ET 200S (2008)
Preface
SIMATIC Distributed I/O System Fail-Safe Engineering ET 200S Distributed I/O System - Fail-Safe Modules
SIMATIC
Distributed I/O System Fail-Safe
Engineering
ET 200S Distributed I/O System Fail-Safe Modules
Installation and Operating Manual
1
Product Overview
______________
2
Configuring
______________
Address Assignment and
Installation
3
______________
4
Wiring and Fitting Modules
______________
5
Diagnostics
______________
General Technical
Specifications
6
______________
7
Fail-Safe Modules
______________
Diagnostic Data of Fail-Safe
Modules
A
______________
B
Dimension drawings
______________
Accessories and Order
Numbers
C
______________
D
Response times
______________
E
Connecting Loads
______________
08/2008
A5E00103686-07
Legal information
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
with a safety alert symbol, indicates that minor personal injury can result if proper precautions are not taken.
CAUTION
without a safety alert symbol, indicates that property damage can result if proper precautions are not taken.
NOTICE
indicates that an unintended result or situation can occur if the corresponding information is not taken into
account.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The device/system may only be set up and used in conjunction with this documentation. Commissioning and
operation of a device/system may only be performed by qualified personnel. Within the context of the safety notes
in this documentation qualified persons are defined as persons who are authorized to commission, ground and
label devices, systems and circuits in accordance with established safety practices and standards.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be adhered to. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of the Siemens AG. The remaining trademarks in this
publication may be trademarks whose use by third parties for their own purposes could violate the rights of the
owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.
Siemens AG
Industry Sector
Postfach 48 48
90026 NÜRNBERG
GERMANY
A5E00103686-07
Ⓟ 12/2008
Copyright © Siemens AG 2008.
Technical data subject to change
Preface
Purpose of this Manual
The information in this manual is a reference source for operations, function descriptions,
and technical specifications of the fail-safe modules of the ET 200S distributed I/O system.
Basic Knowledge Requirements
This manual is a supplement to the ET 200S Distributed I/O System manual. Working with
this manual requires general knowledge of automation engineering. You also require
experience of using the STEP 7 basic software and the ET 200S distributed I/O system.
Scope of this Manual
Module
Power module PM-E F pm DC24V PROFIsafe
Order Number
6ES7138-4CF03-0AB0
Release Number
and Higher
01
Power module PM-E F pp DC24V PROFIsafe
6ES7138-4CF42-0AB0
01
Power module PM-D F DC24V PROFIsafe
3RK1903-3BA02
01
Digital electronic module 4/8 F-DI DC24V
PROFIsafe
6ES7138-4FA04-0AB0
01
Digital electronic module 4 F-DI/3 F-DO DC24V
PROFIsafe
6ES7138-4FC01-0AB0
01
Digital electronic module 4 F-DO DC24V/2A
PROFIsafe
6ES7138-4FB03-0AB0
01
Digital electronic module
1 F-RO DC24V/AC24..230V/5A
6ES7138-4FR00-0AA0
01
What's New
Compared with the previous version, this manual includes the following major
changes/additions:
● Simplified configuration rules
● Revised behavior of the electronic outputs in the event of a short-circuit
● Revised behavior in the event of a voltage dip
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
3
Preface
Approvals
See Section "Standards and Approvals"
In addition, ET 200S fail-safe modules are certified for use in safety mode up to the following
levels:
● Safety class SIL3 (Safety Integrity Level) in compliance with IEC 61508
● Category 4 in accordance with EN 954-1
● Performance Level (PL) e in accordance with ISO 13849
CE Approval
See Section "Standards and Approvals"
Certification Mark for Australia (C-Tick Mark)
See Section "Standards and Approvals"
Standards
See Section "Standards and Approvals"
Position in the Information Landscape
When working with ET 200S fail-safe modules and depending on your particular application,
you will need to consult the additional documentation listed below.
References to this additional documentation are included in the manual where appropriate.
Documentation
Brief Description of Relevant Contents
ET 200S Distributed
I/O System operating
describes all generally applicable topics related to the ET 200S hardware (including
configuration, installation and wiring of the ET 200S) and the IM 151 interface module.
Safety Engineering in
SIMATIC S7 system
•
instructions and manuals
description
•
•
For integration in the S7 F/FH
F-systems
TheS7 F/FH Systems, Configuring and Programming manual describes the tasks that
must be performed to create and commission an S7 F/FH F-system.
•
•
•
4
Provides an overview of the implementation, configuration, and method of operation of
S7 Distributed Safety and S7 F/FH fail-safe automation systems
Contains a summary of detailed technical information concerning fail-safe engineering
in S7-300 and S7-400
Includes monitoring and response time calculations for S7 Distributed Safety and S7
F/FH F-systems
The S7-400, M7-400 Programmable Controllers Hardware and Installation manual
describes the installation and assembly of S7-400 systems
The S7-400 Programmable Controllers, Fault-Tolerant Systems manual describes the
CPU 41x-H central modules and the tasks involved in setting up and commissioning an
S7-400H fault-tolerant system
The CFC for S7 Continuous Function Chart manual/online help provides a description
of programming with CFC
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Preface
Documentation
Brief Description of Relevant Contents
For integration in the S7
Distributed Safety F-system
The S7 Distributed Safety, Configuring and Programming manual and online help describe
the following:
• Configuration of the fail-safe CPU and the fail-safe I/O
• Programming of the fail-safe CPU in fail-safe FBD or LAD
Depending on which F-CPU you use, you will need the following documentation:
• The operating instructions S7-300, CPU 31xC and CPU 31x: Configuration describes
the configuration, installation, addressing and commissioning of S7-300 systems.
• The CPU 31xC and CPU 31x, Technical Data manual describes the standard functions
of the CPU 315F-2 DP and PN/DP and the CPU 317F-2 DP and PN/DP and the CPU
319F-3 PN/DP.
• The Automation System S7-400 CPU Specifications manual describes the standard
functions of the CPU 416F-2 and CPU 416F-3 PN/DP.
• The ET 200S IM 151-7 CPU Interface Module manual describes the standard IM 1517 CPU.
• The ET 200S IM 151-8 PN/DP CPU Interface Module manual describes the standard
IM 151-7 PN/DP CPU.
• A separate product information bulletin is available for each applicable F-CPU. The
product information bulletins describe only the deviations from the corresponding
standard CPUs.
STEP 7 manuals
•
•
STEP 7online help
•
•
•
PCS 7 manuals
•
The Configuring Hardware and Communication Connections with STEP 7 V5.x manual
describes the operation of the relevant standard tools of STEP 7.
The System Software for S7-300/400 System and Standard Functions reference
manual describes functions for distributed I/O access and diagnostics.
Describes the operation of STEP 7 standard tools
Contains information about how to configure and assign parameters for modules and
intelligent slaves with HW Config
Contains a description of the programming languages FBD and LAD
Describe how to operate the PCS 7 process control system (required when ET 200S
with fail-safe modules is integrated in a higher-level control system)
The entire SIMATIC S7 documentation is available on CD-ROM.
Guide
This manual describes the fail-safe modules of the ET 200S distributed I/O system. It
consists of instructive sections and reference sections (technical specifications and
appendices).
This manual presents the following basic aspects of fail-safe modules:
● Design and use
● Configuration and parameter assignment
● Addressing, assembly and wiring
● Diagnostic evaluation
● Technical specifications
● Order numbers
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
5
Preface
Conventions
In this manual, the terms "safety engineering" and "fail-safe engineering" are used
synonymously. The same applies to the terms "fail-safe" and "F-."
"S7 Distributed Safety" and "S7 F Systems" in italics refer to the optional packages for the
two F-systems: "S7 Distributed Safety" and "S7 F/FH Systems".
Recycling and Disposal
Due to the low levels of pollutants in the fail-safe modules of the ET 200S, the modules can
be recycled. For proper recycling and disposal of your old module (device), consult a
certified disposal facility for electronic scrap.
Additional Support
If you have any further questions about the use of products described in this manual, and do
not find the right answers there, contact your local Siemens representative
(http://www.siemens.com/automation/partner).
Training center
We offer courses to help you get started with the S7 automation system. Contact your
regional training center or the central training center in Nuremberg (90327), Federal Republic
of Germany.
Telephone: +49 911 895-3200
On the Internet (http://www.sitrain.com)
H/F Competence Center
The H/F Competence Center in Nuremberg offers special workshops on SIMATIC S7 failsafe and redundant automation systems. The H/F Competence Center can also provide
assistance with onsite configuration, commissioning and troubleshooting.
Telephone: +49 911 895-4759
Fax: +49 911 895-5193
[email protected]
For questions about workshops / training: [email protected]
Technical Support
You can contact Technical Support for all IA products as follows:
● By completing a Support Request (http://www.siemens.de/automation/support-request)
on the Internet
● Telephone: +49 180 5050 222
● Fax: +49 180 5050 223
For additional information about Siemens Technical Support, refer to Internet
(http://www.siemens.de/automation/service).
6
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Preface
Service & Support on the Internet
In addition to the information in our documentation, you can also access our knowledge base
online at Internet (http://www.siemens.com/automation/service&support).
Here you will find the following information:
● Newsletter providing the latest information on your products
● Exactly the right documentation for your needs, which you can access by performing an
online search in Service & Support
● Worldwide forum in which users and experts exchange ideas
● Your local contact for Automation & Drives
● Information about local service, repairs and replacement parts. Even more information
can be found under "Services".
Important Note for Maintaining Operational Safety of Your System
Note
The operators of systems with safety-related characteristics must adhere to operational
safety requirements. The supplier is also obliged to comply with special product monitoring
measures. To keep you informed, a special newsletter is therefore available containing
information on product developments and properties that are important (or potentially
important) for operating systems where safety is an issue. By subscribing to the appropriate
newsletter, you will ensure that you are always up-to-date and able to make changes to your
system, when necessary. Point your browser to Internet
(https://www.automation.siemens.com/WW/newsletter/guiThemes.aspx?parlasw=1) and
register for the following newsletters:
• SIMATIC S7-300
• SIMATIC S7-400
• Distributed I/O
• SIMATIC Industrial Software
Select the "Updates" check box for this newsletter.
See also
Standards and Approvals (Page 49)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
7
Preface
8
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Table of contents
Preface ...................................................................................................................................................... 3
1
2
3
4
5
6
Product Overview .................................................................................................................................... 13
1.1
Introduction ..................................................................................................................................13
1.2
ET 200S fail-safe modules...........................................................................................................13
1.3
Using ET 200S Fail-Safe Modules...............................................................................................14
1.4
Guide for Commissioning of ET 200S with Fail-Safe Modules....................................................18
Configuring .............................................................................................................................................. 19
2.1
Configuring ET 200S with Fail-Safe Modules ..............................................................................19
2.2
Assigning Modules of an ET 200S...............................................................................................22
2.3
Maximum Number of Connectable Modules/Maximum Configuration ........................................24
2.4
Configuration and Parameter Assignment...................................................................................26
Address Assignment and Installation ....................................................................................................... 27
3.1
Address assignments in the F-CPU.............................................................................................27
3.2
Assignment of the PROFIsafe address .......................................................................................29
3.3
Installing .......................................................................................................................................31
Wiring and Fitting Modules ...................................................................................................................... 33
4.1
Introduction ..................................................................................................................................33
4.2
Safe Functional Extra Low Voltage for Fail-Safe Modules ..........................................................33
4.3
Wiring fail-safe modules...............................................................................................................34
4.4
Insertion and removal of fail-safe modules ..................................................................................36
4.5
Requirements for Sensors and Actuators....................................................................................37
Diagnostics .............................................................................................................................................. 41
5.1
Reactions to Faults ......................................................................................................................41
5.2
Fault Diagnostics .........................................................................................................................43
General Technical Specifications............................................................................................................. 49
6.1
Introduction ..................................................................................................................................49
6.2
Standards and Approvals.............................................................................................................49
6.3
Electromagnetic Compatibility......................................................................................................53
6.4
Shipping and Storage Conditions ................................................................................................57
6.5
Mechanical and Climatic Environmental Conditions....................................................................57
6.6
Specifications for Nominal Line Voltages, Isolation Tests, Protection Class, and Type of
Protection .....................................................................................................................................60
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
9
Table of contents
7
10
Fail-Safe Modules.................................................................................................................................... 61
7.1
Introduction ................................................................................................................................. 61
7.2
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
7.2.6
PM-E F pm DC24V PROFIsafe Power Module .......................................................................... 62
Properties of the PM-E F pm DC24V PROFIsafe Power Module............................................... 62
Terminal assignment of the PM-E F pm DC24V PROFIsafe...................................................... 67
Wiring of the PM-E F pm DC24V PROFIsafe ............................................................................. 70
Parameters of the PM-E F pm DC24V PROFIsafe..................................................................... 74
Diagnostic functions of the PM-E F pm DC24V PROFIsafe ....................................................... 75
Technical Specifications for PM-E F pm 24 VDC PROFIsafe .................................................... 78
7.3
7.3.1
7.3.2
7.3.3
7.3.4
7.3.5
7.3.6
PM-E F pp DC24V PROFIsafe power module............................................................................ 83
Properties of the PM-E F pp DC24V PROFIsafe Power Module................................................ 83
Terminal assignment of the PM-E F pp DC24V PROFIsafe....................................................... 86
Wiring of the PM-E F pp DC24V PROFIsafe .............................................................................. 88
Parameters of the PM-E F pp DC24V PROFIsafe...................................................................... 90
Diagnostic functions of the PM-E F pp DC24V PROFIsafe ........................................................ 90
Technical Specifications for the PM-E F pp 24 VDC PROFIsafe ............................................... 93
7.4
7.4.1
7.4.2
7.4.3
7.4.4
7.4.5
7.4.6
PM-D F DC24V PROFIsafe Power Module ................................................................................ 96
Properties of the PM-D F DC24V PROFIsafe Power Module..................................................... 96
Terminal Assignment of the PM-D F DC24V PROFIsafe ........................................................... 98
Wiring of the PM-D F DC24V PROFIsafe ................................................................................. 100
Parameters of the PM-D F DC24V PROFIsafe......................................................................... 100
Diagnostic Functions of PM-D F DC24V PROFIsafe................................................................ 101
Technical Specifications of the PM-D F DC24V PROFIsafe .................................................... 103
7.5
7.5.1
7.5.2
7.5.3
7.5.4
7.5.5
7.5.6
7.5.7
7.5.8
7.5.9
7.5.10
4/8 F-DI DC24V PROFIsafe Digital Electronic Module............................................................. 105
Properties of the 4/8 F-DI 24 VDC PROFIsafe Digital Electronic Module ................................ 105
Terminal assignment of the EM 4/8 F-DI DC24V PROFIsafe................................................... 106
Wiring of the EM 4/8 F-DI DC24V PROFIsafe .......................................................................... 108
Parameters of the EM 4/8 F-DI DC24V PROFIsafe ................................................................. 108
Applications for the 4/8 F-DI DC24V PROFIsafe Electronic Module ........................................ 113
Application 1: SIL2/Category 3/PLd safety mode ..................................................................... 115
Application 2: Safety mode SIL3/Category 3/PLe..................................................................... 117
Application 3: Safety mode SIL3/Category 4/PLe..................................................................... 125
Diagnostic Functions of the EM 4/8 F-DI DC24V PROFIsafe................................................... 130
Technical Specifications of the EM 4/8 F-DI DC24V PROFIsafe ............................................. 133
7.6
7.6.1
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
7.6.8
EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module.............................................. 136
Properties of the 4 F-DI/3 F-DO DC24V PROFIsafe Digital Electronic Module ....................... 136
Terminal assignment of the EM 4 F-DI/3 F-DO DC24V PROFIsafe......................................... 139
Wiring of EM 4 F-DI/3 F-DO DC24V PROFIsafe ...................................................................... 141
EM 4 F-DI/3 F-DO DC24V PROFIsafe parameters .................................................................. 142
Input applications of EM 4 F-DI/3 F-DO DC24V PROFIsafe .................................................... 145
Output applications of EM 4 F-DI/3 F-DO DC24V PROFIsafe ................................................. 155
Diagnostic functions of EM 4 F-DI/3 F-DO DC24V PROFIsafe ................................................ 156
Technical specifications of the EM 4 F-DI/3 F-DO DC24V PROFIsafe .................................... 159
7.7
7.7.1
7.7.2
7.7.3
7.7.4
7.7.5
7.7.6
4 F-DO DC24V/2A PROFIsafe digital electronic module.......................................................... 163
Properties of the 4 F-DO DC24V/2A PROFIsafe digital electronic module .............................. 163
Terminal assignment of the EM 4 F-DO DC24V/2A PROFIsafe .............................................. 165
Wiring diagram of the EM 4 F-DO DC24V/2A PROFIsafe........................................................ 167
Parameters for the EM 4 F-DO DC24V/2A PROFIsafe ............................................................ 171
Diagnostic Functions of the EM 4 F-DO DC24V/2 A PROFIsafe ............................................. 172
Technical Specifications of the EM 4 F-DO DC24V/2A PROFIsafe ......................................... 174
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Table of contents
7.8
7.8.1
7.8.2
7.8.3
7.8.4
7.8.5
A
1 F-RO DC24V/AC24..230V/5A Digital Electronic Module........................................................177
Properties of the EM 1 F-RO DC24V/AC24..230V/5A...............................................................177
Terminal assignment of EM 1F-RO DC24V/AC24..230V/5A.....................................................178
Wiring of EM 1 F-RO DC24V/AC24..230V/5A ...........................................................................181
Diagnostic functions of EM 1 F-RO DC24V/AC24..230V/5A.....................................................184
Technical specifications of the EM 1 F-RO DC24V/AC24..230V/5A .........................................184
Diagnostic Data of Fail-Safe Modules.................................................................................................... 189
A.1
Einleitung ...................................................................................................................................189
A.2
Structure and Content of Diagnostic Data .................................................................................189
B
Dimension drawings .............................................................................................................................. 197
C
Accessories and Order Numbers........................................................................................................... 199
D
Response times ..................................................................................................................................... 201
E
Connecting Loads.................................................................................................................................. 205
E.1
Connecting capacitive loads ......................................................................................................205
E.2
Switching inductive loads...........................................................................................................207
Glossary ................................................................................................................................................ 209
Index...................................................................................................................................................... 219
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
11
Table of contents
12
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Product Overview
1.1
1
Introduction
Overview
This chapter provides information about the following topics:
● ET 200S distributed I/O system with fail-safe modules and its place in SIMATIC S7 failsafe automation systems
● Components comprising the ET 200S distributed I/O system with fail-safe modules
● The steps you must perform, ranging from selection of the F-modules to commissioning
of ET 200S on PROFIBUS DP/PROFINET IO
1.2
ET 200S fail-safe modules
Fail-safe automation system
Fail-safe automation systems (F-systems) are used in systems with higher-level safety
requirements. F-systems are used to control processes having a safe state immediately after
shutdown. In other words, F-systems control processes in which an immediate shutdown
does not endanger humans or the environment.
ET 200S Distributed I/O System
The ET 200S distributed I/O system is a DP slave/IO device on PROFIBUS DP/PROFINET
IO that can contain fail-safe modules in addition to ET 200S standard modules.
You can use copper cables, fiber-optic cables or WLAN (S7 Distributed Safety as of V5.4) to
assemble the PROFIBUS DP/PROFINET IO lines.
Fail-safe modules
The major difference between fail-safe modules and standard ET 200S modules is that failsafe modules have a two-channel internal design. Both integrated processors monitor each
other, automatically test the I/O circuits, and set the F-module to safe state in the event of a
fault. The F-CPU communicates with the fail-safe module using the PROFIsafe safetyrelated bus profile.
Fail-safe power modules are used to supply load voltage to the potential group and to safely
shut down the load voltage for standard output modules.
Fail-safe digital input modules record the signal states of safety-related sensors and send
corresponding safety message frames to the F-CPU.
Fail-safe digital output modules are suitable for shutdown procedures with short-circuit and
cross-circuit protection up to the actuator.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
13
Product Overview
1.3 Using ET 200S Fail-Safe Modules
1.3
Using ET 200S Fail-Safe Modules
Possible Uses of ET 200S with Fail-Safe Modules
The use of ET 200S with fail-safe modules enables conventional safety engineering designs
to be replaced with PROFIBUS DP/PROFINET IO components. This includes the
replacement of switching devices for emergency STOP, protective door monitors, two-hand
operation, etc.
