Integration networks are becoming more and more essential in almost every Building Management System; therefore, it is a requirement of any BMS Engineer to at least have a basic understanding of the protocol. Fortunately, there is plenty of information out there detailing everything you could ever need to know about Modbus – unfortunately, a lot of the information is conflicting and often there just isn’t “all” the information which sometimes leaves you hanging. This post will hopefully simplify the information so that you know enough to make it work for you on your projects.
There are two installations of the Modbus protocol:
- Serial network – RS485
- TCP/IP Network
The end result is the same, and often the Modbus point registers are the same, but there are differences between the two installations, if not just the physical installation.
Serial RS485 Modbus
To establish an RS485 Modbus network a twisted pair cable needs to be installed from the network master to a slave device. Often a single twisted pair cable with a screen will do the job, but these days more and more manufacturers are recommending a dual twisted pair cable, something like a Belden 9842NH. The purpose of 2 pairs is so that one pair can be used for the transmit/receive wires, whilst the other pair can act as a shield or a drain wire. To be perfectly honest I would always recommend the two pairs so that you have all bases covered.
When connecting up Modbus devices via an RS485 network they should be daisy-chained together, any other wiring topology is not supported.
The connections should be kept the same throughout the network: positive to positive, and negative to negative. These may sometimes be labeled up as A and B. If these are crossed this will likely bring the entire network down and create communication alarms within the master controller. It is also worth mentioning that the screen cable should be kept intact throughout the entirety of the network and only earthed at the controller end.
When wiring Modbus serial devices there is a limit of 32 per network; the above example would class as 4 since the master device takes up an address on the network. There are ways of getting around this limitation by using repeaters and boosters on the network if necessary. The maximum length of the serial network cannot exceed 1200m regardless of boosters and repeaters.
In some situations, it may be necessary to install an end of line termination resistor across the communication pair. Typically, a 120ohm resister will work ok, but this can be correctly calculated more accurately if need be. More and more devices are coming with built-in termination jumpers which can be used to save the hassle of a resistor when required.
When configuring an RS485 serial Modbus network you need to set the following within each device:
- Baud rate
- Parity
- Stop bits
- Data bits
These are often configurable via either onboard jumpers or through the software. Keep this at the front of your mind when starting out on this type of project – if the onboard jumpers need setting, it is much easier to do them straight out of the box rather than up in a ceiling or anywhere on-site for that matter.
TCP / IP Modbus
To establish a TCP / IP Modbus network all devices must be connected to the same network either locally or via gateway connections. Typically, these would be wired connections with an ethernet cable and RJ45 ends, although more devices are now connected via Wi-Fi, both solutions will do the job.
TCP / IP Modbus is not limited to 32 devices per network like the serial connection is, however, each master (client) device will have its own limitations and it should be checked before starting to design a system.
Another difference from the RS485 Modbus network is the terminology used, when talking serial connections we say “master and slave” when talking about TCP / IP Modbus we say “Client and server”.
The maximum length of each network segment is 100m as per the cat5/6 limitations, Wi-Fi may reach longer distances depending on the type and quality of installation.
When communicating through additional networks a communication port will need to be opened on the firewall, the default port is: 502 but this can be changed if need be.
When configuring the TCP / IP Modbus network each device will need to be programmed with a unique IP address that is available on the network.
RS485 vs TCP / IP Modbus
| RS485 | TCP / IP | |
|---|---|---|
| Wiring Topology | Daisy chain | n/a |
| Installation | Twisted pair x2 | CAT x with RJ45 ends ** |
| Max Devices | 32 | Check client limitations |
| Max Length of Installation | 100m entire network | 100m max between devices ** |
| Configuration |
Device address
Baud rate Parity Stop bits Data bits |
Unique IP address |
** Wired distances. Wi-Fi distances are subject to installation.
Typical Register Tables
| Coil points | 00001 – 09999 | Read / write |
|---|---|---|
| Discrete inputs | 10001 – 19999 | Read only |
| Input registers | 30001 – 39999 | Read only |
| Holding registers | 40001 – 49999 | Read / Write |
Coil Points 00001 – 09999
Think of a coil point as a digital point which is writeable, like a digital output.
When reading a coil point you will see either a true or a false feedback value. It can be one of two states and nothing more. The same applies for when you are writing to the point, you can either make it true or false. Coil points are often digital points within a device that are used to trigger certain functions.
Modbus function code 1 = read coil
Modbus function code 5 = write single coil
Modbus function code 15 = write multiple coils
Discrete Inputs 10001 – 19999
These points are similar to the Coil Point apart from they are read-only, like a digital input.
When reading a discrete input, it will feedback one of two values, it is either true or false and nothing more. Depending on the equipment it may be labeled as 1 or 0, on or off etc. These type of points are often used to show the state of a digital input on a controller.
Modbus function code 2 – read input status
Input Registers 30001 – 39999
Input registers are read-only points made up of 16bits of information. An analogue input value would be classed as an input register.
Input registers can be further classified as either signed or unsigned, either way, there is a maximum amount of information that can be displayed due to the 16bit limitation.
Signed registers can go from -32,768 to 32,767. This is useful for temperature sensors.
Unsigned registers can go from 0 – 65,536. This is useful for consumption meters as negative values are not required.
Modbus function code 4 – read input register
Holding Registers 40001 – 49999
Holding registers are writable points made up of 16bits of information. An analogue output value would be classed as a holding register.
Just like input registers, holding registers can also be signed or unsigned. A 16 bit Holding register has the same range limitations as the input register detailed above
Modbus function code 3 = read holding register
Modbus function code 6 = write holding register
Modbus function code 16 = write multiple holding registers
Byte order (MSB / LSB)
This is one of the lesser-known parts of configuring a Modbus network. The reason for this, in my experience, is because more often than not the byte order is always MSB > LSB which is what most controllers will be set to by default.
MSB = Most significant bit
LSB = Least significant bit
This is to do with the order in which the controller reads the individual bits which make up the register. As we discussed earlier, a standard input or holding register is made up of 16 bits, often starting at bit 0 through to bit 15.
Whilst this setting is often forgotten about, it is important that you are aware of it as it can create issues when reading register values.
All 16-bit register values are read using binary code, this is why the maximum of 65,535 exists, that is 16 ones in binary.
Now let’s pretend that we are trying to read a register value using Modbus. We have our network set up ready to go and all devices are online and working (well, receiving values), but we haven’t realised that this device uses LSB first instead of MSB.
By default we would be reading a value of 50,401 using MSB order (left to right)
When set to LSB we are reading a value of 34,595 (right to left).
See why it matters now?
If you aren’t aware of this you can easily waste time scouring the datasheet looking for other possible registers to look up, when you could’ve had it right all along, it was just the byte order that was preventing you from getting a correct reading.
FYI, I just used a random set of ones and zeros for the above example. To convert those into a reading you can use the “programmer” setting on your calculator.
Having a mixture of devices on the same network could cause you an issue if some of the devices use MSB and others use LSB. Some controllers allow you to change the setting of the byte order per device or point even, others only allow it per network.
Easy right?
In my experience, the most difficult part of setting up any integration network is getting the right information from the device you are trying to communicate with. Often the manufacturers’ literature is confusing and lacking key information. Another frustration is often terminology: why isn’t there a Modbus standard for electricity meters for example? They all give the same information, yet they all label it something different? Usually, it is this kind of thing that prevents successful integration between two devices.
Hopefully, this article has provided you with a basic understanding of the subject and will enable you to successfully integrate multiple devices in the future.
0 Comments