Control Protocol
The AMIO uses a standard Modbus TCP protocol.
The TCP port number for Modbus TCP is standardized to 502.
Protocol Header
The header of the Modbus/TCP protocol is shown in Table 1 below.
| Byte | Name | Description |
|---|---|---|
| 0 | Transaction identifier | Returned by the slave |
| 1 | Transaction identifier | Returned by the slave |
| 2 | Protocol identifier | Always 0 |
| 3 | Protocol identifier | Always 0 |
| 4 | Length field | 0 (if the message is less than 256 bytes in length) |
| 5 | Length field | Number of following bytes |
| 6 | Unit identifier | Is returned by the slave |
| 7 | Modbus function | The Modbus protocol function |
Commands
Standard Modbus commands 1, 2, 5, and 15 are used as shown in Table 2 below.
| Command | Offset | Modbus Function Code |
|---|---|---|
| Read Input | 0...4095 | Function 2: Read Discrete Inputs |
| Read Output | 0...4095 | Function 1: Read Coils |
| Write Output | 0...4095 | Function 5: Write Single Coil |
| Write Outputs | 0...4095 | Function 15: Write Multiple Coils |
Read Input
The Read Input command (known as Function 2: Read Discrete Inputs in the Modbus protocol) is used to read digital input data.
More information about this function can be found here.
Example
In this example, the first 10 digital inputs are read as shown in Table 3. The start address is zero. An offset can be entered in the Start address field.
| Byte Name | Example |
|---|---|
| Function code | 2 |
| Start address high | 0 |
| Start address low | 0 |
| Count high | 0 |
| Count low | 10 |
The query requests 10 bits, so the response returns 2 bytes. The value of 1 indicates that data bit 1 is set, meaning that the first physical input is "on" as shown in Table 4.
| Byte Name | Example |
|---|---|
| Function code | 2 |
| Byte count | 2 |
| Data bits 0...7 | 1 |
| Data bits 8...18 | 0 |
Read Output
The Read Output command (known as Function 1: Read Coils in the ModBus protocol) is used to read digital outputs.
More information about this function can be found here.
Example
In this example, the first 10 digital outputs are read as shown in Table 5. The start address is zero. An offset can be entered in the Start address field.
| Byte Name | Example |
|---|---|
| Function code | 1 |
| Start address high | 0 |
| Start address low | 0 |
| Count high | 0 |
| Count low | 10 |
The query was for 10 bits, so the response returns 2 bytes. The value of "4" indicates that data bit 3 is set, meaning that the third physical output is "on" as shown in Table 6.
| Byte Name | Example |
|---|---|
| Function code | 1 |
| Byte count | 2 |
| Data bits 0...7 | 4 |
| Data bits 8...18 | 0 |
Write Output
The Write Output command (known as Function 5: Write Single Coil in the Modbus protocol) is used to write a single digital output.
More information about this function can be found here.
Example
In this example, the third output is set as shown in Table 7. The start address is zero. The digital value is located in the Data high field. To switch the output on, Data high must contain the value 0xFF, while 0x00 is used to switch the output off. Data low must contain the value 0x00.
| Byte Name | Example |
|---|---|
| Function code | 5 |
| Start address high | 0 |
| Start address low | 0 |
| Data high | 255 |
| Data low | 0 |
The response contains information about which output was set as shown in Table 8.
| Byte Name | Example |
|---|---|
| Function code | 5 |
| Start address high | 0 |
| Start address low | 2 |
| Data high | 255 |
| Data low | 0 |
Write Outputs
The Write Outputs command (known as Function 15: Write Multiple Coils in the Modbus protocol) is used to write multiple digital outputs.
More information about this function can be found here.
Example
In this example, the first 20 digital outputs are written as shown in Table 9. The digital outputs begin at an offset of 0x0000. The offset always describes a bit. For example, offset 0x0003 writes to the fourth bit, setting the fourth output high. The length indicates the number of bits, and the byte count is the total number of bytes to be written.
For this example, the length is 20, therefore, the byte count is 3 bytes (round up to the nearest byte). In this example, bits 0 to 15 are set to on, while bits 16 to 23 are set to off.
| Byte Name | Example |
|---|---|
| Function code | 15 |
| Start address high | 0 |
| Start address low | 0 |
| Length high | 0 |
| Length low | 20 |
| Byte count | 3 |
| Data 1 bit 0...7 | 255 |
| Data 2 bit 8...15 | 255 |
| Data 3 bit 16...23 | 0 |
The response contains information about how many outputs were set as shown in Table 10.
| Byte Name | Example |
|---|---|
| Function code | 15 |
| Start address high | 0 |
| Start address low | 0 |
| Length high | 0 |
| Length low | 20 |