What is Modbus?

The Modbus protocol is a communication protocol created in 1979 by Modicon to enable communication with PLC devices. Its simplicity and reliability made it a worldwide standard used in both BMS (Building Automation Systems) as well as in ICS (Industrial Control Systems). Modbus is one of the most used protocols in industrial electronic devices, despite the time of its market introduction.

What made Modbus famous?

Why Modbus protocol became so popular and still is used frequently in industrial environments? Here are the factors:

  • Modbus was created by one of the biggest PLC (Programmable Logic Controllers) manufacturers and it was specially developed for automation applications.
  • It is simple! Modbus protocol is easy to implement and maintain.
  • Modbus is an open protocol, which means any manufacturer can implement it free of charge.
  • Communication secured against message corruption. Thanks to CRC (cyclic redundancy check) the transmission is checked for errors to provide accuracy. 

Thanks to the above Modbus as a standard has been adopted by most manufacturers of industrial controllers. 

How does Modbus work?

Devices with Modbus protocol communicate using the Client-Server (Master-Slave) technique, where only the Client can call a query and start a transaction with a server that will answer the queries to the Client with requested data. The simplest configuration is one Client one Server, but a network can be built of one Client with up to 247 servers. In iSMA Solution, a typical application would be a Master Controller iSMA-B-MAC36NL as a Client communicating with iSMA MIX and MINI I/O Modules (Servers). 


Since July 2020 Modbus Organization decided to replace “master-slave” naming with the “client-server” to describe Modbus communications, characterized by communication between a client device (s), which initiates communication and makes requests of server device(s), which process requests and return an appropriate response (or error message).


What is the version of Modbus Protocol?

Modbus protocol was created to enable transmission between devices over a serial bus. RS485 interface for Modbus communication is the most frequently used in industrial automation, but there are also Ethernet communication possibilities with Modbus.



Pic. 2 Example of Modbus protocol configuration with DIP switches on iSMA I/O Module

Modbus RTU

It is most commonly used in serial communication. The bytes in the frame are sent in binary as eight-bit characters. The frame is secured with the CRC checksum to detect any errors. The characters in the frame must be transmitted continuously without gaps between characters (maximum 1.5T where T is the time of transmission of one character). Each frame is preceded by a silent period on the line greater than 3.5T

Figure 1 Two Modbus RTU/ASCII devices with serial communication over RS485

Modbus ASCII

Used in serial communication. The bytes in the frame are sent in hexadecimal (two ASCII characters each). The data in the frame is secured with the LRC checksum. Frames begin with a colon (‘:’) and end with a newline (CR / LF)

Modbus TCP / IP or Modbus TCP

The version is used for communication on TCP / IP networks. The default communication port for Modbus TCP/IP is 502. There is no need for a checksum in the frame because the lower layers of the TCP / IP protocol provide checksum protection.

Pic. 3 Modbus TCP/IP on the physical layer works over Ethernet port

Modbus over TCP / IP or Modbus over TCP or Modbus RTU / IP

The version differs from Modbus TCP in that there is a checksum in the frame as in Modbus RTU

Modbus over UDP

An experimental version that uses UDP over an IP network, which has less overhead than TCP, but does not provide the same reliability as TCP / IP

Each version of the Modbus protocol has the same type of data model and used functions.

Modbus protocol is still developed and updated thanks to the Modbus Organization and its members and community, which includes independent users and suppliers of devices.


How to address Modbus Device? 

Modbus server (slave) devices have unique device addresses that vary from 1 to 247. This is needed for the proper communication between Server (Master) and Client(Slave). The first byte of the data that is requested from the server is the Client address. If the first byte is different than assigned, the client device knows to ignore the message. 


  • Broadcast {0} 
  • Unique slave addresses {1-247}
  • Reserved addresses {248-255}
Pic. 4 Addressing the iSMA I/O module with a rotary switch

iSMA I/O Modules can be addressed with onboard rotary switches in the range of {1-99} 

What are Modbus Object Data Types?

Modbus is based on a data model that is stored in 4 major tables, which are read-only, or with read-write permissions. Each table can store up to 9999 values. Coils and Discrete Inputs are 1 bit, while Registers are 16 bit (2 bytes)


What are Modbus Function Codes?

As mentioned above, the first byte requested by the client is the address of the device. If the address is valid for the device it reads the second byte which is a function code that the server device should access to read from or to change a value in.   


What is the Modbus Layer on OSI Model? 

Modbus works on the application layer of the OSI Model. Physically, communication can be done by Serial Bus, between Modbus RTU/ASCII Client and Modbus RTU/ASCII Server, or by Ethernet between Modbus TCP Client and Modbus TCP Server. The figure below shows which layers of the OSI model are used while working with Modbus RTU/ASCII and Modbus TCP.

Figure 2 Modbus Layer vs OSI Model
Figure 3 Gateway Modbus TCP/IP to RS485; an example

This way, according to the EIA-485 standard, on a single bus maximum load is up to 32 UL (Unit Load). As iSMA I/O Modules uses only 1/4th of a UL, each RS485 port on a client device allows up to 128 devices on a single bus segment.

More information about Modbus in iSMA Products can be found in the iSMA MINI & MIX Series IO Modbus Manual.