Use in F-Systems
Fail-safe ET 200S modules can be used:
● In the S7 Distributed Safety F-system with the S7 Distributed Safety optional package
V5.2 or higher
● In the S7 F/FH Systems with the S7 F Systemsoptional package version V5.2 SP 3 or
higher
● To interface ET 200S fail-safe modules to PROFIBUS DP with Distributed Safety or S7
F/FH systems, you need:
– ET 200S fail-safe modules
– F-CPU
– STEP 7 V5.3 SP3 or higher
– IM151-1 DP HIGH FEATURE interface module
– S7 Distributed Safety V5.2 or higher (for the order numbers specified in the "Preface":
F Configuration Pack Version V5.5 SP5 or higher)
The F Configuration Pack can be obtained on the Internet
(http://support.automation.siemens.com/WW/view/en/15208817).
– S7 F Systems V5.2 SP3 or higher
You should also observe the readme file for the F Configuration Pack and the operating
instructions for your F system.
● To connect ET 200S fail-safe modules to PROFINET IO modules with Distributed Safety,
you need:
– ET 200S fail-safe modules
– F-CPU
– STEP 7 V5.3 SP3 or higher
– IM 151-3 PN HIGH FEATURE interface module
– S7 Distributed Safety V5.4 or higher (for the order numbers specified in the "Preface":
F Configuration Pack Version V5.5 SP5 or higher)
The current F Configuration Pack can be obtained on the Internet
(http://support.automation.siemens.com/WW/view/en/15208817).
You should also observe the readme file for the F Configuration Pack and the operating
instructions for your F system.
14
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Product Overview
1.3 Using ET 200S Fail-Safe Modules
● For the central use of the fail-safe ET 200S modules with distributed safety, you require
an IM 151-7 F-CPU or IM 151-8 PN/DP F-CPU.
When using fail-safe ET 200S I/O modules in F-systems, the information contained in the
following manuals applies:
● ET 200S distributed I/O system
● Safety Engineering in SIMATIC S7
● S7 Distributed Safety, Configuring and Programming or S7 F/FH Systems, Configuring
and Programming
F-System with ET 200S
The following figure presents an example configuration for an S7 Distributed Safety Fsystem including an ET 200S on PROFIBUS DP/PROFINET IO.
The fail-safe DP master/IO controller exchanges safety-related and non-safety-related data
with the fail-safe and standard ET 200S modules, etc.
)DLOVDIH
PRGXOHV
6)6)(76)&38
HJ&38'3
(7SUR
)DLOVDIH
PRGXOHV
352),%86'3
352),1(7,2
(76
)DLOVDIH
PRGXOHV
(76 Figure 1-1
S7 Distributed Safety Fail-Safe Automation System (Example Configuration)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
15
Product Overview
1.3 Using ET 200S Fail-Safe Modules
Availability of Fail-Safe Electronic Modules
The following fail-safe electronic modules are available for ET 200S:
● Power module PM-E F pm DC24V PROFIsafe; switching to P/M potential, with 2
additional, fail-safe digital outputs
● Power module PM-E F pp DC24V PROFIsafe; switching to P/P potential
● Power module PM-D F DC24V PROFIsafe; switching to P/P potential
● Digital electronic module 4/8 F-DI DC24V PROFIsafe
● Digital electronic module 4 F-DI/3 F-DO DC24V PROFIsafe
● Digital electronic module 4 F-DO DC24V/2A PROFIsafe; switching to P/M potential
● Digital electronic module 1 F-RO DC24V/AC24..230V/5A
The PM-D F DC24V PROFIsafe is used for selective shutdowns of fail-safe motor starters
via six fail-safe shutdown groups.
A range of terminal modules is available for fail-safe power and electronic modules. You will
find a detailed list in this manual.
Using Interface Modules in ET 200S with Fail-Safe Modules
Depending on the F system, select the interface module for ET 200S as follows:
Table 1- 1
Using Interface Modules in ET 200S with Fail-Safe Modules
Interface module
As of order number
Can be used in ET 200S
with optional package
As of version
IM 151-1 HIGH FEATURE
for PROFIBUS DP interface
6ES7151-1BA01-0AB0
S7 Distributed Safety
V5.2
S7 F Systems
V5.2
IM 151-7 F-CPU for
PROFIBUS DP interface
6ES7151-7FA01-0AB0
S7 Distributed Safety
V5.2
IM 151-8 DP/PN F-CPU for
PROFINET IO interface
6ES7151-8FB00-0AB0
S7 F Configuration Pack
V5.5 SP5
S7 Distributed Safety
V5.4
IM 151-3 PN HIGH
6ES7151-3BA00-0AB0
FEATURE for PROFINET IO 6ES7151-3BA20-0AB0
interface
6ES7151-3BB20-0AB0
The IM 151-1 HIGH FEATURE and the IM 151-3 PN HIGH FEATURE are described in the
respective manuals ET 200S Distributed I/O System. The IM 151-7 F-CPU and IM 151-8
PN/DP F-CPU are described in a separate product information.
Restrictions with EM 4 F-DI/3 F-DO DC24V PROFIsafe
The EM 4 F-DI/3 F-DO DC24V PROFIsafe only supports operation in distributed systems
with the following interface modules:
● 6ES7151-1BA01-0AB0 V2.0.0 or higher
● 6ES7151-3BA20-0AB0 V3.0.0 or higher
● 6ES7151-3BB21-0AB0 V3.0.0 or higher
The EM 4 F-DI/3 F-DO DC24V PROFIsafe can be used centrally with IM 151-7 F-CPU
6ES7151-7FA20-0AB0 V2.6 or higher or IM 151-8 F-CPU 6ES7151-8FB00-0AB0.
16
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Product Overview
1.3 Using ET 200S Fail-Safe Modules
Using the fail-safe power module PM E F pp DC24V PROFIsafe
Using the fail-safe power module PM E F pp DC24V PROFIsafe is only possible:
● As of order number 6ES7151-1BA01-0AB0, Firmware version V1.1.1 or higher
● As of order number 6ES7151-7FA01-0AB0, Firmware version V2.1.4 or higher
Use in Safety Mode Only
Fail-safe modules can only be used in safety mode. They cannot be used in standard mode.
Achievable Safety Classes
Fail-safe modules are equipped with integrated safety functions for safety mode.
The following safety classes can be achieved in safety mode by assigning appropriate
parameters to the safety functions in STEP 7 with the S7 Distributed Safety or S7 F Systems
optional package, by combining certain standard and F-modules and by arranging the wiring
of the sensors and actuators in a specific way:
Table 1- 2
Achievable Safety Classes in Safety Mode
In accordance with IEC
61508
In accordance with EN 954-1
In accordance with ISO 13849
SIL2
Category 3
Performance Level (PL) d
SIL3
Category 3
Performance Level (PL) e
SIL3
Category 4
Performance Level (PL) e
See also
Configuring ET 200S with Fail-Safe Modules (Page 19)
Requirements for Sensors and Actuators (Page 37)
Applications for the 4/8 F-DI DC24V PROFIsafe Electronic Module (Page 113)
Input applications of EM 4 F-DI/3 F-DO DC24V PROFIsafe (Page 145)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
17
Product Overview
1.4 Guide for Commissioning of ET 200S with Fail-Safe Modules
1.4
Guide for Commissioning of ET 200S with Fail-Safe Modules
Introduction
The following table lists all the important steps required for commissioning ET 200S
distributed I/O systems with fail-safe modules as DP slaves/IO devices on
PROFIBUS DP/PROFINET IO.
Steps from Selecting the F-Modules to Commissioning the ET 200S
Table 1- 3
Step
Steps from Selecting the F-Modules to Commissioning the ET 200S
Procedure
See ...
1.
Select F-modules for ET 200S configuration "Configuring" chapter
2.
Configure and assign parameters to Fmodules in STEP 7
"Configuration and Parameter Assignment"
and "Fail-Safe Modules" chapters
3.
Set PROFIsafe addresses on F-modules
"Address Assignment and Installation"
chapter
4.
Install ET 200S
"Address Assignment and Installation"
chapter
5.
Wire the ET 200S
"Wiring and Fitting Modules" chapter
6.
Commission ET 200S on
PROFIBUS DP/PROFINET IO
instructions
7.
Run diagnostics on ET 200S if
commissioning failed
ET 200S Distributed I/O System operating
"Diagnostics" chapter, "Fail-Safe Modules"
chapter and ET 200S Distributed I/O System
operating instructions
Note
You must configure and assign parameters to the F-modules in STEP 7 before you start
commissioning.
Reason: STEP 7 automatically assigns the PROFIsafe addresses to the F-modules. You
must set these PROFIsafe addresses by means of switches on all F-modules prior to their
installation.
18
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
2
Configuring
2.1
Configuring ET 200S with Fail-Safe Modules
Introduction
The ET 200S distributed I/O systems support configurations with standard and fail-safe
modules. This chapter presents an example configuration.
Configuration example of ET 200S with Fail-Safe Modules
In the following figure you will find a configuration example using standard and fail-safe
modules in an ET 200S. You can divide and install the modules in fail-safe and standard
potential groups. A new potential group always begins with a power module.
2
,0 30 )', )'2 ', $2 $, ', '2 )0 ', 30 '2 '2 '2 '2 30
()
'
+) 3
06
7HUPLQDWLQJPRGXOH
1
(76
)DLOVDIHPRGXOH
①
Fail-safe and standard potential groups mixed
②
Fail-safe potential group
③
Standard potential group
Figure 2-1
ET 200S Configuration Example with Fail-Safe Modules
WARNING
If the implemented standard module has electrical isolation of ≥ 60 VAC / 75 VDC and test
voltage of 500 VDC, it is possible to mix F-DI-/F-DO modules and standard DI-/DO-/FM
modules within one potential group as of the following MLFBs for the SIL3/Category 4/PLe:
• 6ES7138-4CF03-0AB0
• 6ES7138-4CF42-0AB0
• 3RK1903-3BA02
• 6ES7138-4FA04-0AB0
• 6ES7138-4FC01-0AB0
• 6ES7138-4FB03-0AB0
• 6ES7 138-4FR00-0AA0
For the predecessor modules, you can achieve SIL2/Category 3/PLd with a mix of F-DI-/FDO modules and standard DI-DO modules.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
19
Configuring
2.1 Configuring ET 200S with Fail-Safe Modules
Configuration Rules for Fail-Safe Potential Groups
The "Assigning Power Modules to Electronic Modules/Motor Starters and Safety Class" table
lists all the fail-safe and standard power modules and electronic modules you can implement
in a potential group.
Configuration with Fail-Safe Motor Starters and Frequency Converters
Use a PM-D F DC24V PROFIsafe for the selective shutdown of:
● Fail-safe motor starters (F-MS) F-DS1e-x, F-RS1e-x
● SINAMICS fail-safe frequency converters (F-FU) with ICU24(F)
● Fail-safe F-CM connection multipliers
● PM-D F X1 fail-safe power/expansion modules.
The PM-D F DC24V PROFIsafe cannot supply other motor starters (such as DS1-x/RS1-x,
DS1e-x/RS1e-x, DSS1e-x)!
The fail-safe motor starters can be expanded:
● Up to safety class SIL3/Category 4/PLe with the Brake Control xB1, xB2 expansion
modules
● Up to safety class SIL2/Category 3/PLd with the Brake Control xB3, xB4 expansion
modules
Example of a Configuration with Fail-safe Motor Starters
6ORW
)&
0
7HUPLQDO
)'2'&9 )56H[
)','&9 )'6H[
)','&9 30('&9 30'
)'&9
352),VDIH
,0
+,*+
)($785(
The figure below shows an example of an ET 200S configuration with two fail-safe potential
groups. The first potential group contains fail-safe motor starters and a connection multiplier.
This configuration achieves safety class SIL3/Category 4/PLe.
a
0
a
Figure 2-2
20
0
a
Configuration Example of ET 200S with Fail-Safe Motor Starters and Connection
Multiplier
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Configuring
2.1 Configuring ET 200S with Fail-Safe Modules
Additional Information on Fail-Safe Motor Starters
All submodules and modules that can be supplied by the PM-D F DC24V PROFIsafe are
described in the ET 200S Motor Starter manual.
Positioning and Connecting Power Modules
An ET 200S containing fail-safe modules is no different than an ET 200S containing
standard modules with regard to the positioning and connection of power modules.
You can position the power modules as you wish. Each TM-P terminal module (for a power
module) that you add to the ET 200S opens a new potential group. All sensor and load
current supplies of the electronic modules/motor starters that follow are fed from this terminal
module.
By placing another TM-P terminal module after an electronic module/motor starter you
interrupt the voltage buses (P1/P2) and simultaneously open a new potential group. This
allows individual interconnection of sensor and load current supplies.
AUX(iliary) bus (AUX 1)
A TM-P terminal module (for a power module) allows the additional connection of a potential
(up to the maximum rated load voltage of the module) which you can apply via the
AUX(iliary) bus. You can use the AUX(iliary) bus as follows:
● As a protective conductive bus
● When additional voltage is required
Additional Information about Positioning and Connecting Power Modules
For further information about positioning and connecting power modules refer to the ET
200S Distributed I/O System Operating Instructions.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
21
Configuring
2.2 Assigning Modules of an ET 200S
2.2
Assigning Modules of an ET 200S
Introduction
This section presents the ET 200S module assignments for:
● Fail-safe power modules to terminal modules
● Fail-safe electronic modules to terminal modules
● Power modules to electronic modules/motor starters
Assigning Fail-Safe Power Modules to Terminal Modules
You can use the F-power modules with the following terminal modules:
Table 2- 1
Assigning Fail-Safe Power Modules to Terminal Modules
F-Power Modules
Terminal Modules
For a Description, See ...
PM-E F pm DC24V PROFIsafe
and
PM-E F pp DC24V PROFIsafe
TM-P30S44-A0 (screw-in type)
Terminal Modules manual
TM-P30C44-A0 (snap-in type)
PM-D F DC24V PROFIsafe
TM-PF30S47-F1 (snap-in type)
for the ET 200S
distributed I/O system
Assigning Fail-Safe Electronic Modules to Terminal Modules
You can use the following fail-safe electronic modules and terminal modules together:
Table 2- 2
22
Assigning Fail-Safe Electronic Modules to Terminal Modules
F-Electronic Modules
Terminal Modules
For a Description, See ...
4/8 F-DI DC24V PROFIsafe,
4 F-DI/3 F-DO DC24V
PROFIsafe, 4 F-DODC24V/2A
PROFIsafe and
1 F-RO DC24V/AC24..230V/5A
TM-E30S46-A1 (screw-in type)
ET 200S Distributed
I/O System Operating
TM-E30C46-A1 (snap-in type)
TM-E30S44-01 (screw-in type)
Instructions
TM-E30C44-01 (snap-in type)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Configuring
2.2 Assigning Modules of an ET 200S
Assigning Power Modules to Electronic Modules/Motor Starters
The table below lists the power modules and electronic modules/motor starters you can
operate within the same potential group.
Note that certain combinations limit the maximum safety class which can be attained.
Table 2- 3
Assigning Power Modules to Electronic Modules/Motor Starters and Safety Class
Electronic Module/Motor Starter
Use and achievable SIL/Category/PL
Power Modules
For a
Description,
See ...
PM-E F pm DC24V
PROFIsafe
"Power module can be used with all standard electronic Safe shutdown of DO
modules
modules of the ET 200S
PM-E F pm
series
DC24V
PROFIsafe"
PM-E F pp DC24V
PROFIsafe
"Power module
PM-E F pp
DC24V
PROFIsafe"
PM-D F DC24V
PROFIsafe
"Power module Can only be used for:
PM-D F
• F-DS1e-x, F-RS1e-x fail-safe motor
DC24V
starters (F-MS)
PROFIsafe"
• Connection multiplier F-CM
• PM-D F X1 power/expansion
module
• Expansion modules Brake Control
xB1 and xB2
PM-E DC24V
Power Module
manual PM-E
DC24V (bis
6ES71384CA01-0AA0)
SIL2/Cat
egory
3/PLd
Safe shutdown of motor
starters
SIL3/Cat.
4/PLe
Can be used for the F-motor starters
indicated above: Brake Control xB3
and xB4 expansion modules
Safe shutdown of motor
starters
SIL2/Cat
egory
3/PLd
can be used with all standard and failsafe electronic modules
Power supply to F-DI, F-DO
and F-RO modules:
SIL2/Cat
egory
3/PLd
up to 6ES7138-4FA03-0AB0
up to 6ES7138-4FC01-0AB0
up to 6ES7138-4FB02-0AB0
up to 6ES7138-4FR00-0AA0
Supply of F-DI modules, FDO modules:
SIL3/Cat.
4/PLe
6ES7138-4FA04-0AB0
6ES7138-4FB03-0AB0
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
23
Configuring
2.3 Maximum Number of Connectable Modules/Maximum Configuration
Power Modules
For a
Description,
See ...
Electronic Module/Motor Starter
Use and achievable SIL/Category/PL
PM-E DC24..48V
PM-E
DC24..48V
(6ES71384CA50-0AB0)
Power Module
Can be used with all standard and failsafe electronic modules
Power supply to F-DI, F-DO
and F-RO modules
SIL3/Cat.
4/PLe
manual
PM-E DC24..48V/
AC24..230V
PM-E
DC24..48V/AC
24..230V (bis
6ES71384CB11-0AB0)
Power Module
manual
See also
Properties of the PM-E F pm DC24V PROFIsafe Power Module (Page 62)
Properties of the PM-E F pp DC24V PROFIsafe Power Module (Page 83)
Properties of the PM-D F DC24V PROFIsafe Power Module (Page 96)
2.3
Maximum Number of Connectable Modules/Maximum Configuration
Maximum Number of Modules
The modules include the interface module, the power and electronic modules, and the motor
starters.
The overall width of an ET 200S is limited to 2 m.
The following restriction applies for IMs as of 6ES7151-1BA01-0AB only when operated in
DPV0 mode:
● The maximum number of modules in an ET 200S also depends on the parameter length
of the modules. Each ET 200S supports a total of 244 bytes.
For further additional information refer to the ET 200S Distributed I/O System Operating
Instructions.
Table 2- 4
Parameter Length of F-Modules in Bytes
Fail-Safe Module
24
Parameter Length
PM-E F pm DC24V PROFIsafe
22 bytes
PM-E F pp DC24V PROFIsafe
20 bytes
PM-D F DC24V PROFIsafe
20 bytes
4/8 F-DI DC24V PROFIsafe
32 bytes
4 F-DI/3 F-DO DC24V PROFIsafe
32 bytes
4 F-DO DC24V/2A PROFIsafe
22 bytes
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Configuring
2.3 Maximum Number of Connectable Modules/Maximum Configuration
Example
In the following example, modules with a total parameter length of 234 bytes were used in an
ET 200S.
Number
and type of
modules
: 1x
Parameter
length
: 27 bytes***
+1x
IM151-1
HIGH
FEATURE
+5x
PM-E
DC24..48V/
AC24..230V
+ 3 bytes
F-DI
module*
+ 160 bytes
+2x
F-DO
module**
+ 44 bytes
=9
modules
= 234 bytes
* 5 F-DI modules are available: 20 SIL3 or 40 SIL2 inputs
** 2 F-DO modules are available: 8 SIL2/SIL3 outputs
*** 56 bytes in isochronous mode
Power Modules: Maximum Configuration per Potential Group
Table 2- 5
Maximum configuration per potential group
Power Modules
Maximum Current
Carrying Capacity
Connectable Modules/Motor Starters
PM-E F pm DC24V
PROFIsafe
10 A
The number of modules that can be connected
depends on the total current of all modules in the
potential group. The total current may not exceed
10 A. The total current is influenced primarily by
the digital output modules.
10 A briefly*
The number of motor starters/modules that can be
connected depends on the total current of all
motor starters/modules in the potential group. The
total current may not exceed 10 A.
PM-E F pp DC24V
PROFIsafe
PM-D F DC24V
PROFIsafe
5 A permanent*
* Reason:
Current Consumption of the F-Motor Starters
U1 (electronics supply)
SG (shutdown groups)
Switching time (up to 200 ms)
0.15 A
0.25 A
Duration (after 200 ms)
0.15 A
0.06 A
ET 200S: Limitations and maximum configuration
For further information about limitations and maximum configuration of the standard ET 200S
refer to the ET 200S Distributed I/O System Operating Instructions.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
25
Configuring
2.4 Configuration and Parameter Assignment
2.4
Configuration and Parameter Assignment
Prerequisite
The requirements from chapter Using ET 200S Fail-Safe Modules (Page 14) apply to
configuring and assigning parameters for ET 200S fail-safe modules.
Configuration
Follow the usual procedure with STEP 7 HW Config to configure fail-safe modules (in the
same way as standard ET 200S modules).
Parameter Assignment for Module Properties
To assign parameters for fail-safe module properties, select the module in STEP 7
HW Config and select the menu command "Edit > Object Properties".
Parameters are downloaded from the programming device to the F-CPU, where they are
stored and then transferred to the fail-safe module.
Parameter Description
You will find a description of assignable fail-safe module parameters in this manual.
