Understanding RS232, RS485, RJ45, and Modbus Protocols

Imagine a DC power supply with three pins on its output socket: positive, negative, and ground. Correspondingly, the load’s plug should also have three pins that correspond to the power supply, allowing it to receive the energy supply correctly.

The first is that the shape, size, and pin diameter and length of the plug and socket must correspond; otherwise, the connection cannot be completed. This stipulates the physical structure and pin definition of the plug combination.

The second is that the output voltage of the power supply must meet the load’s requirements; otherwise, it cannot fulfill the electrical parameter requirements. This determines the level specification of the plug combination.

The third is that the output impedance of the power supply must match the input impedance of the load; otherwise, it cannot achieve proper power supply. This determines the working nature of the power supply.

These three points essentially define the normative protocol of the power plug combination at the physical layer.

Now, let’s look at communication interfaces. In the ISO/OSI model concerning computer information exchange, the physical layer is the lowest layer (Layer 1), which specifies the mechanical appearance of interfaces, pin definitions, interface levels, and byte formats.

The byte format here refers to how many data bits are in a byte, how many start/stop bits there are, and how many parity bits there are. Generally, a byte contains 8 data bits, 1 start bit (stop bit), and 1 parity bit. Note: The start and stop bits can be combined.

Next, let’s examine the operational modes of communication interfaces and networks.

When we make a phone call, we find that both parties can talk and listen simultaneously, which is called full duplex (two-way operation); if one can talk but not listen, and the other can listen but not talk, this is called half duplex, akin to a walkie-talkie communication style.

RS422 and RS232 interfaces are full duplex, while RS485 is half duplex.

For half duplex interfaces, there must be a communication initiator, so RS485 interfaces and networks must have a master station and several slave stations, with the number of slaves typically limited to 32.

The relationship between the RS485 master and slave stations appears to be merely a difference in communication modes, but fundamentally, it is about the reasonable allocation of control rights over the communication bus.

Next, let’s look at bus connection issues.

Using power as an example, we can draw a main line from the power supply and then parallel several branches to feed various loads. As long as the power supply’s power requirements are met, this is clearly feasible.

However, if we use the same method to draw out RS485 communication lines, is that feasible? The answer is no. We must first draw a line from the communication master to the first slave, then draw a second line from the first slave to the second slave, and so on until the last slave. At the end of the communication line, a terminal resistor must be added. If a break occurs at any point on this communication line, the communication on subsequent links will also be interrupted. This wiring method is vividly referred to as the daisy chain connection method, while the power connection method is known as the star connection method.

We find that, from an electrical wiring perspective, the link is parallel. But from a communication perspective, the link is daisy-chained, representing an orderly connection.

Now we can summarize:

The RS485 bus network wiring method must be a daisy chain and is a half duplex communication method; RS232 is a point-to-point wiring method and is full duplex communication. Whether for RS232 or RS485 interfaces, they must comply with the communication protocols of the physical layer.

Next, let’s look at the MODBUS-RTU communication protocol:

Having a physical layer communication interface does not mean communication can occur; the answer is no. The physical layer communication interface only provides the conditions for communication. However, if neither party can understand what the other is saying, or if the speaking methods and grammatical structures of both parties do not match, communication cannot occur.

In the OSI model, above the physical layer is the data link layer. The MODBUS-RTU protocol is a data link layer protocol. As long as both parties use the MODBUS-RTU protocol, it ensures that the communication language is in a format that both can understand.

Note the term “statement” here. The physical layer defines bytes, equivalent to words in a language, while the data link layer organizes bytes into statements, i.e., frames.Frames specify the grammatical structure of the statements used by both parties in communication.

MODBUS is also master-slave structured. Similar to the control of the bus at the physical layer, here the master-slave relationship specifies the control rights over the communication bus. The master first issues commands, occupying the bus; then vacates the bus for the slave to write a response code; once the slave completes this, the bus is returned to the master.

Now let’s look at the frame structure specified by ISO’s HDLC, which is the grammatical structure of communication statements, as follows:

Under the MODBUS communication protocol, different command function codes have different frame structures. For the read register command, the MODBUS master frame structure is: 2 bytes of address code, 1 byte of function code, 2 bytes of data address code, and 2 bytes of CRC check code; the MODBUS slave response frame structure is: 2 bytes of function code, 1 byte of total bytes in the response area, N bytes of response data, and 2 bytes of CRC check code.

