Please Contact Us if Necessary , Email :
【Technical Class】S7 200 SMART Modbus RTU Quick Start

【Technical Class】S7 200 SMART Modbus RTU Quick Start

1. Hardware connection

1 Serial port

Modbus communication principle: Modbus communication is master-slave communication, that is, a question-and-answer method. The master station sends response data to a slave station, and the slave station responds; when the master station has no data to send, the slave station does not respond.

This communication mechanism is implemented into the programming idea, which will be discussed in the programming chapter later.

The Modbus protocol runs on the serial interface, and the common serial interfaces include RS-232, RS-485, and RS-422. Modbus commonly used RS-485 interface.

Generally, three communication lines of RS-232 can complete the communication link. As shown in Figure 1, the txd of the RS232 device 1 is connected to the rxd of the device 2, and the rxd is connected to the txd, which can be received or sent at the same time, which is full duplex mode. Due to the limitation of RS-232 characteristics, it can only be connected one-to-one, that is, one master station is connected to one slave station. Therefore, the RS-232 interface is rare in Modbus communication.

RS-485 two communication lines can complete the communication link. As shown in Figure 2, A of multiple devices is short-circuited to form one line, and B is short-circuited to another line. Only send or receive at the same time, this is half duplex. Multiple devices can be mounted on the same link, enabling communication between one master station and multiple slave stations. This application scenario is the most common.

The serial interface of S7 200 SMART is RS-485, and the schematic diagram of pins is shown in Table 3.

Note: The A\B signal line of RS-485 is commonly called A\B;485+\485-. S7 200 SMART DB9 pin No. 3, namely RS-485 signal B, is commonly called A or 485+; No. 8 pin, namely RS-485 signal A, is commonly called B or 485 -.

2. Bus connector

In the case of complex industrial sites or long-distance communication, it is recommended to choose high-quality bus connectors and cables. The bus connector has its own terminal resistance and bias resistance. In this case, the stability and anti-interference ability of communication can be improved.

Bus connectors and cables, order numbers are shown in Table 4.

3. Why choose bus connectors and bus cables

As we all know, the network cable is divided into Category 5 and Category 6. The transmission bandwidth of Category 5 can be as high as 1000Mb/s, but it is generally only used in 100Mb/s networks; Category 6 is mainly used in Gigabit networks. The performance is much higher than the super five network cable standard. The intuitive difference between Category 5 and Category 6 cables is that the diameter of the copper core of the cable is different, and the copper core of Category 6 is obviously thicker than Category 5.

In the same way, it is speculated that the bus cable, the loop impedance: <150R/KM, is better than the general communication cable. The line resistance is small, the communication distance is long, and the anti-interference ability is strong.

The bus connector, with its own terminal resistance and bias resistance, can also improve the quality of communication.

The recommended networking method is shown in Figure 5:

The termination and bias resistors are shown in Figure 6:

4. Communication distance

The higher the communication baud rate, the shorter the communication distance. In long-distance communication, appropriately reduce the communication rate. The maximum distance of 9600 baud rate is recommended to be 1200 meters.


2. Modbus address


The purpose of communication is to read and write registers, so it is necessary to understand the representation of Modbus addresses.

There are many ways of Modbus address representation, such as 40001, 4x0001, 0000H, these three addresses are actually the same address. If there are 4 marks in the address, it is in decimal notation, and the starting address is 1, that is, the actual start address is 40001; In SMART PLC, the address is represented as 40001;

In UniMAT HMI or common configuration software, the address is expressed as 4x1; in the inverter or instrument, the address is often expressed as 0000H.

S7 200 SMART is used as a slave station, and the corresponding addresses are as follows:

A Modbus address is usually written as a 5-character numeric value containing the data type and offset. The first character determines the data type, and the last four characters select the appropriate value in the data type. The Modbus master then maps the address to the correct function

The Modbus slave commands support the following addresses:

00001 to 00128 are discrete outputs mapped to Q0.0 - Q15.7

10001 to 10128 are discrete inputs mapped to I0.0 - I15.7

30001 to 30032 are analog input registers mapped to AIW0 to AIW62

40001 to 4xxxx are holding registers mapped to V memory.

All Modbus addresses are 1-based. The table below shows the Modbus addresses mapped to the S7-200 addresses.

