MD-400 Modbus Scan Task User's Guide 1.1

Windows SCADA
Modbus Scan Task

User’s Guide
____________________________________________
Document Number: MD-400
Presentation Date: January 21, 2016

Prepared By: Dina Anastasakos
Version 1.2
Copyright, Notices and Trademarks
Copyright © 2016 Survalent Technology Corporation. All rights reserved. The software
described in this document is furnished under license and can only be used or copied in
accordance with the terms of such license. The content of this manual has been carefully
checked for accuracy. However, if you find any errors, please notify the Survalent
Technology Corporation.
Survalent Technology Corporation

7965 Heritage Road
Brampton, Ontario L6Y 5X5
(905) 826 5000
(905) 826 7144

[email protected]
www.survalent.com
FAX (905) 826-7144
The software described in this document is furnished under license,

and may only be used or copied in accordance with the terms of such
license.
About This Publication

This manual describes the functionality and data entry requirements for the
Modbus scan task used in the Windows SCADA system.
It is assumed that you have some background knowledge about SCADA systems.
Revisions
Date Description
November 4, 2001 Initial version.
August 8, 2005 Added control template support.

Updated figures.
February 2, 2006 Added Modbus/TCP option.
February 9, 2006 Added analog format code 18 (dual 16-bit signed high-low).
November 9, 2006 Removed the automatic alarm when switching ports.
April 10, 2007 Allow status points to be read from Input Registers (Table 5-3 in section
5.2.1, Telemetry Address).
September 12, 2007 Add Modr: Edit Options editor.

Add RTU Options Input Status Multiples and Control Poll Errors.
Update pictures.
July 7, 2008 Added support for Modbus Unsolicited Report By Exception (URBE).
December 12, 2008 Added support for time sync.
December 18, 2008 Revised description of RTU option for time sync.
December 19,2008 Added support for IEEE floating point setpoints.
May 27, 2010 Corrected description of “B” field in Preset Register command
August 18, 2010 Added setpoint format 5, signed binary integer
Modbus Scan Task User’s Guide Revisions

Windows SCADA
November 17, 2010 Added D field telemetry address of Group, Trigger Group & Trigger Value.
Added RTU option for initial polling sequence Template.
Added RTU option for all data polls.
Added RTU option for disconnecting after poll sequence.
July 21, 2011 Added analog format code 19 – Dual 16 bit, signed Low, High order.
Added explanation for common register number mapping to telemetry
address fields.
May 4, 2012 Added format codes 13, 15, 18 and 19 for 32-bit setpoints.
November 9, 2012 Added Holding Register controls (section 5.2.3, Control Address).
June 10, 2015 Use DLL Long Response Timeout TCP/CP connection timer.
Added UDP selection to RTU to enable UDP.
Add PLC Model for Single Register Reads.
January 21, 2016 Updated screen captures.
Modbus Scan Task User’s Guide Revisions

Windows SCADA
Contents
Copyright, Notices and Trademarks ............................................................................................................. 2

About This Publication ................................................................................................................................. 2
1 Introduction 1-1
1.1 Supported Functions ....................................................................................................................... 1-2

1.1.1 Read Coil Status .......................................................................................................................... 1-2
1.1.2 Read Input Status......................................................................................................................... 1-2
1.1.3 Read Holding Registers ............................................................................................................... 1-2
1.1.4 Read Input Registers ................................................................................................................... 1-3
1.1.5 Force Single Coil ......................................................................................................................... 1-3
1.1.6 Preset Single Register.................................................................................................................. 1-3
1.2 Template Controls........................................................................................................................... 1-3
1.3 Modbus Over TCP/IP...................................................................................................................... 1-3
1.3.1 Modbus RTU Protocol ................................................................................................................ 1-4
1.3.2 Modbus/TCP Protocol ................................................................................................................. 1-4
1.4 Unsolicited Report By Exception ................................................................................................... 1-4
1.5 Time Sync ....................................................................................................................................... 1-6
1.5.1 Short Response Timeout .............................................................. Error! Bookmark not defined.
1.5.2 Long Response Timeout ............................................................... Error! Bookmark not defined.
1.5.3 DLL Short Response Timeout ...................................................... Error! Bookmark not defined.
1.5.4 DLL Long Response Timeout ...................................................... Error! Bookmark not defined.
1.5.5 Error Recovery Time .................................................................... Error! Bookmark not defined.
1.5.6 Idle Time ...................................................................................... Error! Bookmark not defined.
1.5.7 Poll Retry Count ........................................................................... Error! Bookmark not defined.
1.5.8 Interleave Factor ........................................................................... Error! Bookmark not defined.
1.6 Port Switching................................................................................................................................. 1-7
Modbus Scan Task User’s Guide Contents i

Windows SCADA
2 Communication Line 2-1
2.1 Communication Line Data Fields—General .................................................................................. 2-1

2.1.1 Protocol ....................................................................................................................................... 2-2
2.1.2 Connection .................................................................................................................................. 2-3
2.1.3 Auto Start .................................................................................................................................... 2-3
2.1.4 Mode............................................................................................................................................ 2-3
2.1.5 Link Status................................................................................................................................... 2-3
2.1.6 Time Between Scans ................................................................................................................... 2-3
2.1.7 Short Response Timeout ............................................................................................................. 2-3
2.1.8 Long Response Timeout .............................................................................................................. 2-3
2.1.9 DLL Short Response Timeout ..................................................................................................... 2-3
2.1.10 DLL Long Response Timeout ..................................................................................................... 2-4
2.1.11 Error Recovery Time ................................................................................................................... 2-4
2.1.12 Idle Time ..................................................................................................................................... 2-4
2.1.13 Poll Retry Count .......................................................................................................................... 2-4
2.1.14 Interleave Factor .......................................................................................................................... 2-4
2.1.15 Polling Parameters ....................................................................................................................... 2-4
2.1.16 Display Extra Configuration Switches ........................................................................................ 2-4
2.2 Communication Line Data Fields—Connections ........................................................................... 2-5
2.2.1 Port Parameters ........................................................................................................................... 2-5
2.2.2 Connection Switch ...................................................................................................................... 2-6
2.2.3 Dial-Up Parameters ..................................................................................................................... 2-6
2.3 Communication Line Data Fields—MODR ................................................................................... 2-7
2.3.1 Logging........................................................................................................................................ 2-7
2.3.2 Infrequent Poll Interval ............................................................................................................... 2-8
2.3.3 Analog Threshold Value ............................................................................................................. 2-8
2.3.4 Critical Data Interval ................................................................................................................... 2-8
2.3.5 Modbus Protocol Selection ......................................................................................................... 2-8
2.3.6 URBE .......................................................................................................................................... 2-9
2.4 Communication Line Data Fields—Statistics............................................................................... 2-10
2.4.1 Timeout Point ............................................................................................................................ 2-10
2.4.2 Bad Messages ............................................................................................................................ 2-10
2.4.3 Unexpected Messages ............................................................................................................... 2-10
2.4.4 Current RTU .............................................................................................................................. 2-10
3 RTU 3-1
3.1 RTU Data Fields—General ............................................................................................................ 3-2

3.1.1 Communication Line ................................................................................................................... 3-2
3.1.2 Address ........................................................................................................................................ 3-2
3.1.3 Connection .................................................................................................................................. 3-3
3.1.4 Link Status................................................................................................................................... 3-3
3.1.5 Fast Scan ..................................................................................................................................... 3-3
3.1.6 Display Extra Configuration Switches ........................................................................................ 3-3
3.2 RTU Data Fields—Connections ..................................................................................................... 3-4
3.2.1 Port Switch Point ......................................................................................................................... 3-4
Modbus Scan Task User’s Guide Contents ii

Windows SCADA
3.2.2 Switch Port after .......................................................................................................................... 3-5
3.2.3 Channel Switch Point, Switch Channel after .............................................................................. 3-5
3.2.4 Host Name ................................................................................................................................... 3-5
3.2.5 Host Port ...................................................................................................................................... 3-5
3.3 RTU Data Fields—MODR ............................................................................................................. 3-6
3.3.1 PLC Model .................................................................................................................................. 3-6
3.3.2 Input Status Multiples ................................................................................................................. 3-7
3.3.3 Control Poll Errors ...................................................................................................................... 3-7
3.3.4 Time Sync Method ...................................................................................................................... 3-8
3.3.5 Initial Poll Template .................................................................................................................... 3-8
3.3.6 Allow All Data Polls ................................................................................................................... 3-8
3.3.7 Disconnect After Poll Sequence.................................................................................................. 3-8
3.3.8 UDP ............................................................................................................................................. 3-8
3.4 RTU Data Fields—Statistics ........................................................................................................... 3-9
3.4.1 Percentage Communication Point ............................................................................................... 3-9
3.4.2 Total Message Count ................................................................................................................. 3-10
3.4.3 Good Message Count ................................................................................................................ 3-10
3.4.4 Bad Message Count ................................................................................................................... 3-10
3.4.5 Timeout Count........................................................................................................................... 3-10
3.4.6 Send Message Count ................................................................................................................. 3-10
3.4.7 Dial-up Override Interval .......................................................................................................... 3-11
3.4.8 Dial-up Status ............................................................................................................................ 3-11
3.4.9 Time of Last Good Poll ............................................................................................................. 3-11
3.4.10 Time Between Scans Override .................................................................................................. 3-11
3.4.11 Telemetry Failed Indicator ........................................................................................................ 3-11
4 Analog Point 4-1
4.1 Analog Point Editor Data Fields—General .................................................................................... 4-2

4.1.1 Scale Factor and Offset ............................................................................................................... 4-2
4.1.2 Clamp .......................................................................................................................................... 4-3
4.1.3 Exception Window ...................................................................................................................... 4-3
4.2 Analog Point Editor Data Fields—Telemetry ................................................................................ 4-4
4.2.1 Telemetry Address ...................................................................................................................... 4-5
4.2.2 Format ......................................................................................................................................... 4-8
4.2.3 Setpoints .................................................................................................................................... 4-10
4.3 Analog Point Editor Data Fields—Alarms ................................................................................... 4-11
5 Status Point 5-1
5.1 Status Point Editor Data Fields—General ...................................................................................... 5-2

