Report Modbus English

document

修改日期: 06-Mar-2018
目錄
目錄
 Document infor.
Document history
Table of Contents

Department Date Author Review

Application VietNam 6/3/2018 CiscoTa

Introduction
This document is mainly for the SYNTEC of internal customer service and technical staff. Do
training through documents, education and training, so that colleagues understand and
master the Modbus bus and its use.
The contents of this document include an introduction to Modbus protocol and
instructions, the use of Modbus components of the SYNTEC of PLCs, and general purpose
Modbus plug-ins. It is expected that by reading this document, you will have a good
understanding of the Modbus application of the SYNTEC of controllers. If you need more
detailed information, you can contact the SYNTEC of head office.
1 MODBUS protocol introduction
1.1 Overview
Modbus was invented by Modicon (now a brand of Schneider Electric) in 1979 and is the
world's first bus protocol to be truly used in industrial fields. Popular to say: it is a common
language used in electronic controllers. Through this agreement, the controller can carry
on the data transmission with each other.
Modbus bus master-slave request / response mechanism. As shown in Figure 1, if a
controller sends a message as a master, a response can be returned from a slave device.
Similarly, when a controller accepts a message, it organizes the response message of a
slave device and returns it to the controller that sent the message.

4
Figure 1 Modbus request/response mode
1.2 Modbus transmission mode and its characteristics
The standard Modbus communication modes are mainly ASCII (American Information
Interchange code) mode, RTU (Remote Terminal Equipment) mode and Modbus / TCP
mode.
Among them, Modbus ASCII mode to send a byte of data converted to two bytes of ASCII
code. The main advantage of this mode is that it allows characters to be as long as, and will
not complain. At the same time, ASCII printable characters facilitate fault detection and are
suitable for host computers and host PCs programmed in high-level languages such as
Fortran.
Modbus RTU protocol data is encoded in binary, each byte of data requires only one byte
of traffic, and the message characters must be transmitted as a continuous stream of data.
The advantage is that at the same baud rate, more data can be transferred than in ASCII
mode. Computer and PC host for machine programming.
Modbus / TCP can be understood as Modbus over Ethernet. Modbus / TCP uses only the
TCP / IP standard to simply pack and compress Modbus packets. This allows Modbus / TCP
devices to connect and communicate over Ethernet and optical networks. Compared with
RS-485 interface, Modbus / TCP also allows to use more addresses, you can use multi-
master architecture, the transfer rate can reach GB / s level. The number of Modbus / TCP
network slaves is limited only by the capabilities of the network physical layer. Usually the
number of stations generally about 1024.
1.3 Modbus RTU mode and its information frame
5
Modbus RTU communication using master-slave mode, up to 255 bytes of data
transmission. The master communicates with one or more slaves. The typical main
equipment is PLC, PC, DCS (Distributed Control System) or RTU (Remote Terminal Unit).
Slave devices for Modbus RTU are generally field devices. When a Modbus RTU master
wants to get data from a slave, the master sends a data packet containing the address of
the slave, the required data, and a CRC for detecting the error. This information is received
by all other devices on the network, but only the slave device whose address is specified
will respond. Slaves on the Modbus network cannot initiate communications and can only
reply when the master speaks to it.
At the same time, Modbus RTU uses a 16-bit cyclic redundancy check (CRC). By a complex
program of ORing and shifting operations, a CRC is generated by the master and checked
by the receiving device. If the CRC value calculated by both parties does not match, the
slave device will request the retransmission of the message.
Modbus messages are transmitted as frames and each frame has a defined start and end
point, allowing the receiving device to read the address at the beginning of the message
and to determine the device to be addressed and the end of the message transfer. As
shown in Figure 2, Modbus message frame consists of address field, function code, data
and error checking. Among them, ADU is the application data unit, PDU is the agreement
data unit.

