MODBUS is a communication protocol initially advocated by MODICON (now a brand of Schneider Electric). It has gradually been recognized as a standard communication protocol through practical applications by most companies. As long as data communication or transmission follows this protocol, different systems can communicate with each other.
Currently, this protocol is widely adopted in RS232/RS485 communication processes.
There are two commonly used MODBUS communication protocols: one is MODBUS ASCII, and the other is MODBUS RTU. Generally, MODBUS ASCII is used for communication with a small amount of data primarily consisting of text, while MODBUS RTU is used for larger binary data.
In practical applications, to solve specific problems, people often modify the MODBUS protocol to meet their needs (in fact, people often use self-defined protocols for communication, which can solve problems but are not very standardized). A more common practice is to make minor modifications to the protocol but attach the protocol format along with the software documentation or directly include it in the help section, making communication easier for users.
The ACRXXXE series instruments use the MODBUS-RTU communication protocol. The MODBUS protocol details the checksum, data sequence, etc., which are necessary for specific data exchanges. The MODBUS protocol uses a master-slave response connection on a single communication line (half-duplex), meaning that signals are transmitted in opposite directions along a single communication line.
First, the master computer addresses a unique terminal device (slave), and then the response signal sent by the terminal device is transmitted back to the master in the opposite direction.
The MODBUS protocol only allows communication between the master (PC, PLC, etc.) and the terminal devices, and does not permit data exchange between independent terminal devices. This ensures that each terminal device does not occupy the communication line during initialization and only responds to the query signals that reach its own address.
Query
The function code in the query message informs the selected slave device of the function to be executed. The data segment contains any additional information required for the slave device to perform the function. For example, function code 03 requests the slave device to read holding registers and return their contents. The data segment must include information for the slave device: the starting register to read and the number of registers to read. The error detection field provides a way for the slave device to verify whether the message content is correct.
Response
If the slave device generates a normal response, the function code in the response message corresponds to the function code in the query message. The data segment includes the data collected by the slave device, such as register values or statuses. If an error occurs, the function code will be modified to indicate that the response message is erroneous, and the data segment will contain a code describing this error. The error detection field allows the master device to confirm whether the message content is valid.
The transmission method refers to a series of independent data structures within a data frame and a limited set of rules for transmitting data. Below is the definition of a transmission method compatible with the MODBUS protocol – RTU mode.
Each byte consists of:
· 1 start bit
· 8 data bits, with the least significant bit sent first
· No parity bit
· 1 stop bit
Error checking: CRC (Cyclic Redundancy Check)
When a data frame reaches the terminal device, it enters the addressed device through a simple “port”. The device removes the “envelope” (data header) from the data frame, reads the data, and if there are no errors, it executes the requested task. Then, it adds the data it generates to the returned “envelope” and sends the data frame back to the sender.
The returned response data includes the following contents: terminal slave address (Address), executed command (Function), requested data generated by the executed command (Data), and a checksum (Check). If any error occurs, there will be no successful response or an error indication frame will be returned.
|
Address |
Function |
Data |
Check |
|
8-Bits |
8-Bits |
N x 8-Bits |
16-Bits |
The address field is located at the beginning of the frame, consisting of one byte (8 bits) in binary code, with a decimal range of 0 to 255. In our system, only addresses 1 to 247 are used; other addresses are reserved.
These bits indicate the address of the terminal device specified by the user, which will receive data from the connected master.
The address of each terminal device must be unique; only the addressed terminal will respond to queries that contain that address. When the terminal sends back a response, the slave address data in the response informs the master which terminal is communicating with it.
The function code in the function field tells the addressed terminal what function to perform.
The table below lists the function codes used in this series of instruments, along with their meanings and functions.
|
Code |
Meaning |
Action |
|
03 |
Read Data Register |
Obtain the current binary values of one or more registers |
|
16 |
Preset Multiple Registers |
Set binary values to a series of multiple registers (not available for ACRXXXE) |
The data field contains the data required for the terminal to execute a specific function or the data collected when the terminal responds to a query. The contents of this data may include values, reference addresses, or set values.
