The first specification for the Modbus protocol was published in 1979. The protocol is designed for polling slave devices on a request-response basis. Modbus RTU (Remote Terminal Unit) operates over a serial data interface (RS-232, RS-485, RS-422). Today we will focus on a slightly modified protocol, Modbus TCP, operating at the application layer of the TCP / IP protocol stack.
First, let's see how the server part is configured (programmed, to be more precise). Modbus TCP Server is analogous to Modbus RTU Slave, that is, it is a slave device. This is important, don't be confused. The server only responds to requests, but does not generate them.
This example uses an S7-1516 CPU with firmware version 2.6. The S7-1200 series is programmed in the same way.
First, let's place an instance of the MB_SERVER function block in OB1 (Instructions → Communications → Others → MODBUS TCP).
Next, you need to do three things. First, put something on the MB_ HOLD_ REG input . This input pin of the FB instance must contain a memory area that is allocated to holding registers.
. Modbus TCP 5.0 « » (Discrete inputs), .. , — BOOL' %I. Coils, «» — , , , %Q. Input Registers, « » — %I, %IW. , Modbus I Q. , . - , , , «» . , Modbus TCP , .
, IB QB. QB_Count, QB_Read_Count IB_Count , 65535, / / .
/ , , . , — , ( ) . , « », « » , , .
, 5.0 ( 2.5 S7-1500 4.2 S7-1200) , . — . , «Access to data areas in DBs instead of direct access to MODBUS addresses as of version V5.0» .
, «» .
Add new block
«Data block» ,
« », ,
. () . .
MB_HOLD_REG
-, TCON_IP_v4 TCON_Configured. . , , — Hardware, . , «» Modbus, (, , ).
TCON_IP_v4
InterfaceID , .
ID — . 1 4096. ( MBSERVER, ). . 1.
ConnectionType — . 11 (0B ): TCP. .
ActiveEstablished — false, , .
RemoteAddress — , . IP- , . .
RemotePort — ,
LocalPort — TCP , . - ( RFC) Modbus TCP 502 ( Doom — 666, ). 502 .
:
ID . , network (MOVE) Modbus. Step 7 , . Modbus X1. , .
, , System Constants . , , .
64 "ModbusData".CONNECT_Struct.InterfaceId
CONNECT :
, , , MB_SERVER_DB. , . , , , , «» «» «».
, Online:
7002 , , . STATUS, . , / Modbus-, (, — « » « »).
Modbus- . — . 5 , 10, Modbus , . — : little endian , big endian, , . 5 , , float, «» :
, (, %Q) — «» Modbus, , . . , :
. 64, (8 * 8 + 0 = 64). «» Modbus-:
«» ( 64). «» modbus:
, , Step 7, , ( ):
, . , , . «» ( , ):
( online, ) modbus «» «Illegal data address», . : Restriction of read access to process images as of version V5.0.
, . Step 7 :
. . «MBHOLDREG parameter» :
. , .
№1. — (, ). 8187 : The MBHOLD_REG parameter has an invalid pointer. Data area is too small.
№2. WORD, «» . , , .
Experiment # 3. Merker region. Works, the values were entered from the client, no errors.
From my point of view, the documentation is not clear enough. It should say “use standard access data block or bit (token) memory”, not “optimized access”. In the case of optimized access, arrays of words are fine. And from my point of view, the most convenient way is the one described in the original example. Experiment 2, in principle, is also workable (and there is an explanation for that), but from my point of view it is inconvenient for work.
Next time we will tackle the Modbus TCP client.