Modbus Troubleshooting Guide

On top of basic communication port setting, it’s necessary to understand basic Modbus protocol before trying to establish a Modbus link. Unlike other documentation for Modbus, this document focus on the knowledge needed for establishing the communication rather than implementing it. This perspective will be more relevant for System Integrator Engineer.

Modbus is a very old protocol that has too many interpretations and implementations by various vendors, making it one of the widely used but complicated protocol to establish at the beginning. Too many aspects need to be of concern hence plug and play is almost impossible for two applications from different vendors for the first time. If the system allow, user should start by trying 1 or 2 tags/data with basic data type like Holding Register (int16) or Output Coil (bool), and slowly adding more tags before advancing to more complicated data type like real32 or long32.

Several terminologies have been used in industry to refer to the same thing which created more confusion. This document used the most precise and non-ambiguous term, but other vendor terms will also be mentioned. Below are 10 areas that you need to check to narrow down your scope of troubleshooting:

Modbus can be used in RTU or ASCII communication mode. RTU is mostly used as compare to ASCII since it’s transmitted in binary and hence faster. On the other hand ASCII mode is rarely being used and will only be chosen when the communication speed (baud rate) can’t go too fast due to distance or communication device (e.g. modem) limitation. They cannot be mixed and used concurrently in one network. It’s also important to note that the data byte size for COM Port setting is 8 for RTU and 7 for ASCII.
2. Master/Slave(s)
The relationship of Master and Slave in Modbus context is like Client and Server in computer network. Modbus network in serial communication can only have one Master with one, or many other Slaves where it’s called “Multidrop” network. Normally the Master is a PC or PLC and the slave(s) could be some measuring devices or sensors. The Master will initiate all data polling or writing sequence and the Slave being called will then respond accordingly. This is totally opposite of computer network whereby normally one server will serves many other clients, despite it’s similar that the client will initiate all the transactions.

Note that single master restriction only applicable to Serial Communication like RS232/422/485. Modbus over TCP/IP network could support multiple Masters and of course multiple Slaves. Multidrop network topology only available for RS485 & RS422 network configuration, standard physical layer of RS232 do not support multidrop network.

3. Node ID
Modbus device can be connected in multi-drop (series) network. And every Modbus device must be assigned with an ID for identification, even if there’s only one device is being connected. Normally it’s default to 1.

Note that ‘Node ID’ also being called Device ID, Slave ID, Device Address, Slave Address or even Modbus Address. Some devices may even contain several Node Addresses (within one physical hardware), which being called virtual device or virtual node address.

4. Data Address
Every data must has its own address. Data Address also being called as Register or simply as Address. Data Address indexing may be different from one vendor to another, in another word, address 1000 for one vendor might be 1001 or 999 for another vendor. Offset value of +1 or -1 need to be entered.
5. Address Arrangement
The address arrangement is flexible in Modbus devices. The starting address for any data type is not fixed, for instance it can be 1, 1000, 4000 or any other value. There’s no fixed pattern on how’s the addresses will be arranged. And the addresses are not necessary need to be put into one range, they can be scattered around like 1000~2000 and 4000~10000. The address arrangement is completely depends on the device manufacturer and must refer to its documentation.
6. Data Type
They are only four fundamental data types in Modbus, i.e. Output Coil (0x), Input Coil (1x), Holding Register (4x) & Input Register (3x). Both Output Coil (aka status) & Input Coil (aka status) are also boolean but further split into input and output type. Similarly both Input Register & Output Register are also 16 bit Integer but further split into input and output category. Input Coil and Input Register are strictly tied to device’s physical wire connection, on the other hand, Output Coil and Output Register can be tied or not tied to device’s physical wire connection. When an address is not tied to physical link, it’s treated as memory variable. So most of the time the addresses being used are output type.

In order to get more than four fundamental types of data, like floating point (float32) and long analogue (int32), two Output Registers need to be used to achieve this purpose. When a list of floating point data or long analogue data being listed in sequence, some devices like Modicon PLC will have the addresses skipped in even number or odd number, but some may just have it in sequence without any skipping of address. User must figure this out based on the device’s manual or even trial & error.

Some devices can further support double floating point (float64) or double long integer (int64), the address skipping issue is again depends on the device’s manufacturer. Moreover, some manufacturers even have proprietary data type like Time Element that contains up to 8 integers for one single address.

Note that some device manufacturers like Schneider uses leading numerical digit as data type differentiation, that is, 4xxxx for holding register, 3xxxx for input register, 1xxxx for input coil and 0xxxx for output coil. This may not be the case for many software implementation. For instance, 40100 shall be entered as 100 with integer type, or 30123 may need to entered as 123 with read-only integer.

7. RW or RO
One data location can be implemented as Read/Write enabled, or just Read Only. This is totally depends on the individual vendor and must refer its documentation. Normally Input Register (3x) and Input Coil (1x) shall be implemented as Read Only.
8. Word Swapping
For user that uses either floating point or long data type, they need to understand swapping of words (int16) (or even bytes (int8) for some devices) in Modbus communication since both float and long data type constitute of two or more registers (int16). Different vendor has different implementation on handling binary data sorting, which is either Little Endian or Big Endian. This mean float or long data type can be sorted in the form of A+B or B+A whereby A and B are int16. And for double float or long, the combination could be extended to A+B+C+D, B+A+D+C, C+D+A+B or D+C+B+A.

Since the term used for the definition of the condition is different from all vendors, user need not to have deep understanding of scenario but simply need to try out swapped or direct setting and observe the outcome.

It’s important to be awared that mismatched of data swapping will not trigger any Modbus communication error but the data polled or sent could be showing non-readable values.

9. Batch Data Transmission
Batch Optimization also being called Block/Contiguous optimization, it is needed when a project has big entry of tags. In fact, almost all Modbus entry requires ‘Batch Optimization’ regardless of project tag count. Modbus data can be transmitted in batch (one big chunk that sorted contiguously) to speed up the communication. The data address of this batch of data must be in same type and same length. For instance, address 4000, 4001, 4002, 4003 can all be either read or written in one transmission.
10. Third party tool
When you suspect one of the vendor didn’t do the job correctly, you may download a free copy of Ecava IGX SCADA and use it for your useful troubleshooting tool. It can act as both Modbus Master and Slave, and support all possible datatypes with any word swapping combination. Furthermore its tag watch window serves as the perfect channel to see your polled values instantly. And if you need to look into technical details in bits and bytes, the built-in communication port monitoring will be your best friend. Check out this short youtube video to see how easy things can be done.