Figure 2 Modbus message frame composition

As shown in Table 1, the transmitting device transforms Modbus messages into frames
with start and end points for data transfer. In Modbus RTU mode, the message starts at a
pause interval of 3.5 characters. According to the standard message format, the master
sends a command, and after the slave receives this message, it checks that only the slave
device corresponding to the address will respond.
Table 1 Modbus RTU information frame

Master-slave Device address Function code transfer data CRC check

6
 Master asked 01 03 00 64 00 01 C5 D5

Answer from the station 01 03 02 7F FF D8 34

1.4 New Modbus parameter settings

When configuring standard Modbus communication. The user must select the
communication mode (master / slave) as well as the serial communication parameters
(baud rate, parity and stop bits, etc.) and all devices on the Modbus bus should have the
same communication mode and serial communication parameters.
1.4.1 SYNTEC Modbus communication parameter setting
The SYNTEC controller through the RS485 serial port to achieve Modbus-RTU bus
communication. Therefore, the SYNTEC controller needs to select the COM port according
to the architecture of the controller before configuring the Modbus parameters. As shown
in table 2:
Table 2 New Modbus port

SUPER / 10/20/200 eHMC / 3/6/11/21

(X86 architecture) (ARM architecture)

RS485 port COM3 (Pr3961-3970) COM2 (Pr3941-3950)

Next, set the Modbus communication speed, data bit length, parity code mode, stop bits,
and timeout according to the device communication requirements on the Modbus bus.
Again, all devices on the Modbus bus should have the same communication modes and
serial communication parameters.
If the SYNTEC of X86 architecture controller, refer to Table 3:
Table 3 X86 architecture of the SYNTEC of Modbus port

Parameter number Description Reference

3961 Third port communication speed 3

3962 Third port data digits 8

3968 The third port with the check method 0

7
 3969 Third port stop bits 1

3970 Third port communication timeout abnormal time 50

If the ARM architecture of the SYNTEC controller, refer to Table 4:

Table 4 ARM architecture of the SYNTEC Modbus port

Parameter number Description Reference

3941 Second port communication speed 3

3942 Second port data digits 8

3948 The second port with the check method 0

3949 Second port stop bits 1

3950 The second port communication timeout abnormal time 50

1.4.2 SYNTEC Modbus master / slave mode selection

After configuring the Modbus communication parameters, it is necessary to confirm the
SYNTEC system in the Modbus bus, is the master or slave?
If it is a slave, it means that the SYNTEC system is in real-time monitoring. According to the
command sent by the master station on the Modbus bus, the SYNTEC controller
immediately responds. If it is a master station, it means that the SYNTEC system needs to
write the corresponding Modbus commands according to the requirements and send
commands on the bus according to the requirements, and finally waits for the response
data from the slaves.
If the SYNTEC of controller as a slave, you need to set the correct parameters. As shown in
Figure 3:

Figure 3 SYNTEC as a Modbus slave configuration parameters

Among them, the parameter Pr3234 according to the controller architecture selection. Set
to 2 for the ARM architecture. Then set the Pr3235 parameter, if set to 1, said the SYNTEC
controller in Modbus slave address is 1.
8
In addition, if the SYNTEC controller is used as the master, parameter Pr3234 is set to 0,
indicating that Modbus slave listening mode is not enabled. It is noteworthy that if the
SYNTEC controller is in the slave listening mode, the SYNTEC controller cannot actively
send the Modbus command, which means that the SYNTEC controller cannot be used as
the master of the Modbus after the slave mode is turned on.
2 Modbus instructions detailed
This chapter mainly introduces commonly used Modbus instructions, such as 03H, 06H and
10H commonly used Modbus function codes. In addition, introduce two kinds of SYNTEC
Modbus application modules: Modbus PLC components and universal Modbus plug-in.
2.1 Modbus common function code introduction
In the standard Modbus specification, it is clear that there are four main registers on a
Modbus device, each with a different function and function code implementation. As
shown in the following table 5:
Table 5 Modbus register block and its common function code

Register type Applicable function code Read and write status Operation bit SYNTEC memory block

Coil status 01H 05H 0FH Readable / writeable 1 bit O, C, A.

