Document Number: MD-400

Windows SCADA
Modbus Scan Task
User’s Guide
____________________________________________

November 9, 2012

This manual describes the functionality and data entry requirements for
the Modbus scan task used in the Windows SCADA system.

Survalent Technology Corporation

Mississauga, Ontario
Copyright © 2001 – 2012 Survalent Technology Corporation

All rights reserved

MD-400 Modbus Scan Task User’s Guide

Survalent Technology Corporation

2600 Argentia Road
Mississauga, Ontario
L5N 5V4

TEL (905) 826 5000

FAX (905) 826 7144

The software described in this document is furnished under license, and may only
be used or copied in accordance with the terms of such license.

The content of this manual has been carefully checked for accuracy. However, if you find
any errors, please notify Survalent Technology Corporation.
 Revisions

Date Description
November 4, 2001 Initial version.

August 8, 2005 Added control template support.

Updated figures.

February 2, 2006 Added Modbus/TCP option.

February 9, 2006 Added analog format code 18 (dual 16-bit signed high-low).

November 9, 2006 Removed the automatic alarm when switching ports.

April 10, 2007 Allow status points to be read from Input Registers (Table 5-3 in section
5.1.1, Telemetry Address).

September 12, 2007 Add Modr: Edit Options editor (See section 3.1.7, MODR: Edit Options)
Add RTU Options Input Status Multiples and Control Poll Errors.
Update pictures.

July 7, 2008 Added support for Modbus Unsolicited Report By Exception (URBE).

December 12, 2008 Added support for time sync.

December 18, 2008 Revised description of RTU option for time sync.

December 19,2008 Added support for IEEE floating point setpoints.

May 27, 2010 Corrected description of “B” field in Preset Register command

Modbus Scan Task User’s Guide Revisions

Windows SCADA
August 18, 2010 Added setpoint format 5, signed binary integer

November 17, 2010 Added D field telemetry address of Group, Trigger Group & Trigger
Value.
Added RTU option for initial polling sequence Template.
Added RTU option for all data polls.
Added RTU option for disconnecting after poll sequence.

July 21, 2011 Added analog format code 19 – Dual 16 bit, signed Low, High order.
Added explanation for common register number mapping to telemetry
address fields.

May 4, 2012 Added format codes 13, 15, 18 and 19 for 32-bit setpoints.

November 9, 2012 Added Holding Register controls (section 5.1.2, Control Address).

Modbus Scan Task User’s Guide Revisions

Windows SCADA
 Contents

1  Introduction 1-1 

1.1  Supported Functions ....................................................................................................................... 1-2 

1.1.1  Read Coil Status.......................................................................................................................... 1-2 
1.1.2  Read Input Status ........................................................................................................................ 1-2 
1.1.3  Read Holding Registers .............................................................................................................. 1-2 
1.1.4  Read Input Registers ................................................................................................................... 1-3 
1.1.5  Force Single Coil ........................................................................................................................ 1-3 
1.1.6  Preset Single Register ................................................................................................................. 1-3 
1.2  Template Controls .......................................................................................................................... 1-3 
1.3  Modbus Over TCP/IP ..................................................................................................................... 1-3 
1.3.1  Modbus RTU Protocol ................................................................................................................ 1-4 
1.3.2  Modbus/TCP Protocol ................................................................................................................ 1-4 
1.4  Unsolicited Report By Exception ................................................................................................... 1-5 
1.5  Time Sync....................................................................................................................................... 1-6 
1.6  Port Switching ................................................................................................................................ 1-6 

2  Communication Line 2-1 

2.1  Communication Line Data Fields—General .................................................................................. 2-2 

2.1.1  Protocol ....................................................................................................................................... 2-2 
2.1.2  Auto Start .................................................................................................................................... 2-3 
2.1.3  Associated Points ........................................................................................................................ 2-3 
2.1.4  Polling Parameters ...................................................................................................................... 2-4 
2.1.5  Configuration Switches............................................................................................................... 2-4 
2.2  Communication Line Data Fields—Channel.................................................................................. 2-5 
2.2.1  Network....................................................................................................................................... 2-6 
2.2.2  Mode ........................................................................................................................................... 2-6 

Modbus Scan Task User’s Guide Contents i

Windows SCADA
2.2.3  Time Between Scans................................................................................................................... 2-6 
2.2.4  Short Response Timeout ............................................................................................................. 2-6 
2.2.5  Long Response Timeout ............................................................................................................. 2-7 
2.2.6  DLL Short Response Timeout .................................................................................................... 2-7 
2.2.7  DLL Long Response Timeout .................................................................................................... 2-7 
2.2.8  Error Recovery Time .................................................................................................................. 2-7 
2.2.9  Idle Time..................................................................................................................................... 2-7 
2.2.10  Poll Retry Count ......................................................................................................................... 2-7 
2.2.11  Interleave Factor ......................................................................................................................... 2-7 
2.2.12  Modem Parameters ..................................................................................................................... 2-7 
2.2.13  Port Parameters ........................................................................................................................... 2-8 

3  RTU 3-1 

3.1  RTU Data Fields—General ............................................................................................................ 3-2 

3.1.1  Communication Line .................................................................................................................. 3-2 
3.1.2  RTU Address .............................................................................................................................. 3-2 
3.1.3  Network ...................................................................................................................................... 3-3 
3.1.4  Scout ........................................................................................................................................... 3-3 
3.1.5  Status Point ................................................................................................................................. 3-3 
3.1.6  Fast Scan Point............................................................................................................................ 3-3 
3.1.7  MODR: Edit Options .................................................................................................................. 3-3 
3.2  RTU Data Fields—Connections..................................................................................................... 3-6 
3.2.1  Host Name .................................................................................................................................. 3-7 
3.2.2  Host Port ..................................................................................................................................... 3-7 
3.2.3  Dial-up ........................................................................................................................................ 3-7 
3.3  RTU Data Fields—Switches .......................................................................................................... 3-7 
3.3.1  Port Switch Point ........................................................................................................................ 3-8 
3.3.2  Switch Port after ......................................................................................................................... 3-8 
3.3.3  Channel Switch Point, Switch Channel after .............................................................................. 3-9 
3.4  RTU Data Fields—Statistics .......................................................................................................... 3-9 
3.4.1  Percentage Communication Point............................................................................................... 3-9 
3.4.2  Total Message Count ................................................................................................................ 3-10 
3.4.3  Good Message Count................................................................................................................ 3-10 
3.4.4  Bad Message Count .................................................................................................................. 3-10 
3.4.5  Timeout Count .......................................................................................................................... 3-10 
3.4.6  Send Message Count................................................................................................................. 3-10 
3.4.7  Dial-up Override Interval.......................................................................................................... 3-10 
3.4.8  Dial-up Status ........................................................................................................................... 3-10 
3.4.9  Time of Last Good Poll............................................................................................................. 3-11 
3.4.10  Time Between Scans Override.................................................................................................. 3-11 
3.4.11  Telemetry Failed Indicator........................................................................................................ 3-11 

4  Analog Point 4-1 

4.1  Telemetry Address.......................................................................................................................... 4-1 

4.1.1  Infrequent Scan Points ................................................................................................................ 4-4 

Modbus Scan Task User’s Guide Contents ii

Windows SCADA
4.1.2  Critical Data Points ..................................................................................................................... 4-4 
4.2  Format Code ................................................................................................................................... 4-5 
4.3  Scale Factor and Offset................................................................................................................... 4-7 
4.4  Zero Clamp Deadband.................................................................................................................... 4-8 
4.5  Window – Digital Filter.................................................................................................................. 4-8 
4.6  Setpoints ......................................................................................................................................... 4-9 
4.6.1  IEEE Floating Point & 32-bit signed/unsigned setpoint values................................................ 4-10 
4.6.2  Time Sync ................................................................................................................................. 4-10 

5  Status Point 5-1 

5.1  Telemetry........................................................................................................................................ 5-2 

5.1.1  Telemetry Address ...................................................................................................................... 5-2 
5.1.2  Control Address .......................................................................................................................... 5-5 
5.2  Template Controls .......................................................................................................................... 5-6 
5.2.1  Force Single Coil ........................................................................................................................ 5-8 
5.2.2  Preset Single Register ................................................................................................................. 5-9 
5.2.3  Force Multiple Coils ................................................................................................................... 5-9 
5.2.4  Preset Multiple Registers .......................................................................................................... 5-10 
5.2.5  Template Code to Trip ABB-PCD Reclosure ........................................................................... 5-12 
5.2.6  Template Code to Close ABB-PCD Reclosure......................................................................... 5-13 
5.3  Input Format Code........................................................................................................................ 5-14 

Modbus Scan Task User’s Guide Contents iii

Windows SCADA
 1 Introduction

This document describes the Windows SCADA database entry requirements for the Modbus scan task.

The Modbus scan task is designed to communicate with one or more devices conforming to the Modbus
RTU communication protocol as defined in Gould Electronics document Gould Modbus Protocol
Reference Guide (Gould Reference number PI-MBUS-300 Rev B).

There are many types of devices that “speak” the Modbus protocol, and they are referred
to by a variety of device names: Slave, PLC (Programmable Logic Controller), RTU
(Remote Terminal Unit), IED (Intelligent End Device), etc. In this manual, the Modbus
device will be referred to as just RTU.

The scan task polls one or more RTUs on an RS-232 communication line at a user-settable baud rate.
The transmission mode is “RTU” (not “ASCII”) and the character format is 1 start bit, 8 data bits and 1
stop bit. Use of the parity bit is user-settable.

Modbus Scan Task User’s Guide Introduction 1-1

Windows SCADA
This manual describes the creation of certain items in the Windows SCADA database, namely
communication lines, RTUs, status and analog points. It does so in a way that is specific to the Modbus
communication protocol, as implemented by this scan task. For additional information regarding these
database items, and the Windows SCADA database in general, you should refer to the series of
documents described in Table 1-1, especially the Point Database Editing Guide. If you have other scan
tasks installed in your system, you should also consult the User’s Guides published for those scan tasks.