5.2 Status Point Editor Data Fields—Telemetry .................................................................................. 5-3
5.2.1 Telemetry Address ...................................................................................................................... 5-3
5.2.2 Input Format ................................................................................................................................ 5-6
5.2.3 Control Address........................................................................................................................... 5-9
5.3 Template Controls......................................................................................................................... 5-10
5.3.1 Force Single Coil ....................................................................................................................... 5-11
5.3.2 Preset Single Register................................................................................................................ 5-12
Modbus Scan Task User’s Guide Contents iii

Windows SCADA
5.3.3 Force Multiple Coils ................................................................................................................. 5-12
5.3.4 Preset Multiple Registers .......................................................................................................... 5-14
5.3.5 Template Code to Trip ABB-PCD Recloser ............................................................................. 5-15
5.3.6 Template Code to Close ABB-PCD Recloser ........................................................................... 5-16
Modbus Scan Task User’s Guide Contents iv

Windows SCADA
1 Introduction
This document describes the Windows SCADA database entry requirements for the Modbus scan task.
The Modbus scan task is designed to communicate with one or more devices conforming to the Modbus
RTU communication protocol as defined in Gould Electronics document Gould Modbus Protocol
Reference Guide (Gould Reference number PI-MBUS-300 Rev B).
There are many types of devices that “speak” the Modbus protocol, and they are referred
to by a variety of device names: Slave, PLC (Programmable Logic Controller), RTU
(Remote Terminal Unit), IED (Intelligent End Device), etc. In this manual, the Modbus
device will be referred to as just RTU.
The scan task polls one or more RTUs on an RS-232 communication line at a user-settable baud rate.
The transmission mode is “RTU” (not “ASCII”) and the character format is 1 start bit, 8 data bits and 1
stop bit. Use of the parity bit is user-settable.
This manual describes the creation of certain items in the Windows SCADA database, namely
communication lines, RTUs, status and analog points. It does so in a way that is specific to the Modbus
communication protocol, as implemented by this scan task. For additional information regarding these
Modbus Scan Task User’s Guide Introduction 1-1
Windows SCADA
database items, and the Windows SCADA database in general, you should refer to the series of
documents described in Table 1-1, especially the Point Database Editing Guide. If you have other scan
tasks installed in your system, you should also consult the User’s Guides published for those scan tasks.
Table 1-1 Windows SCADA Database Documentation

Document
Number Document Name
DB-400 Database Editing Overview
DB-401 Point Database Editing Guide
DB-402 Alarm Database Editing Guide
DB-403 Calculation Database Editing Guide
DB-404 Historical Database Editing Guide
DB-405 Report Database Editing Guide
CS-400 Command Sequencing
1.1 Supported Functions

In the Modbus protocol, there are different function codes for polling different data types. If there are
many points in a data type, it may take multiple polls to bring them back (either because of message
length limitations or because the data points are scattered over several discontinuous areas of the RTU’s
memory).
The Windows SCADA Modbus scan task makes use of the following Modbus functions:
1.1.1 Read Coil Status
This function is used to obtain the status of a group of logic (relay) coils. In Windows SCADA, coils are
represented as controllable status points.
1.1.2 Read Input Status
The scan task uses this function to obtain the status of a group of discrete inputs. In Windows SCADA,
these are represented as status points.
1.1.3 Read Holding Registers
This function is used to obtain the value of one or more 16-bit holding registers. The data contained in
each holding register may be treated as either numeric data or status data. If the register contains
numeric data (a 16-bit number), then it is represented in Windows SCADA by an analog point. If the
register contains status data (16 status bits), then it is represented by multiple Windows SCADA status
points.

Windows SCADA
1.1.4 Read Input Registers
The scan task uses this function to obtain the current value of one or more input registers. Input registers
contain 16-bit numeric data and are represented in Windows SCADA by analog points. If the register
contains status data (16 status bits), then it is represented by multiple Windows SCADA status points.
1.1.5 Force Single Coil
This function forces a relay coil to a specific state. The coil is represented in Windows SCADA as a
controllable status point, and the function is issued by the scan task when the operator performs an Open
or Close operation on the point.
1.1.6 Preset Single Register
This function transmits a 16-bit numeric value into a single holding register at the RTU. In Windows
SCADA, the register may be represented either as a setpoint or as the control address of a status point.
In the latter case, the value written into the register is a fixed value that is part of the status point’s control
address (as opposed to the case of a setpoint, where the value written to the register is an unscaled
representation of an engineering value manually entered by the operator).
1.2 Template Controls

There are some RTUs that require multiple steps to operate a relay. For these types of devices, the
Modbus scan task supports the use of Template Controls to process multiple operations when the
operator performs an Open or Close operation on a point. For a further discussion on template controls,
see section 5.3 Template Controls,
The following Modbus functions are supported in Template Controls:
 Force Single Coil

 Force Multiple Coils
 Preset Single Register
 Preset Multiple Registers
1.3 Modbus Over TCP/IP

It is becoming more commonplace to make use of a wide area network to communicate with the RTUs.
They may have network interfaces built in, or there may be a terminal server or router placed at each RTU
site. It is possible for the scan task to communicate with these RTUs by establishing a TCP/IP connection.
In either case, the data that eventually reaches the RTU (as seen either at the terminal server’s serial port
or internal to the RTU) is plain Modbus.
If you are using the network to reach a distant group of RTUs, you can use a single-port terminal server
and, with modems, multi-drop all of the RTUs on that terminal server port. The scan task will establish one
TCP/IP connection to just that port and poll the RTUs in round-robin order. This works the same as a
conventional communication line when the terminal server is at the master station. The same is true if
you’re using the network to reach a remote radio, which is then used to reach all of the RTUs. For this
type of configuration, the IP address and port number to connect to are defined for the communication line
as a whole. See paragraph 2.2.1, Port Parameters.
Windows SCADA
If you’re using fiber to reach your substations, it makes sense to install a small terminal server or router at
each RTU. In this case, the scan task will establish a separate connection to each device, but it will still
poll all of the RTUs in round-robin order as usual—all of the RTUs are still considered to be on one
communication line. For this type of configuration, the IP address and port number to use are defined
individually for each RTU. See section 3.2, RTU Data Fields—Connections.
NOTE: Mixed configurations (with several RTUs multi-dropped on each of multiple terminal servers on the
same communication line) are not presently supported. For terminal servers with multi-dropped RTUs,
define a separate communication line for each terminal server.
Additional Information
 Although the RTU definition allows for both a primary and alternate IP address and port number, the
scan task does not presently support connection switching (where if communication on one IP
address fails, the scan task tries the other one). See section 3.2, RTU Data Fields—Connections
 If you need to key the carrier on the other side of the wide area network, you need a PCM. The
preferred approach is to use the type of PCM that does this transparently. See paragraph 2.2.1, Port
Parameters.
1.3.1 Modbus RTU Protocol
In the Modbus RTU protocol, the serial data sent between the master computer and the RTU is binary,
with a one-byte slave address before the data and a two-byte CRC check after the data. This is the
protocol spoken by some RTUs and many PLCs and IEDs.
Some older devices use the Modbus ASCII protocol. In this protocol, all messages are translated to
printable ASCII characters before transmission. Security is limited to a one-byte LRC. The scan task
does not support the Modbus ASCII protocol.
1.3.2 Modbus/TCP Protocol
Modbus/TCP is a simple extension to the Modbus protocol. The extension adds a fixed-size header to
each message and removes the CRC or LRC in favor of the error checking in TCP/IP and the underlying
communications link level (Ethernet, for example). Units that expect Modbus RTU protocol will not accept
Modbus/TCP protocol, and vice-versa.
Use of Modbus/TCP is enabled by means of a configuration switch in the communication line definition.
See section 2.1.16, Display Extra Configuration Switches.
1.4 Unsolicited Report By Exception

The Modbus protocol normally works in a master-slave (poll-reply) mode. The scan task periodically polls
the RTUs from a poll-list in a round-robin manner, and the RTU replies with the data when it is polled.
However, some RTUs or PLCs can be programmed to determine which signals are the most important
ones and have to be reported at the earliest possible time. RTUs so programmed will automatically issue
an Unsolicited-Report-By-Exception (URBE) message to the master as soon as it detects a change in
these signals, despite the fact that the RTU is not polled at the moment. When the master receives the
URBE request, it acknowledges this by sending the RTU the same URBE message.

Windows SCADA
The master then interrupts its normal poll order and, after finishing the current poll (if there is one in
progress) polls the RTU that sent the URBE message, thus receiving the urgent data much more promptly
than without URBE messaging.
This implementation of the Modbus scan task supports the URBE requests while working in the normal
master-slave mode. This is done in two stages:
Stage One – During the “Time-Between-Scans” Delay
At each “Short-Response-Timeout” interval, the scan task reads and processes URBE messages as
follows:
 Try to read a URBE message from any RTU.
 If an URBE message is received, send an acknowledge message to the RTU immediately. Then
put the RTU into a fast-scan-RTU list.
 Keep doing the previous step until there are no more URBE messages.
 Poll the RTUs that signaled exceptions via URBE messages, and then take them out of the fast-
scan list.
 Go back to the top and try to read more URBE messages.
Stage Two – When a “Time-Between-Scans” Delay Expires
The scan task polls an RTU. It then reads and processes both possible URBE messages and the
expected reply message as follows:
 Send a poll command to the selected RTU as it normally does.
 Try to read any URBE messages from any RTU which may raise an URBE request before the
polled-RTU replies.
 If a URBE message is received, send an acknowledge message to the RTU that sent it, and then
put the RTU into the fast-scan-RTU list.
 Keep doing the previous step until there are no more URBE messages.
 Read and process the normal reply from the RTU that was polled.
 Poll the RTUs that had sent URBE messages, and then take them out of the fast-scan list.
Use of URBE is enabled by means of a configuration switch (/URBE) in the communication line definition.
See section 2.1.16, Display Extra Configuration Switches.