PROFIsafe Address and PROFIsafe Address Assignment
You can find a description of PROFIsafe addresses and the address assignment procedure
in this manual.
See also
Assignment of the PROFIsafe address (Page 29)
Parameters of the PM-E F pm DC24V PROFIsafe (Page 74)
Parameters of the PM-E F pp DC24V PROFIsafe (Page 90)
Parameters of the PM-D F DC24V PROFIsafe (Page 100)
Parameters of the EM 4/8 F-DI DC24V PROFIsafe (Page 108)
EM 4 F-DI/3 F-DO DC24V PROFIsafe parameters (Page 142)
Parameters for the EM 4 F-DO DC24V/2A PROFIsafe (Page 171)
26
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
3
Address Assignment and Installation
3.1
Address assignments in the F-CPU
Address Assignment
The fail-safe modules occupy the following address ranges in the F-CPU:
● For S7 Distributed Safety: in the area of the process image
● For S7 F/FH systems: in the area of the process image
Table 3- 1
Address Assignment in the F-CPU
F-Module
Occupied Bytes in the F-CPU:
In Input Range
In Output Range
x + 0 to x + 4
x + 0 up to x + 4
PM-E F pp DC24V PROFIsafe
x + 0 up to x + 4
x + 0 up to x + 4
PM-D F DC24V PROFIsafe
x + 0 up to x + 4
x + 0 up to x + 4
4/8 F-DI DC24V PROFIsafe
x + 0 to x + 5
x + 0 to x + 3
4 F-DI/3 F-DO DC24V PROFIsafe
x + 0 up to x + 6
x + 0 up to x + 4
4 F-DO DC24V/2A PROFIsafe
x + 0 up to x + 4
x + 0 up to x + 4
1 F-RO DC24V/AC24..230V/5A
x.0 and x.1*
—
PM-E F pm DC24V PROFIsafe
x = Module start address
* The bit addresses can be moved using the "Pack addresses" function.
Addresses Occupied by Useful Data
The useful data occupy the following addresses of the assigned addresses of the fail-safe
modules in the F-CPU:
Table 3- 2
Byte in the
F-CPU
Addresses Occupied by Useful Data
Occupied Bits in F-CPU per F-Module:
7
6
5
4
3
2
—
—
—
—
Channel
2
—
—
—
—
—
1
0
PM-E F pm DC24V PROFIsafe:
x+0
—
Channel Channel
1
0
PM-E F pp DC24V PROFIsafe:
x+0
—
—
Channel
0
PM-D F DC24V PROFIsafe:
x+0
—
—
Channel Channel Channel Channel
5
4
3
2
Channel Channel
1
0
4/8 F-DI DC24V PROFIsafe:
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
27
Address Assignment and Installation
3.1 Address assignments in the F-CPU
Occupied Bits in F-CPU per F-Module:
x+0
Channel Channel Channel Channel Channel Channel
7
6
5
4
3
2
Channel Channel
1
0
4 F-DI/3 F-DO DC24V PROFIsafe:
x + 0 (inputs)
—
—
—
—
x + 0 (outputs)
—
—
—
—
—
—
—
—
—
—
Channel Channel
3
2
—
Channel Channel
1
0
Channel
2
Channel Channel
1
0
Channel Channel
3
2
Channel Channel
1
0
4 F-DO DC24V/2A PROFIsafe:
x+0
—
1 F-RO DC24V/AC24..230V/5A:
x+0
—
—
—
0
Channel
0
(Readba
ck
channel)
x = Module start address
WARNING
You may only access the addresses occupied by useful data. The other address ranges
occupied by the F-modules are assigned for functions including safety-related
communication between the F-modules and F-CPU in accordance with PROFIsafe.
With the 1oo2 evaluation of sensors, only the less significant channel of the channels that
are grouped as a result of the 1oo2 sensor evaluation can be accessed in the safety
program.
Additional Information
Detailed information about fail-safe I/O access can be found in the S7 Distributed Safety,
Configuring and Programming manual or the S7 F/FH Systems, Configuring and
Programming manual.
28
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Address Assignment and Installation
3.2 Assignment of the PROFIsafe address
3.2
Assignment of the PROFIsafe address
PROFIsafe address
Every fail-safe module has an own PROFIsafe address. Before installing fail-safe modules,
you must set the PROFIsafe address on each F-module.
PROFIsafe Address Assignment
The PROFIsafe addresses (F_source_address, F_destination_address) are assigned
automatically when you configure the fail-safe modules in STEP 7.
You can view the F_destination_address in binary format in HW Config in the Object
properties of the fail-safe modules in the "DIP switch setting" parameter. You read the
PROFIsafe address from the parameter assignment dialog box and set it on the fail-safe
module using the address switch.
You can edit the configured F_destination_address in HW Config. To prevent addressing
errors, however, we recommend that you use the automatically assigned
F_destination_address.
Address Switch for Setting PROFIsafe Addresses
The address switch (10-pin DIP switch) is located on the left-hand side of every fail-safe
module. Use this address switch to set the PROFIsafe address (F_destination_address) of
the F-module.
Note
Fail-safe modules in ET 200S can only be operated in safety mode.
Setting the Address Switch
Before installing the F-module, ensure that the address switch is set correctly.
Valid range of the PROFIsafe addresses: 1 to 1022. The figure below shows an example of
an address switch setting.
21
([DPSOH$GGUHVV 2))
Figure 3-1
Example for Setting the Address Switch (DIP Switch)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
29
Address Assignment and Installation
3.2 Assignment of the PROFIsafe address
Note
An address switch of the smallest possible dimensions is installed for reasons of space
saving. This makes it sensitive to pressure and objects with sharp edges. Always use a
suitable tool to operate the address switch.
Diverse tools suitable for activating the address switch are available on the market, for
example, the Grayhill DIPSTICK. A ballpoint pen may be employed if used carefully. It is
imperative to avoid any burring which would prevent the switch from reaching its home
position. Therefore, DO NOT use screwdrivers or knives to operate the address switch.
Rules for Address Assignment
WARNING
Observe the following rules when assigning addresses:
• Make sure that the address switch setting on the module matches the PROFIsafe
address in the HW Config.
• Rule for PROFIBUS subnets:
The switch setting on the F-I/O address switch, i.e. its PROFIsafe destination address,
must be unique within the network* and station** (system-wide). You can assign up to
1,022 different PROFIsafe destination addresses.
Exception: The fail-safe I/Os in different I slaves may have the same PROFIsafe
destination address assigned, as they are only addressed within the station, that is, by
the F-CPU in the I-slave.
Rules for Ethernet subnets and combined PROFIBUS and Ethernet subnet
configurations:
The address switch setting on the fail-safe I/O, i.e. the PROFIsafe destination address
only*** has to be unambiguous within the Ethernet subnet, including all sublevel
PROFIBUS subnets and station-wide** (system-wide). You can assign up to 1,022
different PROFIsafe destination addresses.
Exception: The fail-safe I/Os in different I slaves may have the same PROFIsafe
destination address assigned, as they are only addressed within the station, that is, by
the F-CPU in the I-slave.
The networked nodes of an Ethernet subnet are characterized by having IP addresses
with a shared subnet address, i.e. the IP addresses are congruent with the "1" digits in
the subnet mask.
Example:
IP address: 140.80.0.2
Subnet mask: 255.255.0.0 = 11111111.11111111.00000000.00000000
Meaning: Bytes 1 and 2 of the IP address define the subnet; subnet address = 140.80.
*: A network consists of one or more subnets. "Network-wide" = across subnet boundaries.
**: "Station-wide" means one station in HW Config (e.g. an S7-300 station or an I-slave)
***: Beyond Ethernet subnet boundaries if cyclic PROFINET IO communication (RT
communication) is excluded.
30
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Address Assignment and Installation
3.3 Installing
3.3
Installing
Installing the fail-safe modules
The fail-safe power modules, electronic modules, and terminal modules are part of the ET
200S range of modules. They are installed using the same procedure as for all standard
modules in an ET 200S.
Detailed information about module installation is available in the ET 200S Distributed I/O
System Operating Instructions.
Installation dimensions
Note that fail-safe modules are 30 mm wide (twice the width of standard ET 200S modules).
Otherwise, the information provided in the ET 200S Distributed I/O System Operating
Instructions applies.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
31
Address Assignment and Installation
3.3 Installing
32
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Wiring and Fitting Modules
4.1
4
Introduction
WARNING
In order to prevent hazardous risks to persons or to the environment, you must not under
any circumstances override safety functions or implement any measures that cause safety
functions to be bypassed or that result in the bypassing of safety functions. The
manufacturer is not liable for the consequences of such manipulation or for damages that
result from failure to heed this warning.
This chapter
This chapter covers the special features involved in wiring and fitting fail-safe modules.
Information about this subject that applies to both ET 200S with fail-safe modules and ET
200S with standard modules can be found in the ET 200S Distributed I/O System operating
instructions.
4.2
Safe Functional Extra Low Voltage for Fail-Safe Modules
Safe Functional Extra-Low Voltage
WARNING
Fail-safe modules must be operated with safe functional extra-low voltage (SELV, PELV).
This means that these modules, even in the event of a fault, can only have a maximum
voltage of Um. The following applies for all fail-safe modules:
Um < 60.0 V
You can find additional information about safe functional extra-low voltage in the data
sheets, for example, of the applicable power supplies.
All system components that can supply electrical energy in any form whatsoever must fulfill
this condition.
Each additional power circuit (24 VDC) installed in the system must be operated on safe
functional extra-low voltage (SELV, PELV). Refer to the relevant data sheets or contact the
manufacturer.
Sensors and actuators with an external power supply can also be connected to F-modules.
Make sure here, too, that power is supplied to these components from safe functional extralow voltage. The process signal of a 24 VDC digital module may not exceed a fault voltage
Um in the event of a fault.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
33
Wiring and Fitting Modules
4.3 Wiring fail-safe modules
WARNING
All voltage sources, for example, internal 24 VDC load voltage supplies, external 24 VDC
load voltage supplies and 5 V DC bus voltage, must be electrically connected externally.
This prevents potential differences from causing voltage additions at the individual voltage
sources which would cause the fault voltage Um to be exceeded.
Ensure that line cross-sections are sufficient for electrical connection in accordance with
the ET 200S configuration guidelines (see ET 200S distributed I/O system operating
instructions).
Power supply Requirements for Compliance with NAMUR Recommendations
Note
Always use power packs or power supplies (230 VAC --> 24 VDC) with a power failure ridethrough of at least 20 ms to ensure compliance with NAMUR recommendation NE 21,
IEC 61131-2 and EN 298. The latest up-to-date information on PS components is available
on the Internet (https://mall.ad.siemens.com).
These requirements also apply, of course, to power packs and power supplies which are not
manufactured to ET 200S or S7-300/-400 configuration standards.
See also
Specifications for Nominal Line Voltages, Isolation Tests, Protection Class, and Type of
Protection (Page 60)
4.3
Wiring fail-safe modules
Same Wiring Procedure as for ET 200S
Fail-safe power modules, electronic modules and terminal modules are part of the ET 200S
range of modules. They are wired using the same procedure as for all standard modules in
an ET 200S.
Refer to the ET 200S Distributed I/O System operating instructions for detailed information
on wiring and fitting the modules and IM 151.
WARNING
When assigning signals of the F-DI module, remember that signals should only be routed
within a cable or sheathed cable if:
• A short-circuit in the signals does not conceal a serious safety risk
• Signals are supplied by different sensor supplies of this F-DI module
34
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Wiring and Fitting Modules
4.3 Wiring fail-safe modules
Mounting Rails
The ET 200S distributed I/O system is installed on a mounting rail according to EN 60715
(35 x 7.5 mm or 35 x 15 mm).
Appropriate surface designs are:
● Steel strip according to Appendix A of EN 60715, or
● Tinned steel strip. We recommend the following mounting rails for this purpose:
– 6ES5710-8MA11 (length: 483 mm)
– 6ES5710-8MA21 (length: 530 mm)
– 6ES5710-8MA31 (length: 830 mm)
– 6ES5710-8MA41 (length: 2000 mm)
Note
If you use rails from other manufacturers, please ensure that these have the properties
necessary to withstand your climatic ambient conditions.
Terminal assignment of the TMs
The terminal assignment of the TMs depends on the installed power or electronic module.
See also
Wiring of the PM-E F pm DC24V PROFIsafe (Page 70)
Wiring of the PM-E F pp DC24V PROFIsafe (Page 88)
Wiring of the PM-D F DC24V PROFIsafe (Page 100)
Wiring of the EM 4/8 F-DI DC24V PROFIsafe (Page 108)
Wiring of EM 4 F-DI/3 F-DO DC24V PROFIsafe (Page 141)
Wiring diagram of the EM 4 F-DO DC24V/2A PROFIsafe (Page 167)
Wiring of EM 1 F-RO DC24V/AC24..230V/5A (Page 181)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
35
Wiring and Fitting Modules
4.4 Insertion and removal of fail-safe modules
4.4
Insertion and removal of fail-safe modules
Inserting and Removing Electronic Modules
In ET 200S, the same procedure is used to insert and remove both fail-safe modules and
standard modules on terminal modules (see ET 200S Distributed I/O System manual).
Inserting and Removing Electronic Modules during Operation
F-modules can be inserted and removed during operation in exactly the same way as
standard modules in ET 200S.
Note
Hot-swapping fail-safe modules in ET 200S during operation generates a communication
error on the F-CPU.
You must acknowledge this communication error in your safety program. (For information on
the response of the F-system after communication errors, output of a fail-safe value and user
acknowledgment, refer to the S7 Distributed Safety, Configuration and Programmingor S7
F/FH Systems, Configuring and Programming).
If the communication error is not acknowledged, the useful data of the F modules remain
passivated (inputs and outputs in "0" state).
Conditions for Insertion and Removal during Operation
The table below lists the F-modules which support hot-swapping and the conditions under
which this is possible:
Table 4- 1
Conditions for Hot-Swapping Fail-Safe Modules
Module
Insertion and
Removal
Conditions
Interface module
No
—
Fail-safe power module (PM E-F pm)
Yes
Load voltage must be switched off
Fail-safe power module (PM E-F pp)
Yes
Fail-safe power module (PM D-F)
Yes
Fail-safe electronic module (F-DI)
Yes
—
Fail-safe electronic module (F-DI/DO)
Yes
Load voltage must be switched off
Fail-safe electronic module (F-DO)
Yes
Load voltage must be switched off
Fail-safe electronic module (F-RO)
Yes
Load voltage must be switched off
Remember to Set the PROFIsafe Address
When replacing F-modules, ensure that the address switch (DIP switch) settings of the left of
the modules match.
36
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Wiring and Fitting Modules
4.5 Requirements for Sensors and Actuators
See also
Assignment of the PROFIsafe address (Page 29)
4.5
Requirements for Sensors and Actuators
General Requirements for Sensors and Actuators
Please note the following important information for safety-related use of sensors and
actuators:
WARNING
The use of sensors and actuators is beyond our sphere of influence. We have equipped our
electronics with such safety engineering features as to leave 85% of the maximum
permissible hazardous faults probability for sensors and actuators to you (this corresponds
to the recommended load sharing in safety engineering between sensing devices, actuating
devices and electronic switching for input, processing and output).
Note, therefore, that instrumentation with sensors and actuators bears a considerable
safety responsibility. Remember, too, that sensors and actuators do not generally withstand
proof-test intervals of 10 years as defined in IEC 61508 without considerable loss of safety.
The probability of hazardous faults and the rate of hazardous faults of safety functions must
comply with an SIL-defined upper limit. You will find a listing of values achieved by Fmodules in the technical specifications of the F-modules under "Fail-safe performance
characteristics".
To achieve SIL3 (Category 4/PLe), suitably qualified sensors are necessary.
Additional Sensor Requirements
General rule: A single-channel sensor is sufficient to achieve SIL2/Category 3/PLd.
However, the sensors must be wired to two channels in order to achieve SIL3/Category
4/PLe. However, to achieve SIL2/Category 3/PLd with a single-channel sensor, the sensor
itself must be SIL2/Category 3/PLd-capable, otherwise the sensor must be wired to two
channels in order to achieve this safety level.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
37
Wiring and Fitting Modules
4.5 Requirements for Sensors and Actuators
Duration Requirements for Sensor Signals
WARNING
Observe the following requirements for sensor signals:
• In order to guarantee accurate detection of sensor signals by the F-DI module, you must
ensure that the sensor signals have a defined minimum duration.
• Reliable pulse detection requires an interval between two signal changes (pulse
duration) greater than the PROFIsafe monitoring time.
Reliable detection by the F-DI module
The table below lists the minimum duration of sensor signals for the F-DI module. This
depends on the parameter settings made in STEP 7 for the short-circuit test and the input
delay.
Table 4- 2
Minimum Duration of Sensor Signals to Allow Correct Detection by F-DI-Module
Short-Circuit Test Parameter
Programmed Input Delay
0.5 ms
3 ms
15 ms
Deactivated
7 ms
9 ms
23 ms
Activated
7 ms
12 ms
37 ms
Reliable Detection by the Safety Program on the F-CPU
Information about the times required for the reliable detection of sensor signals in the safety
program is available in "Fail-Safe Modules" of the Safety Engineering in SIMATIC S7 system
description.
Additional Requirements for Actuators
The F-modules test the outputs at regular intervals. To do so, the F-module briefly switches
off the activated outputs. Duration of these test pulses:
● Dark period < 1 ms
Rapid response actuators may briefly drop out during the test. If your process does not
tolerate this, you must use actuators with a sufficient lag (> 1 ms).
WARNING
If the actuators are operated at voltages greater than 24 VDC (for example, 230 VDC) or if
the actuators switch higher voltages, safe isolation must be ensured between the outputs of
a fail-safe output module and the components carrying a higher voltage (in accordance with
EN 50178).
This is generally the case for relays and contactors. Particular attention must be paid to this
issue for semiconductor switching devices.
38
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Wiring and Fitting Modules
4.5 Requirements for Sensors and Actuators
See also
Using ET 200S Fail-Safe Modules (Page 14)
Assignment of the PROFIsafe address (Page 29)
Technical Specifications for PM-E F pm 24 VDC PROFIsafe (Page 78)
Technical Specifications for the PM-E F pp 24 VDC PROFIsafe (Page 93)
Technical Specifications of the PM-D F DC24V PROFIsafe (Page 103)
Applications for the 4/8 F-DI DC24V PROFIsafe Electronic Module (Page 113)
Technical Specifications of the EM 4/8 F-DI DC24V PROFIsafe (Page 133)
Input applications of EM 4 F-DI/3 F-DO DC24V PROFIsafe (Page 145)
Technical specifications of the EM 4 F-DI/3 F-DO DC24V PROFIsafe (Page 159)
Technical Specifications of the EM 4 F-DO DC24V/2A PROFIsafe (Page 174)
Technical specifications of the EM 1 F-RO DC24V/AC24..230V/5A (Page 184)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
39
Wiring and Fitting Modules
4.5 Requirements for Sensors and Actuators
40
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
5
Diagnostics
5.1
Reactions to Faults
Safe State (Safety Concept)
The basic principle behind the safety concept is the existence of a safe state for all process
variables.
Note
For digital F-modules, this safe state is the value "0". This applies to both sensors and
actuators.
Reactions to Faults and Startup of the F-System
The safety function requires that fail-safe values (safe state) be applied to the fail-safe
module instead of process values (passivation of the fail-safe module) in the following
situations:
● When the F-system is started up
● If errors are detected during safety-related communication between the F-CPU and the Fmodule via the PROFIsafe safety protocol (communication error).
● If fail-safe I/O or channel faults occur (for example wire break, discrepancy error)
Faults detected are entered in the diagnostic buffer of the F-CPU and reported to the safety
program in the F-CPU.
F-modules cannot save errors as retentive data. When the system is powered down and
then restarted, any faults still existing are detected again during startup. However, you have
the option of saving faults in your safety program.
WARNING
Channel faults do not trigger any diagnostic reactions or error handling for channels that
have been set to "deactivated" in STEP 7, even when this channel is affected indirectly by a
channel group fault ("Channel activated/deactivated" parameter).
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
41
Diagnostics
5.1 Reactions to Faults
Remedying faults in the F-system
To remedy faults in your F-system, proceed as described in EN 61508-1 Section 7.15.2.4
and EN 61508-2 Section 7.6.2.1 e.
The following steps must be performed:
1. Diagnosis and repair of the fault
2. Revalidation of the safety function
3. Recording in the service report
Fail-safe value output for F-modules
If channels are passivated with F-DI modules, the F-system provides fail-safe values for the
safety program instead of the process values applied to the fail-safe inputs.
● For F-DI modules, this is always the fail-safe value "0".
