Which ports are released for Modbus/TCP communication and how many Modbus clients can communicate with a SIMATIC S7 CPU as Modbus server?
The following ports are used by the Modbus/TCP protocol.
- By default, the protocol uses Port 502 as local port in the Modbus server.
- You can set the local port as you wish in the Modbus client. Usually, port numbers starting at 2000 are used.
If the communication partners offer the option of setting the port numbers for the server, then it is also possible to communicate using the Modbus/TCP protocol via a port other than Port 502.
If you use the SIMATIC as Modbus server, then there are restrictions for a number of CPUs regarding the released port numbers.
The following port numbers are released for the local port.
34010717_CPU_ModbusServer_en.pdf (7,9 KB)
If you use the SIMATIC CPU as Modbus client, then there are no restrictions regarding the released port numbers. You can set any remote port of the CPU.
Number of possible communication connections using Modbus/TCP protocol
The maximum number of Modbus clients that can be connected to one S7-300 or S7-400 CPU with integrated PROFINET interface is limited by the CPU-specific quantity frameworks.
The maximum number of Modbus clients that can be connected to one S7-1500 CPU is determined by the number of MB server FB instances running in parallel on the CPU and the maximum number of free connection resources.
If the CPU with integrated PROFINET interface does not support multiple ports, each local port of the CPU can only be used once, which means that when a communication connection has been established for one local port of the CPU, then you cannot set up another connection via that port.
If a non-multiport CPU is used as Modbus server, then there are two options for establishing communication connections to multiple Modbus clients.
- You parameterize different port numbers for the Modbus server in the Modbus client.
- All Modbus clients access the Modbus server via Port 502.
In this case, it is necessary to have constant job-controlled establishment and clear-down of connections. The Modbus server can communicate with only 1 Modbus client through Port 502 at any one time. The connection to the first Modbus client must be cleared down and Port 502 released before another Modbus client can access the Modbus server. As soon as Port 502 is released, another Modbus client can access the Modbus server via that port.
More information about multiport-compatibility is available in the technical data of the CPU.
If the CPU supports multiple passive connections per port for open IE communication, it is multiport-compatible.
|SIMATIC S7-300 CPU 31xC and CPU 31x: Technical Data|
|SIMATIC Distributed IO ET 200S Interface Module IM151-8 PN/DP CPU|
|Automation System SIMATIC S7-400 CPU Specifications|
|SIMATIC S7-1200 Automation System|
|SIMATIC S7-1500, ET 200MP, ET 200SP, ET 200AL Communication||59192925|
|How do you process asynchronous instructions with the S7-1500?||109476955|
In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions only form one element of such a concept.
Customer is responsible to prevent unauthorized access to its plants, systems, machines and networks. Systems, machines and components should only be connected to the enterprise network or the internet if and to the extent necessary and with appropriate security measures (e.g. use of firewalls and network segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be taken into account. For more information about industrial security, please visit
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends to apply product updates as soon as available and to always use the latest product versions. Use of product versions that are no longer supported, and failure to apply latest updates may increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under http://www.siemens.com/industrialsecurity.