Although the physical layer protocol and data link layer protocol differ, the execution of the data link layer protocol must be based on the requirement that both parties’ physical layer connections are compliant and can exchange information without barriers.

This rule must be fully and thoroughly executed in the seven-layer protocol of the ISO/OSI model. In the ISO/OSI model, the lower-level protocols of both parties must establish a transparent and fault-free connection and information exchange relationship for the upper-level protocols. This means that the hierarchical relationship between different levels must be absolute.

From the data link layer upwards, we reach the network layer, which is responsible for forming the information exchange network of the field bus.

The functions of the network layer include: packaging communication frames into data packets and then sending the data packets to the other party.

Since the network structures of both parties may differ, the same types of networks require bridges to connect, while different types of networks require gateways.

There may be multiple channels between networks. Data packets can choose from multiple paths when sending. The components responsible for selecting paths are called routers. Routers not only determine the actual data exchange network path but can also construct virtual network paths and determine the order of data packet sending. Thus, routers are the most complex and critical equipment in the network layer.

In the OSI model, the physical layer + data link layer + network layer are collectively referred to as the field bus, whose communication interface is the 8-pin RJ45 crystal head. Clearly, RJ45 is entirely different from RS232/RS485/RA422.

The data packets at the network layer are combinations of data frames. Simply put, a data packet is a short article or a unit of data to be transmitted.

When sending data packets, the routing issues and receiving combination issues of the network layer are illustrated in the following images:

We see that the network layer first determines the routing path through the router, then sends the packets to the other party. Upon receiving the packets, the other party combines them in order and unpacks them into the actual document.

It is important to note that since the network layer has routers, it supports star network structures.

Now let’s focus on the ISO/OSI seven-layer model, as follows:

It is essential to clarify that from the network layer upwards, the information units sent between layers are already complete messages. The OSI model also specifies the grammatical structure of messages, which will be omitted here due to space constraints.

It is worth noting:the definitions of RS232/RS485/RS422 communication interfaces are very clear. This includes pin levels, pin function definitions, and the timing relationships of data flow during information sending and receiving. All of these must be accurate and strict; otherwise, information exchange cannot be executed.

When a PLC exchanges information with a certain power meter, and these power meters comply with the RS485/MODBUS-RTU communication specifications, what do we need to do?

First, we need to wire according to the daisy chain structure communication link requirements, connecting the PLC’s communication interface to N power meter interfaces. The last power meter’s end must be equipped with a 100-ohm terminal resistor.

Second, we need to determine the addresses of these N power meters according to the principle of incremental addressing, such as 01H, 02H, 1FH, etc. Here, H denotes hexadecimal, with 1F representing 16+15=31.

Third, we set the communication rate specified by the power meters in the PLC programming software.

Fourth, we set the MODBUS communication code according to the data area address code of the power meters and the loop relationship of each substation in the PLC programming software.

Note: The MODBUS communication code here meets the requirements of the PLC’s IEC 61131-3 programming module, while general PLC ladder diagrams do not have this function. Ladder diagrams meet the IEC 61131-1 requirements but do not meet the IEC 61131-3 requirements.

Fifth, we open a dedicated data area in the PLC’s memory to store the information read from the power meters after processing, allowing the higher-level master station to read the information. This data area is called a data point table, sometimes referred to as a communication protocol.

Finally, of course, we conduct a power-on test. There are many details involved, and we will not elaborate further due to space constraints.

Let’s look at an example of reading data using MODBUS-RTU on the RS485 network:

A certain power meter has an address of 01H. In the memory location 2000 of the power meter, there are six data points for three-phase current and three-phase voltage, each occupying two bytes, totaling 12 bytes.

The communication rate of this power meter is 9600 bps. What does this mean? Bps denotes bits, indicating that this bus can send 9600 bits per second. We already know that a byte consists of 8 data bits, 1 start bit, and 1 parity bit, totaling 10 bits. Therefore, if the communication rate of the power meter is 9600 bps, it can send: 9600/10=960 bytes per second.

We also know that the frame structure for the master station to read data (downlink frame) includes 1 byte of address, 1 byte of function code, 2 bytes of memory address, 2 bytes of data quantity, and 2 bytes of CRC check code, totaling 8 bytes. Thus, the time taken for the master station to send the read data MODBUS communication frame is: 8X10/9600=8.33 milliseconds.