In the case of F-DO modules and PM-E F pm DC24V PROFIsafe, if passivation occurs the
F-system transfers fail-safe values (0) to the fail-safe outputs instead of the output values
provided by the safety program. The output channels are de-energized. This also applies
when the F-CPU goes into STOP mode. You cannot program fail-safe values.
Depending on the F-system used and the type of fault that occurred, (F-I/O, channel or
communication fault), fail-safe values are used either for the affected channel only or for all
channels of the fail-safe module involved.
In S7 distributed safety F-systems up to V5.3, the entire F-module is passivated when a
channel fault occurs. Starting with S7 distributed safety V5.4, F-modules as of the indicated
order numbers can also be passivated on a channel-level basis.
Reintegration of a Fail-Safe Module
The system changes from fail-safe to process values (reintegration of an F-module) either
automatically or only after user acknowledgment in the safety program. It may be necessary
to remove and insert the F-module to clear certain channel faults. For an exact list of such
faults, see section "Power module PM-E F pm DC24V PROFIsafe" to "Digital electronic
module4 F-DO DC24V/2A PROFIsafe" in the "Causes of errors and troubleshooting" tables.
After reintegration, the following occurs:
● For a fail-safe DI module, the process values pending at the fail-safe inputs are provided
for the safety program
● For a fail-safe DO module, the output values provided in the safety program are again
transferred to the fail-safe outputs
Additional Information on Passivation and Reintegration
For further information about fail-safe I/O access refer to the S7 Distributed Safety,
Configuring and Programming manual or the S7 F/FH Systems, Configuring and
Programming manual.
42
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Diagnostics
5.2 Fault Diagnostics
Reaction of the F-module with inputs to communication errors
The F-module with inputs responds differently to communication errors compared to other
errors.
If a communication error is detected, the current process values remain set at the inputs of
the F module and the channels are not passivated. The current process values are sent to
the F-CPU and are passivated in the F-CPU.
See also
Properties of the PM-E F pm DC24V PROFIsafe Power Module (Page 62)
Properties of the PM-E F pp DC24V PROFIsafe Power Module (Page 83)
Properties of the PM-D F DC24V PROFIsafe Power Module (Page 96)
Properties of the 4/8 F-DI 24 VDC PROFIsafe Digital Electronic Module (Page 105)
Properties of the 4 F-DI/3 F-DO DC24V PROFIsafe Digital Electronic Module (Page 136)
Properties of the 4 F-DO DC24V/2A PROFIsafe digital electronic module (Page 163)
Properties of the EM 1 F-RO DC24V/AC24..230V/5A (Page 177)
5.2
Fault Diagnostics
Purpose of Diagnostics
Diagnostics are used to determine whether error-free signal acquisition is taking place at the
fail-safe modules. Diagnostics information is assigned either to a single channel or to the
entire F-module.
Diagnostics functions are not safety critical
None of the diagnostic functions (displays and messages) are safety critical and therefore
not designed to be safety-related functions. Consequently, they are not tested internally.
Diagnostic Options for Fail-Safe Modules in ET 200S
The following diagnostic options are available for fail-safe modules:
● LED display on the module front panel
● Diagnostic functions of F-modules (slave diagnostics in accordance with IEC 617841:2003.)
Non-Programmable Diagnostic Functions
Fail-safe electronic and power modules provide diagnostic functions which cannot be
programmed by the user. This means that the diagnostic functions are always activated, and
are automatically made available by the F-module in STEP 7 and passed on to the F-CPU in
the event of a fault.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
43
Diagnostics
5.2 Fault Diagnostics
Programmable Diagnostic Functions
You can program (activate) certain diagnostic functions in STEP 7:
● Wire-break detection for the F-DI/F-DO module, the F-DO module and the PM-E F pm
● Short-circuit monitoring for the F-DI/F-DO module and F-DI module
WARNING
Diagnostic functions should be activated or deactivated in accordance with the
application.
Diagnostics by LED Display
Every fail-safe power and electronic module (with the exception of the EM
1 F-RO DC24V/AC24..230V/5A) indicates faults by means of its SF LED (group fault LED).
The SF-LED lights up as soon as a diagnostic function is triggered by the F-module. The SF
LED flashes as long as a cleared fault has not been acknowledged (as of release version
02.) It goes dark when all faults have been eliminated and acknowledged.
The power module is also equipped with a PWR LED which displays the status of the load
voltage supply of the potential group.
The 4/8 F-DI DC24V PROFIsafe electronic module is equipped with two additional fault
LEDs (1VsF and 2VsF) that display faults for the two internal sensor power supplies.
The 4 F-DI/3 F-DO DC24V PROFIsafe electronic module also has a fault LED (VsF) that
displays the faults of the internal sensor supply, and a channel LED, the channel LED and
the SF LED light up red as soon as a diagnostic function is triggered by the F-module. The
LEDs go dark when all faults have been eliminated.
The SF LED flashes until you acknowledge passivation following a module fault.
Slave Diagnostics
Slave diagnostics comply with IEC 61784-1:2003. The fail-safe EMs and PMs support slave
diagnostics in exactly the same way as standard ET 200S modules.
Information about the general structure of slave diagnostics for the ET 200S and the fail-safe
modules can be found in the ET 200S Distributed I/O System manual. A description of
channel-specific diagnostics for fail-safe modules is presented below.
44
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Diagnostics
5.2 Fault Diagnostics
Channel-Specific Diagnostics
As with the ET 200S, there are three bytes available for channel-specific diagnostics, starting
at byte 35. Up to 9 channel-specific diagnostic messages are possible per station. Channelspecific diagnostics for fail-safe modules are structured as follows.
%\WH
%LWQR
%WR%0RGXOHVORW
WKDWLVSURYLGLQJWKHFKDQQHOVSHFLILFGLDJQRVWLFV
&RGHIRUFKDQQHOUHODWHGGLDJQRVWLFV
%LWQR
%\WH
%WR%1XPEHURIFKDQQHOSURYLGLQJWKHGLDJQRVWLFV
%,QSXWFKDQQHO)',PRGXOH)',)'2PRGXOH
%2XWSXWFKDQQHO)'2PRGXOH)',)'2PRGXOH30()SP30()SSRU30')
%,QSXWRXWSXWFKDQQHO
%LWQR
%\WH
)DXOWW\SHVHHWDEOHEHORZ
&KDQQHO %ELW
)',)'2PRGXOH)'2PRGXOH30()SP
%ELW
30()SS)',PRGXOHRU30')
%ELW
%E\WHV
%ZRUG
%ZRUGV
%\WH
1H[WFKDQQHOVSHFLILFGLDJQRVWLF
WR
DVVLJQPHQWVDPHDV%\WHVWR
PD[E\WHV
Figure 5-1
Structure of Channel-Specific Diagnostics
Note
The module slot coding is contained in byte 35, bits 0 to 5. The following applies:
displayed number + 1 = module slot
(0 = slot 1; 1 = slot 2, and so forth)
Note
Channel-specific diagnostics data are always updated to the current diagnostic function in
the diagnostic message frame. Older, successive diagnostic functions are not deleted.
Remedy: Evaluate the valid, current length of the diagnostic message frame. To do this, use
the parameter RET_VAL of the SFC 13 in STEP 7.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
45
Diagnostics
5.2 Fault Diagnostics
Possible Fault Types of Fail-Safe Modules
The table below lists the messages of the IM 151-1 HIGH FEATURE. When using the
IM 151-7 F-CPU or IM 151-8 DP/PN F-CPU, you can obtain detailed diagnostic information
using HW diagnosticsinSTEP 7.
Table 5- 1
Error types of channel-related diagnostics (apart from EM 1 F-RO DC24V/AC24..230V/5A)
Fault
Type
00001B
1D
Diagnostic Function in
STEP 7
F-Module
Special Meaning for F-Modules
Short circuit
EM 4/8 F-DI
Short circuit to L+ on the unconnected sensor cable
EM 4 F-DI/3 F-DO
Short circuit to sensor supply L+
Short circuit to ground or sensor supply failure
Internal fault at the read circuit/test circuit
PM-E F pm DC24V
P output driver failure
4 F-DO
Short circuit of output to L+ or output driver
4 F-DI/3 F-DO
M output driver failure
Short circuit of output to M, or output driver failure
00100B
4D
Overload
4 F-DI/3 F-DO
Overload
PM-E F pm DC24V
Overcurrent at output driver
4 F-DO
00101B
5D
Overtemperature
00110B
6D
Line break
all apart from
4 F-DI/3 F-DO
—
PM-E F pm DC24V
Wire break
4 F-DO
01001B
9D
Fault
all
RAM fault
EPROM fault
Processor failure (expected DIP switch value /
actual DIP switch value)
Internal fault at the read circuit/test circuit
10000B
16D
Parameter assignment
error
all
Parameter assignment error
10001B
17D
Sensor voltage or load
voltage missing
all
External auxiliary supply missing
10011B
19D
Communication error
all
CRC (cyclic redundancy check) error in data
message frame
11001B
25D
Safety-related
shutdown
4/8 F-DI
Monitoring time for data message frame exceeded
Discrepancy error
4 F-DI/3 F-DO
PM-E F pm DC24V
Switching frequency exceeded
PM-E F pp DC24V
4/8 F-DI / 4 F-DO
4 F-DI/3 F-DO
46
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Diagnostics
5.2 Fault Diagnostics
Reaction of F-Modules to Module Failure
The following events occur following a serious internal fault in the F-module, causing Fmodule failure:
● The connection to the backplane bus is interrupted and the fail-safe I/O are passivated
● Diagnostics are not transmitted from the F-module and the default diagnostic message
"Module Fault" is reported
● The SF LED of the corresponding F-module illuminates
Specific Information about Diagnostic Functions
All module-specific diagnostic functions, possible causes and their troubleshooting can be
found in the Chapters "Power modulePM-E F pm DC24V PROFIsafe" to "Digital electronic
module 1 F-RO DC24V/AC24..230V/5A".
These sections also provide information about the status and diagnostic functions indicated
by the LEDs on the front panel of the relevant F-module.
Reading Out Diagnostic Functions
You can display the cause of a fault in the STEP 7 module diagnostics (see STEP 7 Online
Help).
You can read the diagnostic functions (slave diagnostics) by calling SFC 13 in the standard
user program (see System and Standard Functions reference manual).
See also
Diagnostic functions of the PM-E F pm DC24V PROFIsafe (Page 75)
Diagnostic functions of the PM-E F pp DC24V PROFIsafe (Page 90)
Diagnostic Functions of PM-D F DC24V PROFIsafe (Page 101)
Diagnostic Functions of the EM 4/8 F-DI DC24V PROFIsafe (Page 130)
Diagnostic functions of EM 4 F-DI/3 F-DO DC24V PROFIsafe (Page 156)
Diagnostic Functions of the EM 4 F-DO DC24V/2 A PROFIsafe (Page 172)
Diagnostic functions of EM 1 F-RO DC24V/AC24..230V/5A (Page 184)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
47
Diagnostics
5.2 Fault Diagnostics
48
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
General Technical Specifications
6.1
6
Introduction
This chapter
This chapter provides information about fail-safe modules:
● The most important standards and approvals
● General technical specifications
General Technical Specifications
The General Technical Specifications comprise the standards and test values with which the
fail-safe modules must comply when installed in an ET 200S and the test criteria for fail-safe
modules on the one hand, and requirements of fail-safe modules in terms of shipping,
storage and environmental conditions.
6.2
Standards and Approvals
CE approval
The ET 200S fail-safe modules meet the requirements and protection targets of the following
EC Directives and comply with the harmonized European standards that have been issued
for PLCs in the official gazettes of the European Community:
● 2006/108/EC "Electrical equipment for use within specific voltage limits" (Low-voltage
directive)
● 2004/108/EC "Electromagnetic Compatibility" (EMC Directive)
● 94/9/EC "Equipment and Protective Systems Intended for Use in Potentially Explosive
Atmospheres" (Explosion Protection Guideline)
The EC declarations of conformity are kept available for the relevant authorities at:
Siemens Aktiengesellschaft
Industry Sector
IA AS RD ST
P.O. Box 1963
D-92209 Amberg
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
49
General Technical Specifications
6.2 Standards and Approvals
UL approval
Underwriters Laboratories Inc., in accordance with
● UL 508 (Industrial Control Equipment)
CSA Approval
Canadian Standard Association (CSA) in accordance with
● C22.2 No. 142 (Process Control Equipment)
or
Underwriters Laboratories Inc., in accordance with
● UL 508 (Industrial Control Equipment)
● CSA C22.2 No. 142 (Process Control Equipment)
or
+$=/2&
Underwriters Laboratories Inc., in accordance with
● UL 508 (Industrial Control Equipment)
● CSA C22.2 No. 142 (Process Control Equipment)
● UL 1604 (Hazardous Location)
● CSA-213 (Hazardous Location)
APPROVED for use in
Class I, Division 2, Group A, B, C, D Tx;
Class I, Zone 2, Group IIC Tx
Note
The nameplate on each module indicates the currently valid approvals.
50
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
General Technical Specifications
6.2 Standards and Approvals
FM Approval
Factory Mutual Research (FM) to
● Approval Standard Class Number 3611, 3600, 3810
APPROVED for use in
Class I, Division 2, Group A, B, C, D Tx;
Class I, Zone 2, Group IIC Tx
In accordance with EN 60079-15 (Electrical Apparatus for Potentially Explosive
Atmospheres; Type of Protection "n")
II 3 G Ex nA II T4..T5
WARNING
There is a risk of personal injury or damage to property.
In areas exposed to explosion hazard, personal injury or damage to property can occur if
plug-in connections are disconnected during operation.
Before disconnecting plug-in connections in areas exposed to explosion hazard, always deenergize the distributed I/O first.
Marking for Australia
The fail-safe modules of the ET 200S satisfy the requirements of AS/NZS 2064 (Class A).
IEC 61131
The fail-safe modules of the ET 200S satisfy the requirements and criteria of IEC 61131-2
(Programmable Controllers - Part 2: Equipment Requirements and Tests).
PROFIBUS Standard
The ET 200S distributed I/O system is based on the IEC 61784-1:2003 standard.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
51
General Technical Specifications
6.2 Standards and Approvals
Shipbuilding approval
Submitted to the following classification bodies
(exception: PM-D F DC24V PROFIsafe to GL (German Lloyd) only):
ABS (American Bureau of Shipping)
BV (Bureau Veritas)
DNV (Det Norske Veritas)
GL (Germanischer Lloyd)
LRS (Lloyds Register of Shipping)
Class NK (Nippon Kaiji Kyokai)
Use in Industry
SIMATIC products are designed for use in industrial environments.
Requirement Relating to
Field of Application
Emitted Interference
Immunity to Interference
EN 61000-6-4
EN 61000-6-2
Industry
Use in Residential Areas
ET 200S applications in residential areas must be compliant with limit class B to EN 610006-4 for emission of radio interference.
Suitable measures for achieving limit class B for emission of radio interference are:
● Installing the ET 200S in grounded control cabinets/control boxes
● Use of filters in power supply lines
TÜV Certificate and Standards
The fail-safe modules are certified in accordance with standards and guidelines in terms of
functional safety. Refer to the report on the safety certificate (TÜV certificate) and the
associated annex for more details in this regard. The current TÜV documents can be found
on the Internet (http://support.automation.siemens.com/WW/view/en/12461959/133300).
Requesting TÜV Certificates
You can request copies of the TÜV certificate and the accompanying report from the
following address:
Siemens Aktiengesellschaft
Industry Sector
IA AS RD ST
P.O. Box 1963
D-92209 Amberg
See also
Safety engineering in SIMATIC S7
(http://support.automation.siemens.com/WW/view/en/12490443)
52
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
General Technical Specifications
6.3 Electromagnetic Compatibility
6.3
Electromagnetic Compatibility
Introduction
This chapter presents information about immunity to interference of fail-safe modules and
about EMC conformity.
Definition of EMC
Electromagnetic compatibility is the ability of an electrical device to function in its
electromagnetic environment in a satisfactory manner without affecting this environment.
Fail-safe modules also comply with the requirements of the EMC law for the European
Single Market. As a requirement, the ET 200S distributed I/O system must comply with the
specifications and guidelines for electrical configuration.
Pulse-Shaped Interference
The following table presents the electromagnetic compatibility of fail-safe modules with
regard to pulse-shaped interference.
Pulse-Shaped Interference
Electrostatic discharge in
accordance with IEC 61000-4-2
(DIN VDE 0843 Part 2)
Tested With
Degree of Severity
8 kV
3 (air discharge)
6 kV (cabinet installation mandatory)
3 (contact discharge)
4 kV (no cabinet installation)
2 kV (supply line)
3
2 kV (signal line)
4
Burst pulse (rapid transient
interference) in accordance with
IEC 61000-4-4
(DIN VDE 0843 Part 4)
Zone B in accordance with IEC 61131-2
Surge in accordance with IEC 61000-4-5 (DIN VDE 0839 Part 10)
Degrees of severity 2 and 3 require an external protective circuit (see
paragraph below)
More stringent requirements to EN 298 regarding electromagnetic
interference for modules which conform to this standard.
Asymmetrical connection
1 kV (supply line)
1 kV (signal lead/data lead)
2 kV (supply line)
Symmetrical connection
0.5 kV (supply line)
0.5 kV (signal lead/data lead)
1 kV (supply line)
1 kV (signal lead/data lead)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
2
3
2
3
53
General Technical Specifications
6.3 Electromagnetic Compatibility
Protecting the ET 200S with Fail-Safe Modules from Overvoltage
If your equipment makes protection from overvoltage necessary, we recommend that you
use an external protective circuit (surge filter) between the load voltage power supply and
the load voltage input of the terminal modules to ensure surge immunity for the ET 200S with
fail-safe modules.
Note
Lightning protection measures always require a case-by-case examination of the entire
system. Nearly complete protection from overvoltages, however, can only be achieved if the
entire building surroundings have been designed for overvoltage protection. In particular, this
involves structural measures in the building design phase.
Therefore, for detailed information regarding overvoltage protection, we recommend that you
contact your Siemens representative or a company specializing in lightning protection.
The following figure illustrates an example configuration with F-modules and standard
modules and the power modules PM-E DC24..48V/AC24..230V and PM-E F pm DC24V
PROFIsafe. Voltage is supplied over four power supplies.
You can also use fewer power supplies. However, you must ensure that the total current of
the modules fed by one power supply does not exceed the permissible limits.
You can also use power modules PM-E DC24V. The protective circuit corresponds to that of
the PM-E DC24..48V/AC24..230V + automatic circuit breaker (as with PM-E F pm DC24V
PROFIsafe).
54
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
0RXQWLQJUDLO
Figure 6-1
6KLHOGFRQQHFWLQJ
HOHPHQW
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
0
/
7HUPLQDOPDUNLQJVRQWKH(7
6WHUPLQDOPRGXOHV
0
/
/
'&9
0
9
$&
0
/
/
'&9
0
9
$&
0
/
$ 0'+)%OLW]FRQGXFWRU&7
% %OLW]FRQGXFWRU97
& '&25.'
'HKQ,QFRUGHUQXPEHU
1DPH
6HQVRUV
$VLQJOHSRZHUVXSSO\LVSRVVLEOH
/
'&9
0
9
$&
)RURUGHUQXPEHUVUHIHUWR(76'LVWULEXWHG,26\VWHPPDQXDO
$OVRDSSOLHVWRWHUPLQDOV
3RZHUVXSSO\HJ6,723
352),%86'3
/
'&9
0
5HIHUWR
0RGXOH
1R
EXWXVH/
DQG0
5HIHUWR
0RGXOH
1R
$XWRPDWLFFLUFXLWEUHDNHU
30('&9
$&9
',
'&9
'2
'&9$
30()SP
'&9
'2
'&9$
'2
'&9$
30('&9
$&9
8QVKLHOGHG
FDEOH
)'2
'&9$
6KLHOGHGFDEOH
QRSURWHFWLYH
FLUFXLWUHTXLUHG
)',
'&9
0
'3
)',
'&9
6KLHOGFRQQHFWLQJHOHPHQW
9
$&
/
,0
General Technical Specifications
6.3 Electromagnetic Compatibility
For further information about surge protection for standard modules, see the ET 200S
Distributed I/O System operating instructions.
External Protective Circuit (Surge Filter) for ET 200S with Fail-Safe Modules
55
General Technical Specifications
6.3 Electromagnetic Compatibility
Sinusoidal interference
HF radiation:
Tested in accordance with IEC 61000-4-3, "Radiated Electromagnetic Field Requirements"
● Standard test:
– from 80 MHz through 1 GHz, tested at 10 V/m and 20 V/m; 80 % AM (1 kHz)
– from 1.4 GHz through 2.7 GHz, tested at 10 V/m; 80 % AM (1 kHz)
● GSM/ISM/UMTS field interference of different frequencies (Standard: EN 298: 2004,
IEC 61326-3-1)
Electromagnetic interference on signal and data lines:
Tested in accordance with IEC 61000-4-6, "Testing and measurement techniques –
Immunity to conducted disturbances induced by radio-frequency fields"
● Standard test:
– RF band, asymmetrical, amplitude modulated:
from 0.15 MHz through 80 MHz, tested at 10 V and 20 V rms; 80% AM (1 kHz)
● ISM interference of different frequencies (Standard: EN 298: 2004, IEC 61326-3-1)
Radio Interference Emission
Interference transmission of electromagnetic fields in accordance with EN 55011: Limit class
A, group 1 (measured at a distance of 10 m).