Table 1-1 Windows SCADA Database Documentation

Document
Number Document Name
DB-400 Database Editing Overview
DB-401 Point Database Editing Guide
DB-402 Alarm Database Editing Guide
DB-403 Calculation Database Editing Guide
DB-404 Historical Database Editing Guide
DB-405 Report Database Editing Guide
CS-400 Command Sequencing

1.1 Supported Functions

In the Modbus protocol, there are different function codes for polling different data types. If there are
many points in a data type, it may take multiple polls to bring them back (either because of message
length limitations or because the data points are scattered over several discontinuous areas of the RTU’s
memory).

The Windows SCADA Modbus scan task makes use of the following Modbus functions:

1.1.1 Read Coil Status

This function is used to obtain the status of a group of logic (relay) coils. In Windows SCADA, coils are
represented as controllable status points.

1.1.2 Read Input Status

The scan task uses this function to obtain the status of a group of discrete inputs. In Windows SCADA,
these are represented as status points.

1.1.3 Read Holding Registers

This function is used to obtain the value of one or more 16-bit holding registers. The data contained in
each holding register may be treated as either numeric data or status data. If the register contains
numeric data (a 16-bit number), then it is represented in Windows SCADA by an analog point. If the

Modbus Scan Task User’s Guide Introduction 1-2

Windows SCADA
register contains status data (16 status bits), then it is represented by multiple Windows SCADA status
points.

1.1.4 Read Input Registers

The scan task uses this function to obtain the current value of one or more input registers. Input registers
contain 16-bit numeric data and are represented in Windows SCADA by analog points. If the register
contains status data (16 status bits), then it is represented by multiple Windows SCADA status points.

1.1.5 Force Single Coil

This function forces a relay coil to a specific state. The coil is represented in Windows SCADA as a
controllable status point, and the function is issued by the scan task when the operator performs an Open
or Close operation on the point.

1.1.6 Preset Single Register

This function transmits a 16-bit numeric value into a single holding register at the RTU. In Windows
SCADA, the register may be represented either as a setpoint or as the control address of a status point.
In the latter case, the value written into the register is a fixed value that is part of the status point’s control
address (as opposed to the case of a setpoint, where the value written to the register is an unscaled
representation of an engineering value manually entered by the operator).

1.2 Template Controls

There are some RTUs that require multiple steps to operate a relay. For these types of devices, the
Modbus scan task supports the use of Template Controls to process multiple operations when the
operator performs an Open or Close operation on a point. For a further discussion on template controls,
see section 5.2, Template Controls.

The following Modbus functions are supported in Template Controls:

• Force Single Coil

• Force Multiple Coils
• Preset Single Register
• Preset Multiple Registers

1.3 Modbus Over TCP/IP

It is becoming more commonplace to make use of a wide area network to communicate with the RTUs.
They may have network interfaces built in, or there may be a terminal server or router placed at each
RTU site. It is possible for the scan task to communicate with these RTUs by establishing a TCP/IP
connection. In either case, the data that eventually reaches the RTU (as seen either at the terminal
server’s serial port or internal to the RTU) is plain Modbus.

If you are using the network to reach a distant group of RTUs, you can use a single-port terminal server
and, with modems, multi-drop all of the RTUs on that terminal server port. The scan task will establish

Modbus Scan Task User’s Guide Introduction 1-3

Windows SCADA
one TCP/IP connection to just that port and poll the RTUs in round-robin order. This works the same as a
conventional communication line when the terminal server is at the master station. The same is true if
you’re using the network to reach a remote radio, which is then used to reach all of the RTUs. For this
type of configuration, the IP address and port number to connect to are defined for the communication
line as a whole. See paragraph 2.2.13, Port Parameters.

If you’re using fiber to reach your substations, it makes sense to install a small terminal server or router at
each RTU. In this case, the scan task will establish a separate connection to each device, but it will still
poll all of the RTUs in round-robin order as usual—all of the RTUs are still considered to be on one
communication line. For this type of configuration, the IP address and port number to use are defined
individually for each RTU. See section 3.2, RTU Data Fields—Connections.

Mixed configurations (with several RTUs multi-dropped on each of multiple

terminal servers on the same communication line) are not presently supported.
For terminal servers with multi-dropped RTUs, define a separate communication
line for each terminal server.

Note:
• Although the RTU definition allows for both a primary and alternate IP address and port number, the
scan task does not presently support connection switching (where if communication on one IP
address fails, the scan task tries the other one). See section 3.2, RTU Data Fields—Connections.
• If you need to key the carrier on the other side of the wide area network, you need a PTM. The
preferred approach is to use the type of PTM that does this transparently. See paragraph 2.2.13, Port
Parameters.

1.3.1 Modbus RTU Protocol

In the Modbus RTU protocol, the serial data sent between the master computer and the RTU is binary,
with a one-byte slave address before the data and a two-byte CRC check after the data. This is the
protocol spoken by some RTUs and many PLCs and IEDs.

Some older devices use the Modbus ASCII protocol. In this protocol, all messages are translated to
printable ASCII characters before transmission. Security is limited to a one-byte LRC. The scan task
does not support the Modbus ASCII protocol.

1.3.2 Modbus/TCP Protocol

Modbus/TCP is a simple extension to the Modbus protocol. The extension adds a fixed-size header to
each message and removes the CRC or LRC in favor of the error checking in TCP/IP and the underlying
communications link level (Ethernet, for example). Units that expect Modbus RTU protocol will not accept
Modbus/TCP protocol, and vice-versa.

Use of Modbus/TCP is enabled by means of a configuration switch in the communication line definition.
See section 2.1.5, Configuration Switches.

Modbus Scan Task User’s Guide Introduction 1-4

Windows SCADA
1.4 Unsolicited Report By Exception
The Modbus protocol normally works in a master-slave (poll-reply) mode. The scan task periodically polls
the RTUs from a poll-list in a round-robin manner, and the RTU replies with the data when it is polled.
However, some RTUs or PLCs can be programmed to determine which signals are the most important
ones and have to be reported at the earliest possible time. RTUs so programmed will automatically issue
an Unsolicited-Report-By-Exception (URBE) message to the master as soon as it detects a change in
these signals, despite the fact that the RTU is not polled at the moment. When the master receives the
URBE request, it acknowledges this by sending the RTU the same URBE message. The master then
interrupts its normal poll order and, after finishing the current poll (if there is one in progress) polls the
RTU that sent the URBE message, thus receiving the urgent data much more promptly than without
URBE messaging..

This implementation of the Modbus scan task supports the URBE requests while working in the normal
master-slave mode. This is done in two stages:

Stage One – During the “Time-Between-Scans” delay:

At each “Short-Response-Timeout” interval, the scan task reads and processes URBE messages as
follows:

• Try to read a URBE message from any RTU.

• If an URBE message is received, send an acknowledge message to the RTU immediately. Then
put the RTU into a fast-scan-RTU list.

• Keep doing the previous step until there are no more URBE messages.

• Poll the RTUs that signaled exceptions via URBE messages, and then take them out of the fast-
scan list.

• Go back to the top and try to read more URBE messages.

Stage Two – When a “Time-Between-Scans” delay expires:

The scan task polls an RTU. It then reads and processes both possible URBE messages and the
expected reply message as follows:

• Send a poll command to the selected RTU as it normally does.

• Try to read any URBE messages from any RTU which may raise an URBE request before the
polled-RTU replies.

• If a URBE message is received, send an acknowledge message to the RTU that sent it, and then
put the RTU into the fast-scan-RTU list.

• Keep doing the previous step until there are no more URBE messages.

• Read and process the normal reply from the RTU that was polled.

• Poll the RTUs that had sent URBE messages, and then take them out of the fast-scan list.

Modbus Scan Task User’s Guide Introduction 1-5

Windows SCADA
Use of URBE is enabled by means of a configuration switch (/URBE) in the communication line definition.
See section 2.1.5, Configuration Switches.

1.5 Time Sync

Although there is no time sync function actually defined in the MODBUS protocol, some manufacturers
define their own time sync function by using reserved registers to write to. For example, Power
Measurement’s ION meters can be time synced by using op code 16 to write time data into two
consecutive registers. The Modbus scan task supports this specific time sync command.

If an RTU on the communication line requires periodic time sync, and the Time Sync Interval parameter is
greater than zero, the scan task sends a time sync message to the RTU periodically at each Time Sync
Interval. Since there is no “broadcast” command defined in the MODBUS protocol, each time sync
message is sent to each individual RTU separately.

See sections 2.1.4, Polling Parameters, and 3.1.7, MODR: Edit Options.

1.6 Port Switching

If an alternate port is defined in the communication line’s definition, the scan task will switch to the
alternate port when communication on the primary port fails. In this case, only if communication on both
primary and alternate ports fails is an RTU declared to be failed. A separate port switch status point is
used for each RTU, to indicate which port is currently in use. See paragraphs 2.2.13, Port Parameters,
and 3.3.1, Port Switch Point.

This feature may be used to make use of redundant terminal servers and/or redundant communication
lines. It makes it possible to avoid resorting to a failover when a communication line or port fails.

This feature can also be used with a single communication line that is looped back to the master station
such that each end of the line terminates at a separate port. In this case, a break in the line would cause
the scan task to poll the RTUs on one side of the break using one port, and poll the RTUs on the other
side of the break using the other port. The advantage of such an arrangement is that a single break in
the communication line causes no loss of communication with any RTU.

Modbus Scan Task User’s Guide Introduction 1-6

Windows SCADA
 2 Communication Line

This chapter describes how to define a communication line for the Modbus scan task. You should be
familiar with the discussion of communication lines in DB-401, Point Database Editing Guide before
proceeding. In this document, only the items that are specific to the Modbus scan task are discussed in
detail.

The SCADA Explorer is used to create or modify a communication line’s definition. The dialog box that
allows you to do that has several tabs, each of which includes different data. You will normally begin on
the General tab, which is illustrated in Figure 2-1.

Modbus Scan Task User’s Guide Communication Line 2-1

Windows SCADA
2.1 Communication Line Data Fields—General
The discussion below contains information that is particular to the Modbus scan task. The fields
mentioned can be found on the General tab of the Edit Communication Line dialog that you call up using
the SCADA Explorer. For more information on fields not detailed here, refer to DB-401, Point Database
Editing Guide. If you need more information about the SCADA Explorer, see DB-400, Database Editing
Overview.

After creating or changing a

communication line definition, or
editing the telemetry address of any
points on the communication line,
remember to come back to this dialog
to build the scan table.