For this example, we know that the MODBUS-RTU read data command is 0X03H, which is represented as 03 in command form. Note the notation: 0X is the prefix, 03 is the command, and H denotes hexadecimal.

The specific communication frame is: 01 03 07 D0 00 06 C5 45, where 0X01H is the address, 0X03H is the command, 0X07D0H is the memory address 2000, 0X0006H indicates reading six consecutive words, which corresponds to the current and voltage parameters in memory, and 0XC545H is the CRC check code for 01 03 07 D0 00 06.

Then the response frame from the power meter (uplink frame) has a frame structure of: 1 byte of address, 1 byte of function code, 1 byte of total bytes in the response area, 12 bytes of data, and 2 bytes of CRC check code, totaling 17 bytes, taking: 17X10/9600=17.7 milliseconds.

The specific instrument response communication frame is: 01 03 0C 00 64 0064 0064 00 DC 00 DC 00 DC D6 F5, where 0X01H and 0X03H have the same meanings as before, 0X0CH indicates that there are 12 bytes in the upload data area, 0X0064H indicates that phase A current is 100A, followed by two groups for phase B and phase C current, both 100A, 0X00DCH indicates that phase A voltage is 220V, followed by two groups for phase B and phase C voltage, both 220V, and finally, 0XD6F5H is the CRC check code.

The master station initiates the downlink communication frame, waits for 10 milliseconds for the slave to respond, and then receives the uplink communication frame from the slave, totaling:

If there are 31 identical meters waiting for the master station to access them one by one, the total duration from the master station starting to access the first meter to the last response is:

Here, 1.12 seconds is the reading data cycle for these 31 meters at a communication rate of 9600 bps, ignoring the waiting time for the master station to send the downlink communication frame again, so the actual time will be slightly longer.

We believe that by this point, everyone should have a deeper understanding of the communication frames under MODBUS-RTU.

Reminder: A word consists of two bytes. Generally, bytes can only express 8 binary quantities. However, for analog quantities, words are used for expression. For example, a current of 1250A is represented as 04E2H in hexadecimal, requiring 2 bytes for a complete expression. Thus, various power meters express analog quantities using words.

Below are some commonly used function codes in MODBUS, i.e., command codes:

Below is an example of the downlink and uplink communication frames for a PLC reading data point tables from an ASCO controller:

1)Some field buses use tokens to solve the bus control issue.

It is easy to think that if a slave has an urgent matter requiring the master to serve, but the MODBUS specifies polling rules, it may be too late by the time it is their turn. Therefore, many field buses have invented a special item called a token. The token is small, only one byte, and can be quickly passed along the bus. The token circulates among the stations; whoever holds the token becomes the master and can send information. If a station has nothing to send, it passes the token to the next station, thus solving the bus occupancy issue.

2)When a link is broken, to avoid communication interruption, a dual-master approach can be adopted. The two master stations (PLC’s two RS485 interfaces) are connected by a handshake line, with the primary RS485 active while the secondary RS485 remains floating. The floating RS485 is connected to the bus but is in a high-impedance state, equivalent to being completely disconnected. When a break occurs, the slave confirms and immediately activates the communication, connecting from both ends of the link.

Sometimes, ring communication measures are also employed. Due to space limitations, we will not introduce this further.

3)MODBUS can operate at the network layer, at which point the protocol becomes MODBUS-TCP, but it still adheres to the master-slave structure.

4)The MODBUS protocol was invented by the American Modicon company, whose mission is: the MODBUS protocol is a free and open protocol. Later, Modicon was acquired by Schneider Electric, which inherited Modicon’s approach; MODBUS remains a free and open protocol. Since MODBUS has become Schneider’s protocol, Schneider has extended it to the network layer, establishing the network layer’s MODBUS-TCP protocol and an internal proprietary MODBUS-PLUS protocol. Due to space constraints, descriptions of these two protocols will be omitted here.

5)Regarding the differences between RS232 and RS485

Those who have studied analog and digital circuits know about differential circuits. Differential circuits have common-mode rejection ratios, which can eliminate common-mode errors. The RS485 interface has this characteristic. Therefore, the transmission distance of the RS232 interface is only a few meters, while RS485/RS422 interfaces can reach distances of 1200 meters.