Frequency
Emitted Interference
Between 30 MHz and 230 MHz
< 40 dB (µV/m)Q
Between 230 MHz and 1000 MHz
< 47 dB (µV/m)Q
Emitted interference by means of network-AC power supply in accordance with EN 55011:
Limit class A, group 1.
Frequency
56
Emitted Interference
Between 0.15 MHz and 0.5 MHz
< 79 dB (µV)Q, < 66 dB (µV)M
Between 0.5 MHz and 5 MHz
< 73 dB (µV)Q, < 60 dB (µV)M
Between 5 MHz and 30 MHz
< 73 dB (µV)Q, < 60 dB (µV)M
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
General Technical Specifications
6.4 Shipping and Storage Conditions
6.4
Shipping and Storage Conditions
Requirements for Fail-Safe Modules
Fail-safe modules surpass the requirements for transport and storage conditions defined in
IEC 61131, Part 2. The following specifications apply for fail-safe modules that are
transported and stored in the original packaging.
6.5
Type of Condition
Permissible Range
Free fall
≤1m
Temperature
From –40 °C to +70 °C
Temperature variation
20 K/h
Air pressure
1080 hPa to 660 hPa
(corresponds to an altitude of -1000 m to 3500 m)
Relative humidity
5% to 95%, no condensation
Mechanical and Climatic Environmental Conditions
Conditions of Use
The F-modules are intended for use as stationary installations in sheltered locations. The
conditions of use surpass the requirements in accordance with IEC 61131-2.
Fail-safe modules comply with conditions of use Class 3C3 in accordance with DIN EN
60721 3-3 (use in locations with heavy traffic and in the immediate vicinity of industrial
systems with chemical emissions).
Restrictions
F-modules cannot be implemented without additional measures being taken:
● In locations with a high level of ionizing radiation
● In locations with severe operating conditions, due for example to:
– Dust
– Corrosive vapors or gases
● In systems which require special monitoring, such as:
– Electrical systems in particularly hazardous areas
An additional measure for the implementation of fail-safe modules can be installing the
ET 200S in cabinets, for example.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
57
General Technical Specifications
6.5 Mechanical and Climatic Environmental Conditions
Mechanical Environmental Conditions
The table below shows the mechanical environmental conditions for F-modules in the form of
sinusoidal oscillations.
Frequency Range (Hz)
Continuous
Intermittent
10 ≤ f ≤ 58
Amplitude = 0.15 mm
Amplitude = 0.35 mm
58 ≤ f ≤ 150
Constant acceleration = 2 g
Constant acceleration = 5 g
Reduction of Vibration
If the F-modules are exposed to substantial shock or vibration, you must take appropriate
measures to reduce the acceleration and amplitude.
We recommend that you mount the ET 200S on damping material (for example, on a rubbermetal vibration damper).
Testing of Mechanical Environmental Conditions
The table below provides information about the type and scope of testing of mechanical
environmental conditions.
Condition ...
Test Standard
Comments
Vibration
Vibration test in accordance
with IEC 60068-2-6
(sinusoidal)
Type of vibration: Frequency cycles at a rate of change of 1 octave/minute.
10 Hz ≤ f ≤ 58 Hz, constant amplitude 0.35 mm
58 Hz ≤ f ≤ 150 Hz, constant acceleration 5 g
Duration of vibration: 10 frequency cycles per axis at each one of the three
perpendicular axes
Shock
Shock, tested in accordance Shock type: Half-sine
with IEC 60068-2-27
Shock severity: 15 g peak value, 11 ms duration
Direction of shock: 3 shocks in +/- direction at each of the three
perpendicular axes
Continuous
shock
Shock, tested in accordance Shock type: Half-sine
with IEC 60068-29
Shock severity: 25 g peak value, 6 ms duration
Direction of shock: 1000 shocks in +/- direction at each of the three
perpendicular axes
58
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
General Technical Specifications
6.5 Mechanical and Climatic Environmental Conditions
Climatic Environmental Conditions
ET 200S with fail-safe modules can be used under the following climatic environmental
conditions:
Environmental Conditions
Operating Range
Comments
Temperature
0 °C to 60 °C
For horizontal installation
0 °C to 40 °C
For vertical installation
Temperature variation
10 K/h
Relative humidity
15 % to 95 %
No condensation; corresponds to relative
humidity (RH) stress level 2 in accordance
with IEC 61131-2
Air pressure
1080 hPa to 795 hPa
Corresponds to an altitude of -1000 m to 2000
m
Test:
Pollutant concentration
SO2: < 0.5 ppm;
relative humidity < 60%, no condensation
10 ppm; 4 days
H2S: < 0.1 ppm;
relative humidity < 60%, no condensation
1 ppm; 4 days
ISA-S71.04 severity level G1; G2; G3
—
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
59
General Technical Specifications
6.6 Specifications for Nominal Line Voltages, Isolation Tests, Protection Class, and Type of Protection
6.6
Specifications for Nominal Line Voltages, Isolation Tests, Protection
Class, and Type of Protection
Rated Voltages for Operation
The fail-safe signal modules operate at a rated voltage of 24 VDC. The tolerance range is =
20.4 VDC to 28.8 VDC.
Test Voltages
Refer to the technical specifications of the fail-safe modules for information regarding the test
voltages.
Protection Class
Protection class I in accordance with IEC 60536 (VDE 0106, Part 1), i.e. ground terminal
required on DIN rail!
Type of Protection
Type of protection IP20 to EN 60529 for all F-modules, that is:
● Protection from contact with standard probes
● Protection from foreign bodies larger than 12.5 mm in diameter
● No special protection against water
See also
Safe Functional Extra Low Voltage for Fail-Safe Modules (Page 33)
60
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.1
7
Introduction
This chapter
Fail-safe power modules and fail-safe digital modules are available for connecting digital
sensors/encoders and actuators/loads to the ET 200S. This chapter provides the following
information for each fail-safe module:
● Properties and special features
● Front view, terminal assignment for terminal modules and the block diagram
● Wiring diagram and programmable parameters
● Diagnostic functions, including corrective measures
● Technical specifications
WARNING
The safety characteristics in the technical specifications apply for proof test intervals of
20 years and repair times of 100 hours. If a repair within 100 hours is not possible, then
remove the respective module from the terminal module or switch off its supply voltage
before 100 hours expires.
Then proceed as described in the chapter "Reactions to Faults (Page 41)".
Description of Usable Standard Power Models and Terminal Modules
Usable standard power modules and terminal modules are described in the ET 200S
distributed I/O system operating instructions.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
61
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
7.2
PM-E F pm DC24V PROFIsafe Power Module
7.2.1
Properties of the PM-E F pm DC24V PROFIsafe Power Module
Order Number
6ES7138-4CF03-0AB0
Properties
The PM-E F pm DC24V PROFIsafe power module possesses the following properties:
● 2 relays for switching the voltage buses P1 and P2, output current = 10 A
● 2 fail-safe digital outputs, P/M-switching, output current 2 A
● Rated load voltage 24 VDC
● Suitable for solenoid valves, DC contactors and indicator lights
● Group fault display (SF; red LED)
● Status display for each output (green LED)
● Status display for load current power supply (PWR; green LED)
● Assignable diagnostics
● Achievable safety classes are listed in the table below
Note
The PM-E F pm DC24V PROFIsafe power module is not suitable for the supply of F-SMs.
Table 7- 1
Overview of available safety classes with PM-E F pm DC24V PROFIsafe
PM-E F pm DC24V PROFIsafe
Relay outputs P1
and P2
Maximum Attainable Safety
Class
Without standard DO
modules
Signal switches
daily or more often
SIL3/Category 4/PLe
Signal switches
less than once a
day
SIL2/Category 3/PLd
With standard DO modules
SIL2/Category 3/PLd
refer to the Internet
(http://support.automation.siemens.com/WW/vi
ew/en/12461959/133300)
Electronic outputs
DO 0 and DO 1
62
refer to the applications in the "Wiring of the
PM-E F pm DC24V PROFIsafe (Page 70)"
chapter.
SIL3/Category 4/PLe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Two Fail-Safe Digital Outputs
In addition to the voltage buses P1 and P2, the power module has two fail-safe digital
outputs DO0 and DO1. You can achieve SIL3/Category 4/PLe with these outputs.
(0'2 (0'2 (0'2 30()SP'&9
/0
3 3
'2 '2
'2 '2
'2 '2
3 0 3 0 3 0 .
.
30
33
'2 '2 '2 '2 '2 '2
3 0 3 0 3 0
.
.
.
.
/ 0
Figure 7-1
Wiring diagram of the PM-E F pm DC24V PROFIsafe
Power Module Supplies for Standard ET 200S Modules
WARNING
Always connect the 24 VDC supply for the standard ET 200S modules on the PME F pm DC24V PROFIsafe. Otherwise, the outputs of DO modules may exhibit safety
critical behavior.
WARNING
When supplying standard DO modules, always use the terminal modules to supply the
actuators (actuator feedback on the DO module).
Refer also to the section "Switching grounded loads".
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
63
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Safety-Related Shutdown of Standard Output Modules
Refer to the Internet
(http://support.automation.siemens.com/WW/view/en/12461959/133300) for a list of all the
standard ET 200S modules.
WARNING
Safety-related activation of standard DO module outputs is not possible. Only safety-related
shutdown is possible. The following issues must therefore be taken into consideration:
In the worst case you must consider all possible faults of the standard DO modules and the
programs controlling them for which the faults cannot be found directly. For example, the
PM-E F pm DC24V PROFIsafedoes not detect external short-circuits to L+ at the standard
DO module outputs. All faults developing at the standard DO modules influence the
process via final controlling elements. The process status must be made known to the FCPU by way of sensors and a suitable safety program.
Diagnostic functions must be handled indirectly in the controlled process since the self-test
function of standard DO modules cannot be used to detect safety-critical faults: The safety
control function does not intervene in the faulty process as long as hazards can be
excluded. However, it shuts down the system if the process develops unwanted or
potentially dangerous activities.
Consequently, instead of the short fault reaction times defined in S7, the reaction time to
internal faults in standard DO modules is determined by the controlled process and its
corresponding feedback signals.
Safety-related process values must be
• safely
• read in by way of fail-safe input modules, such as an F-DI,
• prepared by the F-CPU for command output and
• output at the fail-safe output module for shutdown of the corresponding safety relay or
• output at the fail-safe power module PM-E F.
If the process does not respond as expected due to malfunctions within a process or faulty
standard DO modules, these standard DO modules must be set to safe state by way of the
higher-level safety circuit.
The process safety time is of particular importance here. Risks due to any malfunctions
within the process control system can be ruled out within this process safety time.
The safety program must react in a safety-related and logically suitable fashion to
unwanted or potentially dangerous states in the process via the PM-E F pm DC24V
PROFIsafe and fail-safe output modules.
If you want to avoid the problems described above completely, we recommend that you use
P/M-switching fail-safe electronic modules 4 F-DO DC24V/2A PROFIsafe with standard
ET 200S power modules (see "Digital electronic module 4 F-DO DC24V/2A PROFIsafe" and
the table "Assigning power modules to electronic modules / motor starters and safety class").
Property of safety-oriented tripping of standard DO modules with the PM-E F pm DC24V
PROFIsafe:
This cost-effective solution allows the full and simultaneous shutdown of all outputs involved
when a fault is detected in the process or on the PM-E F pm DC24V PROFIsafe.
Property of the individual shutdown of F-modules with fail-safe outputs:
The scope of shutdown is kept to a minimum when a fault is detected. It is also possible to
react to critical process states staggered over time, or to perform safety-related shutdown of
individual outputs.
64
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Switching Grounded Loads
If the PM-E F pm DC24V PROFIsafe switches loads that have a chassis-ground connection
(for example to improve EMC characteristics) and if chassis and ground are connected at the
power supply being used, a "short-circuit" is detected.
From the perspective of the F-module, the M-switch is bridged by the chassis-ground
connection (refer to the diagram below as an example of an PM-E F pm DC24V PROFIsafe).
For the PM-E F pm DC24V PROFIsafe, as of Order No. 6ES7138-4CF02-0AB0, release
version 02, the resistance to capacitive loads between the M switch and chassis was
increased from approx. 1 μF to around 20 μF.
Remedy:
● Using the PM-E F pp DC24V PROFIsafe
● The value of the resistance between chassis and ground at the load end must be greater
than 100 kΩ
● The capacity value at the load end between chassis and ground must be less than 20 µF.
30()SP'&9352),VDIH
)RUH[DPSOH
(0'2'&9$
3
3
3VZLWFK
5HDGEDFNRI3EXV
0
2XWSXW
GULYHU
&HQWUDO
JURXQGLQJ
SRLQW
0
3
0
0VZLWFK
3
/RDG
5HDGEDFNRI0EXV
Figure 7-2
Switching Grounded Loads (resistance exists between chassis and ground)
WARNING
During startup, the PM-E F pm DC24V PROFIsafe carries out a power on self-test that
takes around 3 ms. The load capacitance between chassis and ground is charged by way
of the load resistance. This low charging current may briefly trigger sensitive load circuits.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
65
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Capacitive Crosstalk of Digital Input/Output Signals
Readback errors may occur on the PM-E F pm DC24V PROFIsafe power module or on the
F-DO modules if the fail-safe digital output and fail-safe digital input signals are routed
through one cable. The module signals a short circuit in this situation.
Cause
The steep switching edge of the output driver during the sensor supply test of the 4/8 FDI DC24V PROFIsafe module may lead to crosstalk on other inactive output channels due to
the coupling capacitance of the wire, for example, on the PM-E F pm DC24V PROFIsafe
power module. This situation may lead to a response in the readback circuit in these
channels. The module detects a cross circuit and performs safety-related shutdown.
Remedy
● Use separate cables for the F-DI modules and F-DO modules or standard DO modules
that are controlled by a PM-E F pm DC24V PROFIsafe.
● Coupling relay or diodes in the outputs
● Disable the sensor supply test if safety class requirements allow this.
See also
Assigning Modules of an ET 200S (Page 22)
Properties of the 4 F-DO DC24V/2A PROFIsafe digital electronic module (Page 163)
66
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
7.2.2
Terminal assignment of the PM-E F pm DC24V PROFIsafe
Incoming 24 VDC supply to Electronic Modules with Technology Functions
Depending on whether the electronic and load current supplies are electrically isolated in the
electronic modules with technology functions (positioning, counting), you must comply with
the following wiring rules:
● If electrically isolated, you can connect the electronic module to an external 24 VDC
power supply.
● If not electrically isolated, you must supply the electronic module from voltage bus P1 and
P2 of the PM-E F pm DC24V PROFIsafe.
SIL2/Category 3/PLd is attainable in both cases.
,0
30
1
2
30()
SP
w&
w&
'2
/ 0
/ 0
0
①
Technology module with electrically isolated DO
②
Technology module without electrically isolated DO
Front View
*URXSIDXOWGLVSOD\UHG
30()SP'&9
6WDWXVGLVSOD\IRU
ORDGFXUUHQWSRZHUVXSSO\JUHHQ
...
Figure 7-3
6WDWXVGLVSOD\VIRU
RXWSXWVJUHHQ
Front view PM-E F pm DC24V PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
67
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
WARNING
The SF LED and the status displays of the inputs/outputs are not designed for safetyrelated functions and may therefore not be evaluated for safety-related activities.
Terminal Assignment
The following figure and the following table show the terminal assignment of the PME F pm DC 24V PROFIsafe for the supported terminal modules TM-P30S44-A0 or TMP30C44-A0.
$8;
$
'&9'&9
,QIHHG
00
,QIHHG
$
'2'2 33 '2'2 00 '2'2 33 $
$
$8;$8;
,QIHHG
'2'2 00 68
Figure 7-4
Terminal assignment TM-P30S44-A0 or TM-P30C44-A0 for PM-E F pm DC 24V
PROFIsafe
Table 7- 2
Terminal assignment of the TM-P30S44-A0 or TM-P30C44-A0
Terminal
Designation
2
24 VDC rated load voltage for:
• Inserted power module
• Corresponding potential group
• DO 0 and DO 1
• Voltage buses P1 and P2
24 VDC
3
M
Ground
A
4
AUX 1
Any terminal for PE or voltage bus up to the maximum rated load voltage of the
module
6
24 VDC
24 VDC rated load voltage for:
• Inserted power module
• Corresponding potential group
• DO 0 and DO 1
• Voltage buses P1 and P2
7
M
Ground
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Terminal
Designation
A
8
AUX 1
Any terminal for PE or voltage bus up to the maximum rated load voltage of the
module
9
DO 0 P
Terminals for fail-safe digital output 0 (P/M-switching)
10
DO 0 M
11
DO 2 P
Terminals (relay contacts) for fail-safe switching of voltage buses P1 and P2
12
DO 2 M
P1 and P2 can also be used as DO 2 M and DO 2 P
13
DO 1 P
Terminals for fail-safe digital output 1 (P/M-switching)
14
DO 1 M
15
DO 2 P
Terminals (relay contacts) for fail-safe switching of the voltage buses P1 and P2
16
DO 2 M
P1 and P2 can also be used as DO 2 M and DO 2 P
CAUTION
If high currents can occur on DO 2 P and DO 2 M, you must wire terminals 11 and 15 (DO
2 P) and 12 and 16 (DO 2 M) in parallel.
Otherwise, high current loads may cause the terminals to heat up.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
69
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
7.2.3
Wiring of the PM-E F pm DC24V PROFIsafe
Block Diagram
$GGUHVVVZLWFK
3:5
3VZLWFK
3URFHVVLQJORJLF
6)
0
9
6WDWXV
RIWKH
RXWSXW
0
9
70
0
3
3
Figure 7-5
0VZLWFK
5HOD\
5HDGEDFN
%DFNSODQHEXVLQWHUIDFH
0
3
Block diagram of the PM-E F pm DC24V PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Application 1: Wiring a load to each digital output
The two switches are always energized so that voltage is applied to the load. The two
switches are always activated so that voltage is applied to the load.
Wire the PM using the special terminal module.
(0'2 (0'2 (0'2 30()SP'&9
/0
3 3
'2 '2
'2 '2
'2 '2
3 0 3 0 3 0 .
.
.
30
33
'2 '2 '2 '2 '2 '2
3 0 3 0 3 0
.
.
.
/ 0
Figure 7-6
Wiring diagram of the PM-E F pm DC24V PROFIsafe
Note
In order to achieve SIL3/Category 4/PLe with this wiring, you must install a suitably-qualified
sensor, for example in accordance with IEC 60947.
WARNING
Please always use an external fuse for L+ at the PM-E F pm with the following properties to
protect the relay contacts from overload: Circuit-breaker, characteristics B, 10 A.
Relay Output DO 2
The relay output DO 2 connects the voltage L+ and M using one relay contact for each. The
voltage is fed outwards to the terminal module and to the internal voltage buses P1 and P2.
This results in two connection options that can also be used at the same time if desired:
● A load can be connected directly to the terminal module (K2 in the figure above)
● Electronic modules can be supplied by means of the internal voltage buses P1 and P2.
Loads can be connected to these modules in turn (K3, K4, K5 in the figure above)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
71
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Application 2: Wiring loads to L+ and M at each digital output
You can connect two relays using one fail-safe digital output. The following conditions should
be kept in mind:
● L+ and M of the relays must be connected with L+ and M of the PM-E F pm (reference
potential must be equal).
● The normally open contacts of the two relays must be connected in series.
This connection can only be made on digital outputs DO 0 and DO 1 (not DO 2). With this
circuit, you achieve:
● SIL3/Category 4/PLe
(0'2 (0'2 (0'2 30()SP'&9
/ 0
'2 '2 3 0 .
.
30
3 33
3
'2 '2 '2 '2
0
3 0 3
.
'2 '2 '2 '2 '2 '2
3 0 3 0 3 0
.
0
.
.
.
.
0
/ 0
Figure 7-7
Wiring diagram for each of two relays on DO 0 and DO 1 of the PM-E F pm DC24V
PROFIsafe
WARNING
When connecting two relays on one digital output (as shown in the figure above), the
errors "wire break" and "overload" are detected only at the P-switch of the output (not at
the M-switch).
