I am in the process of making a modbus tcp/ip module.
The digital output function is working perfectly, but the inputs are giving me some problems. It always shows as being active.
Is there an easy way to see the value it receive from my micro-controller?
The simplest solution for Modbus TCP debugging would be using Wireshark to sniff what is going on.
So far I have had no progress with this.
To compare signals, I got a Moxa E1212, reading the coils from address 0-3 it returns FF 01 01 00 which is correct.
Sending the same command to read coil status from my controller, also returns FF 01 01 00, but instead of showing them all as low, only 0 and 1 returns the correct status, 2 and 3 are always showing as high.
To debug I then tried CAS Modbus Scanner, it also claims to get FF 01 01 00 back from my controller, and shows all coils as being low.
Exactly same thing happening with the inputs, MODBUS_7 and MODBUS_8, in CAS Modbus Scanner they show up as low, but not in polyscope.
The Moxa E1212 shows the status correct for all in and outputs in both CAS Modbus Scanner, and in polyscope.
This is a bit confusing, I don’t understand how the same response, can give two different results.
Does the robot negotiate between different types?
Can it be it it is expecting a different length than what it gets?
@jbm I have been working on and off on this project, getting no further at all…
When I am analyzing the traffic with wireshark I am getting the right data through, and “CAS Modbus Scanner” agrees with the data being correct too. But when having a robot reading the data, it gets another result.
Moxa ioLogic E1212
[20:01:45] <= Response: FF 01 01 00
[20:01:44] => Poll: FF 01 00 00 00 04
My device
[20:02:27] <= Response: FF 01 01 00
[20:02:27] => Poll: FF 01 00 00 00 04
I have had someone else looking at the traffic, they too say the response from my device is correct, and they mentioned something about 16bit modbus. Can the modbus implementation in polyscope detect and switch between 8bit and 16bit?
The robot automatically expects 16 bit (1 Word) Modbus registers (or 1 bit discretes) as the Modbus standard suggest.
If your device is supplying 8 bit registers, there is most likely a necessity for a conversion, or maybe some address offsetting.
Could you post log with traffic on port 502 from wireshark? It would be extremely helpful to see what simulator is actually receiving.
I also recommend you to update to latest simulator 3.4.5. By default controller is sending all requests to devices in parallel, and since 3.4.3 there is sequential mode option that better adheres to modbus specification, and is helpful when communicating with slower devices.
How did you guys solve this issue?
I have a fronius machine (TPS320i) that I’m trying to communicate through modbus and I’m having the same issue.
The inputs and outputs are all activated except the two first ones…
Could you configure it to respond to function code 0x02 (read discrete inputs)?
Without communication trace I can only assume that machine is responding correctly to function code 0x01, but not to 0x02.
It could be verified by:
- changing type temporarily to digital output
- observing state on modbus panel
Digital output behaves like an input before it is written for first time, and it is using function code 0x01 to read output state.
I don’t think I quite understood your answer.
I changed all the inputs to outputs and still only the first two addresses work correctly. Even after refreshing.
If I deselect and refresh it activates all the outputs except the first two again, as you can see.
They should all be low, especially nubmer 7 which it isn’t even mapped.
These look to me like output registers. Have you tried writing “Output register” 0 or 1?
Is there online version of that manual?
modbus doc.pdf (3.3 MB)
The thing is, that according to fronius it can either be implemented as digital or registers.
But for now, since we are testing and setting up, we are trying to make it work with digital signals because to change registers it’s more complicated and I’m guessing we have to make scripts in between the running program.
Things I noted are:
- outputs (from Fronius to the robot - so inputs on the robot) are starting at offset 0x800 (2048 dec)
- good test would be to setup input register 2048, and check if bit 0 is flipping at 1hz.
- from tables I can understand that bit access is possible. However at the end of documentation there is short description of modbus protocol, and there are no examples for bit access. There are examples for fc 3 and 6 for register read/write.
Did you try to use 16bit register access? Ask Fronius what function codes are used to access bit registers