Discrete input state 02H Readable 1 bit I, S.

Enter the register 04H Readable 16 bit no

Hold register 03H 06H 10H Readable / writeable 16 bit R

01H denotes read coil, 02H denotes read discrete input, 03H denotes read-holding
register, 04H denotes read input register, 05H denotes write single coil, 06H denotes write
single register, 0FH denotes write multiple coils, 10H denotes write multiple register.
This shows that: in the Modbus bus, if the SYNTEC controller is a slave, the function codes
01H, 05H and 0FH can read / write the O-bit, C-bit and A-bit of the SYNTEC controller;
Function code 02H can read I-bit and S-bit of SYNTEC controller; function codes 03H, 06H
and 10H can read / write R-bit of SYNTEC controller.
It is worth noting that since the R-bit in the SYNTEC system is based on 32 bits, but
Modbus can only support 16 bits, the R register of the SYNTEC system uses two Modbus
standard register addresses to represent the SYNTEC of 32 bits R register high and
position, as shown in Table 6. To write R value after R30000, please refer to the SYNTEC
Modbus Slave Specification.

9
Table 6 New R register address in Modbus

SYNTEC R value R value corresponding to 16bits Modbus address (Dec)

R0 High 0

Low 1

R1 High 2

Low 3

... ... ...

R30000 High 60000

Low 60001

2.1.1 03H function code introduction and message analysis

03H function code read hold register. Its role as a master station to read from the station of
one or more registers of data.
The message format that the master inquiry is:

Slave address Function code Register start address Number of registers CRC check

11 03 00 6B 00 03 -

Among them, the starting address of the register is from the station to store data starting
register number; the number of registers that the master station to read from the station a
few consecutive registers.
The message format of the slave response is:

Slave address Function code Number of bytes Register data CRC check

11 03 06 02 2B 00 00 00 64 -

Among them, the number of bytes that the slave feedback data has a few bytes; register
data that the master reads the actual value of the slave registers.

10
2.1.2 10H Function Code Introduction and Packet Analysis
10H function code to write multiple holding registers. Its role as the master will write one
or more consecutive register data to the specified slave register.
The message format that the master inquiry is:

Slave address function code Register start address Number of registers Number of bytes data input CRC check

11 10 00 01 00 02 04 00 0A 01 02 -

Among them, the starting address of the register is from the station to store data starting
register number; the number of registers that the master station to write a few registers
from the station. The number of bytes indicates how many bytes the master writes to the
slave. It can be seen, in the standard Modbus communication, a register can store two
bytes or 16bits of data.
The message format of the slave response is:

Slave address Function code initial address Number of registers CRC check

11 10 00 01 00 02 -

Among them, the starting address of the register is the starting register number for the
slave to store data; the number of registers indicates the number of registers that the slave
station stores the data sent by the master.
2.2 Serial debugging software in Modbus debugging application
2.2.1 Serial debugging software introduction
Serial debugging software is a software for serial debugging and monitoring. It combines
data transmission, data reception, data analysis and many other features in one, with
compact, simple operation, powerful features, won the user favorite. So that users in the
serial port communication monitoring, device communication test, can effectively improve
work efficiency.

Figure 4 UartAssist serial debugging software

11
This article savage - serial debugging assistant UartAssist V4.0 version, as shown in Figure
4. The software is divided into parameter editing area, Modbus message monitoring area
and Modbus command sending area.

Figure 5 UartAssist block introduction

As shown in Figure 5: Parameter editing area is mainly used to configure the PC side of the
COM port, serial port parameters, receive area and send area settings. It should be noted
that the serial port parameters such as baud rate, parity bit, data bit and stop bit need to
be consistent with other devices on the Modbus bus, and the receiving area and sending
area should be displayed in hexadecimal format.
2.2.1 UartAssist use and function introduction
The use of serial debugging software is very convenient, just the following two-step
configuration can be:
STEP1: As shown in Figure 6: Correct connection between PC, USB to RS485 module and
Modbus communication device.

