PLC Communications: Connecting Controllers and Devices via Industrial Networks

Modbus RTU: The Most Widespread Serial Protocol

Modbus RTU is the most widely used serial communication protocol in industrial automation. Developed by Modicon in 1979, it remains the universal language for connecting PLCs to sensors, VFDs, and energy meters.

Modbus uses a master-slave architecture over RS-485 serial wiring: one master (the PLC) initiates communication, and up to 247 slaves respond when asked. Common settings are 9600 or 19200 baud, 8 data bits, 1 stop bit, even parity.

Modbus organizes data into four tables:

Table	Address Range	Type	Access
Coils	00001-09999	Single bit	Read/Write
Discrete Inputs	10001-19999	Single bit	Read Only
Input Registers	30001-39999	16-bit word	Read Only
Holding Registers	40001-49999	16-bit word	Read/Write

Common function codes: 03 (Read Holding Registers), 04 (Read Input Registers), 06 (Write Single Register), 16 (Write Multiple Registers).

RS-485 wiring best practices: use shielded twisted pair, terminate both ends with 120 ohm resistors, keep total bus length under 1200 meters, ground the shield at one point only.

Modbus TCP: Modbus Over Ethernet

Modbus TCP wraps the same data model inside TCP/IP packets over standard Ethernet, eliminating dedicated serial wiring and enabling much faster transfer.

Feature	Modbus RTU	Modbus TCP
Physical layer	RS-485 serial	Ethernet (RJ45)
Speed	9600-115200 bps	100 Mbps+
Addressing	Slave ID (1-247)	IP address + port 502
Topology	Daisy-chain bus	Star via switch
Cable length	1200m (RS-485)	100m per segment

VAR
    fbModbusTCP : MB_CLIENT;
    aReadData   : ARRAY[0..9] OF WORD;
END_VAR

fbModbusTCP(
    bExecute      := bTriggerRead,
    sIPAddress    := '192.168.1.50',
    nPort         := 502,
    nFunctionCode := 3,
    nStartAddress := 0,
    nQuantity     := 10,
    pDestination  := ADR(aReadData)
);

Profinet: Siemens Industrial Network

Profinet is the leading industrial Ethernet protocol in Siemens environments. It provides real-time communication between PLCs, I/O modules, drives, and HMI panels.

Two variants exist: Profinet RT for standard real-time I/O (1-10 ms cycle), and Profinet IRT for deterministic motion control (under 1 ms). Device configuration in TIA Portal involves importing a GSD file, assigning an IP address and device name, mapping I/O data to PLC tags, and downloading.

Profinet provides rich diagnostics: device online/offline status, individual module health, channel-level fault detection (wire break, short circuit), and network error counters.

EtherNet/IP: Allen-Bradley Network

EtherNet/IP uses standard Ethernet hardware with the CIP (Common Industrial Protocol) application layer. It supports implicit messaging (cyclic real-time I/O) and explicit messaging (on-demand parameter access).

Adding a device in Studio 5000: select the type from the catalog or import an EDS file, assign an IP address, configure the RPI (Requested Packet Interval), and map tags.

Feature	Profinet	EtherNet/IP
Vendor	Siemens-led	Rockwell-led
Config file	GSD/GSDML	EDS
Typical cycle	1-10 ms	2-100 ms
Market	Europe, Middle East	North America

Connecting PLC to an HMI Panel

An HMI provides the operator interface for monitoring and controlling the machine. The PLC and HMI communicate over Ethernet using native protocols or open standards.

Configuration steps: define HMI tags mapped to PLC addresses, set the PLC connection parameters (IP, rack/slot), and configure update rates per tag group.

Optimization tips:

Group related tags into data blocks for efficient block reads
Set appropriate rates: process values at 500ms-1s, alarms at 100-250ms
Disable reading of tags on inactive HMI screens
Use a structured data block for HMI exchange:

TYPE ST_HMI_Data :
STRUCT
    rTemperature : REAL;
    rPressure    : REAL;
    nPartCount   : DINT;
    nMachineState : INT;
    bAlarmActive : BOOL;
END_STRUCT
END_TYPE

Practical Example: Reading 10 Sensors via Modbus RTU

A water treatment plant has 10 sensors on an RS-485 bus. The PLC reads them in a round-robin polling sequence.

TYPE ST_ModbusSensor :
STRUCT
    nSlaveAddr   : INT;
    nRegister    : INT;
    nRawValue    : INT;
    rScaledValue : REAL;
    rEngLow      : REAL;
    rEngHigh     : REAL;
    bFault       : BOOL;
END_STRUCT
END_TYPE

VAR
    fbModbus     : FB_ModbusRTU_Master;
    nPollIndex   : INT := 0;
    tonPollCycle : TON;
    astSensors   : ARRAY[0..9] OF ST_ModbusSensor;
    bPollActive  : BOOL;
END_VAR

tonPollCycle(IN := NOT bPollActive, PT := T#100ms);

IF tonPollCycle.Q AND NOT bPollActive THEN
    bPollActive := TRUE;
    fbModbus(bExecute := TRUE,
             nSlaveAddr := astSensors[nPollIndex].nSlaveAddr,
             nFunction := 3,
             nRegAddr := astSensors[nPollIndex].nRegister,
             nQuantity := 1);
END_IF;

IF bPollActive AND fbModbus.bDone THEN
    IF NOT fbModbus.bError THEN
        astSensors[nPollIndex].nRawValue := fbModbus.nReceivedData;
        astSensors[nPollIndex].rScaledValue := ScaleLinear(
            astSensors[nPollIndex].nRawValue,
            astSensors[nPollIndex].rEngLow,
            astSensors[nPollIndex].rEngHigh, 0, 27648);
        astSensors[nPollIndex].bFault := FALSE;
    ELSE
        astSensors[nPollIndex].bFault := TRUE;
    END_IF;
    bPollActive := FALSE;
    nPollIndex := nPollIndex + 1;
    IF nPollIndex > 9 THEN nPollIndex := 0; END_IF;
END_IF;

This reads all 10 sensors within 1 second. Each sensor's data is stored in a structured array, making it easy to add sensors without changing the core polling logic.

Summary

Industrial PLC communication spans from serial protocols to high-speed Ethernet networks. Modbus RTU is the universal serial protocol over RS-485. Modbus TCP brings the same model to Ethernet. Profinet and EtherNet/IP provide real-time industrial Ethernet for Siemens and Allen-Bradley ecosystems respectively. HMI communication requires careful tag organization and update rate optimization. The Modbus RTU example demonstrates a scalable multi-sensor polling program using structured arrays and round-robin reading.