12.3. Modbus Troubleshooting for SCADA

On top of basic communication port setting, it's necessary to understand basic Modbus protocol before trying to establish a Modbus link. Unlike other documentation for Modbus, this document focus on the knowledge needed for establishing the communication rather than implementing it. This perspective will be more relevant for System Integrator Engineer.

Modbus is a very old protocol that has too many interpretations and implementations by various vendors, making it one of the widely used but complicated protocol to establish at the beginning. Too many aspects need to be of concern hence plug and play is almost impossible for two applications from different vendors for the first time. User should start by entering 1 or 2 tags with basic data type like Holding Register (int16) or Output Coil (bool), and slowly adding more tags before advancing to more complicated data type like real32 or long32.

Several terminologies have been used in industry to refer to the same thing which created more confusion. This document used the most precise and non-ambiguous term, but other vendor terms will also be mentioned.

RTU/ASCII Mode

Modbus can be used in RTU or ASCII communication mode. RTU is mostly used as compare to ASCII since it's transmitted in binary and hence faster. On the other hand ASCII mode is rarely being used and will only be chosen when the communication speed (baud rate) can't go too fast due to distance or communication device (e.g. modem) limitation. They cannot be used concurrently in one network.

[Important] Important

The data byte size for Com Port setting is 8 for RTU and 7 for ASCII.


Master/Slave(s)

The relationship of Master and Slave in Modbus context is like Client and Server in computer network. Modbus network in serial communication can only have one Master with one, or many other Slaves where it's called "Multidrop" network. Normally the Master is a PC or PLC and the slave(s) could be some measuring devices or sensors. The Master will initiate all data polling or writing sequence and the Slave being called will then respond accordingly. This is totally opposite of computer network whereby normally one server will serves many other clients, despite it's similar that the client will initiate all the transactions.

[Note] Note

Single master restriction only applicable to Serial Communication like RS232/422/485. Modbus over TCP/IP network could support multiple Masters and of course multiple Slaves. Multidrop network topology only available for RS485 & RS422 network configuration, physical layer of RS232 do not support multi-drop network.


Node ID

Modbus device can be connected in multi-drop (series) network. And every Modbus device must be assigned with an ID for identification, even if there's only one device is being connected. Normally it's default to 1.

[Note] Note

Node ID also being called Device ID, Slave ID, Device Address, Slave Address or even Modbus Address. Some devices may even contain several Node Addresses, which being called virtual device or virtual node address.


Data Address

Every data must has its own address. Data Address also being called as Register or simply as Address. Data Address indexing may be different from one vendor to another, in another word, address 1000 for one vendor might be 1001 or 999 for another vendor. Offset value of +1 or -1 need to be entered.

In PLC implmentation, prefixes are normally added for datatype differentiation. 4x for Output Register, 3x for Input Register, 0x for Output Coil and 1x for Input Coil. However this introduces restriction in modern SCADA system and will normally disregard. For instance a device with 6 digits address, 400100 in device need to be entered as 100 with required datatype (int, float etc) in SCADA. Likewise a device with 5 digits address, 10012 in another device will need to enter as 12 only in SCADA with required datatype (boolean+input).

Address Arrangement

The address arrangement is flexible in Modbus devices. The starting address for any data type is not fixed, for instance it can be 1, 1000, 4000 or any other value. There's no fixed patent on how's the addresses will be arranged. And the addresses are not necessary need to be put into one range, they can be scattered around like 1000~2000 and 4000~10000. The address arrangement is completely depends on the device manufacturer and must refer to its documentation.

Data Type

They are only four fundamental data types in Modbus, i.e. Output Coil (0x), Input Coil (1x), Holding Register (4x) & Input Register (3x). Both Output Coil (aka status) & Input Coil (aka status) are also boolean but further split into input and output type. Similarly both Input Register & Output Register are also 16 bit Integer but further split into input and output category. Input Coil and Input Register are strictly tied to device's physical wire connection, on the other hand, Output Coil and Output Register can be tied or not tied to device's physical wire connection. When an address is not tied to physical link, it's treated as memory variable. So most of the time the addresses being used are output type.

In order to get more than four fundamental types of data, like floating point (float32) and long analogue (int32), two Output Registers need to be used to achieve this purpose. When a list of floating point data or long analogue data being listed in sequence, some devices like Modicon PLC will have the addresses skipped in even number or odd number, but some may just have it in sequence without any skipping of address. User must figure this out based on the device's manual or even trial & error.

Some devices can further support double floating point (float64) or double long integer (int64), the address skipping issue is again depends on the device's manufacturer. Moreover, some manufacturers even have proprietary data type like Time Element that contains up to 8 integers for one single address.

RW or RO

One data location can be implemented as Read/Write enabled, or just Read Only. This is totally depends on the individual vendor and must refer its documentation. Normally Input Register (3x) and Input Coil (1x) shall be implemented as Read Only.

Word Swapping

For user that uses either floating point or long data type, they need to understand swapping of words (int16) (or even bytes (int8) for some devices) in Modbus communication since both float and long data type constitute of two or more registers (int16). Different vendor has different implementation on handling binary data sorting, which is either Little Endian or Big Endian. This mean float or long data type can be sorted in the form of A+B or B+A whereby A and B are int16. And for double float or long, the combination could be extended to A+B+C+D, B+A+D+C, C+D+A+B or D+C+B+A.

Since the term used for the definition of the condition is different from all vendors, user need not to have deep understanding of scenario but simply need to try out swapped or direct setting and observe the outcome.

[Note] Note

Mismatched of data swapping will not trigger any Modbus communication error but the data polled or sent could be showing non-readable values.


Batch Data Transmission

Batch Optimization also being called Block/Contiguous optimization, it is needed when a project has big entry of tags. In fact, almost all Modbus entry requires 'Batch Optimization' regardless of project tag count. Modbus data can be transmitted in batch (one big chunk that sorted contiguously) to speed up the communication. The data address of this batch of data must be in same type and same length. For instance, address 4000, 4001, 4002, 4003 can all be either read or written in one transmission. However, address 10200 (1x) and 40200 (4x) cannot be polled in one go.