Windows SCADA
1.5 Time Sync
Although there is no time sync function actually defined in the MODBUS protocol, some manufacturers
define their own time sync function by using reserved registers to write to. For example, Power
Measurement’s ION meters can be time synced by using op code 16 to write time data into two
consecutive registers. The Modbus scan task supports this specific time sync command.
If an RTU on the communication line requires periodic time sync, and the Time Sync Interval parameter is
greater than zero, the scan task sends a time sync message to the RTU periodically at each Time Sync
Interval. Since there is no “broadcast” command defined in the MODBUS protocol, each time sync
message is sent to each individual RTU separately.
See sections 2.1.6, Time Between Scans
This parameter specifies the time to wait (in milliseconds) between each poll of an RTU.
1.5.1 Short Response Timeout
This parameter specifies the time to wait (in milliseconds) between each read for URBE messages. The
value of this parameter should not be greater than the value of the “time-between-scans” parameter. If
URBE messaging is not enabled (via the /URBE switch), this parameter is not used.
1.5.2 Long Response Timeout
This parameter specifies the time to wait, in milliseconds, for a complete response from the RTU. The
time includes the transmission time of the request itself.
1.5.3 DLL Short Response Timeout
This parameter is not used by the Modbus scan task.
1.5.4 DLL Long Response Timeout
This parameter is the time, in milliseconds, that the scan task is to wait for a socket connection on TCP/IP
networks. If this parameter is zero or less than 2000 milliseconds, 2000 milliseconds is used for
compatibility reasons.
1.5.5 Error Recovery Time
This is not used by the Modbus scan task.
1.5.6 Idle Time
This specifies the minimum time delay, in milliseconds, that the scan task is to execute between all
transmissions on this communication line.

Windows SCADA
1.5.7 Poll Retry Count
This parameter is the number of times that the scan task will retry its polls, before deciding that the RTU is
not responding.
1.5.8 Interleave Factor
This parameter specifies how often the scan task is to interrupt its normal round robin polling to perform a
fast-scan poll or a retry after error. If the interleave factor is 2, for example, then the scan task will check
for fast scan or error retry requirements after every 2 normal polls. See sections 3.1.5, Fast Scan, and
3.2.1, Port Switch Point.
Polling Parameters
1.6 Port Switching

If an alternate port is defined in the communication line’s definition, the scan task will switch to the
alternate port when communication on the primary port fails. In this case, only if communication on both
primary and alternate ports fails is an RTU declared to be failed. A separate port switch status point is
used for each RTU, to indicate which port is currently in use. See paragraphs 2.2.1, Port Parameters, and
This feature may be used to make use of redundant terminal servers and/or redundant communication
lines. It makes it possible to avoid resorting to a failover when a communication line or port fails.
This feature can also be used with a single communication line that is looped back to the master station
such that each end of the line terminates at a separate port. In this case, a break in the line would cause
the scan task to poll the RTUs on one side of the break using one port, and poll the RTUs on the other
side of the break using the other port. The advantage of such an arrangement is that a single break in the
communication line causes no loss of communication with any RTU.

Windows SCADA
2 Communication Line
This chapter describes how to define a communication line for the Modbus scan task. You should be
familiar with the discussion of communication lines in DB-401, Point Database Editing Guide before
proceeding. In this document, only the items that are specific to the Modbus scan task are discussed in
detail.
The STC Explorer is used to create or modify a communication line’s definition. The dialog box that
allows you to do that has several tabs, each of which includes different data. You will normally begin on
the General tab, which is illustrated in Figure 2-1.
2.1 Communication Line Data Fields—General

Modbus Scan Task User’s Guide Communication Line 2-1
Windows SCADA
The discussion below contains information that is particular to the Modbus scan task. The fields
mentioned can be found on the General tab of the Edit Communication Line dialog that you call up using
the STC Explorer. For more information on fields not detailed here, refer to DB-401, Point Database
Editing Guide. If you need more information about the STC Explorer, see DB-400, Database Editing
Overview.
NOTE: After creating or changing a communication line definition, or editing the telemetry address of any
points on the communication line, remember to come back to this dialog to build the scan table.
Figure 2-1 Edit Communication Line Dialog (General)
2.1.1 Protocol
This is the name that identifies the protocol to be used to communicate with the RTUs connected to this
communication line. It is the name of the scan task that will be used. For the Modbus scan task, select
Modbus RTU.

Windows SCADA
2.1.2 Connection
This specifies the type of communication network to be used. Choose RS232 for communication lines
that will communicate directly through a serial port on the SCADA host (i.e., a COM port known to
Windows). Choose TCP/IP for all connections that rely on the TCP/IP network (RTUs with network
interfaces, or serial ports on terminal servers).
2.1.3 Auto Start
Set this flag if you want the scan task to start automatically when the SCADA system starts up, either
initially, or as the result of a failover.
2.1.4 Mode
This is a drop-down list that can be set to either Poll or Quiescent. If Poll is chosen, the scan task
performs regular round-robin exception polling. Quiescent means the scan task does not poll, but accepts
unsolicited messages from the RTUs.
For the Modbus scan task, choose Poll.
2.1.5 Link Status

The Link Point is not optional, and must be a status point. This point will be used by the scan task to
indicate the Up or Down status of the communication line.
The scan task will set the point to its normal state when the communication line is working (i.e., there is
successful communication with at least one RTU), and to the abnormal state when it is failed.
2.1.6 Time Between Scans
This parameter specifies the time to wait (in milliseconds) between each poll of an RTU.
2.1.7 Short Response Timeout
This parameter specifies the time to wait (in milliseconds) between each read for URBE messages. The
value of this parameter should not be greater than the value of the “time-between-scans” parameter. If
URBE messaging is not enabled (via the /URBE switch), this parameter is not used.
2.1.8 Long Response Timeout
This parameter specifies the time to wait, in milliseconds, for a complete response from the RTU. The
time includes the transmission time of the request itself.
2.1.9 DLL Short Response Timeout
This parameter is not used by the Modbus scan task.

Windows SCADA
2.1.10 DLL Long Response Timeout
This parameter is the time, in milliseconds, that the scan task is to wait for a socket connection on TCP/IP
networks. If this parameter is zero or less than 2000 milliseconds, 2000 milliseconds is used for
compatibility reasons.
2.1.11 Error Recovery Time
This is not used by the Modbus scan task.
2.1.12 Idle Time
This specifies the minimum time delay, in milliseconds, that the scan task is to execute between all
transmissions on this communication line.
2.1.13 Poll Retry Count
This parameter is the number of times that the scan task will retry its polls, before deciding that the RTU is
not responding.
2.1.14 Interleave Factor
This parameter specifies how often the scan task is to interrupt its normal round robin polling to perform a
fast-scan poll or a retry after error. If the interleave factor is 2, for example, then the scan task will check
for fast scan or error retry requirements after every 2 normal polls. See sections 3.1.5, Fast Scan, and
2.1.15 Polling Parameters

Various timers are specified to control the rate of certain events. However, in the MODBUS scan task,
only Time Sync Interval is currently used. Please leave all other parameters blank since they may be used
in the future.
Time Sync Interval

If any RTUs on this communication line require periodic synchronization of their clocks, enter the desired
time sync interval here.
You must also define the desired time format for each RTU by specifying a configuration option. If you do
not define a time format for an RTU, no time sync commands will be sent to that RTU.
2.1.16 Display Extra Configuration Switches
This field allows you to specify certain “command line” switches to control the behavior of the scan task.
The switches supported by the Modbus scan task are described below. Specify each switch you need by
entering /name=value in this field. You do not need to add a space or other punctuation between
switches.
There are currently no additional configuration switches.

Windows SCADA
2.2 Communication Line Data Fields—Connections
The Connections tab on the Edit Communication Line dialog contains the data fields discussed below.
Figure 2-2 Edit Communication Line Dialog (Connections)
2.2.1 Port Parameters
The Connection tab provides for up to two communication ports. If information is provided for both ports,
the scan task can switch from one to the other if communication using the first port is not successful.
Normally, at least one port is required to create a functional communication line (except when connections
are defined for each RTU, as described in section 3.2, RTU Data Fields—Connections.
Each port corresponds to a physical or logical connection from the host computer to the communication
medium. For RS232 communication lines, this means a serial port attached to the host computer. For
TCP/IP communication lines, a port might mean a serial port on an external terminal server, or it may be
some other network connection identified by a host name (or address) and port number.

Windows SCADA
TCP/IP Connections (found on the General page)
Host Port
For a TCP/IP connection, there will be a TCP/IP port number that must be entered here. For terminal
servers, the port number of the desired serial port should be entered. Consult the terminal server
documentation to determine which port numbers to use.
COMM Connections (found on the General page)
Port Name
For RS232 communication lines, this must be the name that identifies the serial port, in the form COMn,
where n is a unique number. This is the same name that Windows knows the port by.
For TCP/IP communication lines, this will usually be the name that identifies the other device that we are
communicating with over the network. It may be the RTU itself, or more commonly, a terminal server.
Alternatively, it may be a fixed IP address of the form nnn.nnn.nnn.nnn.
Baud Rate, Parity

Select from the available choices for baud rate and parity (this is not applicable to TCP/IP connections or
terminal server ports). Note that the hardware you are using (modem, radio, RTU, etc.) must support the
chosen speed as well.
NOTE: For a terminal server, the port must have these parameters programmed into the terminal server
itself. Data that you enter here will be ignored.
Common Fields
Keying
The Modbus scan task does not presently support carrier keying, except by using an external Port Transfer
Module (PTM). The PTM must be configured to buffer the outgoing messages and assert RTS at the
required times. This action is transparent to the scan task, so leave this field set to <None>.
Keyup & Keydn Delay

The Modbus scan task does not presently support carrier keying, as discussed above. Leave these fields
blank.
Retry Count
The Modbus scan task does not presently use this field. Leave this field blank.
2.2.2 Connection Switch

The Modbus scan task does not make use of this status point when switching between ports. Instead,
each RTU defines a status point to indicate which port is used to communicate with that RTU. See
paragraph 3.2.1, Port Switch Point.
2.2.3 Dial-Up Parameters
Dial-up communication lines are not presently supported by the Modbus scan task. None of these fields
are used by the Modbus scan task. Leave the mode at Disabled.

Windows SCADA
2.3 Communication Line Data Fields—MODR
Figure 2.3 Edit Communication Line Dialog (MODR)
2.3.1 Logging
The Log option specifies the scan task is to log communications to a file. The file will be created in the
folder specified when Windows SCADA was installed. The default folder name is C:\Program
Files\Quindar\ScadaServer\LogFiles. The file name is comprised of the protocol name, the communication
line id and the current date. For example, a file name from communication line ID 1 on August 2, 2015
would be MODR1-2015-08-02.log.
Care should be taken when using this option and should only be enabled for short periods of time, as the
file will continue to grow and consume all the free space on the disk.