Modbus address S7-200 address

00001 Q0.0

00002 Q0.1

00003 Q0.2


00127     Q15.6

00128     Q15.7

10001 I0.0

10002 I0.1

10003 I0.2


10127 I15.6

10128 I15.7

30001     AIW0

30002 AIW2

30003     AIW4


30032 AIW62

40001     Hold Start

40002 HoldStart+2

40003 HoldStart+4


4xxxx HoldStart+2 x (xxxx-1)

For UniMAT HMI, the address correspondence is shown in Table 7:

3. Message


To read or write different Modbus addresses, different function codes are required, as shown in Table 7 above.

Commonly used function codes are FC03 and FC06. Here, the function code 03 is used to describe the message.

Function code 03, read the three registers starting from register 006BH, the master station message example is as follows:

Table 8 Master station 03 message

The slave station message response message is as follows:

Other message formats are no longer specified, and those who are interested can check on the official website


4. S7 200 SMART Modbus

RTU slave programming

The function implemented by the above program: Set the 0 port of the CPU as a Modbus slave with a slave address of 1, a baud rate of 9600, and an even parity.

The number of IOs that allow the master station to operate is 128, the analog quantity is 32, and the 1000 registers starting with VW0. The VW0 of the CPU is the Modbus address 40001, the VW2 is 40002, and so on.

Parameter description:
The "Mode" input value is used to select the communication protocol: when the input value is 1, the Modbus protocol is assigned and enabled; when the input value is 0, the PPI protocol is assigned and the Modbus protocol is disabled.

The parameter "Addr" sets the address to a value between 1 and 247 inclusive.

The parameter "Baud" sets the baud rate to 1200, 2400, 4800, 9600, 19200, 38400, 57600 or 115200.

The parameter "Parity" should be set to match the parity of the Modbus master. All settings use one stop bit. Accepted values ​​are: 0 (no parity), 1 (odd parity), and 2 (even parity).

The parameter "Port" sets the physical communication port (0 = RS-485 integrated in the CPU, 1 = RS-485 or RS-232 on the optional signal board).

The parameter "Delay" delays the standard Modbus message end timeout condition by increasing the standard Modbus message timeout by the allocated number of milliseconds. A typical value for this parameter should be 0 when running on a wired network. If using a modem with error correction, set the delay to a value between 50 and 100 ms. If using spread spectrum wireless communication, set the delay to a value between 10 and 100 ms. The Delay value can be from 0 to 32767 ms.

The parameter MaxIQ is used to set the number of I and Q points available for Modbus addresses 0xxxx and 1xxxx, and the value range is 0 to 256. A value of 0 disables all reads and writes to input and output. It is recommended to set the MaxIQ value to 256.

The parameter MaxAI is used to set the number of word input (AI) registers available for Modbus address 3xxxx, the value range is 0 to 56. A value of 0 disables reading of the analog input.

The parameter MaxHold is used to set the number of word holding registers in V memory accessible by Modbus address 4xxxx or 4yyyyy. For example, if you want to allow a Modbus master to access 2000 bytes of V memory, set the value of MaxHold to 1000 words (holding registers).

The parameter HoldStart is the starting address of the holding registers in V memory. This value is normally set to VB0, so parameter HoldStart is set to &VB0 (address VB0). Other V memory addresses can also be specified as starting addresses for holding registers to use VB0 elsewhere in the project. The Modbus master can access the V memory whose starting address is HoldStart and the number of words is MaxHold.

When the MBUS_INIT instruction completes, the "Done" output turns on.

The Error output byte contains the result of the execution of the instruction. This output is only active when Done is on. If Done is off, the error parameter does not change.


Five, S7 200 SMART Modbus  RTU master programming


As mentioned above, the Modbus communication mechanism is mentioned above. The master device can only send or receive at the same time or at the current time. For multiple slave stations or multiple operations on the registers, it is recommended to use the polling mechanism, that is, only one MSG is allowed to be triggered at the same time. instruction. According to this programming idea, two polling operations are recommended .

1. Master initialization

Set the Modbus communication baud rate to 9600, even parity, 1000ms timeout, and use the main body DB9 communication.

2. Polling mode one

Idea: Use the value change of the C0 register to trigger the MSG instruction to ensure that only one MSG is executing at the same time.