12
Figure 6 common Modbus bus wiring
STEP2: Open UartAssist.exe, automatically detect or manually set the COM port. Then
configure the baud rate, parity bit, data bits and stop bit serial port parameters. Finally,
open the serial port. As the picture shows. If "[ERROR] Cannot open COM port" appears,
please check the PC COM port.
Open the serial port on the normal PC, let's take a look at this debugging software can give
us what function?
First, we can monitor the message from the master / slave on the Modbus bus on the PC
side, as shown in Figure 7. In this way we can analyze the condition of the equipment on
the Modbus bus and the anomaly analysis based on the actual message.

13
At the same time, PC-side through the serial debugging software, can be used as the
master on the Modbus bus, Modbus slave device commands. As shown in Figure 7, the PC
can test whether the slave device responds or not by knowing the packet format in
advance. It can be used to troubleshoot when communication between master and slave
devices is abnormal.

14
Figure 7 PC-side test from the station response status
3 SYNTEC Modbus function application
3.1 SYNTEC of common Modbus plug-in
3.1.1 General Modbus plug-in introduction
The SYNTEC of common Modbus plug-in is a Modbus communication module using
human-machine dialogue mode. It provides a graphical Modbus communication data
input window, eliminating the need for users to write PLC trouble. It is noteworthy that it is
often used: SYNTEC controller in the Modbus bus as a master, and the real-time
requirements are not very high occasions.

15
Figure 8 New generic Modbus plug-in human machine screen
It can be seen from Figure 8 that the man-machine interface of the general-purpose
Modbus plug-in is very simple. It contains ten groups of Modbus instruction editing
columns, communication test keys and Modbus communication enable / disable keys.
Understanding of Modbus function code and message rules, users only need to configure
basic Modbus message parameters to realize Modbus communication between SYNTEC
controller and slave devices.
3.1.2 General Modbus plug-in parameter detailed explanation
Below the first set of Modbus instruction setting bar as an example, describes the use of
generic Modbus plug-in.

Figure 9 new generic Modbus plug-in parameter configuration

16
As shown in Fig. 9, the setting items of each group of commands include whether to
enable, station number, target read / write position, function code selection, number of
addresses read and written each time, R value of data storage, read and write frequency
and trigger / Status R value and other parameters setting items.
Wherein, the target read / write location setting item refers to the start address of the read
/ write register corresponding to the slave station in Modbus; each time the read / write
address quantity setting item refers to the number of read / write registers corresponding
to the slave station; The initial value of R is the start register for storing read / write data in
the master. The trigger / status R value is the register for the group of Modbus command
trigger flags and status displays.

Figure 10 new generic Modbus command is enabled

As shown in Figure 10: When this option is set to 1, this group of Modbus instructions is
enabled; when set to 0, this group of Modbus instructions is not used.

Figure 11 SYNTEC of common Modbus function code settings

As shown in Figure 11: Universal Modbus plug-in only supports 03H, 06H and 10H these
three commonly used function code. Users according to the actual use of choice.

Figure 12 trigger mode settings

17
As shown in Figure 12: Read and write frequency setting is the Modbus command trigger.
When set to 0, it means that the system executes once when the system is powered on or
when "Enable Communication" is clicked. When set to 1, it indicates that it executes once in
100ms. The plug-in supports up to three 100ms ports. When set to 2, it indicates that 1s is
executed once; when set to 3, it is executed once when the specified trigger R value is set
to 1.
Due to technical limitations, when set to 0.1s or 1s once, the actual cycle may not be able
to achieve. Will be affected by the number of communication groups and the number of
data communicated by each group. At the same time, tests show that the plug-in read-
write failure rate of less than 30ms up to 80%. So in the cycle of less than 300ms or real-
time requirements of high circumstances, it is recommended to switch to PLC processing.