Windows SCADA
The valid values for this option are as follows:
 <None> (Logging disabled)

 Turn logging on for errors
 Turn logging on with hex
 Turn logging on for debugging
2.3.2 Infrequent Poll Interval

This option specifies the infrequent poll interval. Analog and status points with “infrequent poll” flags set in
their telemetry addresses are polled only after “n” round-robin poll cycles. See section 4.1,Analog Point
Editor Data Fields—General. If you do not specify this option, a default value of 10 is used.
Maximum gain from this feature will be realized if infrequently scanned points are clustered together in a
memory area of the RTU. In general, fragmented database layouts should be avoided in order to
minimize polling overhead (reading discontinuous areas in the RTU’s memory requires multiple polls).
2.3.3 Analog Threshold Value

This option specifies a threshold value against which analog points with certain format codes are
compared. For these format codes, if the raw (unscaled) analog point value is less than the threshold, the
scan task stores a value of zero. See section 4.2.2, Format.
2.3.4 Critical Data Interval

This option specifies a critical data interval, in seconds. At 5 seconds after every critical data interval, the
scan task marks all critical data analog points as telemetry failed. The purpose of this is to indicate to
applications (such as pipeline modeling and leak detection programs) that the critical data point values are
now “old” and that the points should be considered telemetry failed until their values are next updated by
regular polling (at which time the quality codes will revert from telemetry failed back to normal).
The analog points that are to be considered as critical data points are identified by a qualifier in the “Data
Type” field of the telemetry address. See section 4.2, Analog Point Editor Data Fields—Telemetry.
If the Critical option is not specified or the critical data interval is zero, the scan task will not perform any
critical data processing.
The scan task starts a new critical data interval at every new hour. Critical data intervals that do not divide
evenly into an hour are therefore not meaningful.
2.3.5 Modbus Protocol Selection
Selecting Modbus TCP Protocol indicates that the scan task will be communicating to this RTU with this
protocol.
Selecting Modbus RTU Protocol indicates that the scan task will be communicating to this RTU with this
protocol.

Windows SCADA
2.3.6 URBE
This option is used to:
 Indicate that the RTUs connected to this communication line may transmit Unsolicited Report By
Exception (URBE) messages
 Assign an URBE slave address in an URBE message. The slave address should be greater than
0, and is normally 90 (/URBE=90). If the switch is absent or set to a value of 0, then no URBE
messages are expected from this communication line

Windows SCADA
2.4 Communication Line Data Fields—Statistics
Figure 2.4 Edit Communication Line Dialog (Statistics)
2.4.1 Timeout Point

The Modbus scan task does not make use of this analog point to count timeouts. Instead, each RTU
defines an analog point to count timeouts. See paragraph 3.4.5, Timeout Count.
2.4.2 Bad Messages

The Modbus scan task does not make use of this analog point to count bad messages. Instead, each
RTU defines an analog point to count bad messages. See paragraph 3.4.4, Bad Message Count.
2.4.3 Unexpected Messages

The Modbus scan task does not make use of this analog point.
2.4.4 Current RTU

The Modbus scan task does not make use of this analog point to display the current RTU being polled. So
you do not have to specify a point in this field.

Windows SCADA
3 RTU
This chapter describes how to define an RTU for the Modbus scan task. Only the items that are specific to
the Modbus scan task are included in this discussion.
The STC Explorer is used to create or modify an RTU’s definition. The dialog box that allows you to do
that has several tabs, each of which includes different data. You will normally begin on the General tab,
which is illustrated in Figure 3-1.
Modbus Scan Task User’s Guide RTU 3-1

Windows SCADA
3.1 RTU Data Fields—General
The data fields found on the General tab of the Edit RTU dialog are described below.
Figure 3-1 Edit RTU Dialog (General)
3.1.1 Communication Line
This is the field where you specify which of the existing communication lines is used to communicate with
this RTU.
3.1.2 Address
Each RTU must have a unique address on the communication line. RTU addresses do not have to be
assigned sequentially. Enter the actual Modbus address of the RTU here. For the Modbus scan task, the
valid range for individual RTU numbers is 0 to 255 (0xFF). The scan task uses RTU number 0 for
messages broadcast to all RTUs.

Windows SCADA
3.1.3 Connection
If you have specified connection information on the communication line (in section 2.1.2 Connection), then
you should set this to Use ComLine. But if your communication line is set to Use RTU, then you must
choose TCP/IP here. This makes the fields on the Connections page available for you to specify individual
connection information for this RTU (see section 3.2,RTU Data Fields—Connections).
3.1.4 Link Status
This is the name of a status point that exists in the database. This point will be used by the scan task to
indicate the communication status of the RTU. You must define this point, it is not optional.
3.1.5 Fast Scan
This is the name of a status point that can be used as a switch to speed up polling of the RTU. Setting
this point to a value of “1” causes the scan task to place this RTU on “fast scan” (i.e. poll this RTU more
frequently than others, based on the interleave factor). Setting this point to a value of “0” causes the scan
task to take the RTU off fast scan.
If this field is left blank, the RTU will still be fast scanned automatically during control operations, but you
will not be able to initiate fast scan yourself.
3.1.6 Display Extra Configuration Switches
There are no extra configuration switches used for this protocol.

Windows SCADA
3.2 RTU Data Fields—Connections
This page (see Figure 3-2) provides for one or two communication connections for this RTU. Much of this
information is not needed for typical communication lines. But if you have a network connecting all of your
RTUs (typically this will mean there is a terminal server or network interface at each RTU), you will need to
specify a separate host name and port for each of them. This is done using the fields on this page (and
the corresponding fields on the communication line can be left blank).
Figure 3-2 Edit RTU Dialog (Connections)
3.2.1 Port Switch Point
If this RTU is on a communication line that has two ports defined (section 2.2.1, Port Parameters), this
status point is required. The point is used to show which port the RTU is currently being polled on. When
the point’s value is 0, the scan task is using the first port. When the status point’s value is 1, the scan task
is using the second port.
Whenever it wants to poll an RTU, the scan task first tries the port currently indicated by the RTU’s port
switch status point. If the poll fails, the scan task places the RTU on “error scan” and retries. If the retry
count expires, the scan task switches to the other port (and sets the RTU’s port switch status point
accordingly). If polling fails there also, after its own retries, the scan task declares the RTU failed, but
continues to poll the RTU, flipping between both ports as described above.

Windows SCADA
You can force the scan task to either port by manually setting the port switch status point.
The port switch status point may be defined as a non-alarm point if you don’t want to be bothered by
alarms on this point when the scan task is constantly switching ports hunting for a dead RTU.
While the scan task is using one particular port for an RTU, it does not check the other port for availability.
Such checks can be made manually by manually setting the port switch point. If you do this, don’t forget to
remove the manual set, or the scan task will not be able to switch and ports when it needs to. If you define
the port switch point as a control point associated with a dummy scan task, then you don’t have to worry
about manual set. Alternatively, you can automate the forced switching process via a command sequence.
3.2.2 Switch Port after
Enter the number of consecutive error responses (timeouts, wrong replies, security errors, etc.) that will be
tolerated before the scan task switches from the current port to the other one (if one is defined for the
communication line the RTU is using).
3.2.3 Channel Switch Point, Switch Channel after
The Modbus scan task does not presently support channel switching, so leave these fields blank.
3.2.4 Host Name
The next two fields are only used when the connection in the General tab is set to “Use RTU Settings”.
This is the name or IP address that identifies the device that we are communicating with over the network
(e.g. the terminal server or RTU network interface).
3.2.5 Host Port
For a TCP/IP connection, there will be a TCP/IP port number that must be entered here. For an RTU, it
may have a fixed value specified by the RTU manufacturer. In a terminal server, it may correspond to the
hardware port on the server (for example, port 2003 might correspond to the 3rd terminal server port). Port
numbers below 1024 are normally not used, since they are reserved for other well-known protocols used
on the network.

Windows SCADA
3.3 RTU Data Fields—MODR
This page contains information related to the port-switching feature. You may use the Browse buttons
provided to select a status point for each switch discussed below.
3.3.1 PLC Model

This option identifies the PLC model of the RTU. See Appendix “B” of the Gould Modbus Protocol
Reference Guide.
Different PLC models support varying maximum response lengths for different function codes, so the scan
task uses the PLC Model to “size” its poll requests appropriately.

Windows SCADA
The table below lists, for each model, the maximum number of points of each type that can read or written
to in a single message.
Table 3-1 Maximum Points Transmitted Per Message

Read Read Read
Model PLC Read Input Holding Input Force Preset
Number Model Coil Status Register Register Coil Register
0 Micro 84 64 64 32 4 1 1
1 184 256 256 100 100 1 1
2 Not used 64 64 32 4 1 1
3 384 256 256 100 100 1 1
4 484 256 256 254 32 1 1
5 584 256 256 125 125 1 1
6 Not used 64 64 32 4 1 1
7 Not used 64 64 32 4 1 1
8 884 250 250 125 125 1 1
9 Single 1 1 1 1 1 1
Register
Reads
3.3.2 Input Status Multiples

This option allows you to specify how Input Status polls are requested. The selections for this option are:
 Multiples not required, use database (Default)

 Multiples of 16
The default is Multiples not required, use database. The scan task will poll for Input Status requesting the
number of Input Status registers defined in the Master database.
If Multiples of 16 is selected, the scan task will poll for Input Status requesting 16, 32, 48, etc. registers at
a time.
3.3.3 Control Poll Errors

This option allows you to specify how the Modbus scan task handles timeouts and CRC errors for controls
and setpoints. This option is typically used when the Master request is received by the RTU but the
response from the RTU is often lost or corrupted, resulting in control echo failure and unexpected status
change alarms. This option is not available for Template controls as they require validation for each step.
The selections for this option are:

 Process Poll Errors (Default)
 Ignore Timeout and CRC errors
The default is to treat timeouts and CRC errors as control echo failures.

