Modbus RTU illegal data address


Thread Starter


I have 2 PLC controllers and in one controller I have Mapped variables to address 400001, 400002, 400004 and 400005 respectively and 400003 is not mapped.

From Master if I try reading multiple registers (all 4) starting from 400001, for the un-mapped address (i.e. 400003 in above case) is the slave supposed to return illegal data address or zero (0) for the un-mapped address? Please help in understanding this exception case.
That would really depend on the Slave PLC. But my guess would be that generally it would return a 0. Unless you are mapping a 32-bit float to 400002, then I'd expect half of the 32-bit word.

I would expect an address error unless the Slave PLC requires specific definition of all Modbus addresses to prevent access to registers you wish to protect.

What PLC are you using as the slave?


Fred Loveless

That is perfectly legal for the device because the address does not exist so the driver cannot span that memory location. We see this with older serial devices, usually temperature and pressure controllers.

Typically for those types of device you need to read data one register address at a time

From my experience, it depends on the slave devices. Some times the slave device is smart enough to send back N/A data and keep going to addresses 400004/5. Normally when you request data does not exist the slave will fail and all the data could be bad.

Just to be safe, I would have two separate data requests. Or, I would assign the 40003 with some spare point.

You may also want to look at what Modbus requests are coming from the master. Is it using FunCode 3, 6, or FunCode 16? Those can also have an affect on how the slave responds and if it gives bad data.