For example, the function code tells the terminal to read a register; the data field needs to specify which register to start reading from and how many registers to read. The embedded addresses and data vary according to type and content between slaves.
This field allows the master and terminal to check for errors during the transmission process.
Sometimes, due to electrical noise and other interferences, a set of data may change while being transmitted from one device to another over the line. Error checking ensures that the master or terminal does not respond to data that has changed during transmission, thereby improving system safety and efficiency. Error checking uses a 16-bit cyclic redundancy method (CRC16).
The error check (CRC) field occupies two bytes and contains a 16-bit binary value. The CRC value is calculated by the transmitting device and then appended to the data frame. The receiving device recalculates the CRC value upon receiving the data and compares it with the value in the received CRC field. If these two values do not match, an error has occurred.
During CRC calculation, a 16-bit register is first preset to all 1s, and then each byte in the data frame is processed with the current value of this register. Only the 8 bits of data in each byte participate in generating the CRC; the start and stop bits, as well as any parity bits used, do not affect the CRC.
When generating the CRC, each byte’s 8 bits are XORed with the contents of the register, and the result is shifted to the low bit, with the high bit filled with 0. The least significant bit (LSB) is extracted and checked; if it is 1, the register undergoes an XOR operation with a preset fixed value (0A001H); if the least significant bit is 0, no further action is taken.
This processing is repeated until all 8 shift operations are completed. After processing the last bit (the 8th bit), the next 8-bit byte undergoes an XOR operation with the current value of the register, and the same 8 shift XOR operations are performed. When all bytes in the data frame have been processed, the final value generated is the CRC value.
Ø Pre-set a 16-bit register to 0FFFFH (all 1s), called the CRC register.
Ø XOR the 8 bits of the first byte in the data frame with the low byte of the CRC register, and store the result back in the CRC register.
Ø Shift the CRC register one bit to the right, filling the high bit with 0, and extracting the low bit for checking.
Ø If the low bit is 0: repeat step three (next shift); if the low bit is 1: XOR the CRC register with a preset fixed value (0A001H).
Ø Repeat steps three and four until 8 shifts are completed. This processes a complete eight bits.
Ø Repeat steps two to five to process the next eight bits until all bytes have been processed.
Ø The final value in the CRC register is the CRC value.
Additionally, there is a method using a preset table to calculate the CRC, which is characterized by fast computation speed, but requires a larger storage space for the table. This method will not be elaborated here; please refer to relevant materials.
This section will provide examples using the format shown in the figure (numbers in hexadecimal).
|
Addr |
Fun |
Data start reg hi |
Data start reg lo |
Data #of regs hi |
Data #of regs lo |
CRC16 lo |
CRC16hi |
|
01H |
03H |
00H |
00H |
00H |
03H |
05H |
CBH |
Addr: Slave address
Fun: Function code
Data start reg hi: Data starting address register high byte
Data start reg lo: Data starting address register low byte
Data #of regs hi: Number of registers to read high byte
Data #of regs lo: Number of registers to read low byte
CRC16 Hi: Cyclic Redundancy Check high byte
CRC16 Lo: Cyclic Redundancy Check low byte
Query Data Frame
This function allows users to obtain the data collected and recorded by the device and system parameters. There is no limit to the number of data requested by the host at one time, but it cannot exceed the defined address range.
The following example reads three collected basic data (data frame each address occupies 2 bytes) UA, UB, UC from slave 01, where UA’s address is 0025H, UB’s address is 0026H, UC’s address is 0027H.
|
Addr |
Fun |
Data start Addr hi |
Datastart |
Data#of regs hi |
Data #of regs lo |
CRC16 lo |
CRC16 hi |
|
01H |
03H |
00H |
25H |
00H |
03H |
14H |
00H |
Response Data Frame
The response contains the slave address, function code, the number of data, and CRC error check.