Figure 2-1 "Edit Communication Line" Dialog (General)

2.1.1 Protocol

This is the name that identifies the protocol to be used to communicate with the RTUs connected to this
communication line. It is the name of the scan task that will be used. For the Modbus scan task, select
Modbus RTU.

Modbus Scan Task User’s Guide Communication Line 2-2

Windows SCADA
2.1.2 Auto Start

Set this flag if you want the scan task to start automatically when the SCADA system starts up, either
initially, or as the result of a failover.

2.1.3 Associated Points

This area includes fields for the status point (which is required) and for six other points. If you want to
specify these points they must already exist in the database.

To create the points, you could abandon the editing of this communication line, and go to the desired
station in the SCADA Explorer. But you may prefer to temporarily start a second copy of SCADA
Explorer, and use it to create the necessary points. Quit the second SCADA Explorer as soon as you are
done with it.

These associated points are not telemetered. Their values will be calculated by the scan task. Therefore
they will not need telemetry addresses of their own. Since they are special in this regard, you should
consider designating separate User Types for these kinds of points.

Status Point
The first Associated Point is not optional, and must be a status point. This point will be used by the scan
task to indicate the Up or Down status of the communication line.

The scan task will set the point to its normal state when the communication line is working (i.e., there is
successful communication with at least one RTU), and to the abnormal state when it is failed.

Timeout Point
The Modbus scan task does not make use of this analog point to count timeouts. Instead, each RTU
defines an analog point to count timeouts. See paragraph 3.4.5, Timeout Count.

Bad Messages
The Modbus scan task does not make use of this analog point to count bad messages. Instead, each
RTU defines an analog point to count bad messages. See paragraph 3.4.4, Bad Message Count.

Unexpected Messages
The Modbus scan task does not make use of this analog point.

Channel Switch
The Modbus scan task does not presently support a second communication channel (although it will
switch between two ports defined on a single channel—see below). So you do not have to specify a point
in this field.

Port Switch
The Modbus scan task does not make use of this status point when switching between ports. Instead,
each RTU defines a status point to indicate which port is used to communicate with that RTU. See
paragraph 3.3.1, Port Switch Point.

Modbus Scan Task User’s Guide Communication Line 2-3

Windows SCADA
Current RTU
The Modbus scan task does not make use of this analog point to display the current RTU being polled.
So you do not have to specify a point in this field.

2.1.4 Polling Parameters

Various timers are specified to control the rate of certain events. However in the MODBUS scan task,
only Time Sync Interval is currently used. Please leave all other parameters blank since they may be
used in the future.

Time Sync Interval

If any RTUs on this communication line require periodic synchronization of their clocks, enter the
desired time sync interval here.

You must also define the desired time format for each RTU by specifying a configuration option.
See section 3.1.7, MODR: Edit Options. If you do not define a time format for an RTU, no time
sync commands will be sent to that RTU.

2.1.5 Configuration Switches

This field allows you to specify certain “command line” switches to control the behavior of the scan task.
The switches supported by the Modbus scan task are described below. Specify each switch you need by
entering /name=value in this field. You do not need to add a space or other punctuation between
switches.

/Log=value

The Log option specifies the scan task is to log communications to a file. The file will be created in the
folder specified when Windows SCADA was installed. The default folder name is C:\Program
Files\Quindar\ScadaServer\LogFiles. The file name is comprised of the protocol name, the
communication line id and the current date. For example, a file name from communication line ID 1 on
August 2, 2007 would be MODR1-2007-08-02.log.

Care should be taken when using this option and should only be enabled for short periods of time, as the
file will continue to grow and consume all the free space on the disk.

The valid values for this option are as follows:

• Default – Log all communication

• Hex – Log all communication and show bytes in hex
• Errors – Log only errors

/Infrequent=value
The Infrequent option specifies the infrequent poll interval. Analog and status points with “infrequent poll”
flags set in their telemetry addresses are polled only after “n” round-robin poll cycles. See section 4.1,
Telemetry Address, and in particular, paragraph 4.1.1, Infrequent Scan Points. If you do not specify this
option, a default value of 10 is used.

Modbus Scan Task User’s Guide Communication Line 2-4

Windows SCADA
Maximum gain from this feature will be realized if infrequently scanned points are clustered together in a
memory area of the RTU. In general, fragmented database layouts should be avoided in order to
minimize polling overhead (reading discontinuous areas in the RTU’s memory requires multiple polls).

/Threshold=value
The Threshold option specifies a threshold value against which analog points with certain format codes
are compared. For these format codes, if the raw (unscaled) analog point value is less than the
threshold, the scan task stores a value of zero. See section 4.2, Format Code.

/Critical=value
The Critical option specifies a critical data interval, in seconds. At 5 seconds after every critical data
interval, the scan task marks all critical data points as telemetry failed. The purpose of this is to indicate
to applications (such as pipeline modeling and leak detection programs) that the critical data point values
are now “old” and that the points should be considered telemetry failed until their values are next updated
by regular polling (at which time the quality codes will revert from telemetry failed back to normal).

The points that are to be considered as critical data points are identified by a flag in the “B” part of the
telemetry address. See section 4.1.2, Critical Data Points.

If the Critical option is not specified or the critical data interval is zero, the scan task will not perform any
critical data processing.

The scan task starts a new critical data interval at every new hour. Critical data intervals that do not
divide evenly into an hour are therefore not meaningful.

/ModbusTcp=value

Setting this switch value to 1 specifies the use of the Modbus/TCP protocol. If the switch is absent or set
to a value of 0, then Modbus RTU is specified.

/URBE=value

This switch is used a) as a flag to indicate that the RTUs connected to this communication line may
transmit Unsolicited Report By Exception (URBE) messages; and b) to assign an URBE slave address in
an URBE message. The slave address should be greater than 0, and is normally 90 (/URBE=90). If the
switch is absent or set to a value of 0, then no URBE messages are expected from this communication
line.

2.2 Communication Line Data Fields—Channel

The Channel tab on the Edit Communication Line dialog contains the data fields discussed below.

Modbus Scan Task User’s Guide Communication Line 2-5

Windows SCADA
Figure 2-2 "Edit Communication Line" Dialog (Channel)

2.2.1 Network

This specifies the type of communication network to be used. Choose RS232 for communication lines
that will communicate directly through a serial port on the SCADA host (i.e., a COM port known to
Windows). Choose TCP/IP for all connections that rely on the TCP/IP network (RTUs with network
interfaces, or serial ports on terminal servers).

2.2.2 Mode

This is a drop-down list that can be set to either Poll or Quiescent. If Poll is chosen, the scan task
performs regular round-robin exception polling. Quiescent means the scan task does not poll, but
accepts unsolicited messages from the RTUs.

For the Modbus scan task, choose Poll.

2.2.3 Time Between Scans

This parameter specifies the time to wait (in milliseconds) between each poll of an RTU.

2.2.4 Short Response Timeout

Modbus Scan Task User’s Guide Communication Line 2-6

Windows SCADA
This parameter specifies the time to wait (in milliseconds) between each read for URBE messages. The
value of this parameter should not be greater than the value of the “time-between-scans” parameter. If
URBE messaging is not enabled (via the /URBE switch), this parameter is not used.

2.2.5 Long Response Timeout

This parameter specifies the time to wait, in milliseconds, for a complete response from the RTU. The
time includes the transmission time of the request itself.

2.2.6 DLL Short Response Timeout

This parameter is not used by the Modbus scan task.

2.2.7 DLL Long Response Timeout

This parameter is not used by the Modbus scan task.

2.2.8 Error Recovery Time

This is not used by the Modbus scan task.

2.2.9 Idle Time

This specifies the minimum time delay, in milliseconds, that the scan task is to execute between all
transmissions on this communication line.

2.2.10 Poll Retry Count

This parameter is the number of times that the scan task will retry its polls, before deciding that the RTU
is not responding.

2.2.11 Interleave Factor

This parameter specifies how often the scan task is to interrupt its normal round robin polling to perform a
fast-scan poll or a retry after error. If the interleave factor is 2, for example, then the scan task will check
for fast scan or error retry requirements after every 2 normal polls. See sections 3.1.6, Fast Scan Point,
and 3.3.1, Port Switch Point.

2.2.12 Modem Parameters

Dial-up communication lines are not presently supported by the Modbus scan task. None of these fields
are used by the Modbus scan task. Leave them blank.

Modbus Scan Task User’s Guide Communication Line 2-7

Windows SCADA
2.2.13 Port Parameters

The communication channel provides for up to two communication ports. If information is provided for
both ports, the scan task can switch from one to the other if communication using the first port is not
successful. Normally, at least one port is required to create a functional communication line (except
when connections are defined for each RTU, as described in section 3.2, RTU Data Fields—
Connections).

Each port corresponds to a physical or logical connection from the host computer to the communication
medium. For RS232 communication lines, this means a serial port attached to the host computer. For
TCP/IP communication lines, a port might mean a serial port on an external terminal server, or it may be
some other network connection identified by a host name (or address) and port number.

Host Name
For RS232 communication lines, this must be the name that identifies the serial port, in the form
COMn, where n is a unique number. This is the same name that Windows knows the port by.

For TCP/IP communication lines, this will usually be the name that identifies the other device that we
are communicating with over the network. It may be the RTU itself, or more commonly, a terminal
server. Alternatively, it may be a fixed IP address of the form nnn.nnn.nnn.nnn.

Host Port
For a TCP/IP connection, there will be a TCP/IP port number that must be entered here. For terminal
servers, the port number of the desired serial port should be entered. Consult the terminal server
documentation to determine which port numbers to use.

Baud Rate, Parity

Select from the available choices for baud rate and parity (this is not applicable to TCP/IP
connections or terminal server ports). Note that the hardware you are using (modem, radio, RTU,
etc.) must support the chosen speed as well.

For a terminal server, the port must have these

parameters programmed into the terminal server
itself. Data that you enter here will be ignored.

Keying
The Modbus scan task does not presently support carrier keying, except by using an external Port
Transfer Module (PTM). The PTM must be configured to buffer the outgoing messages and assert RTS
at the required times. This action is transparent to the scan task, so leave this field set to <None>.

Keyup & Keydn Delay

The Modbus scan task does not presently support carrier keying, as discussed above. Leave these
fields blank.

Retry Count
The Modbus scan task does not presently use this field. Leave this field blank.

