Table of Contents

Modbus/TCP

Modbus/TCP is a common protocol for connecting control and monitoring equipment. The fundamental protocol is the same as for Modbus/RTU, with the obvious difference that Modbus/TCP uses an Ethernet connection to link the devices together, while Modbus/RTU use a serial, RS-485 bus.

Another key difference between Modbus/TCP and Modbus/RTU is that in Modbus/RTU, only one device must be the 'master', and all the other devices must be 'slaves'. In Modbus/TCP, any device can be both a 'server' (providing information to a requestor) or a 'client' (requesting information from servers) - all at the same time.

Note that most Modbus/TCP servers allow a limited number of concurrent connections. Please refer to the documentation of the specific device you are using for these details. The ezeio allows up to 20 concurrent Modbus/TCP connections.

For detailed information about Modbus, please refer to http://modbus.org/

Modbus/TCP wiring

Since Modbus/TCP uses Ethernet, common networking hardware is used to connect devices together.

We recommend to always use an Ethernet switch between the ezeio and the device(s).

A switch is always required if more that one device is connected to the ezeio. If only a single device is connected, a direct connection may work. We have noticed some devices do not properly handshake when connected directly, so we strongly recommend to always use a switch even with a single device.

The ezeio supports standard Ethernet TP10/100, Auto MDX. The 'Auto MDX' part means that you can use either a regular Ethernet patch cable, or a 'crossover' Ethernet cable. The ezeio will detect the cable type and adapt accordingly.

All standard Ethernet wiring practices apply.

The ezeio uses the same connector for both cloud connectivity and Modbus/TCP. If the LAN provides public Internet access, you must use a correctly configured router to disallow any traffic from the public Internet to your control devices.

If the ezeio is using the built-in cellular modem for cloud connectivity, the Ethernet connection can be dedicated to the Modbus/TCP function, eliminating any security concerns.

Power considerations

The Ethernet connector on the ezeio is electrically isolated. It does not provide power, nor can does it accept power for the ezeio. Any devices connected to the ezeio via Ethernet must be separately powered. The ezeio does not support PoE.

Modbus/TCP addressing

By default the ezeio will expect a DHCP server to provide IP addressing for the LAN. If there is no DHCP server set up, you will need to manually set up fixed IP's in each device, including the ezeio. All devices and the ezeio must be configured for the same subnet (commonly a private network like 192.168.0.0/16, 172.16.0.0/12 or 10.0.0.0/8). Only the last octet is used for local addressing, so the subnet must be a /24 (255.255.255.0).

All devices and the ezeio must be configured for the same /24 subnet.

By default, the ezeio uses port 502 for both client and server Modbus/TCP traffic. The port number can be changed in the ezeio configuration. The TCP server can be turned off by setting the Server Port (under Configure/System) to 0.

Modbus server registers

The ezeio exposes the following registers:

Input registers Read (command 4)

Register Address Type Description
30001 0 UINT_16 Input 1 raw value (mV, uA or Ohm)
30002 1 UINT_16 Input 2 raw value (mV, uA or Ohm)
30003 2 UINT_16 Input 3 raw value (mV, uA or Ohm)
30004 3 UINT_16 Input 4 raw value (mV, uA or Ohm)
30005 4 UINT_16 Input 5 raw value (mV, uA or Ohm)
30006 5 UINT_16 Input 6 raw value (mV, uA or Ohm)
30007 6 UINT_16 Input 7 raw value (mV, uA or Ohm)
30008 7 UINT_16 Input 8 raw value (mV, uA or Ohm)
30009 8 UINT_16 Supply voltage (mV)
30010 9 UINT_16 Batt terminal voltage (mV)
30011 10 UINT_16 5V terminal voltage (mV)
30012 11 UINT_16 Uptime (seconds), masked low 16 bits
30013 12 INT_32 Location Longitude (*106 °)
30015 14 INT_32 Location Latitude (*106 °)
30017 16 INT_32 Location Elevation (*10 m)
30019 18 UINT_16 GPS signal
30020 19 UINT_16 constant 23456 (5BA0 hex)
30021 20 UINT_32 constant 123456789 (075BCD15 hex)
30023 22 UINT_32 ezeio serial number
30025 24 UINT_32 RTC time (UNIX timestamp)

Holding registers Read (command 3)

Register Address Type Description
40001 0 INT_16 Field 1 value, as integer masked to 16 bit
40002 1 INT_16 Field 2 value, as integer masked to 16 bit
/ / / /
40090 89 INT_16 Field 90 value, as integer masked to 16 bit
40101 100 INT_32 Field 1 value, as integer
40103 102 INT_32 Field 2 value, as integer
/ / / /
40280 279 INT_32 Field 90 value, as integer
40301 300 FLOAT Field 1 value, as IEEE754 floating point
40303 302 FLOAT Field 2 value, as IEEE754 floating point
/ / / /
40480 479 FLOAT Field 90 value, as IEEE754 floating point
41001 1000 INT_32 User defined cell, address 0 (see script command SetVal/GetVal)
41003 1002 INT_32 User defined cell, address 1
/ / / /
42023 2022 INT_32 User defined cell, address 511

Holding register Write (command 6)

NOTE: The field will only accept the value written if the field is configured as Writeable.

Register Address Type Description
40001 0 INT_16 Field 1 value, as integer masked to 16 bit
40002 1 INT_16 Field 2 value, as integer masked to 16 bit
/ / / /
40090 89 INT_16 Field 90 value, as integer masked to 16 bit
41001 1000 INT_16 Write to user defined cell 0, as 16 bit integer (see script command SetVal/GetVal)
41003 1002 INT_16 Write to user defined cell 1, as 16 bit integer
/ / / /
42023 2022 INT_16 Write to user defined cell 511, as 16 bit integer

Multiple holding registers Write (command 16 / 0x10)

NOTE: The field will only accept the value written if the field is configured as Writeable.

Register Address Type Description
40001 0 INT_16 Field 1 value, as integer masked to 16 bit
40002 1 INT_16 Field 2 value, as integer masked to 16 bit
/ / / /
40090 89 INT_16 Field 90 value, as integer masked to 16 bit
40101 100 INT_32 Field 1 value, as integer
40103 102 INT_32 Field 2 value, as integer
/ / / /
40280 279 INT_32 Field 90 value, as integer
40301 300 FLOAT Field 1 value, as IEEE754 floating point
40303 302 FLOAT Field 2 value, as IEEE754 floating point
/ / / /
40480 479 FLOAT Field 90 value, as IEEE754 floating point
41001 1000 INT_32 User defined cell, address 0 (see script command SetVal/GetVal)
41003 1002 INT_32 User defined cell, address 1
/ / / /
42023 2022 INT_32 User defined cell, address 511

Modbus/TCP security

Modbus/TCP is not a secure protocol. It relies on the security of the LAN. Typically a Modbus/TCP LAN should be dedicated to this functionality, and not have any Internet connectivity at all. Never allow incoming traffic on the same port as Modbus is using (TCP/502). Modbus/TCP is not designed for remote access and should never be routed on the Internet.

Modbus/TCP does not have any security or access control. Never use Modbus/TCP on public or untrusted networks.

If the Ethernet is connected to a public or untrusted network, we recommend turning off the TCP server by setting the Server Port (under Configure→System) to 0.