The following example shows the response for reading UA, UB, UC (UA=082CH, UB=082AH, UC=082CH).
|
Addr |
Fun |
Byte count |
Data1 hi |
Data1 lo |
Data2 hi |
Data2 lo |
Data3 hi |
Data3 lo |
CRC16 lo |
CRC16 hi |
|
01H |
03H |
06H |
08H |
2CH |
08H |
2AH |
08H |
2CH |
94H |
4EH |
Error Indication Code
If the address requested by the host does not exist, it returns the error indication code: FFH.
1. Standard, open; users can freely and confidently use the Modbus protocol without paying a license fee or infringing on intellectual property rights. Currently, over 400 manufacturers support Modbus, with more than 600 products supporting the protocol.
2. Modbus supports multiple electrical interfaces, such as RS-232, RS-485, and can also transmit over various media, such as twisted pair, fiber optics, and wireless.
3. The frame format of Modbus is simple, compact, and easy to understand. It is user-friendly and easy for manufacturers to develop.
|
01 |
READ COIL STATUS |
|
02 |
READ INPUT STATUS |
|
03 |
READ HOLDING REGISTER |
|
04 |
READ INPUT REGISTER |
|
05 |
WRITE SINGLE COIL |
|
06 |
WRITE SINGLE REGISTER |
|
15 |
WRITE MULTIPLE COIL |
|
16 |
WRITE MULTIPLE REGISTER |
In the ModBus system, there are two transmission modes to choose from. These two transmission modes are equivalent to the slave PC communication capabilities. The choice depends on the ModBus master used, and each ModBus system can only use one mode; mixing the two modes is not allowed.One mode is ASCII (American Standard Information Exchange Code), and the other mode is RTU (Remote Terminal Unit).
Users can select the desired mode, including serial port communication parameters (baud rate, parity, etc.), when configuring each controller. All devices on a Modbus network must select the same transmission mode and serial port parameters. The selected ASCII or RTU mode only applies to standard Modbus networks, defining each bit of the message segments transmitted continuously on these networks and determining how to package information into message fields and how to decode it. In other networks (like MAP and Modbus Plus), Modbus messages are converted into frames independent of serial transmission.
ASCII printable characters facilitate fault detection and are suitable for master computers and PCs programmed with high-level languages (such as Fortran). RTU is suitable for computers and PC hosts programmed in machine language.
Data transmitted in RTU mode consists of 8-bit binary characters. To convert to ASCII mode, each RTU character must first be divided into high and low parts, each containing 4 bits, and then converted into a hexadecimal equivalent. The ASCII characters used to construct the message are all hexadecimal characters. Although the characters used in ASCII mode are double that of RTU mode, decoding and processing ASCII data is somewhat easier. Additionally, when using RTU mode, message characters must be transmitted as a continuous data stream; in ASCII mode, there can be up to a 1-second gap between characters to accommodate slower machines.
The controller can be set to either of the two transmission modes (ASCII or RTU) for standard Modbus network communication.
When the controller is set to communicate in ASCII (American Standard Information Exchange Code) mode on the Modbus network, each 8-bit byte in a message is transmitted as 2 ASCII characters. For example, the value 63H in ASCII mode requires sending two bytes, namely ASCII “6” (0110110) and ASCII “3” (0110011). The ASCII characters occupy either 7 or 8 bits, with the internationally used 7 bits being more common. This method’s main advantage is that the time interval for sending characters can reach 1 second without generating errors.
Code System
-
Hexadecimal, ASCII characters 0…9, A…F
-
Each ASCII character in the message consists of a hexadecimal character making up each byte’s bits
-
1 start bit
-
7 data bits, with the least significant bit sent first
-
1 parity bit; if no parity, then there is 1 stop bit (if there is parity) and 2 bits (if no parity); error detection field
-
LRC (Longitudinal Redundancy Check)
When the controller is set to communicate in RTU mode on the Modbus network, each 8-bit byte in the message is transmitted in its original value without processing, such as 63H, which RTU will directly send as 01100011.
The main advantage of this method is that there are no gaps between data frame transmissions, resulting in higher data density at the same baud rate compared to ASCII, allowing for faster transmission speeds.