Modbus Scan Task User’s Guide Communication Line 2-8

Windows SCADA
 3 RTU

This chapter describes how to define an RTU for the Modbus scan task. Only the items that are specific
to the Modbus scan task are included in this discussion.

The SCADA Explorer is used to create or modify an RTU’s definition. The dialog box that allows you to
do that has several tabs, each of which includes different data. You will normally begin on the General
tab, which is illustrated in Figure 3-1.

Modbus Scan Task User’s Guide RTU 3-1

Windows SCADA
3.1 RTU Data Fields—General
The data fields found on the General tab of the Edit RTU dialog are described below.

Figure 3-1 “Edit RTU” Dialog (General)

3.1.1 Communication Line

This is the field where you specify which of the existing communication lines is used to communicate with
this RTU.

3.1.2 RTU Address

Each RTU must have a unique address on the communication line. RTU addresses do not have to be
assigned sequentially. Enter the actual Modbus address of the RTU here. For the Modbus scan task,
the valid range for individual RTU numbers is 0 to 255 (0xFF). The scan task uses RTU number 0 for
messages broadcast to all RTUs.

Modbus Scan Task User’s Guide RTU 3-2

Windows SCADA
3.1.3 Network

If you have specified connection information on the communication line (in section 2.2.1, Network), then
you should set this to Use ComLine. But if your communication line is set to Use RTU, then you must
choose TCP/IP here. This makes the fields on the Connections page available for you to specify
individual connection information for this RTU (see section 3.2, RTU Data Fields—Connections).

3.1.4 Scout

The Modbus scan task does not make use of this flag. Leave this flag unchecked.

3.1.5 Status Point

This is the name of a status point that exists in the database. This point will be used by the scan task to
indicate the communication status of the RTU. You must define this point, it is not optional.

3.1.6 Fast Scan Point

This is the name of a status point that can be used as a switch to speed up polling of the RTU. Setting
this point to a value of “1” causes the scan task to place this RTU on “fast scan” (i.e. poll this RTU more
frequently than others, based on the interleave factor). Setting this point to a value of “0” causes the scan
task to take the RTU off fast scan.

If this field is left blank, the RTU will still be fast scanned automatically during control operations, but you
will not be able to initiate fast scan yourself.

3.1.7 MODR: Edit Options

Clicking on the MODR: Edit Options button displays the Modbus RTU Option editor. See Figure 3-2.
This editor allows you to specify options that control how the scan task deals with this RTU. The options
supported by the Modbus scan task are described below.

Modbus Scan Task User’s Guide RTU 3-3

Windows SCADA
Figure 3-2 Modbus RTU Options

PLC Model
This option identifies the PLC model of the RTU. See Appendix “B” of the Gould Modbus Protocol
Reference Guide.

Different PLC models support varying maximum response lengths for different function codes, so the
scan task uses the PLC Model to “size” its poll requests appropriately. The table below lists, for each
model, the maximum number of points of each type that can read or written to in a single message.

Table 3-1 Maximum Points Transmitted Per Message

Read Read Read
Model PLC Read Input Holding Input Force Preset
Number Model Coil Status Register Register Coil Register
0 Micro 84 64 64 32 4 1 1
1 184 256 256 100 100 1 1
2 Not used 64 64 32 4 1 1
3 384 256 256 100 100 1 1
4 484 256 256 254 32 1 1
5 584 256 256 125 125 1 1
6 Not used 64 64 32 4 1 1
7 Not used 64 64 32 4 1 1
8 884 250 250 125 125 1 1

Input Status Multiples

This option allows you to specify how Input Status polls are requested. The selections for this option are:

Modbus Scan Task User’s Guide RTU 3-4

Windows SCADA
 • Multiples not required, use database (Default)
• Multiples of 16

The default is Multiples not required, use database. The scan task will poll for Input Status requesting the
number of Input Status registers defined in the Master database.

If Multiples of 16 is selected, the scan task will poll for Input Status requesting 16, 32, 48, etc registers at
a time.

Control Poll Errors

This option allows you to specify how the Modbus scan task handles timeouts and CRC errors for
controls and setpoints. This option is typically used when the Master request is received by the RTU but
the response from the RTU is often lost or corrupted, resulting in control echo failure and unexpected
status change alarms. This option is not available for Template controls as they require validation for
each step.

The selections for this option are:

• Process Poll Errors (Default)

• Ignore Timeout and CRC errors

The default is to treat timeouts and CRC errors as control echo failures.

Time Sync Method

This option allows you to specify how the Modbus scan task handles sending time synchronization
commands. There is no method for this inherent in the Modbus protocol, but some manufacturers
implement specific methods in their devices.

At present, only the method used by ION meters (by Schneider Electric) is implemented. This sends a 1-
second resolution, “Unix” style, 32-bit time (in UTC) to registers 41926 and 41927. It is sent by way of a
Preset Multiple Registers command, with the high-order bits in the first register.

Initial Poll Template ID

This option allows you to specify a Template that the Modbus scan task can execute before every poll
sequence. The Template can contain multiple operations and can be used for such things as writing an
access password to the device. If a Template is specified, it must complete successfully before the any
other registers or coils are polled. The Modbus scan task will retry the Template Poll retry count times if
necessary. If the Template does not complete successfully, no other polling will take place.

The Template Editor is used to edit the Template for the initial poll operation. The initial poll Template
parameter definitions are the same as for Template Control see section 5.2 Template Controls.

The initial poll Template is not used for controls. If you require similar action for controls then you specify
the operations in the Template Control.

Modbus Scan Task User’s Guide RTU 3-5

Windows SCADA
Allow All Data Polls
This option allows you to enable/disable all data polls for this RTU. The Modbus scan task polls for all
data at start-up, failover, recovery of a failed RTU or at the All data interval. Unless you have infrequent
polling points or non-zero groups, the Modbus scan task basically always polls for all points, so this
option is mostly intended for configurations with groups & triggers.

Disconnect After Poll Sequence

This option allows you to disconnect from the TCP/IP connection to the RTU after the entire poll
sequence to the RTU has completed. This option is useful in cases where the RTU is infrequently polled
and also where data charges may apply.

3.2 RTU Data Fields—Connections

This page (see Figure 3-3) provides for one or two communication connections for this RTU. Much of this
information is not needed for typical communication lines. But if you have a network connecting all of
your RTUs (typically this will mean there is a terminal server or network interface at each RTU), you will
need to specify a separate host name and port for each of them. This is done using the fields on this
page (and the corresponding fields on the communication line can be left blank).

Although communication port switching (see section 1.6, Port Switching)

is managed separately for each RTU, the Modbus scan task does not
implement dual network connections (e.g., two separate TCP/IP
addresses and/or ports) to each RTU. So if you need to specify
connection information in the RTU definition, do so only for the Primary
Connection.

You may want to refer to section 2.2.13, Port Parameters, as well as the descriptions that follow if you are
creating such a connection.

Modbus Scan Task User’s Guide RTU 3-6

Windows SCADA
Figure 3-3 "Edit RTU" Dialog (Connections)

3.2.1 Host Name

This is the name or IP address that identifies the device that we are communicating with over the network
(e.g. the terminal server or RTU network interface).

3.2.2 Host Port

For a TCP/IP connection, there will be a TCP/IP port number that must be entered here. For an RTU, it
may have a fixed value specified by the RTU manufacturer. In a terminal server, it may correspond to the
hardware port on the server (for example, port 2003 might correspond to the 3rd terminal server port). Port
numbers below 1024 are normally not used, since they are reserved for other well-known protocols used
on the network.

3.2.3 Dial-up

The Modbus scan task does support dial-up connections. Leave these fields blank.

3.3 RTU Data Fields—Switches

This page contains information related to the port-switching feature. You may use the Browse buttons
provided to select a status point for each switch discussed below.

Modbus Scan Task User’s Guide RTU 3-7

Windows SCADA
Figure 3-4 "Edit RTU" Dialog (Switches)

3.3.1 Port Switch Point

If this RTU is on a communication line that has two ports defined (section 2.2.13, Port Parameters), this
status point is required. The point is used to show which port the RTU is currently being polled on. When
the point’s value is 0, the scan task is using the first port. When the status point’s value is 1, the scan task
is using the second port.

Whenever it wants to poll an RTU, the scan task first tries the port currently indicated by the RTU’s port
switch status point. If the poll fails, the scan task places the RTU on “error scan” and retries. If the retry
count expires, the scan task switches to the other port (and sets the RTU’s port switch status point
accordingly). If polling fails there also, after its own retries, the scan task declares the RTU failed, but
continues to poll the RTU, flipping between both ports as described above.

You can force the scan task to either port by manually setting the port switch status point.

The port switch status point may be defined as a non-alarm point if you don’t want to be bothered by
alarms on this point when the scan task is constantly switching ports hunting for a dead RTU.

While the scan task is using one particular port for an RTU, it does not check the other port for
availability. Such checks can be made manually by manually setting the port switch point. If you do this,
don’t forget to remove the manual set, or the scan task will not be able to switch and ports when it needs
to. If you define the port switch point as a control point associated with a dummy scan task, then you
don’t have to worry about manual set. Alternatively, you can automate the forced switching process via a
command sequence.

3.3.2 Switch Port after

Modbus Scan Task User’s Guide RTU 3-8

Windows SCADA
Enter the number of consecutive error responses (timeouts, wrong replies, security errors, etc.) that will
be tolerated before the scan task switches from the current port to the other one (if one is defined for the
communication line the RTU is using).

3.3.3 Channel Switch Point, Switch Channel after

The Modbus scan task does not presently support channel switching, so leave these fields blank.

3.4 RTU Data Fields—Statistics

Several point names may be specified on this page, using the browser buttons provided. The function of
these points is described below.

Figure 3-5 "Edit RTU" Dialog (Statistics)

3.4.1 Percentage Communication Point

This is an analog point to contain a percent active communication statistic (100% means no errors). The
statistic is calculated by passing 0s and 1s through a low-pass digital filter, where 0 is input to the filter on
a communication error and 1 is input on a communication success. Errors include timeouts, security
(CRC) errors and wrong replies. If this field is left blank, this statistic is not maintained.

The digital filter consists of:

xi +1 = (K × xi ) + ((1 − K ) × ui )

where:

ui is the input to the filter

Modbus Scan Task User’s Guide RTU 3-9

Windows SCADA
 xi is the filtered output
K is the filter constant

The filter constant used is 0.5.

