Emsa HS500E Modbus TCP Handshaking, O s t / H S 5 0 0 E M o d b u s T C P H a n d s h a k i n g

Page 55

C H A P T E R 6 : M O D B U S T C P P R O T O C O L

6.2MODBUS TCP HANDSHAKING

Modbus TCP handshaking is governed by the changing of the “Overall Length” value within a data packet. The Overall Length value is typically the first 2-bytes of a command or response and indicates the total number of data words in the packet (including one word for the Overall Length value).

Overall Length values are stored in the first holding register, 40001, of Device ID 1 (for commands) and Device ID 33 (for responses). When the value at register 40001 (of Device ID 1) changes from 00, the HS500E will recognize that a command is waiting to be executed. The HS500E will then execute the command and return a response at Device ID 33.

6 . 2 . 1 H o s t / H S 5 0 0 E M o d b u s T C P H a n d s h a k i n g

One implication of this process is that when the Host issues a command, it must first write the entire command to the holding registers for Device ID 1, leaving the Overall Length value to be written last.

For example, for the Host to issue the 6-word command “Read Data,” it must first write the last 5 words of the command to Device ID 1, beginning at register 40002.

L A S T 5 W O R D S O F A R E A D D A T A C O M M A N D

Word

MSB

LSB

Description

 

 

 

 

02

AA

02

Command ID: Read Data

 

 

 

 

03

00

01

Node ID

 

 

 

 

04

03

E8

Timeout Value of 1 second (measured in

 

 

 

ms)

 

 

 

 

05

00

20

Read Start Address: 0x20

 

 

 

 

06

00

04

Read 4 Bytes

 

 

 

 

After writing the last 5 words of the command, the Host will write the Overall Length value to register 40001 of Device ID 1.

F I R S T W O R D O F A R E A D D A T A C O M M A N D

Word MSB

LSB

Description

01

00

06

Overall Length (in words)

The moment the Overall Length value at register 40001 of Device ID 1 changes to a “non-zero” value, the HS500E will recognize the waiting data and will execute the command.

H S 5 0 0 E – O P E R A T O R ’ S M A N U A L

P / N : 1 7 - 1 3 0 5 R E V 0 2 ( 1 2 - 0 5 )

 