Code System
-
8-bit binary, hexadecimal numbers 0…9, A…F
-
Each 8-bit field in the message consists of one or two hexadecimal characters
-
Each byte’s bits: 1 start bit, 8 data bits, with the least significant bit sent first
-
1 parity bit; if no parity, then no
-
1 stop bit (if there is parity), 2 bits (if no parity)
The CRC field is two bytes, containing a 16-bit binary value. It is calculated by the transmitting device and added to the message. The receiving device recalculates the CRC of the received message and compares it with the value in the received CRC field; if the two values differ, an error has occurred.
CRC is generated by loading a 16-bit register with all “1” values, then processing each continuous 8-bit byte in the message with the current value of this register. Only the 8-bit data in each character is valid for CRC; the start bits, stop bits, and parity bits are invalid.
During the CRC generation process, each 8-bit character is individually XORed with the contents of the register (XOR operation), and the result is shifted towards the least significant bit, with the most significant bit filled with 0. The LSB is extracted and checked; if it is 1, the register is XORed with a preset fixed value; if the LSB is 0, no action is taken. This whole process is repeated 8 times. After processing the last bit, the next 8-bit byte is also XORed with the current register value. The final value in the register after processing all bytes is the CRC.
The CRC is added to the message in low byte first, then high byte.
The CRC-16 error check program is as follows: the message (here only involving data bits, not referring to start bits, stop bits, and optional parity bits) is treated as a continuous binary number, with the most significant bit (MSB) preferred for transmission. The message is first multiplied by X^16 (shifted left 16 bits), and then divided by the polynomial X^16 + X^15 + X^2 + 1, which can be represented as a binary number 11000,0000,0000,0101. The integer quotient is ignored, and the 16-bit remainder is added to the message (MSB sent first), forming two CRC check bytes. All 1s in the remainder are initialized to prevent all zeros from being received as a message. If the message containing CRC bytes has no errors, upon reaching the receiving device, it will be divided by the same polynomial and result in a zero remainder (the receiving device verifies this CRC byte and compares it with the transmitted CRC).
Devices that are accustomed to sending data in streams will prefer to send the least significant bit (LSB) of the character first. However, in generating the CRC, the first bit sent should be the most significant bit (MSB) of the divisor. Since no carry is used in the operation, for convenience, the MSB is considered to be on the right. The bit order of the generating polynomial must also be reversed to maintain consistency. The MSB of the polynomial is omitted since it only affects the quotient and not the remainder.
The steps to generate the CRC-16 check bytes are as follows:
① Load a 16-bit register, with all digit values being 1.
② XOR the high byte of this 16-bit register with the first 8-bit byte of the message. The result is placed back into this 16-bit register.
③ Shift this 16-bit register one bit to the right.
④ If the shifted out bit (marked bit) is 1, XOR the register with the polynomial; if the shifted out bit is 0, return to step 3.
⑤ Repeat steps 3 and 4 until 8 bits have been shifted out.
⑥ XOR the next 8 bits with this 16-bit register.
⑦ Repeat steps 3 to 6 until all bytes of the message have been XORed with the 16-bit register and shifted 8 times.
⑧ The contents of this 16-bit register are the two-byte CRC error check, added to the most significant bit of the message. Additionally, in some non-ModBus communication protocols, CRC16 is often used as a check method, and several variations of CRC16 have been generated, which use the CRC16 polynomial X^16 + X^15 + X^2 + 1, with the initial loaded 16-bit register being 0000; using CRC16 in reverse order X^16 + X^14 + X^1 + 1, with the first loaded register value being 0000 or FFFFH.
LRC error checking is used in ASCII mode. This error check is an 8-bit binary number that can be transmitted as two ASCII hexadecimal bytes. The hexadecimal characters are converted to binary, and the binary characters are summed up without carry to generate the LRC error check (see diagram). This LRC is verified by the receiving device and compared with the transmitted LRC; colons (:), carriage return characters (CR), newline characters (LF), and any other non-ASCII hexadecimal characters inserted are ignored during the calculation.
