Request a bit of help getting a Modbus TCP write working correctly
-
Sounds like this device has deviated quite a bit from standard modbus protocol so it would probably be better to write a datasource specific for it.
-
Hi JoelHaggar
Thanks for that, when you talk of writing a datasource I take it that's not at my level of ability.
How would I go about getting this done? Would I need a developer?Cheers
-
It's something we could probably develop for you with out too much trouble. Feel free to contact me directly to discuss. http://infiniteautomation.com/index.php/contact-us
Thanks,
Joel. -
Hi Joel
Thanks for that, I've emailed you.
Cheers
-
If you are using Modbus TCP then I would assume you are using the IB-Lite interface card?
If so then I have found that you can disable the password feature which I think will solve your problem.
You can do this via a non-obvious list of settings found at: {IP of IB-Lite}/SP_CONFIG.html. The default password is 'comap'.Also, it's worth pointing out (this took me longer than it should have to work out..) that Comap use a different address offset to Mango, so you need to point Mango to the register 'before' the one you wish to read.
For example, if the Comap document says that a parameter is at register 40227, then Mango should be pointed at register 226.Hope this helps.
-
Hi there,
Thanks for your reply!
I know the units you are talking about and have installed them for a few clients, unfortunately this project is only about generators that synchronise so I'm talking to Woodward Easygen 3xxx, Comap IG/IS-NT (BB) and some of the newer Deep Sea (~8xxx).
However Its a great tip about the IB-lite and I'm certain to come across the need for it one of these days as these are getting more popular for BMS integration.
It seems the major issue is that the password for Comap is a 32 byte write and Mango at the moment can only do a 16 bit write due to the libraries it is currently using.
I'm looking to see if I can work around it with a modbus IP/RTU converter at the moment, not ideal but at this point I'll take what works.
Thanks for your help, its appreciated. -
Thanks for contributing that Jeremy!
Kawaru, the possibility does exist to extend the Modbus4j library to have that custom data type.
Between the two of you, are operations on 32 bytes something that would be otherwise useful to put into Modbus4j?
-
Ah, yes - Seems the IS-NT BB has its own onboard ethernet module. I realised after posting (when I skimmed through the IG/IS-NT BB reference guide) that this was so but wondered whether the 'hidden' service page still existed.
Coincidentally, I was just on the phone to Comap Australia and asked whether it is possible to disable the password on the IS-NT BB - [size=18]the answer is yes, it is possible, and it is done in the same way as on the IB-Lite..[/size] :D
Hope this helps!
@phildunlap said:
Between the two of you, are operations on 32 bytes something that would be otherwise useful to put into Modbus4j?
I appreciate the thought in asking, but I can't really offer any input - I'm really only just dipping my toes into Modbus myself. I haven't had any need to write any registers beyond basic binary bits.Jeremy
-
Hi jeremyh
Awesome, thanks for that, very keen to try that now.
I'm away from home on another project at the moment but will be back mid next week, will try it and get back to you and let you know how it goes.
Thanks so much again, if there is anything I can do to help out in the future let me know.
I may still try and leave password protection in place where I can as having an open connection that someone can use to open a site mains breaker makes me more than a little uncomfortable.
Security by obscurity is fine till someone figures it out and I'm sure there is someone out there at the moment researching these types of vulnerabilities, and it probably can't be too hard to write a script to ping port 502 around the place and fiddle with the addresses you get replies from.
Still its a great workaround if i need one, superb :Dphildunlap
That's a great question, but I can't answer it at the moment, I'd like to look through all the controllers I'd like to talk to and see if any other use this data type (my feeling is they don't).
I can't recall seeing it anywhere else to date.
I'll start poking at the manuals when I get home next weekThanks all for the support, it really is appreciated.
-
@kawarau said:
I may still try and leave password protection in place where I can as having an open connection that someone can use to open a site mains breaker makes me more than a little uncomfortable.
Security by obscurity is fine till someone figures it out and I'm sure there is someone out there at the moment researching these types of vulnerabilities, and it probably can't be too hard to write a script to ping port 502 around the place and fiddle with the addresses you get replies from.Have you considered changing your Modbus TCP server port from 502 to something non-standard? If you are accessing it behind a router you can usually set up a Dst-NAT rule for port forwarding which means you don't even need to touch the ComAp.
We use a VPN for all our remote sites and all the SIMS get IPs that are behind carrier-grade NAT. So devices are only reachable from inside our network. You can also get M2M SIMs (via M2MOne in Australia) that are provisioned with a private APN that automatically joins the modem to a VPN at the carrier level, no VPN client or router required :D
-
How did you go Ian?