Windows SCADA
3.3.4 Time Sync Method
This option allows you to specify how the Modbus scan task handles sending time synchronization
commands. There is no method for this inherent in the Modbus protocol, but some manufacturers
implement specific methods in their devices.
At present, only the method used by ION meters (by Schneider Electric) is implemented. This sends a 1-
second resolution, “Unix” style, 32-bit time (in UTC) to registers 41926 and 41927. It is sent by way of a
Preset Multiple Registers command, with the high-order bits in the first register.
3.3.5 Initial Poll Template

This option allows you to specify a Template that the Modbus scan task can execute before every poll
sequence. The Template can contain multiple operations and can be used for such things as writing an
access password to the device. If a Template is specified, it must complete successfully before the any
other registers or coils are polled. The Modbus scan task will retry the Template Poll retry count times if
necessary. If the Template does not complete successfully, no other polling will take place.
The Template Editor is used to edit the Template for the initial poll operation. The initial poll Template
parameter definitions are the same as for Template Control see section 5.3 Template Controls.
The initial poll Template is not used for controls. If you require similar action for controls, then you specify
the operations in the Template Control.
3.3.6 Allow All Data Polls

This option allows you to enable/disable all data polls for this RTU. The Modbus scan task polls for all data
at start-up, failover, recovery of a failed RTU or at the All data interval. Unless you have infrequent polling
points or non-zero groups, the Modbus scan task basically always polls for all points, so this option is
mostly intended for configurations with groups & triggers.
3.3.7 Disconnect After Poll Sequence

This option allows you to disconnect from the TCP/IP connection to the RTU after the entire poll sequence
to the RTU has completed. This option is useful in cases where the RTU is infrequently polled and also
where data charges may apply.
3.3.8 UDP
This option allows you to specify that communication to the RTU over the network will be via UDP. The IP
address and port number supplied in the Connections tab will be used for UDP communication.

Windows SCADA
3.4 RTU Data Fields—Statistics
Several point names may be specified on this page, using the browser buttons provided. The function of
these points is described below.
Figure 3.4 Edit RTU Dialog (Statistics)
3.4.1 Percentage Communication Point
This is an analog point to contain a percent active communication statistic (100% means no errors). The
statistic is calculated by passing 0s and 1s through a low-pass digital filter, where 0 is input to the filter on
a communication error and 1 is input on a communication success. Errors include timeouts, security
(CRC) errors and wrong replies. If this field is left blank, this statistic is not maintained.

Windows SCADA
The digital filter consists of:
xi 1  K  xi   (1  K )  ui 
where:
ui is the input to the filter

xi is the filtered output
K is the filter constant
The filter constant used is 0.5.
If this point is not specified, then no percent communication statistic is calculated for this RTU.
3.4.2 Total Message Count
This is an analog point to contain a count of all messages received from this RTU. You can use this, in
comparison with the three counters discussed below, to evaluate the communication with this RTU. If this
field is left blank, this statistic is not maintained.
3.4.3 Good Message Count
This is an analog point to contain a count of correct messages received from the RTU. It is incremented
whenever a correctly formed reply is received, and was expected. If this field is left blank, this statistic is
not maintained.
3.4.4 Bad Message Count
This is an analog point to contain a count of incorrect messages received from the RTU. The bad
message count is incremented whenever an incorrectly formed reply is received (including security
errors), or when the reply was not the one expected (either the RTU number or the opcode in the
message was incorrect, for example). If this field is left blank, this statistic is not maintained.
3.4.5 Timeout Count
This is an analog point to contain a count of communication timeout errors (no response errors). The
timeout count is incremented once each time the number of bytes of data from the RTU falls short of the
expected number. If this field is left blank, this statistic is not maintained.
3.4.6 Send Message Count
This statistic is not gathered by the Modbus scan task. Leave this field blank.

Windows SCADA
3.4.7 Dial-up Override Interval
3.4.8 Dial-up Status
3.4.9 Time of Last Good Poll
3.4.10 Time Between Scans Override
3.4.11 Telemetry Failed Indicator

Windows SCADA
4 Analog Point
This chapter describes how to define analog points for the Modbus scan task. The Edit Analog Point
dialog from the STC Explorer is illustrated in Figure 4-1.
Modbus Scan Task User’s Guide Analog Point 4-1

Windows SCADA
4.1 Analog Point Editor Data Fields—General
This section describes the fields specific to Modbus. For fields not described here please go to the
DB-401 Window SCADA Point Database Editing Guide.
Figure 4-1 Edit Analog Point Dialog
4.1.1 Scale Factor and Offset
The scale factor and offset represent the conversion factors for a linear transformation of the RTU’s raw
input values to engineering units.
To determine the appropriate scale factor and offset, you can use the two formulas below:
MaxEngineeringValue  MinEngineeringValue
(1) ScaleFactor 
MaxRawValue  MinRawValue
(2) Offset  MinEnginee ringValue  ScaleFactor  MinRawValu e 

Windows SCADA
where the Max and Min engineering values are the values you want to see, and the Max and Min raw
values are the range of values obtained from the RTU.
Suppose, for example, that you are using a 4-20 mA transducer to measure water level in a reservoir, and
that the RTU’s D/A converter converts this to measured raw values in the range 400 to 2000. If the
minimum and maximum water levels are 100 and 200 meters respectively, then equations (1) and (2)
produce:
200  100
ScaleFactor   0.0625
2000  400
and
Offset  100  0.0625  400   75 .0
You can check your work by using the resulting scale factor and offset to convert a mid-point raw value. In
this case, a mid-point raw value of 1200 scales to the expected engineering value of 150 meters.
4.1.2 Clamp
This defines a deadband range of engineering values inside of which an input will be clamped to an
engineering value of zero. This allows you to eliminate noisy readings around the zero mark of the
engineering scale.
The zero clamp deadband is specified in engineering units, and is applied to all points except those with
format code 16. See section 4.2.2 Format
You can use this to eliminate the annoying small readings that often show up on a dead or empty line
because of sensor noise or slight mis-calibration. For example, if the zero clamp deadband is 3.0, then
any input value which converts to between +3.0 and -3.0 engineering units will be clamped to zero.
4.1.3 Exception Window
This is a code that usually specifies an exception deadband to be downloaded to the RTU. Since the
Modbus protocol does not support exception reporting, leave this field blank.

Windows SCADA
4.2 Analog Point Editor Data Fields—Telemetry
The telemetry address specifies the type and location of the point within the RTU. You should consider
the choice of RTU to be part of the telemetry address as well, since you may have another point with the
same address on this communication line, so long as it is on a different RTU.
Figure 4-2 Edit Analog Point Dialog

Windows SCADA
4.2.1 Telemetry Address
The meaning of the parts of the address is given in Table 4-1. If this point is to be a telemetered point,
tick the checkbox for Telemetry Address, select the RTU that will provide the data, and fill in the required
address.
Table 4-1 Analog Telemetry Address Fields

Telemetry
Address
Field Meaning
Register # Register number (1-n)
Data Type Data types (see Table 4-3)
Groups and Triggers Trigger Value, Trigger Group & Group (see Table 4-4)
The Register # field is used to specify the relative register number within the point’s data type. The
register numbers for each data type start at “1”. The value of “n” depends on the configuration of the
RTU. See your RTU vendor’s documentation.
Note that devices from different vendors may have different register numbering schemes. And typically,
each type of point has a different range of point numbers. For example, holding registers in a particular
device may be numbered starting at 20,001 and input registers may start at 30,001. And in a different
device, the point numbers might be in a different range. But in the Modbus communication protocol itself,
point numbers for each type always start at zero. In the Survalent SCADA system, the point numbers of
each type all start at 1. So, in the example device mentioned above, the number of the first holding
register is 20,001 in the device, in the communication between the scan task and the device register 0 is
used, and in the SCADA database (in the “Register #”) 1 is used.
Table 4-2 describes the common register number ranges and how to map them to telemetry address
fields. The Register # Field is calculated by: (Register Number – start range) + 1. For example, for Input
Register number 30,001, the Register # Field would be (30,001 – 30,001) + 1 = 1 and the Data Type Field
would be Input Register. For Holding Register number 20,100, the Register # Field would (20,100 –
20,001) + 1 = 100 and the Data Type Field would be Holding Register.
Table 4-2 Common RTU Register Numbers Mapped to Analog Points

Register Number Data Type Register #
1 – 10,000 Coil Status N/A
10,001 – 20,000 Input Status N/A
20,001 – 30,000 Holding Register 1 – 10,000
30,001 – 40,000 Input Register 1 – 10,000
40,001 – 50,000 Preset (Setpoints) 1 – 10,000
For best performance, points should be arranged in large blocks. This minimizes the overhead of a
separate poll for each discontinuous block. The scan task does optimize across small discontinuities in
the point list by including small unused memory areas in its poll requests, but this wastes transmission
time.

Windows SCADA
The allowed Data Types are listed in Table 4-3 below. The scan task uses one function code to poll
Holding Registers and another function code to poll Input Registers.
Table 4-3 Analog Data Types

Data Type
Holding Register
Input Register
The data types can optionally be qualified as Infrequent or Critical.
The Infrequent qualifier indicates these points will be scanned at a less frequent rate than other registers.
See section 2.3.2 Infrequent Poll Interval.
The Critical Data qualifier indicates these points will be set to Telemetry Fail 5 seconds after the critical
data interval. See section 2.3.4 Critical Data Interval.

Windows SCADA
The Groups and Triggers are optional and are normally set to zero. However, this option is particularity
useful when data charges apply and you are attempting to limit the amount of polling and data returned.
Groups and Triggers are comprised of three components that allow you to group points in such a way that
the value of one point can trigger polling of points assigned to another group. See Table 4-4 for the
Groups and Triggers definition.
How groups and triggers work:
Points assigned to group zero are always polled. If any point from group zero has a non-zero trigger
group, the returned value is checked against its trigger value. If the trigger value passes, all points
assigned to the trigger group will be marked for polling.
Points that are assigned to non-zero groups with non-zero trigger groups that are polled as a result of
triggers from other groups, will also have their returned value checked against their trigger value. If the
trigger value passes, all points assigned to the trigger group will be marked for polling.
So effectively, group zero points could cause polling of other groups, which could cause polling of other
groups and so on.
The Modbus scan task will pass through all groups three times checking if other groups have been
triggered by other groups. This is to prevent constantly looping through groups.
Table 4-4 Groups and Triggers

Field Meaning
Group Range 0-9
Trigger Group Range 0-9
Trigger Value Range 0-654
0 = trigger on any non-zero value
Non-zero = trigger on this value only
Take for example an analog point that is assigned to Group 0, Trigger Group is 1 and has a Trigger Value
of 45. This point will always be polled as it is assigned to group 0. If it’s returned value (after scaling) is
equal to the Trigger Value 45, all points assigned to Group 1 will be polled.
Another example of an analog point that is assigned to group 1, Trigger Group is 2 and has a Trigger
Value of 0. This point will only be polled if another point(s) with a Trigger Group of 1 results in Group 1
points being polled. If this point is polled and it’s returned value (after scaling) is any non-zero value, all
points assigned to Group 2 will be polled.