The content of the Modbus protocol is fully open, simple, and very easy to implement; microcontrollers, PLCs, and DCS can all easily implement it.
Profibus, on the other hand, is more complex, requiring dedicated chips for secondary development and certification from higher organizations, leading to significantly higher development costs.
Of course, in terms of performance, serial-based Modbus RTU/ASCII communication cannot compete with Profibus DP, but for simple communication at the instrument level or small data volume communication at the controller level, Modbus is sufficient. In short, Modbus is like a common person, while Profibus is like a rich and handsome individual!
|
Function Code |
Name |
Function |
|
01 |
Read Coil Status |
Obtain the current status of a set of logical coils (ON/OFF) |
|
02 |
Read Input Status |
Obtain the current status of a set of switch inputs (ON/OFF) |
|
03 |
Read Holding Register |
Obtain the current binary values in one or more holding registers |
|
04 |
Read Input Register |
Obtain the current binary values in one or more input registers |
|
05 |
Force Single Coil |
Force a logical coil’s ON/OFF state |
|
06 |
Preset Single Register |
Load a specific binary value into a holding register |
|
07 |
Read Exception Status |
Obtain the ON/OFF status of 8 internal coils, with the addresses determined by the controller |
|
08 |
Return Diagnostic Check |
Send diagnostic check message to slave for communication evaluation |
|
09 |
Programming (only for 484) |
Allows the master to simulate a programmer to modify the logic of the PC slave |
|
10 |
Query (only for 484) |
Enables the master to communicate with a slave executing a long program task, inquiring whether the slave has completed its operations; this function code can only be sent after a message containing function code 9. |
|
11 |
Read Event Count |
Allows the master to issue a single inquiry and immediately determine whether the operation was successful, especially if a communication error occurred with this command or other responses. |
|
12 |
Read Communication Event Record |
Allows the master to retrieve the communication event record for each slave’s ModBus transaction processing. If a transaction is completed, the record will provide information about errors. |
|
13 |
Programming (184/384 484 584) |
Allows the master to simulate programming functions to modify the logic of the PC slave |
|
14 |
Inquiry (184/384 484 584) |
Allows the master to communicate with a slave executing a task, regularly inquiring whether the slave has completed its program operations; this function code can only be sent after sending a message containing function code 13. |
|
15 |
Force Multiple Coils |
Force ON/OFF for a series of continuous logical coils |
|
16 |
Preset Multiple Registers |
Load specific binary values into a series of continuous holding registers |
|
17 |
Report Slave Identification |
Allows the master to identify the type of addressed slave and the status of the slave running indicator |
|
18 |
(884 and MICRO 84) |
Allows the master to simulate programming functions to modify the logic of the PC state |
|
19 |
Reset Communication Link |
After an unmodifiable error occurs, resets the slave to a known state and can reset the order byte |
|
20 |
Read General Parameters (584L) |
Displays data information in the extended memory file |
|
21 |
Write General Parameters (584L) |
Writes or modifies general parameters into the extended storage file |
|
22-64 |
Reserved for extended functions |
|
|
65-72 |
Reserved for user functions |
Reserved for user function extension codes |
|
73-119 |
Illegal Function |
|
|
120-127 |
Reserved |
Reserved for internal use |
|
128-255 |
Reserved |
Used for abnormal responses |
Among these function codes, the most commonly used are function codes 1, 2, 3, 4, 5, and 6, which can be used to read and write digital and analog quantities to the lower machine.
1. Command 01, Read Writable Digital Quantity Registers (Coil Status):
The computer sends the command: [Device Address] [Command Number 01] [Starting Register Address High 8 Bits] [Low 8 Bits] [Number of Registers to Read High 8 Bits] [Low 8 Bits] [CRC Check Low 8 Bits] [CRC Check High 8 Bits]
Example: [11][01][00][13][00][25][CRC Low][CRC High]
Meaning is as follows:
<1> Device Address: Multiple devices can be connected on a 485 bus; this device address indicates which device to communicate with. In this example, it communicates with device number 17 (decimal 17 is hexadecimal 11).