Figure 13 Modbus communication status R value setting

It should be noted that, as shown in FIG. 13, in the R value triggered mode, the user sets
the trigger and status R values on this page. Setting R500 to 1 indicates that the Modbus
command is executed once (reset to 0 immediately after startup).
At the same time, this R register can not only be used to control the sending of Modbus
commands, but also display the status of this group of Modbus communication in any
trigger mode, as shown in Figure 14.

Figure 14 Modbus communication status

3.1.3 Universal Modbus plug-in installation and use

18
The plug-in installation process is as follows:
STEP1: According to the standard software installation, installation of common Modbus
plug-in software package.
STEP2: Set RS485 serial port parameters (Pr3941-Pr3950).
STEP3: [Maintenance] - [F10] - [F10] - [Modbus module] to enter the Modbus plug-in page.
According to actual demand, configure the parameters.
STEP4: Click [Test Communication] to confirm whether it is normal. If it is normal, click
[Modbus Communication On]. If communication error, please check [Status & Trigger R
Value] to check the error code.
3.1.4 Application examples
This section uses the Modbus communication between two HC-10B-Ss as an example to
introduce the usage of the SYNTEC generic Modbus plug-in.
Application Scenario: Take one HC-10B as master station, read the value of slave controller
R50-54 in real time with a period of 0.1s; write the value in master R60 into the slave
controller in real time in 1s cycle R60; The master writes the value of R70-79 to R70-74 of
the slave controller through the R value triggering mode.
Implementation process:
STEP1: According to the standard software installation, install the common Modbus plug-
in software package on the main station HC-10B.
STEP2: According to the principle of consistent Modbus communication parameters, set
the master and slave serial port parameters (Pr3941-Pr3950). At the same time, we need to
enable Modbus Slave mode for slave HC-10B. As shown in Figure 15.

Figure 15 Controller Setting Slave Mode

STEP3: [Maintenance] - [F10] - [F10] - [Modbus module] to enter the Modbus plug-in page.
According to actual demand, configure the parameters. The actual parameters shown in
Figure 16.

19
Figure 16 Master Modbus parameter settings
STEP4: Click [Test Communication] to confirm whether it is normal. If it is normal, click
[Modbus Communication On]. If communication error, please check [Status & Trigger R
Value] to check the error code.
STEP5: Experimental verification.
First, let's analyze what the first set of Modbus instructions does. It mainly realizes that the
master controller reads the value of the slave controller R50-R54 and puts the data of the
slave into the master's R50-R59. As shown in Figure 17.

Figure 17 Result of execution of the first set of Modbus instructions

20
Why is the value from the station controller R50-R54 into the main station R50-R59? We
have already introduced before: The R register of SYNTEC controller is 32bits, however, the
register of standard Modbus communication is 16bit. Therefore, the SYNTEC of internal
controller will be an R value is split into high and low, and then communicate. For example,
R50 high 16bits communication address is 100; its low 16bits communication address is
101. Therefore, the master station to read from the station R50-R54 value, you have to
translate into 10 register addresses, and these 10 data once into the master designated R
value, in this case, these 10 data Put into the main station R50-R59. Among them, the main
station R50 is R50 high 16-bit data from the main station R51 R50 from the station low 16-
bit data.
Next we look at the second set of Modbus instructions, which mainly implements that the
master controller writes the value of R60 to the lower 16 bits of the slave controller R60.
Among them, according to the SYNTEC Modbus Slave specification, it can be seen that the
lower 16 bits of the Modbus communication address of the controller R60 is 121. However,
one might wonder if the master's R60 is a 32-bit register whose high 16 value is written to
the slave? The answer is no! SYNTEC of controllers in the Modbus communication, the
default 32-bit register as a 16-bit R value to use more than 16-bit value is not considered.
This needs to be taken into account when using it.
Finally, we look at the third group of Modbus instructions. It mainly implements that the
master controller writes the values of R70-R79 into the R70-R74 of the slave controller. By
the same token, the lower 16 bits of the master R70-R79 will be written to the slave
controller. However, it should be noted here that the 10 data will be placed in the R70-R74
of the slave controller. Why is this? Or because the SYNTEC R register is 32 bits. By default,
these ten 16-bit data will be written into the data from the first designated slave address. In
this case, the first address of the slave is 140 corresponding to the upper 16 bits of R70.

