General Modbus Message Rules
Original instructions
About us
Purpose
The following rules state what is expected of the user and what the expected response is.
Sequence Numbe
A change in the sequence number starts any and all Modbus transactions. The I/O module contains the last sequence number written and starts with 0 at power-up. The sequence number is echoed to the input buffer after the Modbus message is complete. Continuous read data can be obtained after the first initial read, by incrementing the sequence number only every scan.
Command and Response
See Output Words Control Modes and Input Words Control Modes. No more than 4 commands can be requested at any one time (Control Modes 4 ... 8). The response for the requests are returned in the response registers.
Block Read Response
All read commands are contiguous, incrementing up from the starting address to the numbers specified by length.The first read command with a length of zero or a length that is larger than the allocated response buffer will end further Modbus processing and the remainder of the input data field will be zeroed. The first read command starts at the end of the buffer, (words 15 and 16). The first word of the response data is placed in word 5 of the input buffer. After word 5 all read data values fill in consecutively as executed.
Block Write Response
All block write commands (Control Modes 2 and 3) are contiguous, incrementing up from the starting address to the numbers specified by length. Block write commands with a length of zero or a length that is larger than the allocated command buffer will not be executed. However, the read in control mode 3 will be executed regardless of the write command.
Single Write Response
All single write commands (Control Modes 4 ... 8) will be executed. Zero is a legal start address and a legal data value.
Read / Write Commands
All Write commands precede the read response.
Modbus Message Time Out
The Modbus message time out is fixed in the firmware at 200 msec and cannot be altered.
Start Address
Start address of 0 = Modbus register 400001. For example: A Modbus start address of 0 is actually Modbus register 400001. A value of 9 is actually 400010.
Modbus Protocol
For a better understanding of Modbus protocol, refer to PI-MBus-300, Modbus Protocol Reference Guide.
General Modbus Response
The table below lists the possible Modbus response codes.
Response
Code
Illegal function
01 Hex
Illegal data address
02 Hex
Illegal data value
03 Hex
Device failure
04 Hex
Acknowledge
05 Hex
Busy, message rejected
06 Hex
Bad Modbus state Rcv_int
1C Hex
Bad comm state trn_asc
1F Hex
Bad comm state trn_rtu
1D Hex
Bad comm state rcv_asc
20 Hex
Command buffer full error
21 Hex
Bad comm state rcv_rtu
22 Hex
Bad frame type put_chr
23 Hex
Bad transmit comm state
25 Hex
Bad receive comm state
26 Hex
Bad Modbus state tmr0_evt
27 Hex
3 char timeout ASCII mode
28 Hex
No message requested
29 Hex
Bad data length
2A Hex
CRC error
2B Hex
Illegal control mode (> 8)
2C Hex
Control mode 0 failed
30 Hex
Control mode 1 failed
31 Hex
Control mode 2 failed
32 Hex
Control mode 3 failed
33 Hex
Control mode 4 failed
34 Hex
Control mode 5 failed
35 Hex
Control mode 6 failed
36 Hex
Control mode 7 failed
37 Hex
Control mode 8 failed
38 Hex
Message Mismatch
50 Hex
Message accepted
55 Hex