Windmill Software Ltd
Data Acquisition Intelligence
January 2012
Windmill Software Ltd
|
January 2012 |
Interfacing
|
Connecting ASCII and RTU Modbus Devices, via RS232 or RS485Our Windmill COMIML package lets you collect data from Modbus devices connected to the PC over a TCP/IP (Ethernet) or serial line. The package is currently on special offer for £50 (reduced from £145) from our DAQ Catalogue. The software also lets you send the data directly to Excel and other Windows programs. In Modbus systems, a master or client initiates queries to a slave or server (the measurement device). The slave/server responds either by supplying data or taking an action. Slaves only respond to queries from the master. Windmill supports any mix of digital and analogue inputs and outputs. These can be distributed across any set of Modbus slave devices. You can configure the slave device address and the parameter number (register number) for each channel individually. The Modbus protocol defines two modes of transmission: ASCII and RTU (Remote Terminal Unit). Windmill supports both modes. In ASCII mode each 8-bit byte in a message is sent as two ASCII characters. It allows intervals of up to 1 second between characters, without causing an error. Messages start with a colon and end with a Carriage Return followed by a Linefeed. The advantages of ASCII mode is that it allows intervals of up to a second to occur between characters without causing an error. ASCII mode is only used over serial (RS232, RS422 and RS485) lines. The RTU mode uses binary coding. Each 8-bit byte in a message contains two 4-bit hexadecimal characters. Greater character density allows better data throughput than ASCII for the same baud rate. Each message is transmitted in a continuous stream. The final part of a serial RTU message is a cyclic redundancy check, CRC. This calculates its value based on all earlier bytes in the message, it then adds its 2 bytes into the message. The computer therefore knows when it has received a corrupted message and can ask the instrument to resend its data. RTU mode is used over serial and network (TCP/IP) lines Modbus messages sent over Serial Lines: RS232, RS422 and RS485Each message comprises four parts: device address, function code, data, error check. The Device or Slave Address identifies your instrument. It contains one byte of information. In ASCII it is coded with two hexadecimal characters, in RTU with one byte. Valid addresses are between 0 and 247. The Function Code specifies the type of message. It contains one byte of information. In ASCII it is coded with two hexadecimal characters, in RTU with one byte. Modbus Com Port SettingsASCII RTU Modbus Serial Message Settings when using ComDebugUse the prompt grid in ComDebug's Terminal screen to send commands and data to your Modbus device. If you are sending binary rather than ASCII messages, either type directly into the Hex column or use the NumLock key on the keyboard to enter decimal addresses, codes, etc. Address 1, for example, would be shown as Char 001 and Hex 01. Modbus holding registers start counting at 40001. They are addressed with addresses starting at 0. You need to subtract 40001 from the register number to find the starting address. If your register address starts with a 6, for example 62592, convert this number to hex. You can use the converter at the bottom of this page. 62592, for example, converts to F480 and so you would enter F4 into the Hex column of Byte 3 and 80 into the Hex column of Byte 4. To Read a Single Modbus RegisterByte 1 = (slave) device address Byte 2 = Modbus function code: 03 (read holding register) or 04 (read input registers) Byte 3 = msb of register: starting address Byte 4 = lsb of register: starting address Byte 5 = msb of number of bytes to read: normally 0 Byte 6 = lsb of number of bytes to read: for example 2 Byte 7 = CRC: use the CRC menu
The Serial Reply ComprisesByte 1 = device address Byte 2 = function code Byte 3 = number of bytes read Byte 4 = 1st word, msb Byte 5 = 1st word, lsb Byte 6 = 2nd word, msb Byte 7 = 2nd word, lsb : : Byte n = CRC To Write to a Register over Serial CommunicationsByte 1 = device address Byte 2 = Modbus function code: 6 Byte 3 = address of word, msb Byte 4 = address of word, lsb Byte 5 = value of word, msb Byte 6 = value of word, lsb Byte 7 = CRC The Serial Reply ComprisesByte 1 = device address Byte 2 = function code: 6 Byte 3 = address of word, msb Byte 4 = address of word, lsb Byte 5 = value of word, msb Byte 6 = value of word, lsb Byte 7 = CRC Notes: The register number is not the same as the address. For example, Register 1 is Address 0. Modbus messages sent over TCP/IP: EthernetModbus TCP/IP Port SettingsPort: 502
Using ComDebug to send a message via TCP/IPFor communication over TCP/IP remove the device address and CRC detailed above in the serial settings, and add a 7-byte header called the Modbus Application Header (MBAP) to the start of the message.
Bytes 1 and 2 are a transaction identifier
Bytes 3 and 4 are a protocol identifier, always 0 0
Bytes 5 and 6 identify the number of the bytes to follow
Byte 7 identifies a unit which is not on the TCP/IP network, for serial bridging
this is set to 00 for TCP/IP devices
Byte 8 is the Modbus function code: 03 (read holding register) or 04 (read input registers)
Byte 9 is the msb of register: starting address
Byte 10 is the lsb of register: starting address
Byte 11 is the msb of number of bytes to read: normally 0
Byte 12 is the lsb of number of bytes to read: for example 2
Insert Decimal Number: |
Home | Windmill Measurement Software | Data Acquisition Shop | Monitor Newsletter | Contact Us | Contents: Tutorials, Tech Support, Applications, Free Stuff, etc | Search
 |
Copyright Windmill Software Ltd 2001 PO Box 58, North District Office, Manchester, M8 8QR, UK. E-mail, Tel: +44 161 833 2782 http://www.windmill.co.uk/modbussettings.html  Free measurement news feed...Designed by Studholme.net |