If this point is not specified, then no percent communication statistic is calculated for this RTU.

3.4.2 Total Message Count

This is an analog point to contain a count of all messages received from this RTU. You can use this, in
comparison with the three counters discussed below, to evaluate the communication with this RTU. If
this field is left blank, this statistic is not maintained.

3.4.3 Good Message Count

This is an analog point to contain a count of correct messages received from the RTU. It is incremented
whenever a correctly formed reply is received, and was expected. If this field is left blank, this statistic is
not maintained.

3.4.4 Bad Message Count

This is an analog point to contain a count of incorrect messages received from the RTU. The bad
message count is incremented whenever an incorrectly formed reply is received (including security
errors), or when the reply was not the one expected (either the RTU number or the opcode in the
message was incorrect, for example). If this field is left blank, this statistic is not maintained.

3.4.5 Timeout Count

This is an analog point to contain a count of communication timeout errors (no response errors). The
timeout count is incremented once each time the number of bytes of data from the RTU falls short of the
expected number. If this field is left blank, this statistic is not maintained.

3.4.6 Send Message Count

This statistic is not gathered by the Modbus scan task. Leave this field blank.

3.4.7 Dial-up Override Interval

This statistic is not gathered by the Modbus scan task. Leave this field blank.

3.4.8 Dial-up Status

This statistic is not gathered by the Modbus scan task. Leave this field blank.

Modbus Scan Task User’s Guide RTU 3-10

Windows SCADA
3.4.9 Time of Last Good Poll

This statistic is not gathered by the Modbus scan task. Leave this field blank.

3.4.10 Time Between Scans Override

This statistic is not gathered by the Modbus scan task. Leave this field blank.

3.4.11 Telemetry Failed Indicator

This statistic is not gathered by the Modbus scan task. Leave this field blank.

Modbus Scan Task User’s Guide RTU 3-11

Windows SCADA
 4 Analog Point

This chapter describes how to define analog points for the Modbus scan task. The Edit Analog Point
dialog from the SCADA Explorer is illustrated in Figure 4-1.

4.1 Telemetry Address

The telemetry address specifies the type and location of the point within the RTU. It is made up of four
fields labeled A, B, C, and D. You should consider the choice of RTU to be part of the telemetry address
as well, since you may have another point with the same address on this communication line, so long as
it is on a different RTU.

Modbus Scan Task User’s Guide Analog Point 4-1

Windows SCADA
Figure 4-1 "Edit Analog Point" Dialog

The meaning of the parts of the address is given in Table 4-1. If this point is to be a telemetered point,
tick the checkbox for Telemetry Address, select the RTU that will provide the data, and fill in the required
address.

Table 4-1 Analog Telemetry Address Fields

Telemetry
Address
Field Meaning
A Register number (1 – n)
B Data type code (see Table 4-3)
C (not used)
D Trigger Value, Trigger Group & Group (see Table 4-4)

The “A” field is used to specify the relative register number within the point’s data type. The register
numbers for each data type start at “1”. The value of “n” depends on the configuration of the RTU. See
your RTU vendor’s documentation.

Note that devices from different vendors may have different register numbering schemes. And typically,
each type of point has a different range of point numbers. For example, holding registers in a particular
device may be numbered starting at 20,001 and input registers may start at 30,001. And in a different
device, the point numbers might be in a different range. But in the Modbus communication protocol itself,
point numbers for each type always start at zero. In the Survalent SCADA system, the point numbers of
each type all start at 1. So, in the example device mentioned above, the number of the first holding
register is 20,001 in the device, 0 in the communication between the scan task and the device, and 1 in
the SCADA database (in the “A” address)

Modbus Scan Task User’s Guide Analog Point 4-2

Windows SCADA
Table 4-2 describes the common register number ranges and how to map them to telemetry address
fields. The A Field is calculated by: (register_number - start_range) + 1. The B Field is the supported
data type. For example, for Input Register number 30,001, the A Field would be (30,001 – 30,001) + 1 = 1
and the B Field would be 4. For Holding Register number 20,100, the A Field would (20,100 – 20,001) + 1
= 100 and the B Field would be 3.

Table 4-2 Common RTU Register Numbers Mapped to Analog Points

Register Number Type A Field B Field
1 – 10,000 Coil Status N/A N/A
10,001 – 20,000 Input Status N/A N/A
20,001 – 30,000 Holding Register 1 – 10,000 3
30,001 – 40,000 Input Register 1 – 10,000 4
40,001 – 50,000 Preset (Setpoints) 1 – 10,000 (see Table 4-7)

For best performance, points should be arranged in large blocks. This minimizes the overhead of a
separate poll for each discontinuous block. The scan task does optimize across small discontinuities in
the point list by including small unused memory areas in its poll requests, but this wastes transmission
time.

The “B” field is used to specify the data type. Allowed values are listed in Table 4-3 below. The scan
task uses a different function code to poll each data type.

Table 4-3 Analog Data Types

Data Type Code Data Type
3 Holding register
4 Input register

Note that:

• the first holding register in the RTU is addressed by A = 1 and B = 3

• the first input register in the RTU is addressed by A = 1 and B = 4

The “D” field is optional and is normally set to zero. However, this option is particularity useful when data
charges apply and you are attempting to limit the amount of polling and data returned.

The “D” field is comprised of a three components that allows you to group points in such a way that the
value of one point can trigger polling of points assigned to another group. See Table 4-4 for the D field
definition.

How groups and triggers work:

Points assigned to group zero are always polled. If any point from group zero has a non-zero trigger
group, the returned value is checked against it’s trigger value. If the trigger value passes, all points
assigned to the trigger group will be marked for polling.

Modbus Scan Task User’s Guide Analog Point 4-3

Windows SCADA
Points that are assigned to non-zero groups with non-zero trigger groups that are polled as a result of
triggers from other groups, will also have their returned value checked against their trigger value. If the
trigger value passes, all points assigned to the trigger group will be marked for polling.

So effectively, group zero points could cause polling of other groups, which could cause polling of other
groups and so on.

The Modbus scan task will pass through all groups three times checking if other groups have been
triggered by other groups. This is to prevent constantly looping through groups.

Please note that the D field is 16 bits and that the total of the Trigger Value, Trigger Group and Group
Number cannot exceed 65535.

Table 4-4 Groups and Triggers

Digit Meaning
Units Group Number (Range 0-9)
Tens Trigger Group (Range 0-9)
Remaining Digits Trigger Value
0=trigger on non-zero values
Non-zero=trigger on this value only

Take for example a D field of 4510. It is assigned to group 0; it’s trigger group is 1 and has a trigger value
of 45. This point will always be polled as it is assigned to group 0. If it’s returned value (after scaling) is
equal to the trigger value 45, all points assigned to group 1 will be polled.

Another example with D field of 21. It is assigned to group 1, it’s trigger group is 2 and has a trigger value
of 0. This point will only be polled if another point(s) with a trigger group of 1 results in group 1 points
being polled. If this point is polled and it’s returned value (after scaling) is any non-zero value, all points
assigned to group 2 will be polled.

4.1.1 Infrequent Scan Points

Infrequent scan points are identified by having a value of 16 (decimal) added to their “B” address. For
example, a holding register that is to be scanned normally is assigned a “B” address of 3, whereas if it is
to be on infrequent scan, it should be assigned a “B” address of 3 + 16 = 19. See the /Infrequent
paragraph of section 2.1.5, Configuration Switches.

4.1.2 Critical Data Points

Critical data points are identified by having a value of 32 (decimal) added to their “B” address. For
example, a holding register that is to be treated as a normal data point is assigned a “B” address of 3,
whereas if it is to be treated as a critical data point, it should be assigned a “B” address of 3 + 32 = 35.
See the /Critical paragraph of section 2.1.5, Configuration Switches.

Only analog points can be identified as critical data points. Critical data points should not be defined as
infrequent scan points.

Modbus Scan Task User’s Guide Analog Point 4-4

Windows SCADA
4.2 Format Code
This field specifies how the scan task should process the input data from the RTU. Valid format codes for
non-setpoints are listed in Table 4-5.

Below, the formats are referred to by code (ID) number, but you will choose them from a list of user-
defined names. If you are in doubt about which format code is which, look at their definitions using
SCADA Explorer. If you have only one scan task on your system, the format can be given names that
describe their function. But if multiple scan tasks are being used, they may use the same format number
for different purposes, so you may not be able to come up with a better name.

Table 4-5 Input Formats for Analog Points

Format
Code Meaning Input Range Registers Order
1 12-bit binary, unsigned 0 to 4095 1
2 12-bit binary, unsigned 0 to 4095 1
with threshold check
3 Dual 12-bit binary, unsigned 0 to 999,999 2 Low, High
4 16-bit binary, unsigned 0 to 65535 1
5 16-bit binary, signed -32767 to +32767 1
6 16-bit accumulator, 0 to 65535 1
store delta
7 32-bit accumulator, add delta 2 High, Low
8 IEEE floating point 2 High, Low
9 12-bit BCD 0 to 999 1
10 12-bit BCD 0 to 999 1
with threshold check
11 Dual 12-bit BCD 0 to 999,999 2 Low, High
12 16-bit BCD 0 to 9,999 1
13 Dual 16-bit, unsigned 0 to 4,294,967,295 2 Low, High
14 IEEE floating point 2 Low, High
15 Dual 16-bit, unsigned 0 to 4,294,967,295 2 High, Low
16 Double register accumulator, 0 to 999,999 2 Low, High
add delta
17 16-bit accumulator, 0 to 65535 1
add delta
18 Dual 16-bit, signed -2,147,483,647 to 2 High, Low
2,147,483,647
19 Dual 16-bit, signed -2,147,483,647 to 2 Low, High
2,147,483,647

Modbus Scan Task User’s Guide Analog Point 4-5

Windows SCADA
In the case of dual-register points (formats 3, 7, 8, 11 and 13 to 19), the telemetry address is assumed to
point to the first of two consecutive 16-bit registers in the RTU. In some cases, the first register contains
the low order part of the dual-register value, and the second register contains the high order part. In
other cases, the first register contains the high order part and the second register contains the low order
part. In either case, the two registers are combined to produce one database value.

Format Codes 2 and 10

The scan task compares the raw analog input value against the threshold specified in the communication
line. See the /Threshold paragraph of section 2.1.5, Configuration Switches. If the value is less than the
threshold, the scan task uses a raw input value of zero.

