...
Modbus TCP packet structure
You can find more information on Modbus packet structure using this link.
The query packet consists of Transaction ID, Protocol, Length, Unit ID, Function Code and Function Parameters fields and the maximum size is 260 bytes.
...
Default Unit ID, Function Codes and Parameters can be found in the datasheet for the specific product. Answer messages are structured similarly and should be described in the product-datasheet as well.
Configuration
Sub-menu: /iot modbus
Once the board is connected to the Modbus device, the only thing that needs to be altered/checked in the settings is the "Modbus" port configuration:
...
check "modbus" port configuration (baud-rate can be changed if the connected Modbus device expects another value):
Code Block | ||
---|---|---|
| ||
[admin@MikroTik] > /port print
Columns: DEVICE, NAME, CHANNELS, USED-BY, BAUD-RATE
# DEVICE NAME CHANNELS USED-BY BAUD-RATE
0 modbus 1 modbus 9600
1 1-1 modem 4 9600 |
By default, a port with the name "modbus" is assigned to the Modbus service, but the service itself is disabled. In order to activate the "Modbus" service, you need to issue the command, as shown below:
Code Block | ||
---|---|---|
| ||
[ |
...
admin@MikroTik] > /iot modbus |
...
print disabled: yes hardware-port: |
...
modbus tcp-port: |
...
502 timeout: 1000ms disable-security-rules: yes [admin@MikroTik] > /iot modbus set disabled=no |
Additionally, when you want to allow Modbus clients to communicate with the Modbus server using TCP(502)/IP protocol, you need to make sure that the IP address is configured accordingly and that this IP+502 TCP port is accessible from the outside (in case "slave" devices are connecting from the WAN side). You can find information on how to configure the firewall using the firewall manual.
Property | Description |
---|---|
disabled (yes | no; Default: yes) | To enables or disable Modbus functionality. |
hardware-port (list of string; Default: modbus) | Assign a port to the service. Use the default "modbus" port. |
tcp-port (integer:0..4294967295; Default: 502) | Specify the TCP port that the device will use for Modbus TCP communication. |
timeout (integer:0..1000; Default: 1000) | Specify the timeout value, in milliseconds. Maximum allowed time during which a Modbus request is sent, and the reply is to be received. If the time between the request and the reply is longer than the configured value, the "failure" is returned. |
disable-security-rules (yes | no; Default: yes) | To enable or disable security-rule feature. |
Sending function code commands
...
via Modbus RTU
Info |
---|
Available only starting with v7.10. This is meant for the "Modbus RTU" scenario. This feature allows sending function code commands directly from RouterOS. For the "Modbus TCP" scenario, you have to use 3d-party software to send function code commands. |
Sub-menu: /iot modbus transceive
Property | Description |
---|---|
address (integer:0..255; Default: ) | Specify device address or unit ID. |
function (integer:0..255; Default: ) | Specify the function code. For example:
|
data (string, max length 504; Default: ) | Input data string that usually specifies register address and data to be sent. For example:
The data string is 4 bytes long. "0x2000" is the command to the register (2 bytes long) and "0x0001" (2 bytes long) is the device's address. See the Modbus device's specifications for the exact data string that needs to be sent. |
values (integer:0..4294967295; Default: ) | An alternative way to send the data (see data parameter above). In this case, each value specified represents 1 byte of the data payload/string. For example:
Equals to the output of data=20000001. 32(dec)=0x20(hex), 0(dec)=0x00(hex), 0(dec)=0x00(hex), 1(dec)=0x01(hex) → 0x20000001. |
An example of sending function code 3 command using the "transceive" feature:
...
From the output above, we can tell that Modbus connected device replied with a value "100" or data "01030164" (01→ address; 03→ function code; 01→ number of bytes; 64 (hex to dec=100)→ the reply).
Sending function code "3" command via Modbus TCP
Specifically for function code 3 (this will not work for any other function codes), you can use an additional option, like shown below:
...
The rule above will allow any possible IP address to send function code 3 and 6 commands to the Modbus-connected device. Everything else is restricted.
Property | Description |
---|---|
ip-range (Address/Netmask; Default: ) | Specify the IP address ranges (or networks) that will be allowed to send function code commands. |
allowed-function-codes (integer:0..4294967295; Default: ) | Specify the function codes that will be accessible only from the configured ip-range. |