Versions Compared

Old Version 24

changes.mady.by.user Deniss M.

Saved on

compared with

New Version Current

changes.mady.by.user Deniss M.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Modbus TCP packet structure

You can find more information on Modbus packet structure using this link.

The query packet consists of Transaction ID, Protocol, Length, Unit ID, Function Code and Function Parameters fields and the maximum size is 260 bytes.

...

Default Unit ID, Function Codes and Parameters can be found in the datasheet for the specific product. Answer messages are structured similarly and should be described in the product-datasheet as well.

Configuration

Sub-menu: /iot modbus

Once the board is connected to the Modbus device, the only thing that needs to be altered/checked in the settings is the "Modbus" port configuration:

...

check "modbus" port configuration (baud-rate can be changed if the connected Modbus device expects another value):

Code Block
languageros
[admin@MikroTik] > /port print
Columns: DEVICE, NAME, CHANNELS, USED-BY, BAUD-RATE
# DEVICE  NAME    CHANNELS  USED-BY  BAUD-RATE
0         modbus         1  modbus        9600
1 1-1     modem          4                9600

By default, a port with the name "modbus" is assigned to the Modbus service, but the service itself is disabled. In order to activate the "Modbus" service, you need to issue the command, as shown below:

Code Block
languageros
[

...

admin@MikroTik] > /iot modbus

...

 print       
                disabled: yes
           hardware-port:

...

 modbus
                tcp-port:

...

 502
                 timeout: 1000ms
  disable-security-rules: yes
[admin@MikroTik] > /iot modbus set disabled=no

Additionally, when you want to allow Modbus clients to communicate with the Modbus server using TCP(502)/IP protocol, you need to make sure that the IP address is configured accordingly and that this IP+502 TCP port is accessible from the outside (in case "slave" devices are connecting from the WAN side). You can find information on how to configure the firewall using the firewall manual.


PropertyDescription
disabled (yes | no; Default: yes)

To enables or disable Modbus functionality.

hardware-port (list of string; Default: modbus)

Assign a port to the service. Use the default "modbus" port.

tcp-port (integer:0..4294967295; Default: 502)
Specify the TCP port that the device will use for Modbus TCP communication.
timeout (integer:0..1000; Default: 1000)

Specify the timeout value, in milliseconds. Maximum allowed time during which a Modbus request is sent, and the reply is to be received. If the time between the request and the reply is longer than the configured value, the "failure" is returned.

disable-security-rules (yes | no; Default: yes)

To enable or disable security-rule feature.

Sending function code commands

...

via Modbus RTU

Info
Available only starting with v7.10. This is meant for the "Modbus RTU" scenario. This feature allows sending function code commands directly from RouterOS. For the "Modbus TCP" scenario, you have to use 3d-party software to send function code commands.

Sub-menu: /iot modbus transceive

PropertyDescription
address (integer:0..255; Default: )

Specify device address or unit ID.

function (integer:0..255; Default: )

Specify the function code.

For example:

  • function=3 → Read Holding Register function code;
  • function=6 → Write Single Holding Register function code.
data (string, max length 504; Default: )

Input data string that usually specifies register address and data to be sent.

For example:

  • data=20000001

The data string is 4 bytes long. "0x2000" is the command to the register (2 bytes long) and "0x0001" (2 bytes long) is the device's address.

See the Modbus device's specifications for the exact data string that needs to be sent.

values (integer:0..4294967295; Default: )

An alternative way to send the data (see data parameter above). In this case, each value specified represents 1 byte of the data payload/string.

For example:

  • values=32,0,0,1

Equals to the output of data=20000001. 32(dec)=0x20(hex), 0(dec)=0x00(hex), 0(dec)=0x00(hex), 1(dec)=0x01(hex) → 0x20000001.

An example of sending function code 3 command using the "transceive" feature:

...

From the output above, we can tell that Modbus connected device replied with a value "100" or data "01030164" (01→ address; 03→ function code; 01→ number of bytes; 64 (hex to dec=100)→ the reply).


Sending function code "3" command via Modbus TCP

Specifically for function code 3 (this will not work for any other function codes), you can use an additional option, like shown below:

...

The rule above will allow any possible IP address to send function code 3 and 6 commands to the Modbus-connected device. Everything else is restricted.

PropertyDescription
ip-range (Address/Netmask; Default: )

Specify the IP address ranges (or networks) that will be allowed to send function code commands.

allowed-function-codes (integer:0..4294967295; Default: )

Specify the function codes that will be accessible only from the configured ip-range.