72
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
WARNING
The controlled actuator can no longer be switched off when there is a cross circuit
between the P and M-switches of the output. To avoid cross circuits between the P and
M-switches of a fail-safe digital output, you should always wire the relay connection to
the P and M-switches separately, in order to prevent any cross-circuits (for example with
separately-sheathed cables or using separate cable ducts).
Note
The PM-E F pm DC24V PROFIsafe carries out a bit pattern test every 15 minutes or so.
The module then sends an impulse for max. 4 ms. This test is executed deferred between
P and M-switches, so that the actuator is not switched on. This impulse may cause the
corresponding relay to tighten, which may reduce its service life.
We therefore recommend adhering to the wiring scheme detailed below.
Application 3: Wiring two loads in parallel to each digital output
Avoiding / Managing Cross Circuits:
To protect against cross circuits between P and M-switches in fail-safe digital outputs, we
recommend the following wiring scheme:
(0'2 (0'2 (0'2 30()SP'&9
'2 / 0 3 '2 '2 0 3 .
.
.
.
3
3
'2 '2 '2
0 3 0
30
33
'2 '2 '2
3
0 3
0
.
.
.
.
'2 '2
0 3
'2
0
0
/ 0
Figure 7-8
Wiring diagram for each of two relays parallel on DO 0 and DO 1 of the PME F pm DC24V PROFIsafe
Note
With parallel connection of two relays to one digital output (as shown above), the "wire
break" fault is only detected if the wire break disconnects both relays from P or M. This
diagnosis is not safety-related.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
73
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
7.2.4
Parameters of the PM-E F pm DC24V PROFIsafe
Parameters in STEP 7
The table below lists the parameters that can be set for the PM-E F pm DC24V PROFIsafe.
Table 7- 3
Parameters of the PM-E F pm DC24V PROFIsafe
Parameter
Range
Default
Type of Parameter
Effective
Range
F-Parameters:
F_destination_address
1 to 1022
is assigned by
Static
Module
10 to 10 000 ms
150 ms
Static
Module
F monitoring time
Module Parameters:
Behavior after channel
faults*
STEP 7
Passivate the entire Passivate the
Static
Module
module/Passivate
entire module
the channel
DO channel 0
Activated/deactivate Activated
Static
Channel
d
Readback time
1 to 400 ms
1 ms
Static
Channel
Diagnostics: Wire
Activated/deactivate Deactivated
Static
Channel
break
d
DO channel 1
Activated/deactivate Activated
Static
Channel
d
Readback time
1 to 400 ms
1 ms
Static
Channel
Diagnostics: Wire
Activated/deactivate Deactivated
Static
Channel
break
d
* This setting is relevant only with an installed S7 distributed safety V 5.4 or higher or generally with
S7 F systems optional packages.
Readback Time Parameter
Each output channel has its own selectable readback time. This time specifies the maximum
duration of the turn off test for the corresponding channel and therefore also the readback
time for turning off the channel.
The following readback times can be set: 1 ms, 5 ms, 10 ms, 50 ms, 100 ms, 200 ms and
400 ms.
You should set an adequately high readback time if the channel involved switches high
capacitive loads. If the readback time for a controlled capacitive load is set too low, the
output channel is passivated because the discharge of the capacitance does not take place
within the turn off test.
If the readback signals are incorrect, the "short circuit" fault only causes passivation of the
output channel after the readback time has elapsed.
74
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Note
Note that an inductive load connected to the DO channels can induce voltages in the case of
electromagnetic interference of a strong magnetic field. This can cause a short-circuit error
message.
Remedy:
• Spatially disconnect the inductive loads or shield against the magnetic field.
• Set the parameters for the readback time to 50 ms or higher.
WARNING
With a configured readback time of ≥ 50 ms, short-circuits (cross circuits) can be
suppressed with an interference signal with a frequency > 10 Hz (50:50 duty cycle).
Short-circuits (cross circuits) on an output of the same module will be detected.
7.2.5
Diagnostic functions of the PM-E F pm DC24V PROFIsafe
Behavior in Case of Supply Voltage Failure
The failure of the PM-E F pm DC24V PROFIsafe power supply is always indicated by the
PWR LED on the module (light off). This information is also provided in the module
(diagnostic entry). Either all channels of the module are passivated or, in case of channelspecific passivation, only the relevant channels are passivated.
In the case of a voltage dip in the external auxiliary voltage, the SF LED lights up, the
module is passivated.
With the subsequent supply recovery (level must remain above the specified value for at
least 1 minute (refer to the technical specifications: voltages, currents, electrical potentials))
the SF LED goes out again, the module remains passivated. The SF LED flashes if there are
no other errors, until the error is acknowledged.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
75
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Diagnostic functions
The table below provides an overview of the diagnostic functions of the PM-E F pm DC24V
PROFIsafe. The diagnostic functions are assigned either to one channel or to the entire
module.
Table 7- 4
Diagnostic functions of the PM-E F pm DC24V PROFIsafe
Diagnostic Function*
Fault
Number
LED
Effective Range of
Diagnostics
Can be
Assigned
Parameter
s
Short circuit
1H
SF
Channel
No
Overload
4H
SF
Channel
No
Overtemperature
5H
SF
Module
No
Wire break
6H
SF
Channel
Yes
Internal error
9H
SF
Module
No
Parameter assignment error
10H
SF
Module
No
Sensor voltage or load voltage missing
11H
SF
Module
No
Communication error
13H
SF
Module
No
Safety-related shutdown
19H
SF
Channel
No
*: Specially for F-modules; display in STEP 7, see "Channel-Specific Diagnostics, Fault Types of FailSafe Modules" table
WARNING
Before acknowledging the short-circuit diagnosis, remedy the respective error and validate
your safety function. To do this, proceed as described in chapter "Fault Diagnostics
(Page 43)".
76
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Causes of Faults and Corrective Measures
The following table contains the possible causes of the faults described for the individual
diagnostic messages of the PM-E F pm DC24V PROFIsafe and remedies.
Table 7- 5
Diagnostic messages of the PM-E F pm DC24V PROFIsafe, causes of errors and
remedies
Diagnostic
Message
Fault
Detection
Short circuit
Always
Possible Causes
Corrective Measures
Short circuit in the
actuator
Eliminate the short-circuit.
Cross circuit in the
actuator
Eliminate the cross-circuit within 100
hours after the error has occurred.
Internal error
Replace module
Short circuit in P1 and
P2 because actuators
connected to standard
DO modules are not
supplied by means of
the terminal modules of
the standard DO
modules
Actuators connected to standard DO
modules are supplied via the terminal
module of the standard DO module;
replace the fuse after a short-circuit
Acknowledge the error within 100 hours
after the error has occurred
Overload
For output
signal "1"
only
Output stage is
overloaded and
becomes too hot
Eliminate overload
Overtemperatur
e
Always
Shutdown due to
violation of upper or
lower temperature limit
value in the module
case
Check load wiring, check ambient
temperature, check whether permissible
output current is exceeded for the
ambient temperature. Once the fault has
been eliminated, the module must be
removed and inserted, or the power
switched OFF and ON.
Wire break
for "1" output
signal only
Line break
Eliminate broken wire, ensure specified
minimum load (see Technical
Specifications)
Internal error
Always
Internal module fault
has occurred
Replace module
Parameter
assignment
error
Always
Inserted module does
not match
configuration; incorrect
parameter assignment
Correct the configuration (compare actual
and preset configuration). Check
communication paths. Correct parameter
assignment
PROFIsafe address set Check whether the PROFIsafe address
incorrectly in the Fon the module matches the configuration
module
in HW Config
Sensor voltage
or load voltage
missing
Always
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Supply voltage not
available or too low
(e.g. voltage dip on Fmodule, this can also
be caused, among
other things, by a
short-circuit on the
P1/P2 buses.
Check module for correct contact
77
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Diagnostic
Message
Fault
Detection
Communication
error
Always
Possible Causes
Corrective Measures
Error in communication Check the PROFIBUS/PROFINET
between F-CPU and
connection
module, e.g. due to
Eliminate the interference
defective PROFIBUS
connection or higher
than permissible EMI
PROFIsafe monitoring
time set too low
Set a greater value for the "F monitoring
time" parameter for the module in
HW Config
Configuration of the F- Generate safety program again; then load
module does not match configuration and safety program into Fsafety program
CPU again
Safety-related
shutdown
Always
Switching frequency
exceeded
Reduce the switching frequency or use a
semiconductor output
Generally Applicable Information on Diagnostics
For information on diagnostics that pertains to all fail-safe modules (e.g. for reading out
diagnostic functions, passivating channels), refer to the "Diagnostics" chapter in this
manual.
See also
Reactions to Faults (Page 41)
7.2.6
Technical Specifications for PM-E F pm 24 VDC PROFIsafe
Overview
Technical Specifications
Dimensions and Weight
Dimensions W x H x D (mm)
30 x 81 x 52
Weight
Approx. 88 g
Data for Specific Module
Number of outputs
•
Semiconductor outputs (P/M switching)
2
•
Relay outputs (P/M switching)
1
Assigned address area
•
In the I/O area for inputs
5 bytes
•
In the I/O area for outputs
5 bytes
Length of cable*
•
78
Unshielded
200 m, maximum
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Technical Specifications
•
Shielded
200 m, maximum
Maximum achievable safety class
•
according to IEC 61508, according to EN
954, according to ISO 13849
Fail-safe performance characteristics
Max. SIL3, category 4, PLe (for conditions see
"Power modulePM-E F pm DC24V PROFIsafe")
SIL3
•
Low demand mode (average probability of
failure on demand)
•
High demand/continuous mode (probability of < 1.00E-10
a dangerous failure per hour)
•
Acceptance ID
< 1.00E-05
FM, cULus, CE, C-Tick
Voltages, Currents, Potentials
Rated supply voltage L+
24 VDC
•
permissible range **
20.4 V to 28.8 V
•
Power loss ride-through of L+
None
•
Power loss ride-through of internal P5
5 ms
•
Reverse polarity protection
No
Total current
•
Horizontal installation
– Up to 40 °C
– Up to 55 °C
– Up to 60 °C
•
Vertical installation
– Up to 40 °C
10 A
7A
6A
6A
Electrical isolation
•
Between channels and backplane bus
Yes
•
Between channels and power supply
No
•
Between channels
No
•
Between channels/power supply and shield
Yes
Permissible potential difference between
•
Shield and ET 200S bus connection
75 VDC/60 VAC
•
Shield and I/O (DOs, P1/P2 buses)
75 VDC/60 VAC
•
ET 200S bus connection and I/O (DOs,
P1/P2 buses)
250 VAC
Isolation in the series tested with
•
Shield and ET 200S bus connection
500 VDC/1 min or 600 VDC/1 s
•
Shield and I/O (DOs, P1/P2 buses)
500 VDC/1 min or 600 VDC/1 s
•
ET 200S bus connection and I/O (DOs,
P1/P2 buses)
1500 VAC/1 min or 2545 VDC/1 s
Isolation in the type test tested with
•
Shield and ET 200S bus connection
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
350 VAC/1 min
79
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Technical Specifications
•
Shield and I/O (DOs, P1/P2 buses)
350 VAC/1 min
•
ET 200S bus connection and I/O (DOs,
P1/P2 buses)
2830 VAC/1 min
•
Surge voltage test between ET 200S bus
connection and I/O (DOs, P1/P2 buses)
6000 VDC/5 positive and 5 negative pulses
Current consumption
•
From backplane bus
28 mA, maximum
•
From load voltage L+ (without load)
100 mA, typical
Power dissipation of the module
4 W, typical
Status, Interrupts, Diagnostics
Status display
•
•
Green LED per channel
Green LED for the load voltage
Diagnostic functions
•
Group fault display
Red LED (SF)
•
Diagnostic information can be displayed
Possible
Data for selecting an actuator for the semiconductor outputs***
Output voltage
•
For "1" signal
•
•
Minimum L+ (-2.0 V)
P-switch: minimum L+ (-1.5 V), voltage drop in
M-switch: Maximum, 0.5 V
Output current for "1" signal
•
Rated value
2A
•
Permissible range
20 mA to 2.4 A
For "0" signal (residual current)
0.5 mA, maximum
Indirect control of load by means of interface
relay:
Residual current for "0" signal
•
P-switch
0.5 mA, maximum
•
M-switch
4 mA, maximum
Load resistance range
12 Ω to 1 kΩ
Lamp load
10 W, maximum
Wire break monitoring (open load detection) and
overload monitoring
•
Response threshold
I < 4 to 19 mA
•
Fault detection time
depending on the selected readback time (see
"Response Times")
Parallel connection of 2 outputs
Not possible
Control of a digital input
Not possible
Switching frequency
80
•
With resistive load
30 Hz symmetrical, maximum
•
With inductive load in accordance with IEC
60947-5-1, DC13
0.1 Hz symmetrical, maximum
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Technical Specifications
•
With lamp load
10 Hz symmetrical, maximum
Voltage induced on current interruption limited to
•
Semiconductor outputs
L+ (-2x 47 V)
•
Relay outputs
P1/P2 (1 V)
Short-circuit protection of semiconductor outputs
Yes, electronic
•
Response threshold of short circuit
•
Response threshold (external M-short circuit) 5 A to 12 A
•
Response threshold (external P-short circuit)
Overload protection of semiconductor outputs
•
Response threshold
5 A to 12 A
25 A to 45 A
Yes
I >2.6 A to 2.8 A
Data for selecting an actuator for the relay outputs***
Switching capacity and service life of contacts
(voltage 24 VDC)
•
Mechanical endurance (without load)
•
For resistive load
•
•
For inductive load in accordance with IEC
60947-5-1, DC13
For lamp load
Contact protection (internal)
•
Between P and M relay output
Current
Number of switching cycles (typ.)
0A
10 million
Current
Number of switching cycles (typ.)
10 A
0.23 million
8A
0.3 million
6A
0.38 million
4A
0.5 million
2A
1.0 million
1A
2.0 million
Current
Number of switching cycles (typ.)
10 A
0.1 million
8A
0.15 million
6A
0.2 million
4A
0.3 million
2A
0.5 million
1A
1.0 million
Power
Number of switching cycles (typ.)
100 W
0.12 million
Internal readback circuit
39 V suppressor diode
Wire break monitoring
No
Parallel connection of 2 outputs
Not possible
Control of a digital input
Not possible
Switching frequency
•
With resistive load
2 Hz, maximum
•
With inductive load in accordance with IEC
60947-5-1, DC13
0.1 Hz, maximum
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
81
Fail-Safe Modules
7.2 PM-E F pm DC24V PROFIsafe Power Module
Technical Specifications
•
With lamp load
Short-circuit protection of output
2 Hz, maximum
No, 10 A external circuit-breaker, "B"
characteristics required
Time, Frequency
Internal processing times
See "Response Times"
Acknowledgment time in safety mode
4 ms minimum/8 ms maximum
Protection against Overvoltage
Protection of power supply L+ from surge in
accordance with IEC 61000-4-5 with external
protection elements only
•
Symmetrical (L+ to M)
+ 1 kV; 1.2/50 μs
•
Asymmetrical (L+ to PE, M to PE)
+2 kV; 1.2/50 μs
Protection of outputs from surge in accordance
with IEC 61000-4-5 with external protection
elements only
Symmetrical (DO to M)
+ 1 kV; 1.2/50 μs
Asymmetrical (DO to PE, M to PE)
+ 1 kV; 1.2/50 μs
*: In order to achieve the specified cable length, you must route the P- and M-signal lines in a cable
or a sheathed cable.
**: Operating below the permissible supply voltage is only permissible for the repair time. See chapter
"Introduction (Page 61)."
***: For more information on the requirements for sensors and actuators, see "Wiring and Fitting
Modules".
82
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
7.3
PM-E F pp DC24V PROFIsafe power module
7.3.1
Properties of the PM-E F pp DC24V PROFIsafe Power Module
Order Number
6ES7138-4CF42-0AB0
Properties
The PM-E F pp DC24V PROFIsafe power module possesses the following properties:
● Two relays for connecting voltage bus P2, 10 A output current
● Relay contacts must be fused externally
● Rated load voltage 24 VDC
● Suitable for solenoid valves, DC contactors and indicator lights
● Suitable for applications in which a grounded configuration is specified or where an
ungrounded configuration cannot be guaranteed
● Group fault display (SF; red LED)
● Status display for voltage bus P2 (green LED)
● Status display for load current power supply (PWR; green LED)
● Assignable diagnostics
● Achievable safety classes are listed in the table below
Table 7- 6
Overview of available safety classes with PM-E F pp DC24V PROFIsafe
PM-E F pp DC24V PROFIsafe
Relay outputs P1
and P2
Without standard DO
modules
Maximum Attainable Safety
Class
Signal switches
daily or more often
SIL3/Category 4/PLe
Signal switches
less than once a
day
SIL2/Category 3/PLd
With standard DO modules
SIL2/Category 3/PLe
refer to the Internet
(http://support.automation.siemens.com/WW/vi
ew/en/12461959/133300)
Supported Interface Modules
Refer to chapter "Using ET 200S Fail-Safe Modules (Page 14)" for the supported interface
modules.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
83
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
Switching the P2 Voltage Bus
The power module is capable of fail-safe switching the P2 voltage bus by means of two
series-connected relay contacts in accordance with SIL2/Category 3/PLd or SIL3/Category
4/PLe. P2 is available as P on the terminal module, and P1 as M.
Power Module Supplies for Standard ET 200S Modules
WARNING
Always connect the 24 VDC supply for the standard ET 200S modules on the PME F pp DC24V PROFIsafe. Otherwise, the outputs of DO modules may exhibit safety
critical behavior.
WARNING
When supplying standard DO modules, always use the terminal modules to supply the
actuators (actuator feedback on the DO module).
Redundant ground conductor required
WARNING
The ground conductor to the terminal module for PM-E F pp DC24V PROFIsafe must be
installed twice for safety reasons. Any interruption of a single ground conductor would
prevent the safety-related shutdown of voltage bus P2.
84
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
Safety-Related Shutdown of Standard Output Modules
Refer to the Internet
(http://support.automation.siemens.com/WW/view/en/12461959/133300) for a list of all the
standard ET 200S modules.
WARNING
Safety-related activation of standard DO module outputs is not possible. Only safety-related
shutdown is possible. The following issues must therefore be taken into consideration:
In the worst case you must consider all possible faults of the standard DO modules and the
programs controlling them for which the faults cannot be found directly. For example, the
PM-E F pp DC24V PROFIsafedoes not detect external short-circuits to L+ at the standard
DO module outputs.
All faults developing at the standard DO modules influence the process via final controlling
elements.
The process status must be made known to the F-CPU by way of sensors and a suitable
safety program.
The safety program must react in a safety-related and logically suitable fashion to
unwanted or potentially dangerous states in the process via the PM-E F pp DC24V
PROFIsafe and fail-safe output modules.
If you want to avoid the problems described above completely, we recommend that you use
P/M switching fail-safe electronic modules 4 F-DO DC24V/2A PROFIsafe with standard
ET 200S power modules instead of standard DO modules.
Properties of safety-related shutdown of standard DO modules with the PM-E F pp DC24V
PROFIsafe:
This cost-effective solution allows the full and simultaneous shutdown of all outputs involved
when a fault is detected in the process or on the PM-E F pp DC24V PROFIsafe.
Property of the individual shutdown of F-modules with fail-safe outputs:
The scope of shutdown is kept to a minimum when a fault is detected. It is also possible to
react to critical process states staggered over time, or to perform safety-related shutdown of
individual outputs. Compared to the safety-related shutdown by the PM-E F pp DC24V
PROFIsafe, this solution costs more.
See also
Assigning Modules of an ET 200S (Page 22)
Properties of the 4 F-DO DC24V/2A PROFIsafe digital electronic module (Page 163)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
85
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
7.3.2
Terminal assignment of the PM-E F pp DC24V PROFIsafe
Incoming 24 VDC supply to Electronic Modules with Technology Functions
Depending on whether the electronic and load current supplies are electrically isolated in the
electronic modules with technology functions (positioning, counting), you must comply with
the following wiring rules:
● If electrically isolated, you can connect the electronic module to an external 24 VDC
power supply.
● if not electrically isolated, you must supply the electronic module from the voltage bus P2
of the PM-E F pp DC24V PROFIsafe.
SIL2/Category 3/PLd is attainable in both cases.
,0
30
1
2
30
()SS
w&
w&
'2
/ 0
/
0
①
Technology module with electrically isolated DO
②
Technology module without electrically isolated DO
Front View
*URXSIDXOWGLVSOD\UHG
30()SS'&9
6WDWXVGLVSOD\IRU
ORDGFXUUHQWSRZHUVXSSO\JUHHQ
...