Windows SCADA
4.2.2 Format
This field specifies how the scan task should process the input data from the RTU. Valid formats for non-
setpoints are listed in Table 4-5.
Table 4-5 Input Formats for Analog Points

Format Name Input Range Registers Order
12-bit binary, unsigned 0 to 4095 1
12-bit binary, unsigned with threshold check 0 to 4095 1
Dual 12-bit binary, unsigned (low, high) 0 to 999,999 2 Low, High
16-bit binary, unsigned 0 to 65535 1
16-bit binary, signed -32767 to +32767 1
16-bit accumulator, store delta 0 to 65535 1
32-bit accumulator, add delta (high, low) 2 High, Low
IEEE floating point (high, low) 2 High, Low
12-bit BCD 0 to 999 1
12-bit BCD with threshold check 0 to 999 1
Dual 12-bit BCD (low, high) 0 to 999,999 2 Low, High
16-bit BCD 0 to 9,999 1
Dual 16-bit, unsigned (low, high) 0 to 2 Low, High
4,294,967,295
IEEE floating point (low, high) 2 Low, High
Dual 16-bit, unsigned (high, low) 0 to 2 High, Low
4,294,967,295
Dual register accumulator, add delta (low, high) 0 to 999,999 2 Low, High
16-bit accumulator, add delta 0 to 65535 1
Dual 16-bit, signed (high, low) -2,147,483,647 to 2 High, Low
2,147,483,647
Dual 16-bit, signed (low, high) -2,147,483,647 to 2 Low, High
2,147,483,647
In the case of dual-register points, the telemetry address is assumed to point to the first of two
consecutive 16-bit registers in the RTU. In some cases, the first register contains the low order part of the
dual-register value, and the second register contains the high order part. In other cases, the first register
contains the high order part and the second register contains the low order part. In either case, the two
registers are combined to produce one database value.

Windows SCADA
Formats 12-bit binary unsigned with threshold check and 12-bit binary with threshold check
The scan task compares the raw analog input value against the threshold specified in the communication
line. See the /Threshold paragraph of section 2.1.16, Display Extra Configuration Switches. If the value is
less than the threshold, the scan task uses a raw input value of zero.
Formats Dual 12-bit binary unsigned (low, high) and Dual 12-bit BCD (low, high)
The scan task multiplies the contents of the second register by 1000, adds the contents of the first
register, and then scales and stores the result into the database. For example, if the first word is 123, and
the second word is 456, then the stored point value is 456123.
The upper 4 bits of each word are masked out. Note that meaningless values are obtained if the content
of each word is not restricted to the range 0-999.
Format 16-bit accumulator store delta

The scan task calculates the delta (the difference between this reading and the previous reading), scales
it using the scale factor only (no offset), and stores the scaled delta into the counter point. The scan task
assumes that rollover occurs at 65,535.
If the delta is negative and represents a change of greater than 6554 (10% of the range), the scan task
assumes that the RTU reset and that the accumulator in the RTU has restarted from zero. Accordingly, in
this case, the scan task sets the delta to just be the current accumulator reading.
This format causes the scan task to store scaled deltas into the counter point. This corresponds to storing
current demand or current flow rate values. An alternate format “16-bit accumulator add delta” allows you
to accumulate the scaled deltas to produce total consumed energy or total flow volumes. See below.
Format 32-bit accumulator add delta (high, low)

The scan task treats the two registers as one 32-bit integer, computes the delta (the difference between
this reading and the previous reading), scales it using the scale factor only (no offset), and adds the result
to the current point’s value to produce a total accumulation. If the delta is negative, a rollover correction is
applied.
Prior to updating the point’s value, the scaled delta is validated by calculating a flow rate as follows:
scaled delta * 3600

flow = --------------------------------
seconds since last poll
and testing this against a threshold specified on the STC Explorer by the point’s OFFSET field. If the
calculated flow rate exceeds the threshold, an alarm is raised and the point is not updated. The alarm is
raised with priority 3 and is based on alarm format #99, which should contain:
N2,’,’,N1,’ ’,B40
Following the name of the point, the text of the alarm is:
DELTA ERROR – POINT NOT UPDATED
If the threshold is zero, the scan task skips the flow rate validation.
Format IEEE floating point (high, low) and IEEE floating point (low, high)

Windows SCADA
With format IEEE floating point (high, low), the scan task assumes that the first register contains the high-
order half of a 32-bit IEEE floating point value, and that the second register contains the low-order half.
With format IEEE floating point (low, high), the scan task assumes that the first register contains the low-
order half of a 32-bit IEEE floating point value, and that the second register contains the high-order half.
Formats Dual 16-bit unsigned (low, high), Dual 16-bit unsigned (high, low),
Dual 16-bit signed (high, low) and Dual 16-bit signed (low, high)
The scan task multiplies the contents of the high order register by 65536, adds the contents of the low
order register, and then scales and stores the result into the database.
Format Dual register accumulator add delta (low, high)

The scan task multiplies the contents of the second register by 1000, and adds the contents of the first
register. It then calculates the delta (the difference between this result and the previous reading) and
scales it using the scale factor only (no offset). Then it adds the scaled delta to the value in the database,
thus producing an accumulated value. The scan task assumes that rollover occurs at 1,000,000.
Format 16-bit accumulator add delta

The scan task calculates the delta (the difference between this reading and the previous reading), scales
it using the scale factor only (no offset), and adds the scaled delta to the counter point’s value. The scan
task assumes that rollover occurs at 65,535.
If the delta is negative and represents a change of greater than 6554 (10% of the range), the scan task
assumes that the RTU reset and that the accumulator in the RTU has restarted from zero. Accordingly, in
this case, the scan task sets the delta to just be the current accumulator reading.
This format causes the scan task to accumulate scaled deltas. This corresponds to storing total
consumed energy or total flow volumes. If you reset the value of the counter point to zero or some other
value, the point will continue to accumulate from its reset value.
An alternate format 16-bit accumulator store delta, allows you to store (rather than accumulate) the scaled
deltas. This produces current demand or current flow rate values. See above.
4.2.3 Setpoints
Setpoints are defined as analog points with a device class of Set-Point and
The Format field will display the following selections when you choose Set-Point as the Device Class.
Setpoints are defined as analog points with a device class of 3, and with the following telemetry
addressing:
Table 4-6 Setpoint Control Address

Address Field
Preset Register # (range 1-n)
Setpoint Data Type (see Table 4-7)
The Preset Register # field of the address specifies the number of the register to be preset. The valid
range is 1 to the number of registers in the RTU. In the protocol message itself, the value of Preset
Register # is decremented by one before being transmitted.

Windows SCADA
The Setpoint Data Type field is used to specify the data type. Allowed values are listed in the table below:
Table 4-7 Setpoint Data Types

Data Type
Binary data
Time sync
BCD data
IEEE floating data
The formats to use when you choose Set-Point as the Device Class are listed in Table 4-8.
Table 4-8 Setpoint Formats

Format Output Range
12-bit output 0 to 4095 binary, or 0 to 999 BCD
16-bit output 0 to 65535 binary, or 0 to 9999 BCD, or time sync
16-bit output -32767 to +32767
IEEE float Dual registers – high, low
32-bit unsigned Dual registers – low, high 0 to 4,294,967,295
IEEE float Dual registers – low, high
32-bit unsigned Dual registers – high, low 0 to 4,294,967,295
32-bit signed Dual registers – high, low -2,147,483,647 to 2,147,483,647
32-bit signed Dual registers – low, high -2,147,483,647 to 2,147,483,647
4.2.3.1 IEEE Floating Point & 32-bit signed/unsigned setpoint values
For IEEE floating point and 32-bit signed/unsigned setpoint values, the scan task writes two consecutive
registers using one Preset Multiple Registers command. The Preset Register # part of the address must
specify the first register. Different formats allow you to specify whether the first register or the second
register is the more significant register.
4.2.3.2 Time Sync
In a Time Sync setpoint, the value entered for the setpoint is not what is actually sent to the RTU. What is
sent to the RTU is a current time value that the scan task computes as the number of seconds since the
start of the current hour.
4.3 Analog Point Editor Data Fields—Alarms

This tab is not protocol specific. Please refer to DB-401 Window SCADA Point Database Editing Guide for
more information.

Windows SCADA
5 Status Point
This chapter describes how to define status points for the Modbus scan task. The Edit Status Point dialog
from the STC Explorer is illustrated in Figure 5-1.
A status point can be defined to be any one of:

 Indication only
 Control only
 Combined indication and control
depending on whether a telemetry address and any control addresses are specified for it.
Modbus Scan Task User’s Guide Status Point 5-1

Windows SCADA
Status data may be read from any of the following:
 Coils
 Input Status
 Holding registers
 Input registers
5.1 Status Point Editor Data Fields—General

This tab is not protocol specific. Please refer to DB-401 Window SCADA Point Database Editing Guide for
more information.

Windows SCADA
5.2 Status Point Editor Data Fields—Telemetry
This group includes the telemetry address, and the two control addresses. You may also want to consider
the RTU to be part of the telemetry information, since you may have another point with the same address
on this communication line, so long as it is on a different RTU.
Each of the three addresses specifies the location of an input or output within the RTU. These fields
represent something different, depending on the type of address.
Figure 5-1 Edit Status Point Dialog
5.2.1 Telemetry Address
The telemetry address specifies the location of the status point within the RTU. The meaning of the parts
of the address is given in Table 5-1. If this point is to be a telemetered point, select the RTU that will
provide the data, tick the checkbox for Telemetry Address, and fill in the required address.

