Send Modbus Request

At a Glance

Use MSTR operation 15 to send generic Modbus requests on the network.

NOTE: This operation is not available on Modbus Plus ports (embedded port on CPU or NOM modules) and the embedded Ethernet port on a CPU.

Block Operation

The MBP_MSTR block can send requests and receive responses up to 253 bytes long.

For the operation, refer to Block Operation:

When the ENABLE input pin is turned ON, operation 15 begins.
If the ABORT input pin is turned ON or if the ENABLE input pin is turned OFF, the operation ends.
The ACTIVE output pin is ON during the operation.
The ERROR output pin turns ON if the operation aborts without success.
The SUCCESS output pin turns ON if the operation completes with success.
The CONTROL and DATABUF output pins define the operation (refer to the Control Block and Data Buffer).
EN and ENO can be configured as additional parameters.

Control Block

The format of the Control block is described in the following table:

Word	Description
CONTROL[1]	15 = Send Modbus Request
CONTROL[2]	Indicates detected error status
CONTROL[3]	DATABUF length (WORDs)
CONTROL[4]	Offset for the beginning of the response in the DATABUF (WORDs). NOTE: To avoid overwriting the request, the Response Offset value multiplied by 2 must be greater than the Request Length (CONTROL[10]).
CONTROL[5]	Routing register: High byte = Ethernet communication module slot Low byte = MBP on Ethernet transporter (MET) mapping index (also known as Unit ID)
CONTROL[6]	Byte 4 of the IP address (MSB)
CONTROL[7]	Byte 3 of the IP address
CONTROL[8	Byte 2 of the IP address
CONTROL[9]	Byte 1 of the IP address (LSB)
CONTROL[10]	Length of the DATABUF Request data (bytes)
CONTROL[11]	Length of the DATABUF Response received (bytes) NOTE: This is read only, it is set by option module after operation completion.

Data Buffer

The MODBUS protocol defines a simple protocol data unit (PDU) independent of the underlying communication layers.

The data buffer (DATABUF) consists of contiguous registers that include both the Modbus Request PDU and the Modbus Response PDU:

DATABUF Data Buffer Length is set in the CONTROL[3] word.	Modbus Request PDU: Data Request Length is set in the CONTROL[10] word.
	Modbus Response PDU: Data Response Start (Response offset) is set in the CONTROL[4] word. NOTE: To avoid overwriting the request, the Response Offset value multiplied by 2 must be greater than the Request Length (CONTROL[10]). Data Response Length is set in the CONTROL[11] word.

CAUTION

LOSS OF DATA

Verify that the Response Offset is greater than the Data Request Length.

Failure to follow these instructions can result in injury or equipment damage.

NOTE: Both the Request and Response must be structured in little endian order. Each word of 2 bytes of data in little endian format, where the least significant byte is stored in the smallest memory address.

Modbus Request

The Modbus Request PDU format is:

Byte offset	Field	Data type	Description
1	Function code	BYTE	Modbus function code
2	Request data	BYTE area	This field is function code dependent and contains information such as variable references, variable counts, data offsets, sub-function codes and so on.

Modbus Response

The Modbus Response PDU format is:

Byte offset	Field	Data type	Description
1	Function code	BYTE	Modbus function code
2	Response data	BYTE area	This field is function code dependent and contains information such as variable references, variable counts, data offsets, sub-function codes and so on.

Modbus Exception Response

The Modbus Exception Response PDU format is:

Byte offset	Field	Data type	Description
1	Function code	BYTE	Modbus function code + 80 (hex)
2	Exception code	BYTE	This field is defined in the MODBUS Application Protocol Specification.

Modbus Specification

The standard Modbus function codes are defined in the MODBUS Application Protocol Specification, V1.1b, which can be downloaded from www.modbus-ida.org.

Example of a Send Modbus Request

To read 4 contiguous Input registers (Modbus Function code 4) starting at register 100 (64 hex) in a remote device. A Modbus Request has to be sent on the network with the following Modbus Response.

Request Field Name	Value
Function code	04
Starting address, High	00
Starting address, Low	64
Number of registers, High	00
Number of registers, Low	04

Response Field Name	Value
Function code	04
Byte count	08
Register 100 value, High	00
Register 100 value, Low	01
Register 101 value, High	00
Register 101 value, Low	02
Register 102 value, High	00
Register 102 value, Low	03
Register 103 value, High	00
Register 103 value, Low	04

Using the following CONTROL word values:

CONTROL[1] (MSTR operation) = 15
CONTROL[2] (Error Code) = refer to CONTROL block description (read-only)
CONTROL[3] (DATABUF length) = 11
CONTROL[4] (Response Offset) = 5
CONTROL[5] (Routing Register) = refer to CONTROL block description
CONTROL[6] (IP1) = refer to CONTROL block description
CONTROL[7] (IP1) = refer to CONTROL block description
CONTROL[8] (IP1) = refer to CONTROL block description
CONTROL[9] (IP1) = refer to CONTROL block description
CONTROL[10] (Request Length) = 5
CONTROL[11] (Response Length) = 10

the data encoding in the Data Buffer is as follows:

	Field	Value (hex)	Description
Request	DATABUF[1]	0400	Function code + Starting address, High
	DATABUF[2]	6400	Starting address, Low + Number of registers, High
	DATABUF[3]	0400	Number of registers, Low + NULL
	DATABUF[4]	0000	Null
	DATABUF[5]	0000	Null
Response	DATABUF[6]	0408	Function code + Byte count
	DATABUF[7]	0001	Register 100 value, High + Register 100 value, Low
	DATABUF[8]	0002	Register 101 value, High + Register 101 value, Low
	DATABUF[9]	0003	Register 102 value, High + Register 102 value, Low
	DATABUF[10]	0004	Register 103 value, High + Register 103 value, Low
	DATABUF[11]	0000	Null