Format Codes 3 and 11

The scan task multiplies the contents of the second register by 1000, adds the contents of the first
register, and then scales and stores the result into the database. For example, if the first word is 123,
and the second word is 456, then the stored point value is 456123.

The upper 4 bits of each word are masked out. Note that meaningless values are obtained if the content
of each word is not restricted to the range 0-999.

Format Code 6

The scan task calculates the delta (the difference between this reading and the previous reading), scales
it using the scale factor only (no offset), and stores the scaled delta into the counter point. The scan task
assumes that rollover occurs at 65,535.

If the delta is negative and represents a change of greater than 6554 (10% of the range), the scan task
assumes that the RTU reset and that the accumulator in the RTU has restarted from zero. Accordingly,
in this case, the scan task sets the delta to just be the current accumulator reading.

This format code causes the scan task to store scaled deltas into the counter point. This corresponds to
storing current demand or current flow rate values. An alternate format code 17 allows you to accumulate
the scaled deltas to produce total consumed energy or total flow volumes. See Format Code 17 below.

Format Code 7

The scan task treats the two registers as one 32-bit integer, computes the delta (the difference between
this reading and the previous reading), scales it using the scale factor only (no offset), and adds the result
to the current point’s value to produce a total accumulation. If the delta is negative, a rollover correction
is applied.

Prior to updating the point’s value, the scaled delta is validated by calculating a flow rate as follows:

scaled delta * 3600

flow = --------------------------------
seconds since last poll

and testing this against a threshold specified on the SCADA Explorer by the point’s OFFSET field. If the
calculated flow rate exceeds the threshold, an alarm is raised and the point is not updated. The alarm is
raised with priority 3 and is based on alarm format #99, which should contain:

N2,’,’,N1,’ ’,B40

Modbus Scan Task User’s Guide Analog Point 4-6

Windows SCADA
Following the name of the point, the text of the alarm is:

DELTA ERROR – POINT NOT UPDATED

If the threshold is zero, the scan task skips the flow rate validation.

Format Codes 8 and 14

With format code 8, the scan task assumes that the first register contains the high-order half of a 32-bit
IEEE floating point value, and that the second register contains the low-order half. With format code 14,
the scan task assumes that the first register contains the low-order half of a 32-bit IEEE floating point
value, and that the second register contains the high-order half.

Format Codes 13, 15, 18 and 19

The scan task multiplies the contents of the high order register by 65536, adds the contents of the low
order register, and then scales and stores the result into the database.

Format Code 16

The scan task multiplies the contents of the second register by 1000, and adds the contents of the first
register. It then calculates the delta (the difference between this result and the previous reading) and
scales it using the scale factor only (no offset). Then it adds the scaled delta to the value in the database,
thus producing an accumulated value. The scan task assumes that rollover occurs at 1,000,000.

Format Code 17

The scan task calculates the delta (the difference between this reading and the previous reading), scales
it using the scale factor only (no offset), and adds the scaled delta to the counter point’s value. The scan
task assumes that rollover occurs at 65,535.

If the delta is negative and represents a change of greater than 6554 (10% of the range), the scan task
assumes that the RTU reset and that the accumulator in the RTU has restarted from zero. Accordingly,
in this case, the scan task sets the delta to just be the current accumulator reading.

This format code causes the scan task to accumulate scaled deltas. This corresponds to storing total
consumed energy or total flow volumes. If you reset the value of the counter point to zero or some other
value, the point will continue to accumulate from its reset value.

An alternate format code 6 allows you to store (rather than accumulate) the scaled deltas. This produces
current demand or current flow rate values. See Format Code 6 above.

4.3 Scale Factor and Offset

The scale factor and offset represent the conversion factors for a linear transformation of the RTU’s raw
input values to engineering units.

To determine the appropriate scale factor and offset, you can use the two formulas below:

Modbus Scan Task User’s Guide Analog Point 4-7

Windows SCADA
 MaxEngineeringValue − MinEngineeringValue
(1) ScaleFactor =
MaxRawValue − MinRawValue

(2) Offset = MinEngineeringValue − (ScaleFactor ∗ MinRawValue )

where the Max and Min engineering values are the values you want to see, and the Max and Min raw
values are the range of values obtained from the RTU.

Suppose, for example, that you are using a 4-20 mA transducer to measure water level in a reservoir,
and that the RTU’s D/A converter converts this to measured raw values in the range 400 to 2000. If the
minimum and maximum water levels are 100 and 200 meters respectively, then equations (1) and (2)
produce:

200 − 100
ScaleFactor = = 0.0625
2000 − 400
and
Offset = 100 − (0.0625 ∗ 400) = 75.0

You can check your work by using the resulting scale factor and offset to convert a mid-point raw value.
In this case, a mid-point raw value of 1200 scales to the expected engineering value of 150 meters.

4.4 Zero Clamp Deadband

This defines a deadband range of engineering values inside of which an input will be clamped to an
engineering value of zero. This allows you to eliminate noisy readings around the zero mark of the
engineering scale.

The zero clamp deadband is specified in engineering units, and is applied to all points except those with
format code 16. See section 4.2, Format Code.

You can use this to eliminate the annoying small readings that often show up on a dead or empty line
because of sensor noise or slight miscalibration. For example, if the zero clamp deadband is 3.0, then
any input value which converts to between +3.0 and -3.0 engineering units will be clamped to zero.

4.5 Window – Digital Filter

This is a code that usually specifies an exception deadband to be downloaded to the RTU. Since the
Modbus protocol does not support exception reporting, this field has been given another use for the
Modbus scan task.

For the Modbus scan task, the window field specifies the filter constant for a first-order digital filter to be
applied to the point’s engineering value.

The filtered value is calculated as follows:

Modbus Scan Task User’s Guide Analog Point 4-8

Windows SCADA
(3) Yk+1 = ( Yk * (10 - Cf ) ) + ( Xk+1 * Cf )
__________________________

10

where:

Xk+1 is the new unfiltered engineering value

Yk+1 is the new filtered value

Yk is the old filtered value

Cf is the filter constant

Legal values for the filter constant are 1 to 10:

• A filter constant value of 1 produces heavy filtering. The smoothing effect is great and the output
follows the input very slowly (i.e. it takes a long time for the output to catch up to a sudden change in
the input).

• A filter constant value of 9 produces light filtering. The smoothing effect is much less but the output
follows the input much more closely.

• A filter constant value of 10 produces no filtering at all. The output is equal to the input.

• From equation (3), a filter constant value of 0 would produce infinite filtering: a filter so slow that the
output never moves. However, the Modbus scan task treats a filter constant value of 0 as a
specification for no filtering.

The filtering, if any, is applied to all points except those with input format codes 6, 16 and 17.

4.6 Setpoints
Setpoints are defined as analog points with a device class of 3, and with the following telemetry
addressing:

Table 4-6 Setpoint Control Address

Address Field Meaning
A Preset register number (1 – n)
B Data type (see Table 4-7)
C 0 (not used)
D 0 (not used)

The “A” field of the control address specifies the number of the register to be preset. The valid range is 1
to the number of registers in the RTU. In the protocol message itself, the value of “A” is decremented
before being transmitted.

Modbus Scan Task User’s Guide Analog Point 4-9

Windows SCADA
The “B” field is used to specify the data type. Allowed values are listed in the table below:

Table 4-7 Setpoint Data Types

Data Type Code Data Type
0 Binary data
5 Time sync
6 BCD data
16 IEEE floating data

The “C” and “D” fields are not presently used, but may be in the future. Make sure you set them to zero.

The format codes to use with setpoints are listed in Table 4-8.

Table 4-8 Setpoint Format Codes

Format Code Meaning Output Range
1 12-bit output 0 to 4095 binary, or 0 to 999 BCD
4 16-bit output 0 to 65535 binary, or 0 to 9999 BCD, or time sync
5 16-bit output -32767 to +32767
8 IEEE float Dual registers – high, low
13 32-bit unsigned Dual registers – low, high 0 to 4,294,967,295
14 IEEE float Dual registers – low, high
15 32-bit unsigned Dual registers – high, low 0 to 4,294,967,295
18 32-bit signed Dual registers – high, low -2,147,483,647 to 2,147,483,647
19 32-bit signed Dual registers – low, high -2,147,483,647 to 2,147,483,647

4.6.1 IEEE Floating Point & 32-bit signed/unsigned setpoint values

For IEEE floating point and 32-bit signed/unsigned setpoint values, the scan task writes two consecutive
registers using one Preset Multiple Registers command. The ”A” part of the address must specify the first
register. Format codes 8, 13, 14, 15, 18 and 19 allow you to specify whether the first register or the
second register is the more significant register.

4.6.2 Time Sync

In a Time Sync setpoint, the value entered for the setpoint is not what is actually sent to the RTU. What
is sent to the RTU is a current time value that the scan task computes as the number of seconds since
the start of the current hour.

Modbus Scan Task User’s Guide Analog Point 4-10

Windows SCADA
 5 Status Point

This chapter describes how to define status points for the Modbus scan task. The Edit Status Point
dialog from the SCADA Explorer is illustrated in Figure 5-1.

A status point can be defined to be any one of:

• indication only
• control only
• combined indication and control

depending on whether a telemetry address and any control addresses are specified for it.

Status data may be read from any of the following:

• Coils
• Status inputs
• Holding registers
• Input registers

Modbus Scan Task User’s Guide Status Point 5-1

Windows SCADA
5.1 Telemetry
This group includes the telemetry address, and the two control addresses. You may also want to consider
the RTU to be part of the telemetry information, since you may have another point with the same address
on this communication line, so long as it is on a different RTU.

Each of the three addresses specifies the location of an input or output within the RTU. Each is made up
of four fields labeled A, B, C, and D. These fields represent something different, depending on the type of
address.

Figure 5-1 "Edit Status Point" Dialog

5.1.1 Telemetry Address

The telemetry address specifies the location of the status point within the RTU. The meaning of the parts
of the address is given in Table 5-1. If this point is to be a telemetered point, select the RTU that will
provide the data, tick the checkbox for Telemetry Address, and fill in the required address.

The “A” field is used to specify the relative register number within the point’s data type. The register
numbers for each data type start at “1”. The value of “n” depends on the configuration of the RTU. See
your RTU vendor’s documentation.

