PLC Communications: Connecting Controllers and Devices via Industrial Networks
Modbus RTU: The Most Widespread Serial Protocol
Modbus RTU is the most widely used serial communication protocol in industrial automation. Developed by Modicon in 1979, it remains the universal language for connecting PLCs to sensors, VFDs, and energy meters.
Modbus uses a master-slave architecture over RS-485 serial wiring: one master (the PLC) initiates communication, and up to 247 slaves respond when asked. Common settings are 9600 or 19200 baud, 8 data bits, 1 stop bit, even parity.
Modbus organizes data into four tables:
| Table | Address Range | Type | Access |
|---|---|---|---|
| Coils | 00001-09999 | Single bit | Read/Write |
| Discrete Inputs | 10001-19999 | Single bit | Read Only |
| Input Registers | 30001-39999 | 16-bit word | Read Only |
| Holding Registers | 40001-49999 | 16-bit word | Read/Write |
Common function codes: 03 (Read Holding Registers), 04 (Read Input Registers), 06 (Write Single Register), 16 (Write Multiple Registers).
RS-485 wiring best practices: use shielded twisted pair, terminate both ends with 120 ohm resistors, keep total bus length under 1200 meters, ground the shield at one point only.
Modbus TCP: Modbus Over Ethernet
Modbus TCP wraps the same data model inside TCP/IP packets over standard Ethernet, eliminating dedicated serial wiring and enabling much faster transfer.
| Feature | Modbus RTU | Modbus TCP |
|---|---|---|
| Physical layer | RS-485 serial | Ethernet (RJ45) |
| Speed | 9600-115200 bps | 100 Mbps+ |
| Addressing | Slave ID (1-247) | IP address + port 502 |
| Topology | Daisy-chain bus | Star via switch |
| Cable length | 1200m (RS-485) | 100m per segment |
VAR
fbModbusTCP : MB_CLIENT;
aReadData : ARRAY[0..9] OF WORD;
END_VAR
fbModbusTCP(
bExecute := bTriggerRead,
sIPAddress := '192.168.1.50',
nPort := 502,
nFunctionCode := 3,
nStartAddress := 0,
nQuantity := 10,
pDestination := ADR(aReadData)
);
Profinet: Siemens Industrial Network
Profinet is the leading industrial Ethernet protocol in Siemens environments. It provides real-time communication between PLCs, I/O modules, drives, and HMI panels.
Two variants exist: Profinet RT for standard real-time I/O (1-10 ms cycle), and Profinet IRT for deterministic motion control (under 1 ms). Device configuration in TIA Portal involves importing a GSD file, assigning an IP address and device name, mapping I/O data to PLC tags, and downloading.
Profinet provides rich diagnostics: device online/offline status, individual module health, channel-level fault detection (wire break, short circuit), and network error counters.
EtherNet/IP: Allen-Bradley Network
EtherNet/IP uses standard Ethernet hardware with the CIP (Common Industrial Protocol) application layer. It supports implicit messaging (cyclic real-time I/O) and explicit messaging (on-demand parameter access).
Adding a device in Studio 5000: select the type from the catalog or import an EDS file, assign an IP address, configure the RPI (Requested Packet Interval), and map tags.
| Feature | Profinet | EtherNet/IP |
|---|---|---|
| Vendor | Siemens-led | Rockwell-led |
| Config file | GSD/GSDML | EDS |
| Typical cycle | 1-10 ms | 2-100 ms |
| Market | Europe, Middle East | North America |
Connecting PLC to an HMI Panel
An HMI provides the operator interface for monitoring and controlling the machine. The PLC and HMI communicate over Ethernet using native protocols or open standards.
Configuration steps: define HMI tags mapped to PLC addresses, set the PLC connection parameters (IP, rack/slot), and configure update rates per tag group.
Optimization tips:
- Group related tags into data blocks for efficient block reads
- Set appropriate rates: process values at 500ms-1s, alarms at 100-250ms
- Disable reading of tags on inactive HMI screens
- Use a structured data block for HMI exchange:
TYPE ST_HMI_Data :
STRUCT
rTemperature : REAL;
rPressure : REAL;
nPartCount : DINT;
nMachineState : INT;
bAlarmActive : BOOL;
END_STRUCT
END_TYPE
Practical Example: Reading 10 Sensors via Modbus RTU
A water treatment plant has 10 sensors on an RS-485 bus. The PLC reads them in a round-robin polling sequence.
TYPE ST_ModbusSensor :
STRUCT
nSlaveAddr : INT;
nRegister : INT;
nRawValue : INT;
rScaledValue : REAL;
rEngLow : REAL;
rEngHigh : REAL;
bFault : BOOL;
END_STRUCT
END_TYPE
VAR
fbModbus : FB_ModbusRTU_Master;
nPollIndex : INT := 0;
tonPollCycle : TON;
astSensors : ARRAY[0..9] OF ST_ModbusSensor;
bPollActive : BOOL;
END_VAR
tonPollCycle(IN := NOT bPollActive, PT := T#100ms);
IF tonPollCycle.Q AND NOT bPollActive THEN
bPollActive := TRUE;
fbModbus(bExecute := TRUE,
nSlaveAddr := astSensors[nPollIndex].nSlaveAddr,
nFunction := 3,
nRegAddr := astSensors[nPollIndex].nRegister,
nQuantity := 1);
END_IF;
IF bPollActive AND fbModbus.bDone THEN
IF NOT fbModbus.bError THEN
astSensors[nPollIndex].nRawValue := fbModbus.nReceivedData;
astSensors[nPollIndex].rScaledValue := ScaleLinear(
astSensors[nPollIndex].nRawValue,
astSensors[nPollIndex].rEngLow,
astSensors[nPollIndex].rEngHigh, 0, 27648);
astSensors[nPollIndex].bFault := FALSE;
ELSE
astSensors[nPollIndex].bFault := TRUE;
END_IF;
bPollActive := FALSE;
nPollIndex := nPollIndex + 1;
IF nPollIndex > 9 THEN nPollIndex := 0; END_IF;
END_IF;
This reads all 10 sensors within 1 second. Each sensor's data is stored in a structured array, making it easy to add sensors without changing the core polling logic.
Summary
Industrial PLC communication spans from serial protocols to high-speed Ethernet networks. Modbus RTU is the universal serial protocol over RS-485. Modbus TCP brings the same model to Ethernet. Profinet and EtherNet/IP provide real-time industrial Ethernet for Siemens and Allen-Bradley ecosystems respectively. HMI communication requires careful tag organization and update rate optimization. The Modbus RTU example demonstrates a scalable multi-sensor polling program using structured arrays and round-robin reading.