<2> Command Number 01: The command number for reading digital quantities is fixed at 01.
<3> Starting Address High 8 Bits, Low 8 Bits: Indicates the starting address of the switch quantity to be read (starting address is 0). For example, the starting address in this example is 19.
<4> Number of Registers High 8 Bits, Low 8 Bits: Indicates how many switch quantities to read starting from the starting address. In this example, it is 37 switch quantities.
<5> CRC Check: Checks from the beginning up to this point. The device responds: [Device Address] [Command Number 01] [Returned Byte Count] [Data 1] [Data 2] … [Data n] [CRC Check High 8 Bits] [CRC Check Low 8 Bits]
Example: [11][01][05][CD][6B][B2][0E][1B] [CRC High] [CRC Low]
Meaning is as follows:
<1> Device Address and Command Number are the same as above.
<2> Returned Byte Count: Indicates the number of data bytes, which is the value of n in Data 1, 2 … n.
<3> Data 1 … n: Since each data is an 8-bit number, each data represents the values of 8 switch quantities, with each bit being 0 indicating the corresponding switch is off, and 1 indicating it is on. For example, in this example, it indicates that switch number 20 (index number 19) is on, number 21 is off, number 22 is on, number 23 is on, number 24 is off, number 25 is off, number 26 is on, number 27 is on … If the number of switch quantities queried is not a multiple of 8, the high part of the last byte is meaningless and set to 0.
<4> CRC Check is the same as above.
2. Command 05, Write Digital Quantity (Coil Status):
The computer sends the command: [Device Address] [Command Number 05] [Register Address High 8 Bits] [Low 8 Bits] [Data High 8 Bits] [Low 8 Bits] [CRC Check Low 8 Bits] [CRC Check High 8 Bits]
Example: [11][05][00][AC][FF][00][CRC High][CRC Low]
Meaning is as follows:
<1> Device Address is the same as above.
<2> Command Number: The command number for writing digital quantities is fixed at 05.
<3> Register Address High 8 Bits, Low 8 Bits: Indicates the address of the switch to be set.
<4> Data High 8 Bits, Low 8 Bits: Indicates the state of the switch to be set. In this example, it closes the switch. Note that this command can only set one switch state.
<5> Note that this command can only set the state of one switch.
The device responds: If it successfully returns the command sent by the computer, otherwise it does not respond.
3. Command 03, Read Writable Analog Quantity Registers (Holding Registers):
The computer sends the command: [Device Address] [Command Number 03] [Starting Register Address High 8 Bits] [Low 8 Bits] [Number of Registers High 8 Bits] [Low 8 Bits] [CRC Check High 8 Bits] [CRC Check Low 8 Bits]
Example: [11][03][00][6B][00][03] [CRC High][CRC Low]
Meaning is as follows:
<1> Device Address is the same as above.
<2> Command Number: The command number for reading analog quantities is fixed at 03.
<3> Starting Address High 8 Bits, Low 8 Bits: Indicates the starting address of the analog quantity to be read (starting address is 0). For example, the starting address in this example is 107.
<4> Register Count High 8 Bits, Low 8 Bits: Indicates how many analog quantities to read starting from the starting address. In this example, it is 3 analog quantities. Note that in the returned information, one analog quantity requires two bytes to return.
The device responds: [Device Address] [Command Number 03] [Returned Byte Count] [Data 1] [Data 2] … [Data n] [CRC Check High 8 Bits] [CRC Check Low 8 Bits]
Example: [11][03][06][02][2B][00][00][00][64] [CRC High][CRC Low]
Meaning is as follows:
<1> Device Address and Command Number are the same as above.
<2> Returned Byte Count: Indicates the number of data bytes, which is the value of n in Data 1, 2 … n. In this example, it returns 3 analog quantity data, as each analog quantity requires 2 bytes, so a total of 6 bytes.
