PLC & SCADA Integration with Modbus | IoT Blog

Introduction to PLC & SCADA
Modbus Protocol Overview
Hardware Setup
PLC Configuration
SCADA System Setup
Register Mapping
Troubleshooting

Introduction to PLC & SCADA

Programmable Logic Controllers (PLCs) and Supervisory Control and Data Acquisition (SCADA) systems form the backbone of industrial automation. PLCs control machinery and processes, while SCADA provides centralized monitoring and control.

Key Components:

PLC: Ruggedized computer for industrial control
SCADA: Software for monitoring and control
HMI: Human-Machine Interface for operator interaction
RTU: Remote Terminal Units for field data collection
Communication: Modbus, Profibus, Ethernet/IP protocols

Modbus Protocol Overview

Modbus is the de facto standard for industrial communication:

Modbus RTU

Serial communication (RS-485/RS-232)
Binary encoding of messages
Master-slave architecture
Max 247 devices per network
Distance: up to 1200m with RS-485

Modbus TCP

Ethernet-based communication
Uses TCP port 502
No distance limitations
Integrates with IT networks
Supports routing through networks

Modbus Data Model

Data Type	Register Range	Access	Description
Coils	00001-09999	Read/Write	Single bit outputs
Discrete Inputs	10001-19999	Read-Only	Single bit inputs
Input Registers	30001-39999	Read-Only	16-bit analog inputs
Holding Registers	40001-49999	Read/Write	16-bit parameters

Hardware Setup

Components needed for a basic Modbus system:

Required Hardware

PLC: Siemens S7-1200, Allen-Bradley CompactLogix, or Schneider M221
SCADA PC: Windows/Linux with Ethernet
Network Switch: Industrial Ethernet switch
Sensors: Temperature, pressure, flow meters with Modbus
Cables: CAT6 Ethernet or RS-485 twisted pair

Network Topology

SCADA Server (Modbus Master)
        |
    [Ethernet Switch]
        |
    +---+---+---+
    |   |   |   |
  PLC1 PLC2 VFD Sensor

Wiring Tips for RS-485:

Use twisted pair cable (Belden 9841 or equivalent)
Daisy-chain topology (no stars)
Terminate both ends with 120Ω resistors
Connect A to A, B to B (polarity matters)
Ground shield at one end only

PLC Configuration

Configuring Modbus TCP on a generic PLC:

Step 1: Enable Modbus Server

// PLC Configuration (pseudo-code)
Modbus_TCP_Server:
  Enabled := TRUE;
  Port := 502;
  MaxConnections := 4;
  Timeout := 1000; // ms

Step 2: Map Registers

// Map PLC variables to Modbus registers
Holding_Registers:
  HR[40001] := Temperature_Setpoint;
  HR[40002] := Pressure_Setpoint;
  HR[40003] := Motor_Speed_Reference;
  
Input_Registers:
  IR[30001] := Actual_Temperature;
  IR[30002] := Actual_Pressure;
  IR[30003] := Motor_Actual_Speed;
  IR[30004] := Flow_Rate;
  
Coils:
  C[00001] := Motor_Start_Stop;
  C[00002] := Alarm_Reset;
  
Discrete_Inputs:
  DI[10001] := Motor_Running_FB;
  DI[10002] := High_Pressure_Alarm;
  DI[10003] := Low_Level_Alarm;

Step 3: Configure Network

Set static IP: 192.168.1.10
Subnet mask: 255.255.255.0
Gateway: 192.168.1.1
Enable Modbus TCP server

SCADA System Setup

Setting up a SCADA system to communicate with PLCs:

Open Source Options

Node-RED: Flow-based programming
Grafana: Visualization with Modbus plugin
ScadaBR: Full-featured open source SCADA
OpenSCADA: Modular SCADA framework

Commercial Options

Ignition: Modern, modular SCADA
Wonderware: Industry standard
FactoryTalk: Rockwell Automation
WinCC: Siemens SCADA

Node-RED Modbus Example

[
  {
    "id": "modbus-client",
    "type": "ModBus-Client",
    "tcpHost": "192.168.1.10",
    "tcpPort": 502,
    "unitId": 1
  },
  {
    "id": "read-temperature",
    "type": "ModBus-Read",
    "name": "Read Temperature",
    "topic": "Temperature",
    "unitId": 1,
    "dataType": "InputRegister",
    "address": 30001,
    "quantity": 1,
    "client": "modbus-client"
  },
  {
    "id": "dashboard-gauge",
    "type": "ui_gauge",
    "name": "Temperature Display",
    "topic": "Temperature",
    "format": "{{value}} °C",
    "min": 0,
    "max": 100
  }
]

SCADA Best Practices:

Use descriptive tag names (e.g., "Tank1_Temperature")
Implement alarm limits (high, high-high, low, low-low)
Add timestamp to all data logging
Create trend charts for historical analysis
Set up email/SMS notifications for critical alarms

Register Mapping

Create a comprehensive register map document:

Example Register Map

Address	Name	Type	Scale	Unit	R/W
30001	Tank1_Temp	INT16	/10	°C	R
30002	Tank1_Pressure	INT16	/100	bar	R
30003	Tank1_Level	INT16	/10	%	R
40001	Pump1_Setpoint	INT16	1	RPM	R/W
40002	System_Mode	UINT16	-	-	R/W
00001	Pump1_Start	BOOL	-	-	R/W
10001	Pump1_Running	BOOL	-	-	R

Troubleshooting

Common Issues

No Communication

Verify IP addresses and subnet masks
Ping the PLC from SCADA PC
Check firewall settings (port 502)
Verify Modbus server is enabled on PLC
Check network cables and switch status

Timeout Errors

Increase timeout value in SCADA
Reduce polling frequency
Check network congestion
Verify PLC is not in STOP mode

Incorrect Data Values

Verify register address offset (0-based vs 1-based)
Check byte order (endianness)
Confirm data type (INT16 vs UINT16 vs FLOAT)
Verify scaling factors

Intermittent Communication

Check for IP address conflicts
Inspect cable connections
Monitor network traffic
Reduce number of simultaneous connections

Safety Considerations:

Never modify safety-critical parameters via SCADA without authorization
Implement proper user authentication and access levels
Keep audit logs of all write operations
Use separate networks for safety and monitoring systems
Follow IEC 62443 industrial security standards

Next Steps

Expand your industrial automation skills:

Learn OPC UA for modern industrial communication
Implement MQTT for IIoT cloud integration
Study IEC 61131-3 PLC programming languages
Explore predictive maintenance with machine learning
Implement industrial cybersecurity measures

Related Articles:
Industrial Predictive Maintenance | Factory Energy Monitoring

Useful Tools:
All IoT Tools | Modbus Message Generator

Table of Contents