 Program function: C0 is cleared after power-on; after the initial completion of the master station, C0 is 1; after each MSG instruction is completed, C0 is incremented by 1; after the third completion, execute the first MSG instruction


Network 3 program function: read the 5 registers starting from 412345 with the slave station address of 1, and store them in the 5 words starting from the master station CPU VW100.

Network 4 program function: read the 5 registers starting from 40001 with the slave station address of 2, and store them in the 5 words starting from the master station CPU VW110.


3. Polling Mode 2

Program function: read the 5 registers starting from 40001 with the slave station address of 1, and store them in the 5 words starting from the master station CPU VW100.

Write 5 words starting from CPU VW110 to 5 registers starting from 40001 with slave address 2.

There is also a habit of using the completion position of the MSG instruction to set an internal relay Mx.x, Mx.x triggers the next MSG instruction, and so on; or the triggering method of fixed time, and other different programming ideas. Regardless of the programming idea, make sure that only one MSG instruction is triggered at a time.


6. Precautions


A. After the Modbus master or slave initialization command is initialized, the PPI protocol is not available.

B. The same serial port can only be used as one of Modbus master station, slave station, PPI, etc. (except program control initialization).

C. When the CPU is the master station, only one MSG instruction can be triggered at the same time (the important thing is said N times).

A and B of DB9 RS485 of D.S7 200 SMART are different from A and B in popular saying.

E. Recognize the representation of the slave register address, whether it is decimal or hexadecimal.

F. If the communication goes well, you can skip the first four chapters.


7. Troubleshooting


When the communication is abnormal, it is recommended to check from the following aspects:

A. Make sure the communication cable is connected correctly. Refer to Chapter 1, focusing on Chapter 1.1.

B. Ensure that the master-slave communication parameters are consistent.

C. Confirm that the registers of the slave station can be read and written by the master station. The registers of some inverters or instruments are read-only or write-only, or readable and writable. Some drives have a limited length of data that can be read or written at one time.

D. The above is normal, monitor the PLC program to detect whether a certain MSG instruction has been triggered without jumping action.

E. Use the computer serial port assistant software to monitor the communication messages, and locate whether the master station does not send data, or the slave station does not respond to data, or the message responded by the slave station is wrong. Refer to Chapter 3.

Monitor communication messages: connect A and B of the computer 485 in parallel on the communication link.

8. Communication time limit

The more the number of slave stations, the more times the register is operated, and the longer the communication cycle is. For fast communication, batch read or write registers, or increase the communication baud rate. If any slave station is offline or abnormal, the communication cycle is uncontrollable.

Take remote conference as an example to illustrate the Modbus communication mechanism:

5 people are in a remote conference, and 5 people are talking at the same time. Everyone can't hear clearly, and information exchange cannot be achieved.

Introduce the moderator mechanism, the moderator is the master station, and the moderator ranks the other 4 people with serial numbers, 1, 2, 3, 4, that is, 4 slave stations.

When the host speaks, the master station sends a message. The message has a fixed format. The first byte is the slave station address, that is, the personnel number.

The host does not speak, and the other four are not allowed to speak, and even if they speak, they will be blocked by the host. That is, the slave station sends any message, and the master station accepts it as invalid information.

Only whoever the moderator points to can speak, and speak in the format specified by the moderator, that is, the message format is fixed.

The host said: No. 1 xxxx. 4 people can hear, but only 1 can respond and respond in the correct way. In response to an error, the moderator will also treat the information as invalid.

When the host called No. 1, No. 1 deserted, did not respond in time, and exceeded the predetermined timeout time, the host called again, and so on three times.

After three times, No. 1 still does not respond. The host gives up No. 1 and continues to call No. 2, No. 3, and No. 4. This is the polling mechanism.

Under normal circumstances, one question and one answer, the response is very fast. If one person deserts, the communication cycle is extended by 3 times the timeout period.

Therefore, when all staff are online, the communication cycle is related to the speech rate, that is, the baud rate, and the number of people, that is, the number of slave stations; when not online, the communication cycle is uncontrollable.

In this way, it is necessary to ensure that there is a high-quality communication link and a normal online slave station to ensure the stability of the communication cycle.

Leave a comment

Please note: comments must be approved before they are published.

If You Would Like to Contact Support or Make a Purchase Please Fill out the Form

If you have urgent needs, please call our customer service number

Please fill in your information in detail so that our support staff can clearly understand your needs.

Value is required
Value is required
Please input the correct email address
Value is required
Thank you!