Windows SCADA
The Register # field is used to specify the relative register number within the point’s data type. The
register numbers for each data type start at “1”. The value of “n” depends on the configuration of the
RTU. See your RTU vendor’s documentation.
Table 5-1 Status Telemetry Address Fields

Telemetry Address Field
Register # (1 – n)
Data type (see Table 5-3)
Bit (1 – 16)
Trigger Value, Trigger Group & Group (see Table 5-4)
Note that devices from different vendors may have different register numbering schemes. And typically,
each type of point has a different range of point numbers. For example, coils in a particular device may be
numbered starting at 1 and input statuses may start at 10,001. And in a different device, the point
numbers might be in a different range. But in the Modbus communication protocol itself, point numbers
for each type always start at zero. In the Survalent SCADA system, the point numbers of each type all
start at 1. For example, if the number of the first input status is 10,001 in the device, 0 in the
communication between the scan task and the device 0 is used, and the SCADA database (in the “A”
address) 1 is used.
Table 5-2 describes the common register numbers and how to map them to telemetry address fields. The
Register # Field is calculated by, (register number – start range) + 1. The Data Type Field is the supported
data type. For example, for Input Register number 30,001 the Register # Field would be (30,001 – 30,001)
+ 1 = 1 and the Data Type Field would be Input Register. For Holding Register number 20,100 the
Register # Field would (20,100 – 20,001) + 1 = 100 and the Data Type Field would be Holding Register.
Table 5-2 Common RTU Register Numbers Mapped to Status Points

Register Number Data Type Register # Bit
1 – 10,000 Coil Status 1 – 10,000 N/A
10,001 – 20,000 Input Status 1 – 10,000 N/A
20,001 – 30,000 Holding Register 1 – 10,000 1 – 16
30,001 – 40,000 Input Register 1 – 10,000 1 – 16

Windows SCADA
The “B” part of the telemetry address specifies the data type. See Table 5-3 below.
Table 5-3 Status Data Types

Data Type Range for Bit
Coil Status N/A
Input Status N/A
Holding Register 1 to 16
Input Register 1 to 16
For data types Coil Status and Input Status, the Register # part of the telemetry address specifies the
relative point number within that data type. For both of these data types, the Bit field is not required.
For data types Holding Register and Input Register, the Register # part of the telemetry address specifies
the holding or input register number. In this case, the Bit part of the telemetry address specifies the bit
number within the register. Bit number 1 is the LSB (Least Significant Bit).
MSB LSB
Bit 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
For best performance, points should be arranged in large blocks. This minimizes the overhead involved in
multiple polls of discontinuous blocks of points. The scan task does optimize across small discontinuities
in point addresses by polling for ranges that include unused points, but this wastes transmission time.
The data types can optionally be qualified as Infrequent. The Infrequent qualifier indicates these points will
be scanned at a less frequent rate than other registers. See section 2.3.2 Infrequent Poll Interval.
The Groups and Triggers are optional and are normally set to zero. However, this option is particularity
useful when data charges apply and you are attempting to limit the amount of polling and data returned.
Groups and Triggers are comprised of three components that allow you to group points in such a way that
the value of one point can trigger polling of points assigned to another group. See Table 5-4 for the
Groups and Triggers definition.
How groups and triggers work:
Points assigned to group zero are always polled. If any point from group zero has a non-zero trigger
group, the returned value is checked against its trigger state. If the trigger state passes, all points
assigned to the trigger group will be marked for polling.
Points that are assigned to non-zero groups with non-zero trigger groups that are polled as a result of
triggers from other groups, will also have their returned value checked against their trigger state. If the
trigger state passes, all points assigned to the trigger group will be marked for polling.
So effectively, group zero points could cause polling of other groups, which could cause polling of other
groups and so on.

Windows SCADA
The Modbus scan task will pass through all groups three times checking if other groups have been
triggered by other groups. This is to prevent constantly looping through groups.
Table 5-4 Groups and Triggers

Field Meaning
Group Range 0-9
Trigger Group Range 0-9
Trigger State Range 0-4
0=trigger on state zero
1=trigger on state one
2=trigger on state two
3=trigger on state three
4=trigger on any non-zero state
Take for example a status point that is assigned to Group 0, Trigger Group is 1 and has a Trigger State of
1. This point will always be polled as it is assigned to group 0. If it’s returned state (after applying the
format) is equal to the Trigger State 1, all points assigned to Group 1 will be polled.
Another example of a status point that is assigned to group 1, Trigger Group is 2 and has a Trigger State
of 4. This point will only be polled if another point(s) with a Trigger Group of 1 results in Group 1 points
being polled. If this point is polled and it’s returned state (after applying the format) is any non-zero state,
all points assigned to Group 2 will be polled.
5.2.2 Input Format
This field specifies how the scan task should process the status input data received from the RTU.
Format Single Bit, Normal Processing

This format specifies normal processing of single bits. That is, received bit values of 0 and 1 are stored in
the database as 0 and 1 respectively.
Format Single Bit, Inverted Processing

This format specifies inverted single bit processing. That is, received bit values of 0 and 1 are stored in
the database as 1 and 0 respectively.

Windows SCADA
Dual Bit Formats
These formats allow dual-bit status points from the RTU to be mapped different ways into a consistent
internal database representation. The internal representation is shown in the table below:
Table 5-5 Standard Status Values
Status Status
Value Value
(Binary) (Decimal) State
00 0 Open
01 1 Closed
10 2 Transition
11 3 Error
Format Dual Bit, Low On = Open, High On = Closed

This format specifies “low bit on = open” and “high bit on = closed”. (“Low” means least significant, and
“high” means most significant.) When both bits are off, the point is in transition.
Table 5-6 Dual Bit, Low On = Open, High On = Closed Raw Bits to Database Mapping
Binary
Value Value
From Stored in
RTU Database State
00 2 Transition
01 0 Open
10 1 Closed
11 3 Error
Format Dual Bit, Low On = Closed, High On = Open

This format specifies “low bit on = closed” and “high bit on = open”. When both bits are off, the point is in
transition.
Table 5-7 Dual Bit, Low On = Closed, High On = Open Raw Bits to Database Mapping
Binary
Value Value
From Stored in
RTU Database State
00 2 Transition
01 1 Closed
10 0 Open
11 3 Error

Windows SCADA
Format Dual Bit, Low Off = Closed, High Off = Open
This format specifies “low bit off = closed” and “high bit off = open”. When both bits are on, the point is in
transition.
Table 5-8 Dual Bit, Low Off = Closed, High Off = Open Raw Bits to Database Mapping
Binary
Value Value
From Stored in
RTU Database State
00 3 Error
01 0 Open
10 1 Closed
11 2 Transition
Format Dual Bit, Low Off = Open, High Off = Closed

This format specifies “low bit off = open” and “high bit off = closed”. When both bits are on, the point is in
transition.
Table 5-9 Dual Bit, Low Off = Open, High Off = Closed Raw Bits to Database Mapping
Binary
Value Value
From Stored in
RTU Database State
00 3 Error
01 1 Closed
10 0 Open
11 2 Transition
Format Dual Bit, Pass through processing

This format specifies no mapping is required and the values are already in the standard format and are
stored directly in the database. See Table 5-5.

Windows SCADA
5.2.3 Control Address
The open (0) and close (1) control addresses allow you to perform certain operations. The meaning of
each field is given in Table 5-10. You must tick the checkbox next to any address(es) that you intend to
use.
Table 5-10 Control Types and Functions
Control Type Value/Bit Control Function Address
Force Coil N/A Coil Off Coil number (1-n)
Force Coil N/A Coil On Coil number (1-n)
Force Coil N/A Coil Pulse Coil number (1-n)
Preset Register 0 to 65535 Value Set Register number (1-n)
Preset Register 1 to 16 Bit Clear Register number (1-n)
Preset Register 1 to 16 Bit Set Register number (1-n)
Template N/A Various Template ID
Holding Register 1 to 16 Bit Clear Register number (1-n)
Holding Register 1 to 16 Bit Set Register number (1-n)
If the control type is Force Coil, the address specifies a coil number that the coil will be set to “Coil On” or
“Coil Off” or “Coil Pulse”. In the case of “Coil Pulse”, the scan task will simulate a pulse by first issuing a
“Coil On” command, delay for the control interval in milliseconds, then issue a “Coil Off” command. This
control type uses Function code 5 Force Coil.
If the control type is Preset Register, the address specifies a holding register and you have the option to
set a value, clear a bit or set a bit in a holding register. If setting a value, the valid range is 0 to 65,535. If
clearing or setting a bit, the holding register is first read, then the bit is cleared or set and written back to
the holding register. Bit number 1 is the LSB (Least Significant Bit). This control type uses Function code 3
Read Holding Register and Function code 6 Preset Register.
If the control type is Template, the address specifies a Template ID of the Template that the scan task is
to execute. See section 5.3 for more information on Template controls. This control type uses various
function codes.
If the control type is Holding Register, the address specifies a holding register and you have the option to
clear or set a bit in the holding register. Bit number 1 is the LSB (Least Significant Bit). This control type
uses Function code 22 (16 hex) Mask Write.
MSB LSB
Bit 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1

Windows SCADA
5.3 Template Controls
The Modbus scan task can execute a Template when multiple operations are required to operate a relay
or perform a complex task.
The Template Editor is used to edit the Template for the control operation. The Template Control
parameter definitions are illustrated in
Figure 5-2. The required format for the Template Control is described below.
Note: The general use of the Template Editor is described in document CS-400 Command Sequencing.
When a Template Control is received, the Modbus scan task initially sets the Step ($P1) to one and
executes the Template to retrieve the Command ($P2), Object ($P3), Value ($P4) and the next Step. The
scan task then performs the Modbus function returned in Command. The scan task then continuously
sets the Step to the value returned by the Template, executes the Template and performs the Modbus
function. This continues until the Template returns a Step value of zero. If no errors have occurred, the
scan task declares control success. Otherwise, it declares control failure.
This document includes sample Template code that performs Trip/Close operations on an ABB-PCD
Recloser. See section 5.3.5, Template Code to Trip ABB-PCD , and section 5.3.6, Template Code to
Close ABB-PCD .
NOTE: A Template Control can be tested/debugged by adding it as a Calculation to the Calculation Editor
and entering analog points for the parameters. Then manually set the Step point to one (remember to
activate the point to remove the manual set). The Step, Command, Object and Value points will change
on every calculation interval until the last step is performed.
Figure 5-2 Template Definition
Step ($P1)
Windows SCADA
This parameter is an analog input to the Template and an analog output to the scan task. It is used to
indicate the current step to be executed. The scan task initially sets this parameter to one for the first step
and for all other steps, passes the returned value back to the Template. The Template is responsible for
setting the step to be performed.
Command ($P2)
This parameter is an analog output to the scan task. It specifies the Modbus function to be performed.
The Modbus functions supported in Template Controls and the corresponding codes are listed in Table
5-11. If an invalid function is specified, the scan task stops the Template Control and declares a control
failure.
Table 5-11 Modbus Functions
Code Modbus Function
5 Force Single Coil
6 Preset Single Register
15 Force Multiple Coils
16 Preset Multiple Registers
Object ($P3)
This parameter is an analog output to the scan task. Its meaning depends on the Modbus function to be
performed.
Value ($P4)
This parameter is an analog output to the scan task. Its meaning depends on the Modbus function to be
performed.
The required parameters to be set by the Template for the Modbus functions are described in the sections
below.
5.3.1 Force Single Coil
This Template Control command forces a single relay coil to a specific state at the RTU. One Template
step is required for this command. The parameters specify the Coil number and either an ON or OFF
command.
Table 5-12 Template Command - Force Single Coil