We see from the images that although the RS232 and RS485 interfaces have the same appearance, their performance and information exchange modes differ, thus affecting their anti-interference capabilities.

6)When the distance is long, the RS485 interface can also connect to fiber optics, but it requires a pair of fiber optic converters. The reason for a pair is that one is used for electrical-to-optical conversion and the other for optical-to-electrical conversion. The communication medium between the fiber optic transceivers is the optical cable or fiber (note that fiber is the core of the optical cable; do not confuse them as two different things).

There are single-mode and multi-mode fibers. Single-mode fibers are thinner, with less light reflection during transmission, resulting in lower distortion and transmission distances exceeding 15km; multi-mode fibers are thicker, with more light reflection during transmission, resulting in greater distortion and transmission distances of 1.5km.

7)CRC check codes are binary division without borrowing, used to verify whether the received information has errors.

Note that f(x) here represents the MODBUS communication frame without the CRC check code, with the divisor being CRC16. The CRC in the frame is the remainder after the calculation.

The master station calculates the CRC before sending the frame and appends the remainder to the end of the frame sent to the slave. The slave, upon receiving the frame, performs CRC calculations on the frame without the CRC portion to verify correctness; if incorrect, the slave requests the master to resend.

Similarly, when the slave sends information to the master, the master also checks the data’s correctness based on the CRC. If an error is found, the master requests the slave to resend.

8)Regarding MODBUS-RTU, MODBUS-ASC, and MODBUS-TCP

If MODBUS uses BCD code to express data, it is called MODBUS-RTU; if it uses ASCII code, it is called MODBUS-ASC; if MODBUS operates at the network layer, it is called MODBUS-TCP.

The ASCII code content is as follows:

In practical use, most MODBUS implementations use BCD code, making MODBUS-RTU widely adopted.

The BCD code is as follows:

It is important to note that in protocol usage, the values in the data frame are expressed in hexadecimal. For example, a current of 100A is written as 0X64H, while a voltage of 380V is written as 0X17CH.

9)Regarding the twisted pair communication lines and grounding used in RS485 networks

We know that there will be distributed capacitance between two parallel cables, which can weaken the signal strength. To eliminate distributed capacitance, the two parallel lines of the communication line need to be twisted together at certain lengths; this is called twisted pair. The twisting length of twisted pair has specifications, closely related to communication rates. In practice, the appropriate twisted pair should be selected according to the communication rate.

The outer layer of twisted pair has a shielding layer. The shielding layer must be grounded at a single point and must not be grounded at both ends simultaneously to prevent ground currents from causing interference. In actual wiring, each segment should be grounded independently, and it is crucial not to adopt the practice of connecting the shielding layers of all segments to a common ground.

10)Regarding the daisy chain communication link connection method

An absolute daisy chain network does not exist. In reality, the communication network constructed using the daisy chain wiring method consists of terminal blocks connected to various slave stations through twisted pair cables, forming a structure similar to a star; we might refer to this wiring method as quasi-star wiring under a daisy chain network.

Engineering practice has shown that the length of quasi-star wiring should not exceed 70 cm. If it exceeds this length, communication instability may occur.

In fact, 70 cm has become an unwritten quality control standard in the industry.

A 100-ohm terminal resistor may be added or omitted at low communication rates, but when the communication rate is high (above 19.2 kbps), it is advisable to include it. For example, in the RS485 network under PROFIBUS, terminal resistors are already integrated into the terminal devices, and a switch can be toggled to add or remove them.

The purpose of the terminal resistor is to absorb reflected waves.

When we tightly tie a rope between two trees and then hit one side of the rope, we will see a conducting wave traveling to the other end and a reflected wave. If the hitting frequency is appropriate, a standing wave will appear in the middle of the rope.

For communication, both reflected waves and standing waves can severely impact communication quality. Terminal resistors are used to absorb reflected waves and can enhance the final level of the slave stations.

Both RS485 and MODBUS concepts require practical mastery; merely reading texts makes it challenging to understand and grasp them. If this article can benefit your practical activities, I will be very pleased.

Disclaimer: This article is reprinted from Zhihu Q&A: Teacher Zhang Baifan, copyright belongs to the original author. If there are any copyright issues, please contact us for deletion. Thank you!