3

I'm using a number of Modbus RTU devices connected to my PC through a Modbus TCP gateway. I'd like to poll all the available server addresses to check which ones are available through my program.

What would be the best way to do this ?? I guess I could just do a read on some arbitrary register but I would like to use a method and value that's common to all devices.

The official Modbus Application Protocol guide mentions a Diagnostics function code but that seems to be for serial line devices only.

Obie 2.0
  • 149
  • 5
Saad Farooq
  • 229
  • 2
  • 9

3 Answers3

2

There are no guaranteed addresses or registers with ModBus; that's one of its biggest failings (or one if it's greatest strengths, depending on how (in)experienced you are in the field). There have been numerous attempts to generate some kind of standard for common devices but ultimately there is no way to do this since there is no standards body oversight for such a thing to succeed.

akohlsmith
  • 11,162
  • 1
  • 35
  • 62
  • But surely there must be some way to figure out if there is actually a device connected at a particular slave address. Maybe read time for even an exception response vs. a timeout – Saad Farooq May 18 '12 at 05:19
  • Nope. If you don't know of a specific coil/input that the slave is listening on, it will not answer. If you do know of a specific coil/input, then poll it with a reasonable timeout. If you get an answer, it's alive and if you don't, retry a couple of times (assume the network ate the packet) and if there's still no answer, consider the slave gone. There is no "bad request" response that is specified that all slaves must implement. – akohlsmith May 19 '12 at 00:59
  • @SaadFarooq In [theory](http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf#page=47) a device is supposed to respond with an exception to "valid" but inacceptable queries such as a wrong register or even an invalid function call. In reality chances are a device might just ignore your request though... – Tobias Kienzler May 12 '20 at 12:12
1

MODBUS masters start polling of all slaves on the same physical channel, and then the ones that timeout for N times are the ones that should be considered not responding. It's up to a MODBUS master application to determine if it will retry again later, or kick out the missing slave from polling in order not to slow down polling of remaining slaves.

avra
  • 1,872
  • 3
  • 14
  • 21
  • I assume you mean the Modbus Gateway at the RTU end is the master (as opposed to the server client architecture on the other end of the gateway). I find this interesting... according to you answer, the gateway should already have polled its slaves and know which ones are alive. I don't think I'll have that sort of access but I'll see if the docs show anything. However, the real question here is : What does a master (whether it be the gateway or my PC) poll for that we can be sure will be available on all devices ?? – Saad Farooq May 18 '12 at 14:10
  • 1
    You have missed the point. There is no general way to do what you want with unknown slaves. You can do what you want only with known slaves, where you know at least one valid tag address, which will be used by master in timeouts I mentioned. You never attach unknown MODBUS slaves and then browse their address space (like with OPC) simply because it is not available feature, and standard does not define these things, not even a single guaranteed tag address. A slave is free to implement just a subset of features, therefore diagnostic function is not guaranteed to be implemented... – avra May 21 '12 at 09:24
  • 1
    ... Also, although MODBUS TCP<=>RTU gateway is a master for RTU slaves, in reality this communication is transparent, and your PC app is not aware of this trick. Therefore, your PC app is a master in reality. You must know MODBUS address of each RTU device, and addresses of all tags you want to read BEFORE you start the communication. Then, your application either gets a valid response (MODBUS error code is also a valid response), or a timeout that you need to deal with. You either ignore it (which will slow all other MODBUS slaves) or temporary or permanently kick it out of the communication. – avra May 21 '12 at 09:31
0

While there are no guaranteed addresses or registers, theoretically via Function 43 (0x2B)'s 0x2B/0x0E Read Device Identification (see 6.21 in the standard) you should be able to at least query the mandatory objects

Object Id | Object Name / Description
0x00      | VendorName
0x01      | ProductCode
0x02      | MajorMinorRevision

edit In fact theoretically any valid query should result in some response instead of a timeout, at the very least an exception as described in section 7:

If the server receives the request without a communication error, but cannot handle it (for example, if the request is to read a non–existent output or register), the server will return an exception response informing the client of the nature of the error.

Tobias Kienzler
  • 128
  • 9