Preface
With the launch of PN1-D25 series profinet to modbus gateway, many customers recently reported that the gateway could not read and write the correct data when using Botu or STEP 7 software to configure PN1-D25, and the gateway would return an error, which was manifested as the error lights of the gateway and PLC flashing. When we provide technical support to customers, most customers configured the "register modbus address" as the "register address" to the gateway, causing the gateway to read and write to the wrong register and cause an error. So how to understand the "register modbus address" and "register address", what is the difference between them. When should which address be used? The following will introduce it in detail.
1. Modbus address partition of register
The Modbus address area is divided into area 0, area 1, area 3, and area 4
Area 0, area 1, area 3, and area 4 are each a data area, which is the address range specified by the Modbus protocol. The various addresses are mutually corresponding
Area 0: Discrete output, readable/writable [corresponding to PLC: DO] Coil type address: 00001~09999. Use function code: 01, 05, 15
Area 1: Discrete input 16 bits, read-only [corresponding to PLC: DI] Contact type address: 10001~19999. Use function code: 02
Area 3: Input register 16 bits, read-only [corresponding to PLC: AI] Analog input address: 30001~39999. Use function code: 04
Area 4: Holding register, readable/writable [corresponding to PLC: AO (or some parameter area)] Analog output address: 40001~49999. Use function codes: 03, 06, 16
2. Register address
To understand the modbus address, let's first briefly introduce the modbus protocol message. The following is a modbus message for reading the holding register (address 40001). The modbus request message basically consists of the slave address, function code, register address, number of registers to read and write, and CRC16 checksum. Reading 40001 corresponds to the function code (0x03) and register address (0x00) in the modubs message.