the received message and compares it with the value in the received CRC field. If the two values are different, there is an error.
1. Read / write digital quantity register (coil status):
The computer sends the command: [device address] [command No. 01] [high 8 bits of the start register address] [low 8 bits] [high 8 bits of the number of registers read] [low 8 bits] [low 8 bits] [low 8 bits of CRC check] [high 8 bits of CRC check]
Example: [10] [01] [00] [13] [00] [25] [CRC low] [CRC high]
The meaning is as follows:
<1> Device address: multiple devices can be connected to a 485 bus. The device address here indicates which device you want to communicate with. In the example, I want to communicate with number 16 (decimal 16 is hexadecimal 10).
<2> Command number 01: the command number for reading digital quantity is fixed as 01.
<3> High 8 bits and low 8 bits of the starting address: it indicates the starting address of the switching value to be read (the starting address is 0). For example, the starting address in the example is 19.
<4> High 8 bits and low 8 bits of the number of registers: it indicates how many switching values are read from the starting address. In the example, there are 37 switching values.
<5> CRC verification: from the beginning to the end. This agreement will be introduced at the end. It should be noted here that the order of high and low bytes of CRC check in the command is opposite to that of others.
Device response: [device address] [command number 01] [number of bytes returned] [data 1] [data 2] [data n] [lower 8 bits of CRC check] [upper 8 bits of CRC check]
Example: [10] [01] [05] [CD] [6B] [B2] [0e] [1b] [CRC low] [CRC high]
The meaning is as follows:
<1> The device address and command number are the same as those above.
<2> Number of bytes returned: indicates the number of bytes of data, that is, data 1, 2 The value of N in n.
<3> Data 1 n: Since each data is an 8-bit number, each data represents the value of 8 switching values. Each bit of 0 indicates that the corresponding switch is open and 1 indicates that it is closed. For example, in the example, it means that switch 20 (index number 19) is closed, switch 21 is open, switch 22 is closed, switch 23 is closed, switch 24 is open, switch 25 is open, switch 26 is closed, switch 27 is closed If the asked switching value is not an integral multiple of 8, the high-order part of the last byte is meaningless and set to 0.
<4> CRC verification is the same as above.
2. Read only digital quantity register (input status):
It is similar to reading the coil state, except that the command number of the second byte is no longer 1 but 2.
3. Write digital quantity (coil status):
The computer sends a command: [device address] [command No. 05] [register address to be set higher 8 bits] [lower 8 bits] [data to be set higher 8 bits] [lower 8 bits] [CRC check lower 8 bits] [CRC check upper 8 bits]
Example: [10] [05] [00] [AC] [FF] [00] [CRC low] [CRC high]
The meaning is as follows:
<1> The device address is the same as above.
<2> Command number: the command number for writing digital quantity is fixed as 05.
<3> The register address to be set down is 8 bits high and 8 bits low: it indicates the address of the switch to be set down.
<4> The upper 8 bits and the lower 8 bits of the lower data indicate the state of the switching value that needs to be set down. In the example, the switch is closed. Note that only [FF] [00] means closed [00] [00] means open, and other values are illegal.
<5> Note that this command can only set the state of one switching value.
Device response: if the command sent by the computer is successfully returned, otherwise it will not respond.
4. Read / write analog register (holding register):
The computer sends a command: [device address] [command number 03] [high 8 bits of the start register address] [low 8 bits] [high 8 bits of the number of registers read] [low 8 bits] [low 8 bits] [low 8 bits of CRC check] [high 8 bits of CRC check]
Example: [10] [03] [00] [6B] [00] [03] [CRC low] [CRC high]
The meaning is as follows:
<1> The device address is the same as above.
<2> Command number: the command number for reading analog quantity is fixed as 03.
<3> Starting address high 8 bits and low 8 bits: indicates the starting address of the analog quantity to be read (the starting address is 0). For example, the starting address in the example is 107.
<4> High 8 bits and low 8 bits of the number of registers: indicates how many analog quantities are read from the starting address. In the example, there are three analog quantities. Note that in the returned information, an analog quantity needs to return two bytes.
Device response: [device address] [command number 03] [number of bytes returned] [data 1] [data 2] [data n] [lower 8 bits of CRC check] [upper 8 bits of CRC check]
Example: [10] [03] [06] [02] [2B] [00] [00] [00] [64] [CRC low] [CRC high]
The meaning is as follows:
<1> The device address and command number are the same as those above.
<2> Number of bytes returned: indicates the number of bytes of data, that is, data 1, 2 The value of N in n. In the example, the data of three analog quantities are returned. Because an analog quantity needs 2 bytes, there are 6 bytes in total.
<3> Data 1 n: Where [data 1] [data 2] are the high 8 bits and low 8 bits of the first analog quantity respectively, [data 3] [data 4] are the high 8 bits and low 8 bits of the second analog quantity, and so on. The values returned in the example are 555 and 0100 respectively.
<4> CRC verification is the same as above.
5. Read only readable analog register (input register):
Similar to reading the save register, the command number of the second byte is no longer 2 but 4.
6. Write a single analog register (holding register):
Computer sends command: [device address] [command No. 06] [register address to be set down high 8 bits] [low 8 bits] [data to be set down high 8 bits] [low 8 bits] [CRC check low 8 bits] [CRC check high 8 bits]
Example: [10] [06] [00] [01] [00] [03] [CRC low] [CRC high]
The meaning is as follows:
<1> The device address is the same as above.
<2> Command number: the command number for writing analog quantity is fixed as 06.
<3> The register address to be set down is 8 bits high and 8 bits low: it indicates the address of the analog register to be set down.
<4> Lower data 8 bits higher and 8 bits lower: indicates the need for lower analog data. For example, in the example, the value of register 1 is set to 3.
<5> Note that this command can only set the state of one analog quantity.
Device response: if the command sent by the computer is successfully returned, otherwise it will not respond.