Modbus Scan Task User’s Guide Status Point 5-2

Windows SCADA
Table 5-1 Status Telemetry Address Fields
Telemetry
Address
Field Meaning
A Point or Register number (1 – n)
B Data type (see Table 5-3)
C Bit number (1 – 16)
D Trigger Value, Trigger Group & Group (see Table 5-4)

Note that devices from different vendors may have different register numbering schemes. And typically,
each type of point has a different range of point numbers. For example, coils in a particular device may
be numbered starting at 1 and input statuses may start at 10,001. And in a different device, the point
numbers might be in a different range. But in the Modbus communication protocol itself, point numbers
for each type always start at zero. In the Survalent SCADA system, the point numbers of each type all
start at 1. So, in the example device mentioned above, the number of the first input status is 10,001 in
the device, 0 in the communication between the scan task and the device, and 1 in the SCADA database
(in the “A” address).

Table 5-2 describes the common register numbers and how to map them to telemetry address fields. The
A Field is calculated by, (register_number - start_range) + 1. The B Field is the supported data type. For
example, for Input Register number 30,001 the A Field would be (30,001 – 30,001) + 1 = 1 and the B
Field would be 4. For Holding Register number 20,100 the A Field would (20,100 – 20,001) + 1 = 100 and
the B Field would be 3.

Table 5-2 Common RTU Register Numbers Mapped to Status Points

Register Number Type A Field B Field C Field
1 – 10,000 Coil Status 1 – 10,000 1 0
10,001 – 20,000 Input Status 1 – 10,000 2 0
20,001 – 30,000 Holding Register 1 – 10,000 3 1 – 16
30,001 – 40,000 Input Register 1 – 10,000 4 1 – 16
40,001 – 50,000 Preset (Setpoints) N/A N/A N/A

The “B” part of the telemetry address specifies the data type. See Table 5-3 below.

Table 5-3 Status Data Types

Data Type Code Data Type Range for “C”
1 Coil Status 0
2 Input Status 0
3 Holding Register 1 to 16
4 Input Register 1 to 16

Modbus Scan Task User’s Guide Status Point 5-3

Windows SCADA
For data types 1 and 2 (coil status and input status), the “A” part of the telemetry address specifies the
relative point number within that data type. For both of these data types, the “C” field should be specified
as zero.

For data type 3 and 4 (holding and input register), the “A” part of the telemetry address specifies the
holding or input register number. In this case, the “C” part of the telemetry address specifies the bit
number within the register. Bit number 1 is the LSB (Least Significant Bit).

MSB LSB
Bit 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1

For best performance, points should be arranged in large blocks. This minimizes the overhead involved
in multiple polls of discontinuous blocks of points. The scan task does optimize across small
discontinuities in point addresses by polling for ranges that include unused points, but this wastes
transmission time.

As in the case of analog points, infrequent scan points are identified by having a value of 16 (decimal)
added to their “B” address. For example, an input status point is specified by a “B” address of 2 if on
normal scan, but is assigned a “B” address of 2 + 16 = 18 if on infrequent scan.

The “D” field is optional and is normally set to zero. However, this option is particularity useful when data
charges apply and you are attempting to limit the amount of polling and data returned.

The “D” field is comprised of three components that allows you to group points in such a way that the
state of one point can trigger polling of points assigned to another group. See Table 5-4 for the D field
definition.

How groups and triggers work:

Points assigned to group zero are always polled. If any point from group zero has a non-zero trigger
group, the returned state (after applying the format code) is checked against it’s trigger state. If the trigger
state passes, all points assigned to the trigger group will be marked for polling.

Points that are assigned to non-zero groups with non-zero trigger groups that are polled as a result of
triggers from other groups, will also have their returned states (after applying the format code) checked
against their trigger state. If the trigger state passes, all points assigned to the trigger group will be
marked for polling.

So effectively, group zero points could cause polling of other groups, which could cause polling of other
groups and so on.

The Modbus scan task will pass through all groups three times checking if other groups have been
triggered by other groups. This is to prevent constantly looping through groups.

Please note that the D field is 16 bits and that the total of the Trigger State, Trigger Group and Group
Number cannot exceed 65535.

Modbus Scan Task User’s Guide Status Point 5-4

Windows SCADA
Table 5-4 Groups and Triggers
Digit Meaning
Units Group Number (Range 0-9)
Tens Trigger Group (Range 0-9)
Hundreds Trigger State
0=trigger on state zero
1=trigger on state one
2=trigger on state two
3=trigger on state three
4=trigger on any non-zero state

Take for example a D field of 120. It is assigned to group 0, it’s trigger group is 2 and has a trigger state
of 1. This point will always be polled as it is assigned to group 0. If it’s returned state (after applying the
format code) is equal to the trigger state 1, all points assigned to group 2 will be polled.

Another example with D field of 432. It is assigned to group 2, it’s trigger group is 3 and has a trigger
state of 4. This point will only be polled if another point with a trigger group of 2 results in group 2 points
being polled. If this point is polled and it’s returned state (after applying the format code) is non-zero, all
points assigned to group 3 will be polled.

Another example with D field of 10. It is assigned to group 0, it’s trigger group is 1 and has a trigger state
of 0. This point will always be polled as it is assigned to group 0. If it’s returned state (after applying the
format code) is zero, all points assigned to group 1 will be polled.

5.1.2 Control Address

The open (0) and close (1) control addresses that can be defined for each status point give the location of
one or two control relays in the RTU. The meaning of the parts of each address is given in Table 5-5.
You must tick the checkbox next to any address(es) that you intend to use.

Table 5-5 Control Address Fields

Control
Address
Field Meaning
A Indicator number (see Table 5-6)
B Control function (see Table 5-6)
C Not used, enter 0
D Control type (see Table 5-6)

Modbus Scan Task User’s Guide Status Point 5-5

Windows SCADA
Table 5-6 Control Types and Functions
“D” code Control Type “B” code Control Function “A” code
0 or 5 Force Coil 0 Coil Off Coil number (1-n)
0 or 5 Force Coil 1 Coil On Coil number (1-n)
6 Preset Register 0 to 65535 Preset Register number (1-n)
1 Template 0 Various Template ID
2 Holding Register 1 to 16 Clear Bit Register number (1-n)
3 Holding Register 1 to 16 Set Bit Register number (1-n)

The “D” part of the control address specifies the type of control.

If the control type is Force Coil, the “A” part of the address specifies a coil number, and the “B” part of the
address specifies either a “Coil On” or a “Coil Off” function.

If the control type is Preset Register, the “A” part of the address specifies a register number, and the “B”
part of the address specifies a value between 0 and 999 to be written into the register.

If the control type is Template, the “A” part of the address specifies a Template ID of the Template that
the scan task is to execute. The “B” part of the address is not used, so enter zero. See section 5.2,
Template Controls.

If the control type is Holding Register, the “A” part of the address specifies a register number, the “B” part
of the address specifies the single bit number within the register. The “D” part of the address specifies to
either Set the bit or Clear the bit. Bit number 1 is the LSB (Least Significant Bit).

MSB LSB
Bit 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1

The “C” field is not used, enter 0, as this field may be used in the future.

5.2 Template Controls

The Modbus scan task can execute a Template when multiple operations are required to operate a relay
or perform a complex task.

The Template Editor is used to edit the Template for the control operation. The Template Control
parameter definitions are illustrated in

Figure 5-2. The required format for the Template Control is described below. The general use of the
Template Editor is described in document CS-400 Command Sequencing.

When a Template Control is received, the Modbus scan task initially sets the Step ($P1) to one and
executes the Template to retrieve the Command ($P2), Object ($P3), Value ($P4) and the next Step.
The scan task then performs the Modbus function returned in Command. The scan task then
continuously sets the Step to the value returned by the Template, executes the Template and performs

Modbus Scan Task User’s Guide Status Point 5-6

Windows SCADA
the Modbus function. This continues until the Template returns a Step value of zero. If no errors have
occurred, the scan task declares control success. Otherwise, it declares control failure.

This document includes sample Template code that performs Trip/Close operations on an ABB-PCD
Reclosure. See section 5.2.5, Template Code to Trip ABB-PCD Reclosure, and section 5.2.6, Template
Code to Close ABB-PCD Reclosure.

A Template Control can be tested/debugged by adding it as a

Calculation to the Calculation Editor and entering analog points for the
parameters. Then manually set the Step point to one (remember to
activate the point to remove the manual set). The Step, Command,
Object and Value points will change on every calculation interval until the
last step is performed.

Figure 5-2 Template Definition

Step ($P1)

This parameter is an analog input to the Template and an analog output to the scan task. It is used to
indicate the current step to be executed. The scan task initially sets this parameter to one for the first
step and for all other steps, passes the returned value back to the Template. The Template is
responsible for setting the step to be performed.

Command ($P2)

This parameter is an analog output to the scan task. It specifies the Modbus function to be performed.
The Modbus functions supported in Template Controls and the corresponding codes are listed in Table
5-7. If an invalid function is specified, the scan task stops the Template Control and declares a control
failure.

Modbus Scan Task User’s Guide Status Point 5-7

Windows SCADA
Table 5-7 Modbus Functions
Code Modbus Function
5 Force Single Coil
6 Preset Single Register
15 Force Multiple Coils
16 Preset Multiple Registers

Object ($P3)

This parameter is an analog output to the scan task. Its meaning depends on the Modbus function to be
performed.

Value ($P4)

This parameter is an analog output to the scan task. Its meaning depends on the Modbus function to be
performed.

The required parameters to be set by the Template for the Modbus functions are described in the
sections below.

5.2.1 Force Single Coil

This Template Control command forces a single relay coil to a specific state at the RTU. One Template
step is required for this command. The parameters specify the Coil number and either an ON or OFF
command.

Table 5-8 Template Command - Force Single Coil

Parameter Description
$P2 5 = Force Single Coil
$P3 Coil Number (1-n)
$P4 Command
0 = OFF
1 = ON

The following sample Template code forces coil 10 to ON.

if ($p1 == 1) ! If Force Single Coil Step

$p1=$p1+1 ! Set next Step
$p2=5 ! Force Single Coil Command
$p3=11 ! Coil #10 (1-n)
$p4=1 ! ON
else ! Else we’re done
$p1=0 ! Signal Template completion to scan task
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif

Modbus Scan Task User’s Guide Status Point 5-8

Windows SCADA
5.2.2 Preset Single Register

This Template Control command loads a 16-bit value into a single holding register at the RTU. One
Template step is required for this command. The parameters specify the Register number and the value
to transmit. The value is written into the register as is without any scaling or unscaling.