Figure 7-9
86
6WDWXVGLVSOD\IRU
YROWDJHEXV3JUHHQ
Front view PM-E F pp DC24V PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
WARNING
The SF LED and the status displays of the inputs/outputs are not designed for safetyrelated functions and may therefore not be evaluated for safety-related activities.
Terminal Assignment
The following figure and the following table show the terminal assignment of the PME F pp DC 24V PROFIsafe for the supported terminal modules TM-P30S44-A0 or TMP30C44-A0.
$8;
$
'&9'&9
,QIHHG
00
,QIHHG
$8;$8;
,QIHHG
$
33 $
$
00 Figure 7-10
Terminal assignment TM-P30S44-A0 or TM-P30C44-A0 for PM-E F pp DC 24V
PROFIsafe
Table 7- 7
Terminal assignment of the TM-P30S44-A0 or TM-P30C44-A0
Terminal
Designation
2
24 VDC
24 VDC rated load voltage for:
• Inserted power module
• Corresponding voltage group and
• Voltage bus P2
3
M
Ground
A
4
AUX 1
Any terminal for PE or voltage bus up to the maximum rated load voltage of
the module
6
24 VDC
24 VDC rated load voltage for:
• Inserted power module
• Corresponding voltage group and
• Voltage bus P2
7
M
Ground
A
8
AUX 1
Any terminal for PE or voltage bus up to the maximum rated load voltage of
the module
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
87
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
Terminal
Designation
11
P
Terminals (relay contacts) for fail-safe switching of voltage bus P2
12
M
15
P
16
M
Terminals (relay contacts) for fail-safe switching of voltage bus P2
CAUTION
If high currents can occur on P and M, you must wire terminals 11 and 15 (P) and 12 and
16 (M) in parallel.
Otherwise, high current loads may cause the terminals to heat up.
7.3.3
Wiring of the PM-E F pp DC24V PROFIsafe
Block Diagram
$GGUHVVVZLWFK
3:5
3URFHVVLQJORJLF
%DFNSODQHEXVLQWHUIDFH
0
6)
0
0
5HDGEDFN
6WDWXVRI
RXWSXW
9
9
0
3
3
Figure 7-11
88
5HOD\
3
5HOD\
Block diagram of the PM-E F pp DC24V PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
Wiring Diagram
Wire the PM using the special terminal module.
30()SS'&9
(0'2
3
3
'2 '2
3 0
/00
.
(0'2
(0'2
30
33
'2 '2 '2 '2 '2 '2
3 0 3 0 3 0
.
.
.
/00
Figure 7-12
Wiring diagram of the PM-E F pp DC24V PROFIsafe
WARNING
Please always use an external fuse for L+ at the PM-E F pp with the following properties to
protect the relay contacts from overload: Circuit-breaker, characteristics B, 10 A.
Relay Output
The two contacts of the relay output are used to switch voltage L+. The switched voltage is
supplied to the external terminal module and to the internal voltage buses P1 and P2. This
results in two connection options that can be used at the same time, if desired:
● One load can be wired directly to the terminal module (K1 in the figure above).
● Electronic modules can be supplied by means of the internal voltage buses P1 and P2.
Loads can be connected to these modules in turn (K2, K3, K4 in the figure above).
WARNING
In the event of a cross circuit between 2L+ and DO, the controlled actuator is no longer
switched off. You should always wire the actuators separately, for example, using
sheathed cables or separate cable ducts, in order to prevent any cross-circuits between
2L+ and DO.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
89
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
7.3.4
Parameters of the PM-E F pp DC24V PROFIsafe
Parameters in STEP 7
The table below lists the parameters that can be set for the PM-E F pp DC24V PROFIsafe.
Table 7- 8
Parameters of the PM-E F pp DC24V PROFIsafe
Parameter
Range
Default
Type of
Parameter
Effective
Range
F_destination_address
1 to 1022
is assigned
by STEP 7
Static
Module
F monitoring time
10 to 10000 ms
150 ms
Static
Module
F-Parameters:
See also
Configuration and Parameter Assignment (Page 26)
7.3.5
Diagnostic functions of the PM-E F pp DC24V PROFIsafe
Behavior in Case of Supply Voltage Failure
The failure of the PM-E F pp DC24V PROFIsafe power supply is always indicated by the
PWR LED on the module (light off). This information is also provided in the module
(diagnostic entry). The relay output of the module is passivated.
In the case of a voltage dip in the external auxiliary voltage, the SF LED lights up, the
module is passivated.
With the subsequent supply recovery (level must remain above the specified value for at
least 1 minute (refer to the technical specifications: voltages, currents, electrical potentials))
the SF LED goes out again, the module remains passivated. The SF LED flashes if there are
no other errors, until the error is acknowledged.
90
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
Diagnostic functions
The table below provides an overview of the diagnostic functions of the PM-E F pp DC24V
PROFIsafe. The diagnostic functions are assigned either to one channel or to the entire
module.
Table 7- 9
Diagnostic functions of the PM-E F pp DC24V PROFIsafe
Diagnostic Function*
Fault
number
LED
Effective Range of
Diagnostics
can be
assigned
parameter
s
Short circuit
1H
SF
Channel
No
Overtemperature
5H
SF
Module
No
Internal error
9H
SF
Module
No
Parameter assignment error
10H
SF
Module
No
Sensor voltage or load voltage missing
11H
SF
Module
No
Communication error
13H
SF
Module
No
Safety-related shutdown
19H
SF
Channel
No
*: Specially for F-modules; display in STEP 7, see "Channel-Specific Diagnostics, Fault Types of FailSafe Modules" table
WARNING
Before acknowledging the short-circuit diagnosis, remedy the respective error and validate
your safety function. To do this, proceed as described in chapter "Fault Diagnostics
(Page 43)".
Causes of Faults and Corrective Measures
The following table contains the possible causes of the faults described for the individual
diagnostic messages of the PM-E F pp DC24V PROFIsafe and remedies.
Table 7- 10
Diagnostic messages of the PM-E F pp DC24V PROFIsafe, causes of errors and
remedies
Diagnostic
Message
Fault
Detection
Possible Causes
Corrective Measures
Short circuit
For "0"
output signal
only
Cross-circuit between
P1 and L+
Remedy the cross-circuit and
acknowledge the error within 100 hours
after the error has occurred
Internal error
Replace module
Overtemperatur
e
Always
Shutdown due to
violation of upper or
lower temperature limit
value in the module
case
Check load wiring, check ambient
temperature, check whether permissible
output current is exceeded for the
ambient temperature. Once the fault has
been eliminated, the module must be
removed and inserted or the power
switched off and on.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
91
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
Diagnostic
Message
Fault
Detection
Possible Causes
Corrective Measures
Internal error
Always
Internal module fault
has occurred
Replace module
Parameter
assignment
error
Always
Inserted module does
not match
configuration; incorrect
parameter assignment
Correct the configuration (compare actual
and preset configuration), and check
communication paths. Correct parameter
assignment.
PROFIsafe address set Check whether the PROFIsafe address
incorrectly in the Fon the module matches the configuration
module
in HW Config
Sensor voltage
or load voltage
missing
Always
Supply voltage not
available or too low
(e.g. voltage dip on Fmodule, this can also
be caused, among
other things, by a
short-circuit on the
P1/P2 buses)
Communication
error
Always
Error in communication Test PROFIBUS/PROFINET connection.
between F-CPU and
Correct faults
module due to
defective PROFIBUS
connection or higher
than permissible EMI,
for example
PROFIsafe monitoring
time set too low
Check module for correct contact
Set a greater value for the "F monitoring
time" parameter for the module in
HW Config
Configuration of the F- Generate safety program again; then load
module does not match configuration and safety program into Fsafety program
CPU again
Safety-related
shutdown
Always
Switching frequency
exceeded
Reduce the switching frequency
Generally Applicable Information on Diagnostics
For information on diagnostics that pertains to all fail-safe modules (for example, for reading
out diagnostic functions, or passivating channels), refer to the Diagnostics chapter in this
manual.
92
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
7.3.6
Technical Specifications for the PM-E F pp 24 VDC PROFIsafe
Overview
Technical Specifications
Dimensions and Weight
Dimensions W x H x D (mm)
30 x 81 x 52
Weight
Approx. 80 g
Data for Specific Module
Number of outputs
•
Relay outputs (PP switching)
1
Assigned address area
•
In the I/O area for inputs
5 bytes
•
In the I/O area for outputs
5 bytes
Length of cable
•
Unshielded
200 m, maximum
•
Shielded
200 m, maximum
Maximum achievable safety class
•
according to IEC 61508, according to EN 954, SIL3, category 4, PLe (for conditions see "Power
according to ISO 13849
modulePM-E F pp DC24V PROFIsafe")
Fail-safe performance characteristics
SIL3
•
Low demand mode (average probability of
failure on demand)
< 1.00E-05
•
High demand/continuous mode (probability of
a dangerous failure per hour)
< 1.00E-10
•
Acceptance ID
FM, cULus, CE, C-Tick
Voltages, Currents, Potentials
Rated supply voltage L+
24 VDC
•
permissible range **
20.4 V to 28.8 V
•
Power loss ride-through of L+
None
•
Power loss ride-through of internal P5
5 ms
•
Reverse polarity protection
No
Total current of the relay output
•
•
Horizontal installation
– Up to 40 °C
– Up to 55 °C
– Up to 60 °C
Vertical installation
– Up to 40 °C
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
10 A
8A
7A
8A
93
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
Technical Specifications
Electrical isolation
•
Between output and backplane bus
Yes
•
Between output and power supply
No
•
Between output/power supply and shield
Yes
Permissible potential difference between
•
shield and ET 200S bus connection
75 VDC/60 VAC
•
Shield and I/O (DOs, P1/P2 buses)
75 VDC/60 VAC
•
ET 200S bus connection and I/O (DOs, P1/P2 250 VAC
buses)
Isolation in the series tested with
•
Shield and ET 200S bus connection
500 VDC/1 min or 600 VDC/1 s
•
Shield and I/O (DOs, P1/P2 buses)
500 VDC/1 min or 600 VDC/1 s
•
ET 200S bus connection and I/O (DOs, P1/P2 1500 VAC/1 min or 2545 VDC/1 s
buses)
Isolation in the type test tested with
•
Shield and ET 200S bus connection
350 VAC/1 min
•
Shield and I/O (DOs, P1/P2 buses)
350 VAC/1 min
•
ET 200S bus connection and I/O (DOs, P1/P2 2830 VAC/1 min
buses)
•
Surge voltage test between ET 200S bus
connection and I/O (DOs, P1/P2 buses)
6000 VDC/5 positive and 5 negative pulses
Current consumption
•
From backplane bus
28 mA, maximum
•
From load voltage L+ (without load)
100 mA, typical
Power dissipation of the module
4 W, typical
Status, Interrupts, Diagnostics
Status display
•
•
Green LED per channel
Green LED for the load voltage
Diagnostic functions
•
Group fault display
Red LED (SF)
•
Diagnostic information can be displayed
Possible
Data for Selecting an Actuator for the Relay Output*
Switching capacity and service life of contacts
(voltage 24 VDC)
•
•
94
Mechanical endurance (without load)
For resistive load
Current
Number of switching cycles (typ.)
0A
10 million
Current
Number of switching cycles (typ.)
10 A
0.23 million
8A
0.3 million
6A
0.38 million
4A
0.5 million
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.3 PM-E F pp DC24V PROFIsafe power module
Technical Specifications
•
•
For inductive load in accordance with IEC
60947-5-1, DC13
For lamp load
Contact protection (internal)
•
Between PP relay output and M
2A
1.0 million
1A
2.0 million
Current
Number of switching cycles (typ.)
10 A
0.1 million
8A
0.15 million
6A
0.2 million
4A
0.3 million
2A
0.5 million
1A
1.0 million
Power
Number of switching cycles (typ.)
100 W
0.12 million
Internal readback circuit
39 V suppressor diode
Wire break monitoring
No
Parallel connection of 2 outputs
Not possible
Control of a digital input
Possible
Switching frequency
•
With resistive load
2 Hz symmetrical, maximum
•
With inductive load in accordance with IEC
60947-5-1, DC13
0.1 Hz symmetrical, maximum
•
With lamp load
2 Hz symmetrical, maximum
Short-circuit protection of output
No, 10 A external circuit-breaker, "B"
characteristics required
Time, Frequency
Internal processing times
See "Response Times"
Acknowledgment time in safety mode
4 ms minimum/8 ms maximum
Protection against Overvoltage
Protection of power supply L+ from surge in
accordance with IEC 61000-4-5 with external
protection elements only
•
Symmetrical (L+ to M)
+ 1 kV; 1.2/50 μs
•
Asymmetrical (L+ to PE, M to PE)
+ 2 kV; 1.2/50 μs
Protection of outputs from surge in accordance
with IEC 61000-4-5 with external protection
elements only
Symmetrical (DO to M)
+ 1 kV; 1.2/50 μs
Asymmetrical (DO to PE, M to PE)
+ 1 kV; 1.2/50 μs
*: For more information on the requirements for sensors and actuators see "Wiring and Fitting
Modules".
**: Operating below the permissible supply voltage is only permissible for the repair time. See chapter
"Introduction (Page 61)."
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
95
Fail-Safe Modules
7.4 PM-D F DC24V PROFIsafe Power Module
7.4
PM-D F DC24V PROFIsafe Power Module
7.4.1
Properties of the PM-D F DC24V PROFIsafe Power Module
Order Number
3RK1903-3BA02
Properties
The PM-D F DC24V PROFIsafe power module disposes of the following properties:
● 6 shutdown groups, SG 1 through SG 6
● Output current of SG 1 through SG 6, each 3 A (total current 5 A)
● Rated load voltage 24 VDC per shutdown group
● Suitable for supplying:
– Fail-safe motor starters F-DS1e-x, F-RS1e-x
– Fail-safe frequency converters F-FU
– Fail-safe connection multipliers F-CM
– Fail-safe power/expansion modules PM-D F X1
– Brake control expansion modules xB1, xB2, xB3 and xB4
● Group fault display (SF; red LED)
● Status display per shutdown group (SG 1 through SG 6; green LED)
● Status display for load current power supply (PWR; green LED)
● Status display for electronic power supply (U1; green LED)
● achievable safety class SIL3/Category 4/PLe
Switching the Voltage Buses SG 1 through SG 6 and U 1
The power module can shut down voltage buses SG 1 through SG 6 over 6 digital outputs
complying with safety class SIL2/Category 3/PLd or SIL3/Category 4/PLe. The outputs are
implemented with two P switches. There is a main switch for all 6 shutdown groups and 6
individual switches connected in series per shutdown group.
The voltage bus U 1 (electronics power supply for the motor starters) is supplied with
24 VDC. When overvoltage or undervoltage occurs, U 1 is switched off by two P switches
and the downstream motor starters are passivated. In the event of a safety shutdown of
motor starters, U 1 is not switched off.
96
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.4 PM-D F DC24V PROFIsafe Power Module
Conditions for Achieving Safety Class
The conditions for achieving the various safety classes are summarized in the table below.
Table 7- 11
PM-D F DC24V PROFIsafe: Conditions for SIL/Categories/PL
Condition
Achievable SIL/Category/PL
Fail-safe motor starters are expanded with the expansion modules:
• Brake control xB3 and xB4
SIL2/Category 3/PLd
Power supply of:
• Exclusively fail-safe motor starters F-DS1e-x and F-RS1e-x
• Fail-safe frequency converters F-FU
• Fail-safe connection multipliers F-CM
• Fail-safe power/expansion modules PM-D F X1
SIL3/Category 4/PLe
Fail-safe motor starters are expanded with the expansion modules:
• Brake Control xB1 and xB2
Note
The safety classes SIL2/Category 3/PLd or SIL3/Category 4/PLe listed in the table above
can only be achieved with the modules specified in the "Condition" column. Configurations
with other modules (e.g. motor starter DS1-x/RS1x, DS1e-x/RS1e-x, DSS1e-x) are not
permitted for safety-related applications.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
97
Fail-Safe Modules
7.4 PM-D F DC24V PROFIsafe Power Module
7.4.2
Terminal Assignment of the PM-D F DC24V PROFIsafe
Front View
30')
352),VDIH
*URXSIDXOWGLVSOD\UHG
6WDWXVGLVSOD\IRU
ORDGFXUUHQWSRZHUVXSSO\JUHHQ
6WDWXVGLVSOD\VIRU
VKXWGRZQJURXSVJUHHQ
6WDWXVGLVSOD\IRUHOHFWURQLF
VXSSO\RIPRWRUVWDUWHUVJUHHQ
...
'&9
'&9
LQFRPLQJVXSSO\
0
0
LQFRPLQJVXSSO\
Figure 7-13
Front View of PM-D F DC24V PROFIsafe
WARNING
The SF LED and the status displays of the inputs/outputs are not designed for safetyrelated functions and may therefore not be evaluated for safety-related activities.
98
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.4 PM-D F DC24V PROFIsafe Power Module
Terminal assignment
On the PM-D F DC24V PROFIsafe, you connect only the 24 V DC load voltage power supply
and chassis. Wire the power module using the special terminal module.
The following table shows the terminal assignment of the PM-D F DC24V PROFIsafe for the
supported terminal module TM-PF30S47-F1 (order number 3RK1 903-3AA00).
Table 7- 12
Terminal Assignment of the TM-PF30S47-F1
Terminal
Designation
20
24 VDC
24 VDC rated load voltage for:
• Inserted power module and
• Voltage buses SG 1 through SG 6 and U1
21
M
Ground
27
24 VDC
24 VDC rated load voltage for:
• Inserted power module and
• Voltage buses SG 1 through SG 6 and U1
28
M
Ground
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
99
Fail-Safe Modules
7.4 PM-D F DC24V PROFIsafe Power Module
7.4.3
Wiring of the PM-D F DC24V PROFIsafe
Block Diagram
$GGUHVVVZLWFK
6*
6*
6*
6*
6*
6*
3VZLWFK
3:5
3URFHVVLQJORJLF
5/
%DFNSODQHEXVLQWHUIDFH
0
6*B
5/
5/
8
9
6)
9
8
3
0
0
Figure 7-14
7.4.4
Block diagram of the PM-D F DC24V PROFIsafe
Parameters of the PM-D F DC24V PROFIsafe
Parameters in STEP 7
The table below lists the parameters that can be assigned for the PM-D F DC24V
PROFIsafe.
Table 7- 13
Parameters of the PM-D F DC24V PROFIsafe
Parameter
Range
Default
Type of
Parameter
Effective
Range
F_destination_address
1 to 1022
Assigned by
STEP 7
Static
Module
F monitoring time
10 to 10000 ms
150 ms
Static
Module
F-Parameters:
100
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.4 PM-D F DC24V PROFIsafe Power Module
7.4.5
Diagnostic Functions of PM-D F DC24V PROFIsafe
Behavior in Case of Supply Voltage Failure
The failure of the PM-D F DC24V PROFIsafe power supply is always indicated by the PWR
LED on the module (light off). The failure of the electronics power supply is indicated by the
U1 LED of the module (light off). This information is also provided on the module (entry in
diagnostics data). Either all shutdown groups of the module (SG 1 through SG 6) are
passivated or, in the case of channel-specific passivation, only the relevant shutdown groups
are passivated.
In the case of a voltage dip in the external auxiliary voltage, the SF LED lights up, the
module is passivated.
With the subsequent supply recovery (level must remain above the specified value for at
least 1 minute (refer to the technical specifications: voltages, currents, electrical potentials))
the SF LED goes out again, the module remains passivated. The SF LED flashes if there are
no other errors, until the error is acknowledged.
Diagnostic functions
The table below provides an overview of the diagnostic functions of the PM-D F DC24V
PROFIsafe. The diagnostic functions are assigned either to a channel or the entire module.
Table 7- 14
Diagnostic functions of the PM-D F DC24V PROFIsafe
Diagnostic Function*
Fault
Number
LED
Effective Range of
Diagnostics
Can be
assigned
parameter
s
Short circuit
1H
SF
Channel
No
Overtemperature
5H
SF
Module
No
Internal error
9H
SF
Module
No
Parameter assignment fault
10H
SF
Module
No
Sensor voltage or load voltage missing
11H
SF
Module
No
Communication problem
13H
SF
Module
No
*: Specially for F-modules; display in STEP 7, see "Channel-Specific Diagnostics, Fault Types of FailSafe Modules" table
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
101
Fail-Safe Modules
7.4 PM-D F DC24V PROFIsafe Power Module
Causes of Faults and Corrective Measures
The following table contains the possible causes of the faults described for the individual
diagnostic messages of the PM-D F DC24V PROFIsafe and remedies.