Parameter Description
$P2 5 = Force Single Coil
$P3 Coil Number (1-n)
$P4 Command
0 = OFF
1 = ON

Windows SCADA
The following sample Template code forces coil 10 to ON.
if ($p1 == 1) ! If Force Single Coil Step

$p1=$p1+1 ! Set next Step
$p2=5 ! Force Single Coil Command
$p3=11 ! Coil #10 (n-1)
$p4=1 ! ON
else ! Else we’re done
$p1=0 ! Signal Template completion to scan task
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif
5.3.2 Preset Single Register
This Template Control command loads a 16-bit value into a single holding register at the RTU. One
Template step is required for this command. The parameters specify the Register number and the value
to transmit. The value is written into the register as is without any scaling or unscaling.
Table 5-13 Template Command – Preset Single Register

$P2 6 = Preset Single Register
$P3 Register Number (n-1)
$P4 16-bit Value
The following sample Template code loads the value 222 into holding register 100.
if ($p1 == 1) ! If Preset Single Register Step

$p2=5 ! Preset Single Register Command
$p3=101 ! Register #100 (n-1)
$p4=222 ! Value to load in register
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif
5.3.3 Force Multiple Coils
This Template Control command forces multiple relay coils to specific states at the RTU. Two or more
Template steps are required to supply all the information for this command.
In the first step of this command, the parameters specify the starting Coil number and the number of coils
(n) to operate. Following this step are mask step(s) containing the bit masks for the coil settings.
In the mask step(s) of this command, the parameters specify the bit mask for up to 8 coils at a time. The
mask is entered in decimal with each bit representing one coil (1=ON, 0=OFF).
The least significant (right most) bit of the mask represents the lowest coil number. The total number of
required mask steps can be calculated as (n/8)+1.

Windows SCADA
Once all the masks have been gathered from the Template, the scan task sends one request to the RTU.
Table 5-14 Template Command - Force Multiple Coils – First Step

$P2 15 = Force Single Coil
$P3 Starting Coil Number (n-1)
$P4 Number of Coils to force
Table 5-15 Template Command - Force Multiple Coils – Mask Step

$P2 0 = Not Applicable
$P4 Coil Mask (0-255)
The following sample Template code forces 10 coils, starting at address 20. Coils 20, 22, 23, 26, 27 and
29 are forced ON, while coils 21, 24, 25 and 28 are forced OFF. Note that in the mask for coils 28-29, the
bits for unspecified coils (30-35) are set to zero.
if ($p1 == 1) ! If Force Multiple Coil Step

$p2=15 ! Force Multiple Coil Command
$p3=21 ! Starting at Coil #20 (n-1)
$p4=10 ! For 10 consecutive Coils (20-29)
else if ($p1 == 2) ! Coils 20-27 Mask
$p2=0 ! n/a
$p3=0 ! n/a
$p4=205 ! Mask for Coils 20-27 (hex CD, binary 11001101)
else if ($p1 == 3) ! Coils 28-29 Mask
$p2=0 ! n/a
$p3=0 ! n/a
$p4=2 ! Mask for Coils 28-29 (hex 02, binary 00000010)
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif
endif
endif

Windows SCADA
5.3.4 Preset Multiple Registers
This Template command loads 16-bit values into multiple holding registers at the RTU. Two or more
Template steps are required to supply all the information for this command.
In the first step of this command, the parameters specify the starting holding register and the number of
registers (n) to load. Following this step are n value step(s) containing the 16-bit values to load into the
register(s). The values are loaded into the register(s) as is, without any scaling or unscaling.
Once all the values have been gathered from the Template, the scan task sends the request to the RTU.
Table 5-16 Template Command – Preset Multiple Registers – First Step
$P2 16 = Preset Multiple Registers
$P3 Starting Register Number (n-1)
$P4 Number of registers to load
Table 5-17 Template Command – Preset Multiple Registers – Value Step

$P4 16-bit Value
The following sample Template code loads 25190, 125 and 928 into registers 1050, 1051 and 1052
respectively.
if ($p1 == 1) ! If Preset Multiple Register Step

$p2=16 ! Preset Multiple Register Command
$p3=1051 ! Starting at Coil #1050 (n-1)
$p4=3 ! For 3 consecutive registers (1050-1052)
else if ($p1 == 2) ! Register 1050 Value
$p2=0 ! n/a
$p3=0 ! n/a
$p4=25190 ! Value to load
$p2=0 ! n/a
$p3=0 ! n/a
$p2=0 ! n/a
$p3=0 ! n/a
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif
endif
endif
endif

Windows SCADA
The following sections provide Template code to Trip/Close an ABB-PCD Recloser. The Trip/Close
command requires two Preset Multiple Register commands. The first command is equivalent to a Select
operation followed by an Execute operation.
5.3.5 Template Code to Trip ABB-PCD Recloser
! Select
!if ($p1 == 1) ! Select Step
$p1=$p1+1 ! Set next step
$p2=16 ! Preset Multiple Registers
$p3=1156 ! Starting Register 1155 (n-1)
$p4=5 ! For 5 consecutive registers
else if ($p1 == 2) ! Register 1155
$p2=0 ! n/a
$p3=0 ! n/a
$p4=8224 ! Value for Register 1155 PSSW12
$p2=0 ! n/a
$p3=0 ! n/a
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! Value for Register 1157 Spare
$p2=0 ! n/a
$p3=0 ! n/a
$p4=1 ! Value for Register 1158 Mask
$p2=0 ! n/a
$p3=0 ! n/a
! Execute
else if ($p1 == 7) ! Execute Step
$p4=1 ! For 1 consecutive register
$p2=0 ! n/a
$p3=0 ! n/a
$p4=1 ! Value for Register 1154 Execute
! Completion
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif
endif
endif
endif
endif
endif
endif
endif

Windows SCADA
5.3.6 Template Code to Close ABB-PCD Recloser
!Select
if ($p1 == 1) ! Select Step
$p4=5 ! For 5 consecutive registers
$p2=0 ! n/a
$p3=0 ! n/a
$p2=0 ! n/a
$p3=0 ! n/a
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! Value for Register 1157 Spare
$p2=0 ! n/a
$p3=0 ! n/a
$p2=0 ! n/a
$p3=0 ! n/a
! Execute
else if ($p1 == 7 ) ! Execute Step
$p4=1 ! For 1 consecutive register
$p2=0 ! n/a
$p3=0 ! n/a
$p4=1 ! Value for Register 1154 Execute
! Completion
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif
endif
endif
endif
endif
endif
endif
endif

Windows SCADA

MD-400 Modbus Scan Task User's Guide 1.1

Uploaded by

Copyright:

Available Formats

MD-400 Modbus Scan Task User's Guide 1.1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MD-400 Modbus Scan Task User's Guide 1.1

Uploaded by

Copyright:

Available Formats

Windows SCADA

Modbus Scan Task

Document Number: MD-400

Presentation Date: January 21, 2016

Survalent Technology Corporation

(905) 826 5000

(905) 826 7144

The software described in this document is furnished under license,

About This Publication

August 8, 2005 Added control template support.

February 2, 2006 Added Modbus/TCP option.

November 9, 2006 Removed the automatic alarm when switching ports.

September 12, 2007 Add Modr: Edit Options editor.

December 12, 2008 Added support for time sync.

December 19,2008 Added support for IEEE floating point setpoints.

August 18, 2010 Added setpoint format 5, signed binary integer

Modbus Scan Task User’s Guide Revisions

Modbus Scan Task User’s Guide Revisions

Copyright, Notices and Trademarks ............................................................................................................. 2

1.1 Supported Functions ....................................................................................................................... 1-2

Modbus Scan Task User’s Guide Contents i

2.1 Communication Line Data Fields—General .................................................................................. 2-1

3.1 RTU Data Fields—General ............................................................................................................ 3-2

Modbus Scan Task User’s Guide Contents ii

4 Analog Point 4-1

4.1 Analog Point Editor Data Fields—General .................................................................................... 4-2

5 Status Point 5-1

5.1 Status Point Editor Data Fields—General ...................................................................................... 5-2

Modbus Scan Task User’s Guide Contents iii

Modbus Scan Task User’s Guide Contents iv

Table 1-1 Windows SCADA Database Documentation

1.1 Supported Functions

1.1.1 Read Coil Status

1.1.2 Read Input Status

1.1.3 Read Holding Registers

Modbus Scan Task User’s Guide Introduction 1-2

1.1.5 Force Single Coil

1.1.6 Preset Single Register

1.2 Template Controls

The following Modbus functions are supported in Template Controls:

 Force Single Coil

1.3 Modbus Over TCP/IP

1.3.1 Modbus RTU Protocol

1.3.2 Modbus/TCP Protocol

1.4 Unsolicited Report By Exception

Modbus Scan Task User’s Guide Introduction 1-4

Stage One – During the “Time-Between-Scans” Delay

 Try to read a URBE message from any RTU.

 Go back to the top and try to read more URBE messages.

Stage Two – When a “Time-Between-Scans” Delay Expires

 Send a poll command to the selected RTU as it normally does.

Modbus Scan Task User’s Guide Introduction 1-5

See sections 2.1.6, Time Between Scans

1.5.1 Short Response Timeout

1.5.2 Long Response Timeout

1.5.3 DLL Short Response Timeout

This parameter is not used by the Modbus scan task.

1.5.4 DLL Long Response Timeout

1.5.5 Error Recovery Time

This is not used by the Modbus scan task.