21
Figure 18 Three sets of Modbus instruction execution results
As shown in Figure 18, the results of three sets of Modbus instructions are as follows: After
the first group of master stations read the values of slave R50-R54, the master's R51 = R53
= R55 = R57 = R59 = 1; The group master controller writes the value of R60 to the lower 16
bits of the slave controller R60 and the slave R60 = 1. The third group of master controllers
writes the value of R70-R79 to the slave controller's R70. After R74, slave R70 = R71 = R72
= R73 = R74 = 65537. At the same time, we can find R65 / R66 / R67 three trigger / state R
values are 16 in the figure, which means that Modbus transmission is normal.
3.2 SYNTEC PLC in the Modbus components
If the SYNTEC controller is used as the master in the Modbus bus, then the read / write
commands to the slave devices can be realized through the Modbus components of the
PLC so that the data interaction with the slave devices can be realized. Before learning a
SYNTEC of Modbus components, we need to understand the SYNTEC Modbus related
flags.
The SYNTEC controller monitors the status of Modbus communication via Register R608.
As shown in Figure 19: R608.0 is Modbus communication reset flag, R608.10 is Modbus
communication complete flag.

Figure 19 SYNTEC of Modbus PLC components related to the flag

22
Among them, if R608.0 is set to 1, it means that the SYNTEC system is in the transmission
standby state and the PLC can send data currently. If R608.10 is 1, then Modbus
communication is completed. If any error occurs during transmission, R608.31 is 1 and the
error is displayed on R5039.
3.2.1 Modbus read device
As shown in Figure 20, when the PLC module MODR is used to read multiple register data
from the specified slave device,

Figure 20 Modbus read device of PLC

MODR MODBUS RTU16 read components, can read consecutive 1 ~ 15 data. As can be
seen from Figure 4 (b), the component parameters in turn are: read start address; return
start address; device address and read data length.

Figure 21 PLC MODR component settings

As can be seen from Figure 21, R2020 is used to store the address of the starting position
for reading slave data. R2021 is used for storing the starting address for storing the read
data in the SYNTEC system. The device address indicates the slave station number. The
length of the read data, indicates the number of registers read. It is worth noting that all
addresses are filled in decimal.
Application Example 1: The master HC-10A reads the data in R50-R57 of the slave HC-10B
using MODR components and stores the slave data in R50-64 in the master.
PLC example:

23
Modbus message content Detailed:

MAETER QUERY Example

(Master query message) (Hex)

Slave Address 01 RS

Function 03

Starting Address Hi (high starting address) 00 R2020

Starting Address Lo (Start Address Low) 64

No. of Points Hi 00 Number

No. of Points Lo (Number of Read Registers) 0F

Error Check (CRC) 44 11

24
 SLAVE RESPONSE Example

(Slave response message) (Hex)

Slave Address 01

Function 03

Byte Count () 1E

Read Data 2 Hi (read data 1 high 8) 7F

Read Data 2 Lo (read data 1 low 8 bits) FF

Read Data 2 Hi (read data 2 high 8) FF

Read Data 2 Lo (read data 2 low 8 bits) FF

...

Read Data 15 Lo (read data 15 high 8) 7F

Read Data 15 Hi (read data 15 lower 8 bits) FF

Error Check (CRC) 44 11

Serial debugging software to monitor the message content:

The master sends TX: 01 03 00 64 00 0F 44 11
Slave response RX: 01 03 1E 7F FF FF FF 7F FF FF FF 7F FF FF FF 7F FF FF FF 7F FF FF FF 7F FF
FF FF 7F FF FF FF 7F FF CB DE
3.2.2 Modbus write command
As shown in Fig. 22, the PLC module MODW is used to write a single data from a specific
address of a slave station number.

