Abstract: This paper introduces the control network and protocol characteristics of Modbus, focusing on the message frame composition, checksum calculation, and main functions of Modbus ACSII mode. It also explains the key points for implementing remote wireless communication using the Modbus protocol.
Keywords: Modbus network; Modbus protocol; LRC checksum; wireless data transmission modem; half-duplex
1 Introduction
Remote communication using data radio can be achieved through various programming methods. However, if requirements are placed on communication reliability, compatibility, and networking flexibility, then general communication programs are insufficient. Ideally, a readily available, widely used, highly reliable, efficient, easy-to-implement, and well-proven universal communication protocol should be used. The Modbus protocol is one such protocol that fully meets these requirements.
The Modbus protocol, developed by Modicon Inc., a US-based programmable logic controller (PLC) manufacturer, is used for industrial communication and distributed control systems. It is now supported by numerous hardware manufacturers and has become a universal industrial standard. This protocol enables communication between controllers and between controllers and other devices via networks (such as Ethernet). Due to its completely open nature, simple implementation, low hardware requirements, and high reliability, the Modbus protocol has become the best choice for building low-speed network communication (data acquisition, instrumentation, etc.).
2 Modbus Protocol
2.1 Protocol Overview
Modbus protocol communication uses a master-slave technology, meaning only one device (the master) can initiate a transmission (query). Other devices (slave devices) respond accordingly based on the data provided by the master's query. Figure 1 illustrates the query-response loop of the Modbus protocol. Typical master devices include host computers and programmable meters. Typical slave devices include programmable logic controllers (PLCs).
Figure 1 Master-Slave Query - Response Cycle Table
The master device sends a request message containing a specified address to the communication line; the slave device then checks whether the message contains its own address. If the message address matches its own address, the slave device receives the message and processes it. The slave device's message processing procedure is as follows: if the message is correct, it executes the task as required by the message and then returns a correct response message to the sender; otherwise, it only returns an error message to the sender.
The Modbus protocol allows one master and up to 247 slaves. Only the master can initiate a transaction. Transactions can be responsive (addressing only one slave) or broadcast (addressing all slaves without an acknowledgment). A transaction consists of query and response frames, or a single broadcast frame.
The Modbus protocol offers two transmission modes for users to choose from: ASCII (American Standard Code for Information Interchange) and RTU (Remote Terminal Unit). Functionally, these two modes are identical. The main advantage of ASCII mode is that character transmission intervals can reach one second without error, making it suitable for long-distance, low-speed communication applications (such as radio communication). RTU mode, on the other hand, is more suitable for short-distance, high-speed communication applications and is widely used in control systems.
This paper primarily utilizes the ASCII mode of the Modbus protocol for wireless communication. Therefore, it focuses on introducing the ASCII mode of the Modbus protocol.
2.2 ASCII Mode Format
In ASCII mode, messages begin with a colon (:) character (ASCII code 3AH) and end with a newline character (ASCII code 0DH, 0AH).
Other fields can use hexadecimal characters 0...9, A...F. Devices on the network continuously detect the ":" character, and when a colon is received, each device decodes the next field (address field) to determine whether it is addressed to itself.
A typical message frame is shown below:
Figure 2 ASCII message frame
The start bit field indicates the beginning of a message frame.
The address field indicates the address of the slave device receiving the host message. Users must configure the address for each slave device.
The function code field informs the slave station what function should be performed.
The data fields contain information about the slave device performing a specific function, or information about the slave device responding to queries. This information can be numerical values, address parameters, or ranges.
The checksum field is used to check for errors in communication messages.
2.3 LRC verification
ASCII mode uses the LRC method for error checking. Specifically:
A. The LRC field checks the contents of the message field except for the opening colon and the closing carriage return/line feed.
B. The LRC field is a byte containing an 8-bit binary value. The LRC value is calculated by the transmitting device and placed in the message frame. The receiving device calculates the LRC during message reception and compares it with the value in the LRC field of the received message. If the two values are not equal, it indicates an error.
C. The LRC method continuously adds up the 8-bit bytes in the message, discarding the carry.
The simple LRC function is as follows:
static unsigned char LRC(auchMsg,usDataLen)
unsigned char *auchMsg; /* The message to be computed */
unsigned short usDataLen; /* Number of bytes to process in LRC */
{ unsigned char uchLRC = 0; /* LRC byte initialization */
while (usDataLen——) /* Send message */
uchLRC += *auchMsg++ ; /* Accumulate */
return ((unsigned char)(-((char_uchLRC)));
}
3. Functional Description
3.1 Functional Overview
The Modbus protocol has a total of 24 functions. Eight of them are the main ones, as shown in Figure 3:
Figure 3. Main functions of the Modbus protocol
The Modbus protocol was originally designed to enable efficient networking communication for programmable logic controllers (PLCs). Some of the communication functions are redundant in these eight categories. However, for ease of implementation, only functions 04 and 16 are needed in wireless communication applications.
3.2 Read the input register group (function code 04)
For example: Read the register group of slave device 8. The starting address is 30123, and the message format for two registers is shown in Figure 4:
Read input register set query message:
Read the input register set acknowledge message:
Figure 4 Read Input Register Set Message Format
3.3 Write to multiple registers (function code 16)
This function can modify the contents of multiple registers within the controller; unused high-order bits must be set to 0. This function code supports broadcast mode (i.e., slave address is 0). For example, the message for setting registers 40210 and 40211 of slave 08 to 0835h and 0312h is shown in Figure 5.
Write multiple register query messages:
Write multiple register acknowledge messages:
Figure 5 shows the format of a message to write multiple registers.
4. Implementation of Modbus Protocol in Wireless Communication
4.1 Connection between Modbus port and wireless data transmission modem port
Both the Modbus port and the wireless data transmission modem port use a standard 9-pin serial port, utilizing only a portion of its pins. (See Figure 6.)
Figure 6. Connection between Modbus port and wireless data transmission modem port
4.2 Full-duplex to half-duplex communication conversion
Modbus is a half-duplex communication protocol, and wireless data transmission modems generally only operate in half-duplex mode. When a wireless data transmission modem is working, if the RTS control line is low, the modem is in transmit mode, sending the TXD signal as a carrier wave; if the RTS control line is high, the modem is in receive mode, receiving the carrier signal and sending it back to the Modbus port after detection.
If all master and slave devices communicate in half-duplex mode, it is relatively easy to implement wireless communication using the Modbus protocol. However, if some slave devices in the entire communication network operate in full-duplex mode, then the communication mechanism of these slave devices must be changed to half-duplex.
For example, when a remote host communicates wirelessly with a PLC using a Modicon TSX SCP 111 communication card as a slave, a full-duplex to half-duplex card must be added to the Modicon TSX SCP 111 side. This is because the Modicon TSX 111 causes the CTS to go low once in each communication cycle (causing the radio to transmit), regardless of whether a useful signal exists in RXD, thus disrupting normal communication.
5. Conclusion
The unmanned control system for the Cunjin booster station of Zhanjiang Water Supply Company successfully achieved remote wireless control of the station's pumps using the aforementioned method. Practice has proven that using the Modbus protocol for wireless communication ensures reliable communication, a simple system structure, good scalability, and can meet the practical needs of most projects.
References:
[1] MODICON, Inc., Industrial Automation Systems "Modicon Modbus Protocol Reference Guide", June 1996
[2] Chen Baijin, Accessing Modbus Field Control Network via Serial Port, Microcomputer Information 2003.1.