<3> Data 1 … n: where [Data 1][Data 2] are the high and low bytes of the first analog quantity, [Data 3][Data 4] are the high and low bytes of the second analog quantity, and so on. In this example, the returned values are 555, 0, and 100.
<4> CRC Check is the same as above.
4. Command 06, Write Single Analog Quantity Register (Holding Register)
The computer sends the command: [Device Address] [Command Number 06] [Register Address High 8 Bits] [Low 8 Bits] [Data High 8 Bits] [Low 8 Bits] [CRC Check High 8 Bits] [CRC Check Low 8 Bits]
Example: [11][06][00][01][00][03] [CRC High][CRC Low]
Meaning is as follows:
<1> Device Address is the same as above.
<2> Command Number: The command number for writing analog quantities is fixed at 06.
<3> Register Address High 8 Bits, Low 8 Bits: Indicates the address of the analog quantity register to be set.
<4> Data High 8 Bits, Low 8 Bits: Indicates the analog quantity data to be set. For example, this example sets the value of register 1 to 3.
<5> Note that this command can only set the state of one analog quantity.
The device responds: If it successfully returns the command sent by the computer, otherwise it does not respond.
5. Command 16, Write Multiple Analog Quantity Registers (Holding Registers)
The computer sends the command: [Device Address] [Command Number 16] [Register Address High 8 Bits] [Low 8 Bits] [Data Count High 8 Bits] [Data Count Low 8 Bits] [Data High 8 Bits] [Low 8 Bits] [……] [CRC Check High 8 Bits] [CRC Check Low 8 Bits]
Example: [11][16][00][01][00][01][00][05] [CRC High][CRC Low]
Meaning is as follows:
<1> Device Address is the same as above.
<2> Command Number: The command number for writing analog quantities is fixed at 16.
<3> Register Address High 8 Bits, Low 8 Bits: Indicates the address of the analog quantity register to be set.
<4> Data Count High 8 Bits, Low 8 Bits: Indicates the number of data to be set, which is 1 here.
<5> Data High 8 Bits, Low 8 Bits: Indicates the analog quantity data to be set. For example, this example sets the value of register 1 to 5.
The device responds: If it successfully returns the command sent by the computer, otherwise it does not respond. The device response: [Device Address] [Command Number 16] [Register Address High 8 Bits] [Low 8 Bits] [Data Count High 8 Bits] [Data Count Low 8 Bits] [CRC Check High 8 Bits] [CRC Check Low 8 Bits], as in the above example: [11][16][00][01][00][01] [CRC High][CRC Low]
Disclaimer: This article is reprinted from the internet, and the copyright belongs to the original author. If there are copyright issues, please contact us promptly to delete it. Thank you!
Complete Question Bank for the 2022 Electrician Junior Examination (Including Answers)
Three Must-Have Tools for Electricians, Easily Accessible via WeChat!
【Collection】 The “Path” for Ten-Year Veteran Electricians, Secrets to Earning Over Ten Thousand a Month!
Which of the Five Major Electrical Drawing Software (CAD, Eplan, CADe_simu…) do you pick?
Latest Electrical Version CAD Drawing Software, with Detailed Installation Tutorial!
Latest Electrical Drawing Software EPLAN, with Detailed Installation Tutorial!
Common Issues for Beginners Using S7-200 SMART Programming Software (Includes Download Links)
Comprehensive Electrical Calculation EXCEL Sheets, Automatically Generated! No Need to Ask for Electrical Calculations!
Bluetooth Headphones, Beginner Books for Electricians/PLC, Get Your Electrical Gifts!
Basic Skills of PLC Programming: Ladder Diagrams and Control Circuits (Includes 1164 Practical Cases of Mitsubishi PLC)
Still Can’t Understand Electrical Diagrams? Get the Basics of Electrical Diagram Recognition and Simulation Software, Quickly Get Started with Theory and Practice!
12 Free Electrician Video Courses, 10GB Software/E-Book Materials, and 30 Days of Free Live Electrician Courses!
