Are there any defined address ranges in the ModBus protocol? We have kind of established the address ranges for different types of values by ourselves. From time to time, we encounter customers/vendors that excpect certain types of values to be in certain address ranges.

I have tried to search in the available ModBus standard documentation, but haven't been able to find any strict rules for address use.

If anyone know of such a definition in the STANDARD, please let me know!

 

There is nothing in the standard about this. It is up to you.

 

I assume you mean like range 400001 to 401999 is 16-bit integters, 402000 to 402999 is 32-bit floats etc?

Unfortunately, only a minority of vendors have anything other than 1-bit or 16-bit data values, and each of those vendors uses it's own set of ranges. Plus some have very esoteric data types - for example 1 vendor has both 8-byte and 128-byte ASCII strings in 2 ranges, each string treated as a single register. I think it would be hard to find a common set of data types to spec out this way.

My own personal ideas to solve this would be to define a new Modbus function code that allows a client/master to query any data point and receive not the data but a small dictionary entry describing the data (tag, type, etc). Of course, today it doesn't exist, but as the price of flash memory drops new devices will be able to support such with static entries.

- Lynn

 

The short answer: none.

The long answer:
First, it is not about the Modbus protocol (which moves data to/from a PLC or PLC-like machine), but about the data space of the machine in question.

Second, Modbus assumes nothing but data type and address range. It does not care what the data (1 bit or 16 bits) at a particular address stands for in the application in question.

Third, a PLC or similar machine should offer for each data type a contiguous address range, starting at 0 (i.e., no "black holes"). But this is only a "nice to have" requirement (PLC's normally comply).

There are other protocols I know of (e.g., LonTalk), that support named addresses (variables).

Meir Saggie
meirs at afcon-inc dot com

 

The defined standard "range" of addresses in MODBUS would have to be between 0 and 65535. This is what the Standard MODBUS protocol function code address ranges allow in the protocol fields (0x0000 through 0xFFFF).

 

General question... can a master on the modbus access 65536 16 bit registers, (via function codes 3,4) on any slave device?

 

Only if those addresses exist on the slave device. Most slave devices don't have anywhere near that many addresses but a few Modicon controllers did/do.

 

General answer: a Modbus master can access all the 16-bit registers that the device supports, and which can be specified in a legal Modbus message.

In principle, the highest-numbered register you can access with function code 3 or 4 is 65659. According to the Open Modbus spec, each of these commands allows you to request up to 125 registers, starting with a register whose number is stored in a 16-bit unsigned integer. That is, you can legally request 125 registers starting at 65535.

Reviewing the Open Modbus spec, I find that the Read & Write General Reference commands can also be used to access holding registers. I have always understood General Reference "registers" to be byte-oriented files stored at 6xxxxx addresses. Apparently, the "reference type" field can be set to 4 for holding registers. The reference id in the Read General Reference command is a 32-bit unsigned integer, so it looks theoretically possible for a slave to support a legal Modbus request for 126 4xxxxx registers starting at 4294967295.

(I say 126 because the max Modbus message size is 256, and the response to a FC 20 message for a single group has only 4 bytes in addition to the register contents. The remaining 252 bytes are sufficient to hold 126 16-bit registers, and there is no specified limit of 125 in the FC 20 documentation.)

That said, I've never encountered a Modbus device with 8 gigabytes of addressable holding registers.

Regards,

Greg Goodman

 

Answers to both questions: 1. There are no predefined addresses - all inputs, coils and registers (input, holding) are equal and anonymous in the MODBUS definition. They have each a particular meaning in a particular application - as defined by the author (and documented) of the application - but this is outside the scope of MODBUS. 2. Any particular slave device supports as many registers as it was designed or configured by its author - up to 65535. I am not sure it is part of the standard, but it is customary (and standard in a MODICON PLC) to have a contiguous range, starting at No. 1 (i.e., no "holes"). So, to rephrase the question, a master can access in a slave only as many as the slave supports. It should get a bad address error exception from the slave for an address not supported by the particular slave. Meir .


> General question... can a master on the modbus access 65536 16 bit
registers, (via function codes 3,4) on any slave device?
>
>
> On June 13, 2003, Rolf Moholth wrote:
> > Are there any defined address ranges in the ModBus protocol? We have
kind of established the address ranges for different types of values by ourselves. From time to time, we encounter customers/vendors that excpect certain types of values to be in certain address ranges.
> >
> > I have tried to search in the available ModBus standard documentation,
but haven't been able to find any strict rules for address use.
> >
> > If anyone know of such a definition in the STANDARD, please let me know!

( Complete thread: http://www.control.com/1026174830/index_html )