Sign in to follow this  
mse3000

Multiple Devices on Port 502

Recommended Posts

I am currently struggling to understand the rules of what connections are allowed on the default modbus port 502.

My setup is a computer running Daq factory connected via a hub to two Advantech ethernet Adam units (6024, 6066) and an E-Senza Modbus gateway. Each one has its own Communication Device set up with IP addresses 192.168.22.149 through 151. All are currently set to port 502.

My confusion arises because I can communicate with both Adam units with no problems but if I run a channel looking at the E-Senza device, I get illegal data address errors (although data is still sent to and from the device, as displayed by Tx, Rx in the monitoring window).

Unexplainable by ourselves or the manufacturers of the E-senza device, we have to poll channels in the range of 20000 to establish modbus comms with the device. Could this perhaps be causing the issue?

Regards,

Mark Ellis

Share this post


Link to post
Share on other sites

Your error has nothing to do with Ethernet, port 502, nor your Advantech units. Illegal data address is a standard modbus address that is returned by the device itself when you make a request for something that doesn't exist. I'm surprised that the E-senza people didn't recognize this and couldn't simply look at the communication traffic and tell you what is wrong. Modbus isn't particular complex, and rather easy to read for anyone who programs it.

That said, I can give you a few pointers:

1) you may be trying to read a holding register and the device only supports input registers (or vice-versa)

2) you may be trying to read a 32 bit value, and have selected U16 or S16 and the device is throwing this error because it recognizes that you are only requesting part of the data

3) the device may not support block reads (reading more than one tag with a single query). Start simple and try just reading one tag

4) Call the manufacturer back, tell them exactly what DAQFactory is transmitting, and ask them why the device doesn't like it. If they don't understand the modbus bytes you are giving them, then ask to speak with someone else. I recommend selecting "Display all chars as ascii codes" from the DAQFactory comm monitor.

Share this post


Link to post
Share on other sites

Many thanks for the response. Following up on this I sent the transmit and recieve data to E-Senza as follows, as points 1 and 2 made no difference.

Data sent and received without other traffic on port 502 first, and immediately after with other traffic. Illegal data address is returned when run in conjunction with other traffic.

Tx (08:31:52.501): 000000000006010378370001

Rx (08:31:52.506): 000000000005010302\127\236

Tx (08:31:53.501): 000000000006010300040001

Rx (08:31:53.540): 00000000000301\13102

Now somewhat annoyingly and in no response to the original question their response was as follows.

"I just tried to understand what the difference is between the modbus-request sent when it works (e.g. modpoll) and QuickMod.

I did this by listening on port 502 on the slave side, i.e. just looking at what comes out there.

Working setup:

{00}{14}{00}{00}{00}{00}{00}{06}{01}{03}

QuickMod:

{00}{00}{00}{00}{00}{06}{01}{03}{00}{00}{00}{14}

Could we ask Azeotech how QuickMod would need to be configured to make it requesting in same way as modpoll does ?"

Can I point out that E-Senza like to test their system using "modpoll" which runs in a command window (Run - cmd) and we are of the opinion they need to make their system work with a fully functional Windows based system.

In response to their question we have already asked what it would take them to make the E-Senza gateway respond correctly to DAQ Factory, as we did in the first place, but do you have any ideas based on their question ?

Many thanks for your continued support, the aftersales support provided by Azeotech is excellent!

Best Regards,

Mark

Share this post


Link to post
Share on other sites

So they tried QuickMod themselves? This, from quickmod:

{00}{00}{00}{00}{00}{06}{01}{03}{00}{00}{00}{14}

is the proper ModbusTCP query for requesting 14 registers starting with address 0.

This, from modpoll:

{00}{14}{00}{00}{00}{00}{00}{06}{01}{03}

looks like the tail end of one request (the {00}{14}) and the beginning of another ({00}{00}{00}{00}{00}{06}{01}{03}). Their frame is out of line and they captured parts of two different queries. This just confirms to me that whoever you are talking to at E-Senza knows next to nothing about Modbus. If you don't believe me, take a look at the modbus specs. Anyhow, that doesn't really help you:

1) go back to E-Senza and explain that the modpoll frame they provided is actually parts of two frames and doesn't show a complete frame. See if you can get a working frame from them. It will have {06} as the 6th byte.

2) you might download modpoll yourself, or try another simple tool like modscan

3) it may be that the E-senza device doesn't support modbus address 0, or at least 0-13. The request that works is at a much higher address than the one that doesn't.

Share this post


Link to post
Share on other sites

Additional - Problem now resolved.

Problem has now been solved by E-Senza, they did realise that their modbus request was part of two requests and did recitfy this.

The E-Senza device is pre programmed with a modbus start address which was defined as 40001. I think this conflicted with the usual modbus request as when this "start address" was changed to 1 multiple devices can now be successfully communicated with on port 502.

Many thanks for your support with this.

Regards,

Mark

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this