Table 5-9 Template Command – Preset Single Register

Parameter Description
$P2 6 = Preset Single Register
$P3 Register Number (1-n)
$P4 16-bit Value

The following sample Template code loads the value 222 into holding register 100.

if ($p1 == 1) ! If Preset Single Register Step

$p1=$p1+1 ! Set next Step
$p2=5 ! Preset Single Register Command
$p3=101 ! Register #100 (1-n)
$p4=222 ! Value to load in register
else ! Else we’re done
$p1=0 ! Signal Template completion to scan task
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif

5.2.3 Force Multiple Coils

This Template Control command forces multiple relay coils to specific states at the RTU. Two or more
Template steps are required to supply all the information for this command.

In the first step of this command, the parameters specify the starting Coil number and the number of coils
(n) to operate. Following this step are mask step(s) containing the bit masks for the coil settings.

In the mask step(s) of this command, the parameters specify the bit mask for up to 8 coils at a time. The
mask is entered in decimal with each bit representing one coil (1=ON, 0=OFF). The least significant
(right most) bit of the mask represents the lowest coil number. The total number of required mask steps
can be calculated as (n/8)+1.

Once all the masks have been gathered from the Template, the scan task sends one request to the RTU.

Table 5-10 Template Command - Force Multiple Coils – First Step

Parameter Description
$P2 15 = Force Single Coil
$P3 Starting Coil Number (1-n)
$P4 Number of Coils to force

Modbus Scan Task User’s Guide Status Point 5-9

Windows SCADA
Table 5-11 Template Command - Force Multiple Coils – Mask Step
Parameter Description
$P2 0 = Not Applicable
$P3 0 = Not Applicable
$P4 Coil Mask (0-255)

The following sample Template code forces 10 coils, starting at address 20. Coils 20, 22, 23, 26, 27 and
29 are forced ON, while coils 21, 24, 25 and 28 are forced OFF. Note that in the mask for coils 28-29, the
bits for unspecified coils (30-35) are set to zero.

if ($p1 == 1) ! If Force Multiple Coil Step

$p1=$p1+1 ! Set next Step
$p2=15 ! Force Multiple Coil Command
$p3=21 ! Starting at Coil #20
$p4=10 ! For 10 consecutive Coils (20-29)
else if ($p1 == 2) ! Coils 20-27 Mask
$p1=$p1+1 ! Set next Step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=205 ! Mask for Coils 20-27 (hex CD, binary 11001101)
else if ($p1 == 3) ! Coils 28-29 Mask
$p1=$p1+1 ! Set next Step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=2 ! Mask for Coils 28-29 (hex 02, binary 00000010)
else ! Else we’re done
$p1=0 ! Signal Template completion to scan task
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif
endif
endif

5.2.4 Preset Multiple Registers

This Template command loads 16-bit values into multiple holding registers at the RTU. Two or more
Template steps are required to supply all the information for this command.

In the first step of this command, the parameters specify the starting holding register and the number of
registers (n) to load. Following this step are n value step(s) containing the 16-bit values to load into the
register(s). The values are loaded into the register(s) as is, without any scaling or unscaling.

Once all the values have been gathered from the Template, the scan task sends the request to the RTU.

Modbus Scan Task User’s Guide Status Point 5-10

Windows SCADA
Table 5-12 Template Command – Preset Multiple Registers – First Step
Parameter Description
$P2 16 = Preset Multiple Registers
$P3 Starting Register Number (1-n)
$P4 Number of registers to load

Table 5-13 Template Command – Preset Multiple Registers – Value Step

Parameter Description
$P2 0 = Not Applicable
$P3 0 = Not Applicable
$P4 16-bit Value

The following sample Template code loads 25190, 125 and 928 into registers 1050, 1051 and 1052
respectively.

if ($p1 == 1) ! If Preset Multiple Register Step

$p1=$p1+1 ! Set next Step
$p2=16 ! Preset Multiple Register Command
$p3=1051 ! Starting at Coil #1050
$p4=3 ! For 3 consecutive registers (1050-1052)
else if ($p1 == 2) ! Register 1050 Value
$p1=$p1+1 ! Set next Step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=25190 ! Value to load
else if ($p1 == 3) ! Register 1051 Value
$p1=$p1+1 ! Set next Step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=125 ! Value to load
else if ($p1 == 4) ! Register 1052 Value
$p1=$p1+1 ! Set next Step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=928 ! Value to load
else ! Else we’re done
$p1=0 ! Signal Template completion to scan task
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif
endif
endif
endif

The following sections provide Template code to Trip/Close an ABB-PCD Recloser. The Trip/Close
command requires two Preset Multiple Register commands. The first command is equivalent to a Select
operation followed by an Execute operation.

Modbus Scan Task User’s Guide Status Point 5-11

Windows SCADA
5.2.5 Template Code to Trip ABB-PCD Reclosure

! Select
!if ($p1 == 1) ! Select Step
$p1=$p1+1 ! Set next step
$p2=16 ! Preset Multiple Registers
$p3=1156 ! Starting Register 1155 (n-1)
$p4=5 ! For 5 consecutive registers
else if ($p1 == 2) ! Register 1155
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=8224 ! Value for Register 1155 PSSW12
else if ($p1 == 3) ! Register 1156
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=8224 ! Value for Register 1156 PSSW12
else if ($p1 == 4) ! Register 1157
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! Value for Register 1157 Spare
else if ($p1 == 5) ! Register 1158
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=1 ! Value for Register 1158 Mask
else if ($p1 == 6) ! Register 1159
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=1 ! Value for Register 1159 Mask
! Execute
else if ($p1 == 7) ! Execute Step
$p1=$p1+1 ! Set next step
$p2=16 ! Preset Multiple Registers
$p3=1155 ! Starting Register 1154 (n-1)
$p4=1 ! For 1 consecutive register
else if ($p1 == 8) ! Register 1154
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=1 ! Value for Register 1154 Execute
! Completion
else ! Else we’re done
$p1=0 ! Signal Template completion to scan task
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif
endif
endif
endif
endif
endif
endif
endif

Modbus Scan Task User’s Guide Status Point 5-12

Windows SCADA
5.2.6 Template Code to Close ABB-PCD Reclosure

!Select
if ($p1 == 1) ! Select Step
$p1=$p1+1 ! Set next step
$p2=16 ! Preset Multiple Registers
$p3=1156 ! Starting Register 1155 (n-1)
$p4=5 ! For 5 consecutive registers
else if ($p1 == 2) ! Register 1155
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=8224 ! Value for Register 1155 PSSW12
else if ($p1 == 3) ! Register 1156
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=8224 ! Value for Register 1156 PSSW12
else if ($p1 == 4) ! Register 1157
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! Value for Register 1157 Spare
else if ($p1 == 5) ! Register 1158
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=32 ! Value for Register 1158 Mask
else if ($p1 == 6) ! Register 1159
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=32 ! Value for Register 1159 Mask
! Execute
else if ($p1 == 7 ) ! Execute Step
$p1=$p1+1 ! Set next step
$p2=16 ! Preset Multiple Registers
$p3=1155 ! Starting Register 1154 (n-1)
$p4=1 ! For 1 consecutive register
else if ($p1 == 8) ! Register 1154
$p1=$p1+1 ! Set next step
$p2=0 ! n/a
$p3=0 ! n/a
$p4=1 ! Value for Register 1154 Execute
! Completion
else ! Else we’re done
$p1=0 ! Signal Template completion to scan task
$p2=0 ! n/a
$p3=0 ! n/a
$p4=0 ! n/a
endif
endif
endif
endif
endif
endif
endif
endif

Modbus Scan Task User’s Guide Status Point 5-13

Windows SCADA
5.3 Input Format Code
This field specifies how the scan task should process the status input data received from the RTU.

Format Code 1

Format code 1 specifies normal processing of single bits. That is, received bit values of 0 and 1 are
stored in the database as 0 and 1 respectively.

Format Code 2

Format code 2 specifies inverted single bit processing. That is, received bit values of 0 and 1 are stored
in the database as 1 and 0 respectively.

Format Codes 3, 4, 5 and 6

These format codes allow dual-bit status points from the RTU to be mapped in four different ways into a
consistent internal database representation. The internal representation is shown in the table below:

Table 5-14 Standard Status Values

Status Status
Value Value
(Binary) (Decimal) State
00 0 Open
01 1 Closed
10 2 Transition
11 3 Error

Format Code 3

This format code specifies “low bit on = open” and “high bit on = closed”. (“Low” means least significant,
and “high” means most significant.) When both bits are off, the point is in transition.

Table 5-15 Format Code 3 Raw Bits to Database Mapping

Binary
Value Value
From Stored in
RTU Database State
00 2 Transition
01 0 Open
10 1 Closed
11 3 Error

Modbus Scan Task User’s Guide Status Point 5-14

Windows SCADA
Format Code 4

This format code specifies “low bit on = closed” and “high bit on = open”. When both bits are off, the point
is in transition.

Table 5-16 Format Code 4 Raw Bits to Database Mapping

Binary
Value Value
From Stored in
RTU Database State
00 2 Transition
01 1 Closed
10 0 Open
11 3 Error

Format Code 5

This is equivalent to format code 3 inverted. It specifies “low bit off = closed” and “high bit off = open”.
When both bits are on, the point is in transition.

Table 5-17 Format Code 5 Raw Bits to Database Mapping

Binary
Value Value
From Stored in
RTU Database State
00 3 Error
01 0 Open
10 1 Closed
11 2 Transition

Format Code 6

This is equivalent to format 4 inverted. It specifies “low bit off = open” and “high bit off = closed”. When
both bits are on, the point is in transition.

Modbus Scan Task User’s Guide Status Point 5-15

Windows SCADA
Table 5-18 Format Code 6 Raw Bits to Database Mapping
Binary
Value Value
From Stored in
RTU Database State
00 3 Error
01 1 Closed
10 0 Open
11 2 Transition

Modbus Scan Task User’s Guide Status Point 5-16

Windows SCADA