Modbus Knowledge




Modbus RTU

Modbus is a communications protocol based on master/slave or client/server architecture, designed by Modicon for use with its PLCs. It has become a standard wherever Industrial Automation Systems (IAS) or Building Management Systems (BMS) needed. The main reason for the extensive use of Modbus over other communications protocols is the fact that it is openly published, it’s relatively easy to implement and reliable.Modbus comes in a variety of flavors, RTU and ASCII. Both of these procols are serial (RS232 or RS485) based.

  • Modbus RTU is a compact, binary representation of the data.
  • Modbus ASCII is human readable, and more verbose.



Protocol Specifications




MK10 and 32 Bits Numbers


Scaling in Modbus

Modbus does not provide a method for transporting large or Floating Point numbers or a mechanism for scaling analog values. A 16 bit word can only contain values in the range 0-65535. Only whole numbers are permitted. To work around this many server device manufacturers use multipliers and document them in their manuals. For example, to report a temperature of 58.5 the device reports a value of 585, and makes a note in the manual that the master should scale by 10. This scaling is achieved by adopting a convention between the client and the server.
What about large numbers > 65535
Modbus does not provide a mechanism but 3 important schemes are widely used.

Long Integers – Two consecutive 16 bit words are interpreted as a 32 bit long integer.

MK10 values – Two consecutive words are used. The 1st reports the number of units and the 2nd reports the number of 10,000’s.

Floating Point Numbers – Two consecutive words are used and a scheme. These schemes are conventions and not all servers or clients support them.

The protocol does not identify these big numbers. Only the vendor docs do.
What we mean by this is – if you look at the byte stream in a Modbus message there is no way of telling whether you are looking at two consecutive 16 bit words, or two consecutive words that should be interpreted as floating point, long or MK10 formats. Because of this you always have to look to the vendor docs.


Reading Vendor Modbus Maps


If you are reading the documentation for sensor blocks, valves, and other devices, you must keep in mind that some vendors may document their hardware in different ways.

According to the Modbus standard, addresses are simply integers from 0 to 65,535 with the different address ranges being referred to as coils, holding registers, etc. However, some vendors will document their hardware using numerical prefixes which are not actually part of the Modbus address. This originated from some models of PLCs which used the Modbus communications protocol, and which also used numerical prefixes in their internal data table. This is similar to using “I”, “Q”, “V”, etc. as address prefixes in IEC type PLCs.

However, it is important to remember that these numerical prefixes are documentation methods and are not part of what the Modbus protocol itself sends as part of the messages. A difference in documentation methods does not affect the compatibility of the protocol itself.

These prefixes are they mentioned anywhere in the Modbus standard, but the following shows how they are typically used in documentation based on this older convention:

  • 0xxxx – Coils.
  • 1xxxx – Discrete inputs.
  • 3xxxx – Input registers.
  • 4xxxx – Holding registers.

Note that there is no 2xxxx address prefix.

In addition to numerical prefixes, some documentation will refer to protocol addresses (addresses start at 0), while other documentation will refer to data model addresses (addresses start at 1). That is, the first holding register may be 0 or 1 (or 40000 versus 40001 using prefixes). However, this has no bearing on what gets sent over the wire as a Modbus message. For a Modbus protocol message, the lowest address is always “0”, not “1”.

Other Related Articles:



Modbus Links

Modbus Protocol Specification


If you liked this post;
  • Please consider subscribing to our RSS feed