25
Figure 22 Modbus write elements of the PLC
MODW writes to the MODBUS RTU16 component, only 1 data can be written. As can be
seen from Figure 23, the component parameters are in order: the address of the start
address of the slave data, the data content stored in the slave and the slave station
number. It is worth noting that all addresses are filled in decimal.

Figure 23 PLC MODW component settings

Application Example 2: The master station HC-10A uses the MODW component to write
the data in R2010 into register R50 of slave station HC-10B.
PLC example:

26
Modbus message content Detailed:

MAETER QUERY Example

(Master query message) (Hex)

Slave Address 01 RS

Function 06

Starting Address Hi (high starting address) 00 R2013

Starting Address Lo (Start Address Low) 65

Read Data 1 Hi (high 8 bits to be written into data 1) 7F R2010

Read Data 1 Lo (data to be written 1 low 8 bits) FF

Error Check (CRC) F9 A5

SLAVE RESPONSE Example

27
 (Slave response message) (Hex)

Slave Address 01

Function 06

Starting Address Hi (high starting address) 00

Starting Address Lo (Start Address Low) 65

Read Data 1 Hi (high 8 bits to be written into data 1) 7F

Read Data 1 Lo (data to be written 1 low 8 bits) FF

Error Check (CRC) 44 11

Serial debugging software to monitor the message content:

The master sends TX: 01 06 00 65 7F FF F9 A5
Slave response RX: 01 06 00 65 7F FF F9 A5
3.2.3 Custom Modbus instructions
As shown in Figure 24, the MODU module PLC is used to customize Modbus
communication packets and send the specified commands on the bus.

Figure 24 PLC custom Modbus components

When using, only need to compose the agreement data content, CRC is handled by
MODRS component by oneself. As can be seen from Figure 25, the component parameters
are in order: the starting location of the master station to send data, the master storage
address and the data length to send after receiving the data.

28
Figure 25 PLC MODRS component settings
Application Example 3: Master HC-10A uses MODRS module to write a 32bit data to R50 of
slave HC-10B via Modbus bus. Among them, the first 16 bits are written to the high bits of
R50 and the last 16 bits are written to the low bits of R50.
PLC example:

29
Modbus message content Detailed:

MAETER QUERY Example

(Master query message) (Hex)

Slave Address 01

Function 10

Starting Address Hi (high starting address) 00

Starting Address Lo (Start Address Low) 64

No. of Registers Hi 00

No. of Registers Lo 02

30
 Byte Count 04

Data Hi 00

Data Lo 00

Data Hi 00

Data Lo FF

Error Check (CRC) B4 34

SLAVE RESPONSE Example

(Slave response message) (Hex)

Slave Address 01

Function 10

Starting Address Hi (high starting address) 00

Starting Address Lo (Start Address Low) 64

No. of Registers Hi (Number of Registers Written) 00

No. of Registers Lo (Number of Registers Written) 02

Error Check (CRC) 00 17

Serial debugging software to monitor the message content:

The master sends TX: 01 10 00 64 00 02 04 00 00 00 FF B4 34
Slave response RX: 01 10 00 64 00 02 00 17
3.2.3 Application examples
This section takes the SYNTEC controller and Modbus communication of Yaskawa V1000
inverter as an example to introduce the usage of Modbus components of the SYNTEC PLC.

31
Application scenario: The customer wants to read the real-time current of the inverter
through MODBUS to detect whether the spindle is overloaded. Therefore, the SYNTEC PLC
module MODR read.
Implementation process:
STEP1: As shown in Figure 26, complete the SYNTEC system and Yaskawa V1000 inverter
RS485 serial port wiring.

