Re: Modbus-TCP "authorization"

[Виталий Балакин via Tech-talk <tech-talk@aps.anl.gov>]

Thanks for the idea!

I will test it and then let you know the result.

With gratitude,

Vitalii

вт, 25 нояб. 2025 г. в 23:48, Mark Rivers <rivers@cars.uchicago.edu>:

Hi Vitalii,

 

I think I see a way you can do this, though I have not tested it.

 

• Set the underlying asyn TCP driver to have disconnectOnReadTimeout=Y.
• Create one Modbus port that only does the authentication with a dedicated database for that.
• Load an asyn record on the TCP driver port and on each of the Modbus asyn ports.
• Set the Modbus asyn ports to have autoConnect=0.  That way they will only connect when explicitly commanded to.
• Have one calcout record that monitors the CNCT field of the TCP port asyn record
• When CNCT makes a transition from 0 to 1 (i.e. a connect event) then it triggers processing of a seq record that does the following:
• Set CNCT of the Modbus authentication port asyn record to 1.  It will then connect.
• Process the authentication records.
• Set the CNCT fields of the remaining Modbus port asyn records to 1. Normal I/O will then start.
• When CNCT makes a transition from 1 to 0 (i.e. a disconnect event) then it triggers processing of a seq record that does the following:
• Set CNCT of all the Modbus ports asyn records including the authentication port to 0

 

Mark

 

From: Tech-talk <tech-talk-bounces@aps.anl.gov> On Behalf Of Виталий Балакин via Tech-talk
Sent: Tuesday, November 25, 2025 9:38 AM
To: Abdalla Ahmad <Abdalla.Ahmad@sesame.org.jo>
Cc: tech-talk@aps.anl.gov
Subject: Re: Modbus-TCP "authorization"

 

The problem is not in the sequence, but rather how to *trigger* it upon
connect.  I.e.:

1. Perform Modbus reads and writes *immediately* after connect() success.

2. *Before* any other I/O takes place.

3. Repeat it upon further reconnects (also before any other I/O).

Looking at https://epics-modules.github.io/modbus/ I can't find any way to
achieve this.

 

With appreciation,

Vitalii

 

вт, 18 нояб. 2025 г. в 14:25, Abdalla Ahmad <Abdalla.Ahmad@sesame.org.jo>:

You can try writing a record for each authorization step with passive scan (or no SCAN) and then each record process the next with FLNK, with this you can only process the first record and the rest are processed sequentially. We do have a similar situation where a Modbus device requires setting a password for administrator access, we made a record that just writes a value to a certain address and we have admin access to the device.

 

Best Regards,

Abdalla Al-Dalleh

Control Engineer

SESAME

 

From: Tech-talk <tech-talk-bounces@aps.anl.gov> On Behalf Of ??????? ??????? via Tech-talk
Sent: Tuesday, November 18, 2025 6:33 AM
To: tech-talk@aps.anl.gov
Subject: Modbus-TCP "authorization"

 

Hi!

I have a Modbus-TCP device which requires a so called "authorization" to
be performed BEFORE any actual I/O can take place; without such an
authorization all register writes and even reads result in exception 2
("illegal data address").

The "authorization" consists of several register reads and writes, in
specific order:

   1. Write INT32_LE:0x89ABCDEF to holding registers 0x2100,0x2101
   2. Write INT32_LE:0x01234567 to holding registers 0x2102,0x2103
   3. Write 0 to holding register 0x2104
   4. Read discrete input 0x2200

Is there some mechanism to perform this sequence immediately upon connect?
Looking at "modbus" module documentation, I see nothing relevant.

Thanks in advance!

Vitalii