P A G E 5 5 O F 8 2

Page 54 Page 56
Image 55
Page 54 Page 56
Contents Page 800 626-3993 toll free 831 438-7000 office 831 438-5768 fax Industrial Ethernet AntennaHS500E FCC Part FCC Compliance NoticeTable of Contents Html Server and OnDemand Overview Syntax Errors RF Response ErrorsModbus TCP Command Structure Modbus TCP Response Structure RAW TCP/IP Command Example RAW TCP/IP Response ExampleAppendix B Ascii Chart Appendix C ETHERNET/IP Object Model F I D E r v i e w Getting StartedIntroduction O m pa n y B a c k g r o u n dH o S h o u l d R e a d t h i s M a n u a l ? About this ManualE X N o ta t i o n I m e n s i o n s To p V i e w Dimensions & DiagramsI m e n s i o n s S i d e V i e w Dimensions Side ViewDimensions Rear View Power & Ethernet LED Descriptions E D D e s c r i p t i o n sN t e n n a R e a d R a n g e F r o n t V i e w N t e n n a R e a d R a n g e S i d e V i e w Installation P r e c a u t i o n s Installation & SetupInstall i n g t h e H S 5 0 0 E Html Server IP ConfigurationIP Address Configuration E Fault I P a d d r e s sHtml Server- Main Html Server IP ConfigurationEnter new IP address values in the fields provided Ping IP Address Pinging the HS500ECommand Structure Rfid CommandsT E Seconds See the .2.1 Rfid Command Table for Complete listM m a n d P a c k e t S t r u c t u r e Ta b l e 06 +Word, Node ID Echo Command Echo isByte RF Error Counter S p o n s e P a c k e t S t r u c t u r e Ta b l eReturned Data Bytes 1 Retry Counter in the MSBReturned Data Bytes 3 I D C o m m a n d s Ta b l e Rfid CommandsWord Value Field NameReturned Data bytes 1 MSB = RF Retry Counter 0100 LSB = Reserved Total TimeReturned Data bytes 3,4 I T E D a T a 0006 0003 0101 Xxxx 0006 0005 0101 Xxxx L L T a G0006 F100 0001 0000 M M a N D F S T L E D S / G E T I N F OCommand F1 Test LEDs / Read Info Response Structure Value Applicable when word 2 is F203Word Field Name WordMSB = RF Retry Counter LSB = Reserved Total Time Word # Field NameThis example sets the IP address of the HS500E to I T E I P a D D R E S SHS500E Factory Default IP Address Appendix a IP Address ResetS E T B a T T E R Y C O U N T E R There is no response for this commandF R e s p o n s e Error s Error CodesError Types Y n t a x Error sChapter ETHERNET/IP Protocol What is Ethernet/IP?T M L S e r v e r a n d O n D e m a n d O v e r v i e w Steps to Configure the HS500EHS500E Node Configuration ƒ Configure the HS500E via OnDemand Node ConfigurationOnDemand Configuration Write Settings OnDemand Node 01 ConfigurationUse this page to modify the settings for Node Controller SettingsWrite Tag Name / Write File Address Read SettingsG E 4 4 O F 8 O n t r o l l e r Ta g s S u m m a r y Configuring PLC Controller TagsOnDemand Status Checking Ondemand StatusScreen shot of RSLogix Using the HS500E with RslogixT h e r n e t / I P H a n d s h a k i n g E x a m p l e T h e r n e t / I P H a n d s h a k i n gG E 4 9 O F 8 Write Tag where responses are written by the HS500E Html Server and Ondemand PLC Support 4000 Modbus TCP OverviewO d b u s T C P C o m m a n d S t r u c t u r e Words / 200 BytesNode 01 Memory Map Consume Registers Modbus TCP Command Structure32775 65536Node 33 Memory Map Produce Registers O d b u s T C P R e s p o n s e S t r u c t u r e40001 Modbus TCP Response StructureO s t / H S 5 0 0 E M o d b u s T C P H a n d s h a k i n g Modbus TCP HandshakingG E 5 6 O F 8 Chapter RAW TCP/IP Protocol AW T C P / I P C o m m a n d E x a m p l e RAW TCP/IP Command & Response ExamplesLSB = Command ID 02 Read Data CommandAW T C P / I P R e s p o n s e E x a m p l e IP Address Reset Button Appendix a IP Address ResetAppendix B Ascii ChartG E 6 2 O F 8 Appendix C ETHERNET/IP Object Model D e n t i t y O b j e c t 0 x 0 1 1 I n s t a n c e Class Attributes Name Data Type Data Value Access RuleInstance Attributes Name Data Type Data Value Access Rule ETHERNET/IP Required ObjectsStatus Word Bit Bit = Common Services Implemented for Service Name CodeBitmap of Produce Instances with Data Class Attributes Name Data Data Value Access Rule TypeE s s a g e R o u t e r O b j e c t 0 x 0 S s e m b l y O b j e c t 0 x 0 4 3 I n s ta n c e sNode Serial Produce Data Size Produce Data Sequence NumberNode 1 Serial Produce Data Size Node 1 Serial Produce Data WORD100 All 0’sNode Serial Consume Data Size Consume Data Sequence NumberNode Serial Consume Data WORD100 All 0’s Instance 0x81 Attributes Heartbeat Instance Input Only Instance 0x80 Attributes Configuration InstanceYes SetAttributeSingle C P O b j e c t 0 x F 5 1 I n s ta n c e O n n e c t i o n M a n a g e r O b j e c t 0 x 0Name Server Interface Configuration Get Structure IP AddressNetwork Mask Gateway AddressPhysical Address Usint Array6 Get T h e r n e t L i n k O b j e c t 0 x F 6 1 I n s t a n c eInterface Speed 100 Get Interface FlagsBit 0 Instance 1 … Bit 31 Instance Vendor Specific Objects5 0 0 E C o n s u m e D a t a O b j e c t 0 x 6 4 3 S t a n c e sConsume Data 20,000-20,249 Consume Data 8,000-8,249Consume Data 9,000-9,249 Consume Data 10,000-10,249Yes Set Attribute Single Yes Get Attribute Single5 0 0 E P r o d u c e D a t a O b j e c t 0 x 6 5 3 122 Produce Data 30,000-30,249 Produce Data 9,000-9,249Produce Data 10,000-10,249 Produce Data 20,000-20,249G E 7 8 O F 8 Only D e m a n d O b j e c t 0 x 6 7 1 0 I n s ta n c e sRead Tag Name ControlLogix G E 8 1 O F 8 EMS Warranty
Top Page Image Contents