Figure 26 RS485 serial port wiring diagram

If the inverter is set at the end of the communication line, turn on the DIP switch S2 of the
end inverter. As shown in Figure 27:

Figure 27 Termination resistor on mode

32
STEP2: As shown in Table 7 and Figure 28, complete the serial port parameters of the
SYNTEC system and inverter:
Table 7 inverter serial port parameter settings

V1000 inverter parameter number Parameter meaning Setting value

H5-01 Slave address 02H

H5-02 Communication speed 3 (9600bps)

H5-03 Communication verification method 2 (odd parity)

H5-09 Communication failure check time 500ms

Figure 28 SYNTEC controller serial parameter settings

STEP3: a SYNTEC of PLC preparation

33
STEP4: Experimental verification. As shown in Figure 29, when the PLC is triggered, the PC
can display the message sent by the controller as the master: 02 03 00 26 00 01 65 F2, the
response from the slave is 02 03 02 00 00 FC 44. According to the second chapter of the
message analysis results for the normal.

34
Figure 29 Serial debugging software monitoring
4 Common exception excluded
When the SYNTEC system as a Modbus master command, if R608 = 1, serial
debugging software monitoring no data sent, please check the SYNTEC parameter
Pr3234, check whether the master station starts the slave mode.
If found R608.31 = 1, it means Modbus communication error. R5039 can check the
error code to determine the cause of the error.

35
 If R5039 = 0xFA, it means the communication has exceeded the specified time
(TimeOut error). This may be due to the setting of the master and slave error, master
and slave Modbus communication parameters are inconsistent.
The SYNTEC PLC system components using decimal programming instructions, and
serial debugging software to monitor the data using hexadecimal.
Prompt communications timeout, how to check?

1. Make sure the wiring is correct.

36
2.
2. Check the communication parameters, master and slave devices to be exactly the
same, including the baud rate, data bits and parity.

3. The recommended parity is set to No parity.

4. Check if communication is enabled.

5. If the write function, check whether there is written, if there is written, but shows the
communication timeout, that failed to return, please check the wiring and grounding.
6. Check the slave device manual to see if the address and range of this parameter are
the same as those set on the controller.
7. If the above spread is correct, it is recommended to use parallel mode, using the
serial debugging software to monitor, if the PC can receive packets, please return to
the wiring check and communication settings parameters.

Tips communication error, how to check?

1. First check the communication timeout all the circumstances

2. Check whether the result of the previous communication, if yes, check the timeout
setting.
3. Monitor and analyze the message through the serial port debugging software.

4. If the message is garbled, the communication parameter may be abnormal.

5. If you receive the signal is normal, but the controller still states the error. Check for
interference, or check if the impedances do not match.

Occasionally normal communication, but often ineffective?

1. Check whether the machine leakage, and to ensure reliable machine grounded.

2. Connect the RS485 GND to the GND of the slave device.

3. Slave device reliably grounded.

4. Controller reliably grounded.

I always respond to the air

1. Check the timeout, may be set too short. Recommended set to 50-100ms.

When the PC monitors, it always receives strange packets

1. Check the parity method.

2. Check if the communication parameters match.

3. 37
 3. Check if the wire is disturbed and if the wire is twisted.

4. Check DB9 pin is correct.

I always receive from the station to send more than 0x83 function code message.

1. 0x83 The above function code indicates the error message.

2. Check if the function code or format sent by the controller does not match with the
slave.
3. Check the controller read and write position is correct.

4. Slaves may be busy.

Reference
新代Modbus應用入門
https://confluence.SYNTECclub.com.tw/pages/releaseview.action?pageId=19794314
https://confluence.SYNTECclub.com.tw/pages/releaseview.action?pageId=151860251

No. Version Date Editing content Author Review File

1 1.0 6/3/2018 Modbus document CiscoTa Modbus.docx

2 1.0 6/3/2018 Program CiscoTa ProgramCNC.rar

38