Table 7- 15
Diagnostic messages of the PM-D F DC24V PROFIsafe, causes of errors and remedies
Diagnostics
Message
Fault
Detection
Possible Causes
Corrective Measures
Short circuit
Always
Short circuit in the
actuator
Cross circuit in the
actuator
Eliminate short-circuit/cross-circuit; once
the fault has been eliminated, the module
must be removed and inserted, or the
power switched OFF and ON
Internal error
Replace module
Overtemperatur
e
Always
Shutdown due to
violation of upper or
lower temperature limit
in the module case.
Check load wiring, check ambient
temperature. Once the fault has been
eliminated, the module must be removed
and inserted, or the power switched off
and on.
Internal error
Always
Internal module fault
has occurred
Replace module
Parameter
assignment
error
Always
Inserted module does
not match
configuration. Incorrect
parameter assignment
Correct the configuration (compare actual
and preset configuration), and check
communication paths. Correct the
parameter assignment.
PROFIsafe address set Check whether the PROFIsafe address
incorrectly in the Fon the module matches the configuration
module
in HW Config
external
auxiliary supply
missing
Always
No supply voltage or
supply voltage is too
low.
Check module for correct contact
Communication
error
Always
Error in communication Test PROFIBUS/PROFINET connection.
between F-CPU and
Correct faults
module due to
defective PROFIBUS
connection or higher
than permissible EMI,
for example
PROFIsafe monitoring
time set too low
Set a greater value for the "F monitoring
time" parameter for the module in
HW Config
Generally Applicable Information on Diagnostics
For information on diagnostics that pertains to all fail-safe modules (for reading out
diagnostic functions, passivating channels, for example), refer to Diagnostics chapter in this
manual.
See also
Fault Diagnostics (Page 43)
102
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.4 PM-D F DC24V PROFIsafe Power Module
7.4.6
Technical Specifications of the PM-D F DC24V PROFIsafe
Overview
Technical Specifications
Dimensions and Weight
Dimensions W x H x D (mm)
30 x 196.5 x 117.5
Weight
Approx. 112 g
Data for Specific Module
Number of outputs (P/P switching)
6 shutdown groups (SG 1 through SG 6)
Internal power supply for bus
U1
Assigned address area
•
In the I/O area for inputs
5 bytes
•
In the I/O area for outputs
5 bytes
Maximum achievable safety class
•
according to IEC 61508, according to EN 954, SIL3, category 4, PLe
according to ISO 13849
Fail-safe performance characteristics
SIL3
•
Low demand mode (average probability of
failure on demand)
< 1.00E-05
•
High demand/continuous mode (probability of
a dangerous failure per hour)
< 1.00E-10
•
Acceptance ID
CE, UL, CSA
Voltages, Currents, Potentials
Rated supply voltage L+
24 VDC
•
permissible range *
21.6 V to 26.4 V
•
Power loss ride-through of L+
None
•
Power loss ride-through of internal P5
5 ms
•
Reverse polarity protection
No
Total current of outputs
•
•
Horizontal installation
– Up to 40 °C
– Up to 60 °C
Brief/permanent
Vertical installation
– Up to 40 °C
Brief/permanent
10 A/5 A
10 A/4 A
10 A/4 A
Electrical isolation
•
Between channels and backplane bus
Yes
•
Between channels and power supply
No
•
Between channels
No
•
Between channels/power supply and shield
Yes
Permissible potential difference between
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
103
Fail-Safe Modules
7.4 PM-D F DC24V PROFIsafe Power Module
Technical Specifications
•
Shield and ET 200S bus connection
75 VDC/60 VAC
•
Shield and I/O (SGs, U 1 bus)
75 VDC/60 VAC
•
ET 200S bus connection and I/O (SGs, U 1
bus)
250 VAC
Isolation in the series tested with
•
Shield and ET 200S bus connection
500 VDC/1 min or 600 VDC/1 s
•
Shield and I/O (SGs, U 1 bus)
500 VDC/1 min or 600 VDC/1 s
•
ET 200S bus connection and I/O (SGs, U 1
bus)
1500 VAC/1 min or 2545 VDC/1 s
Isolation in the type test tested with
•
Shield and ET 200S bus connection
350 VAC/1 min
•
Shield and I/O (SGs, U 1 bus)
350 VAC/1 min
•
ET 200S bus connection and I/O (SGs, U 1
bus)
2830 VAC/1 min
•
Surge voltage test between ET 200S bus
connection and I/O (SGs, U1 bus)
6000 VDC/5 positive and 5 negative pulses
Current consumption
•
From backplane bus
28 mA, maximum
•
From load voltage L+ (without load)
100 mA, typical
Power dissipation of the module
4 W, typical
Status, Interrupts, Diagnostics
Status display
•
•
•
Green LED per SG
Green LED for electronic power supply
Green LED for the load voltage
Diagnostic functions
•
Group fault display
Red LED (SF)
•
Diagnostic information can be displayed
Possible
Time, Frequency
Internal processing times
See "Response Times"
Acknowledgment time in safety mode
4 ms minimum/8 ms maximum
Protection against Overvoltage
Protection of power supply L+ from surge in
accordance with IEC 61000-4-5 with external
protection elements only
•
Symmetrical (L+ to M)
+ 1 kV; 1.2/50 μs
•
Asymmetrical (L+ to PE, M to PE)
+2 kV; 1.2/50 μs
*: Operating below the permissible supply voltage is only permissible for the repair time. See chapter
"Introduction (Page 61)."
104
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
7.5
4/8 F-DI DC24V PROFIsafe Digital Electronic Module
7.5.1
Properties of the 4/8 F-DI 24 VDC PROFIsafe Digital Electronic Module
Order Number
6ES7138-4FA04-0AB0
Properties
The 4/8 F-DI DC24V PROFIsafe digital electronic module possesses the following
properties:
● 8 inputs (SIL2/Category 3/PLd) or 4 inputs (SIL3/Category 3 or Category 4/PLe)
● 24 VDC rated input voltage
● Suitable for switches and 3/4-wire proximity switches (BEROs)
● 2 short circuit-proof sensor supplies, each one for four inputs
● External sensor supply possible
● Group fault display (SF; red LED)
● Status display for each input (green LED)
● one fault display for each sensor supply (1VsF and 2VsF; red LED)
● Assignable diagnostics
Power Modules Suitable for SIL2 or SIL3
Table 7- 16
EM 4/8 F-DI DC24V PROFIsafe: Power modules for SIL/Category/PL
Power module
achievable SIL/Category/PL
Supply through PM-E DC24V, PME DC24..48V/AC24..230V or PM-E
DC24..48V
with 1oo1 sensor evaluation (8 F-DI) SIL2/Category 3/PLd
with 1oo2 sensor evaluation (4 F-DI) SIL3/Category 3/PLe
Capacitive Crosstalk of Digital Input/Output Signals
refer to "Characteristics of the power module PM-E F pm DC24V PROFIsafe"
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
105
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
7.5.2
Terminal assignment of the EM 4/8 F-DI DC24V PROFIsafe
Front View
*URXSHUURUGLVSOD\UHG
)DXOW/('SHUHQFRGHUVXSSO\UHG
YROWDJHVXSSO\IDXOW
Figure 7-15
106
6WDWXVLQGLFDWRUVSHU
LQSXWJUHHQ
Front view EM 4/8 F-DI DC24V PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Terminal Assignment
The figure below shows the terminal assignment of the EM 4/8 F-DI DC24V PROFIsafe for
the supported terminal module TM-E30S44-01, TM-E30C44-01, TM-E30S46-A1 and TME30C46-A1.
',',
9V9V
',',
9V9V
',',
9V9V
',',
9V9V
70($
70($
$
$
$ $
$
$ $
$8;$8;3(
$8;$8;3(
$
$8;$8;3(
DI
Fail-safe digital input
Vs1
Internal sensor power supply 1 for DI 0 to DI 3
Vs2
Internal sensor power supply 2 for DI 4 to DI 7
$8;$8;3(
For TM-E...46-A1 AUX 1 bus implemented. Connection to terminals A3 through A16 for any
connection of PE (individual grouping of sensor supplies possible)
Figure 7-16
Terminal assignment TM-E...44-01/TM-E...46-A1 for EM 4/8 F-DI DC24V PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
107
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
7.5.3
Wiring of the EM 4/8 F-DI DC24V PROFIsafe
Block diagram
$GGUHVVVZLWFK
9V)
0
9V 9V)
0
%DFNSODQHEXVLQWHUIDFH
3URFHVVLQJORJLF
9V 0
7HVWLQJ
)LOWHUORJLF
6WDWXV
0
6)
0
9 9
3 3 7KHQRWDWLRQRIWKH12FRQWDFWFRUUHVSRQGVWRWKHPRGXOHLQVFULSWLRQ+RZHYHUWKHHQFRGHU
FRQWDFWVPXVWEH1&FRQWDFWVLQJHQHUDOEHFDXVHRIWKHVDIHVWDWHRIWKHSURFHVVYDULDEOHV
Figure 7-17
7.5.4
Block Diagram of EM 4/8 F-DI DC24V PROFIsafe
Parameters of the EM 4/8 F-DI DC24V PROFIsafe
Parameters in STEP 7
The table below lists the parameters that can be set for the EM 4/8 F-DI DC24V PROFIsafe.
Table 7- 17
Parameters of the EM 4/8 F-DI DC24V PROFIsafe
Parameter
Range
Default
Type of
Parameter
Effective
Range
F_destination_address
1 to 1022
are assigned
by STEP 7
Static
Module
F monitoring time
10 to 10,000 ms
150 ms
Static
Module
F-Parameters:
Module Parameters:
108
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Parameter
Range
Default
Type of
Parameter
Effective
Range
Input delay
0.5 ms, 3 ms, 15 ms
3 ms
Static
Module
Short-circuit test
Cyclic/disable
Cyclic
Static
Module
Behavior after channel
faults*
Passivate the entire
module/Passivate the
channel
Passivate the Static
entire module
Module
Channel n, n+4
Activated/deactivated
Activated
Static
Channel
group
Sensor supply
internal/external
internal
Static
Channel
group
Sensor evaluation
1oo2 evaluation /
1oo1 evaluation
1oo2
evaluation
Static
Channel
group
Type of sensor
interconnection
1-channel;
2-channel
equivalent
Static
Channel
group
2-channel equivalent;
2-channel, nonequivalent
Behavior of discrepancy
Provide last valid value; Provide last
provide 0 value
valid value
Static
Channel
group
Discrepancy time
10 to 30,000 ms
10 ms
Static
Channel
group
Reintegration after
discrepancy error
Zero signal test not
required/zero signal
test required
Zero signal
test not
required
Static
Channel
group
* This setting is only relevant when optional package S7 Distributed Safety V5.4 or higher is installed.
Input Delay of 3 ms Parameter
Note
When operating with 3 ms input delay, you must always use shielded cables if there is a
danger of overvoltage on the signal lines (see section "Electromagnetic Compatibility") to
prevent possible passivation of the fail-safe digital inputs and shutdown of the sensor power
supply.
If unshielded signal lines are used the safe behavior of the process variables is ensured.
Short-Circuit Test Parameter
This parameter can be used to activate short-circuit detection for channels set up for
"internal sensor supply."
The short-circuit test parameter is used to activate or deactivate the cyclic short-circuit test.
The short-circuit test is only useful for simple switches that do not have their own power
supply. Always use the internal sensor power supplies if the short-circuit test has been
activated (see also "Applications for the 4/8 F-DI DC24V PROFIsafe electronic module").
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
109
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Sensor supply parameter
This parameter can be used to activate the "Internal sensor supply" of the F-module. This
setting is a prerequisite for using the short-circuit test.
Note
When there are different sensor supply parameter settings (internal/external) for the
individual channel groups, the applications shown in the next chapter apply to specific
channel groups.
Discrepancy behavior parameter
For "Behavior of Discrepancy," you assign the value that is to be made available to the
safety program in the F-CPU during the time that a discrepancy exists between two input
channels, i.e., during the discrepancy time. To program behavior of discrepancy:
● "Provide last valid value" or
● "Provide 0 value"
Requirements
Parameter settings:
● Sensor evaluation: "1oo2 evaluation"
"Provide last valid value"
The last valid value (old value) from before the discrepancy occurred is immediately made
available to the safety program in the fail-safe CPU as soon as a discrepancy is detected
between the signals of the two input channels involved. This value remains available until the
discrepancy is cleared, or until the discrepancy time has expired and a discrepancy error is
detected. The sensor-actuator response time is extended by this time.
As a result, the discrepancy time for sensors connected over two channels for high-speed
reactions must be tuned to short response times. Thus, it makes no sense, for example, if
sensors connected via 2 channels with a discrepancy time of 500 ms trigger a time-critical
shutdown. In the worst case scenario, the sensor-actuator response time is extended by an
amount approximately equal to the discrepancy time:
● For this reason, position the sensors in the process in such a way as to minimize
discrepancy.
● Then select the shortest possible discrepancy time which is also sufficient to compensate
for faulty triggering of discrepancy errors.
"Provide 0 value"
The "0" value is immediately made available to the safety program in the F-CPU as soon as
discrepancy is detected between the signals of the two input channels involved.
If the "Provide 0 value" parameter is set, the sensor-actuator response time will not be
influenced by the discrepancy time.
110
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Discrepancy Time Parameter
You can define the discrepancy time for each channel pair with this parameter. The entered
value is rounded to a multiple of 10 ms.
Requirements
Parameter settings:
● Sensor evaluation: "1oo2 evaluation"
● Type of sensor interconnection: "2-channel equivalent" or "2-channel non-equivalent"
Discrepancy Analysis and Discrepancy Time
When using a dual-channel, or non-equivalent sensor, or two single-channel sensors which
measure the same physical process variable, the sensors will interact with a slight time delay
because of precision limitations in their arrangement.
The discrepancy analysis for equality/non-equality is used at fail-safe inputs to detect errors
based on the timing of two signals with the same functionality. Discrepancy analysis is
initiated when different levels (when testing for nonequivalence: same voltage levels) are
detected at two associated input signals. A test is conducted to determine whether the
difference in levels (when testing for nonequivalence: the match) has disappeared after
expiration of a specified time known as the discrepancy time. If not, this means that a
discrepancy error exists.
In most cases, a discrepancy time is started, but does not fully expire since the signal
differences are cleared within a short time.
Select a discrepancy time of sufficient length so that in case of no error, the difference
between the two signals (when checking for nonequivalence: the consistency) has definitely
disappeared before the discrepancy time expires.
Response During Discrepancy Time
While the programmed discrepancy time is running internally on the module, either the last
valid valueor "0" is returned to the safety program on the F-CPU by the input channels
involved, depending on the parameter settings for the behavior of discrepancy.
Response During Discrepancy Time
If the input signals are not equivalent following expiration of the specified discrepancy time
(when checking for nonequivalence: no inequality), for example due to wire break at a
sensor line, the system detects a discrepancy error and generates a "discrepancy"
diagnostic message in the diagnostic buffer of the F-I/O module to identify the faulty
channels.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
111
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Reintegration After Discrepancy Error Parameter
With this parameter you can define the criteria for clearing discrepancy errors which, when
fulfilled, facilitate reintegration of the relevant input channels. Programming options:
● "Zero signal test required" or
● "Zero signal test not required"
Requirements
Parameter settings:
● Sensor evaluation: "1oo2 evaluation"
"Zero signal test required"
When "Zero signal test required" is set, a discrepancy error is not considered cleared until a
zero signal is set at both input channels.
When using nonequivalent sensors, that is, "2-channel nonequivalent" is set at the "Type of
sensor interconnection" parameter, the zero signal must again be set at the channel which
provides the wanted signal.
"Zero signal test not required"
When "Zero signal test not required" is set, a discrepancy error is considered cleared when a
discrepancy no longer exists between the two input channels.
SIMATIC S7 F-modules, for which you cannot program the "Reintegration after discrepancy
error" parameter, also behave in this way.
112
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
7.5.5
Applications for the 4/8 F-DI DC24V PROFIsafe Electronic Module
Selecting the Application
The diagram below supports you in selecting an application which suits your fail-safe
requirements. The following chapters provide information for each application on wiring the
F-module, and which specific parameters you must program in STEP 7.
5HTXLUHG
VDIHW\FODVV"
6,/&DWHJRU\
3/G
6,/&DWHJRU\
3/H
6,/&DWHJRU\
3/H
8VHFDVHVWR
6HHFDVH
6HHFDVHV
6HHFDVHV
Figure 7-18
Use case selection - 4/8 F-DI DC24V PROFIsafe electronic module
WARNING
The achievable safety class is determined by the sensor quality and the length of the prooftest interval in accordance with IEC 61508 standard. If the sensor quality does not meet the
requirements of the safety class, wire it to two channels for redundant operation.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
113
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Conditions for achieving SIL/Category/PL
The table below lists the conditions which have to be met for achieving the various safety
categories.
Table 7- 18
EM 4/8 F-DI DC24V PROFIsafe: Conditions for achieving SIL/Category/PL
Application
Sensors
Sensor
Evaluation
Sensor Supply
achievable
SIL/Category/
PL
1
1-channel
1oo1
Internal, with shortcircuit test
2/3/d
Internal, without shortcircuit test
External
2.1
1-channel
1oo2
Internal, with shortcircuit test
3/3/e
Internal, without shortcircuit test
External
2.2
2-channel
equivalent
1oo2
Internal, without shortcircuit test
External
2.3
2-channel,
nonequivalent
1oo2
Internal, without shortcircuit test
External
3.1
2-channel
equivalent
3.2
2-channel,
nonequivalent
1oo2
Internal, with shortcircuit test
3/4/e
Note
You can operate the various inputs of an F-DI module simultaneously in SIL2/Category
3/PLd and SIL3/Category 3 or 4/PLe. You only have to connect the inputs and assign the
parameters as shown in the following chapters.
Sensor Requirements
Please note the information in section "Requirements for Sensors and Actuators" when using
sensors for safety-related applications.
See also
Requirements for Sensors and Actuators (Page 37)
Using ET 200S Fail-Safe Modules (Page 14)
114
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
7.5.6
Application 1: SIL2/Category 3/PLd safety mode
Sensor supply
The EM 4/8 F-DI DC24V PROFIsafe provides sensor supply Vs1 for Inputs 0 to 3 and sensor
supply Vs2 for Inputs 4 to 7. The sensor supply can be powered internally or externally.
Wiring Diagram for Application 1 – Connecting One Sensor to One Channel
One sensor is connected to one channel (1oo1 evaluation) for each process signal.
The wiring is carried out on the appropriate terminal module.
30(
)',
/ 0
9V ', 6 ', 6 ', 6 ', 9V 6 ', 6 ', 6 ', 6 ', 6 / 0
Figure 7-19
Wiring diagram EM 4/8 F-DI DC24V PROFIsafe - one sensor connected via one
channel, internal sensor supply
30(
)',
/ 0
9V ', 6 ', 6 ', 6 ', 6 9V ', 6 ', 6 ', 6 ', 6 / 0
Figure 7-20
Wiring diagram EM 4/8 F-DI DC24V PROFIsafe - one sensor connected via one
channel, internal sensor supply
WARNING
To achieve SIL2/Category 3/PLd using this wiring, you must use a suitably qualified sensor.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
115
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Assignable Parameters for Application 1
Set the "Sensor evaluation" parameter to "1oo1" for the corresponding input.
You can activate or deactivate the "short-circuit test" parameter. For digital inputs connected
to an external supply, set the "Sensor supply" parameter for the corresponding digital input
to "external". The program will otherwise report a "short circuit" diagnostics event if the
"short-circuit test" is activated.
Special Features of Fault Detection (Application 1)
The following table presents fault detection according to the sensor supply and the
parameter assignment for the short-circuit test:
Table 7- 19
EM 4/8 F-DI DC24V PROFIsafe: Fault Detection (Application 1)
Example of Fault
Fault detection if ...
internal sensor supply internal sensor power
and short-circuit test
supply and shortactivated
circuit test are
deactivated
external sensor
supply
Short circuit in DI 0 with DI 1
No
No
No
Short circuit in DI 0 with DI 4
Yes*
No
No
P-short circuit in DI 0
Yes
No
No
M-short circuit in DI 0
Yes*
Yes*
No
-
-
-
P-short circuit in sensor
supply 1
Yes
no
No
M-short circuit in sensor
supply 1, or sensor supply 2
defective
Yes
Yes
Yes
Short circuit in sensor supply
1 with sensor supply 2
Yes
no
no
Fault in read/test circuit
Yes
Yes
Yes
Supply voltage fault
Yes
Yes
Yes
Discrepancy error
*: Fault detection only if signals are corrupted. That is, the signal reading differs compared to the
sensor signal. If there is no signal corruption with respect to the sensor signal, fault detection is not
possible and is not required from a safety standpoint.
WARNING
If the short-circuit test is not activated or the sensor supply to digital inputs is set to
"external", the wiring between the sensor and the input channel must be short circuit-proof.
116
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
7.5.7
Application 2: Safety mode SIL3/Category 3/PLe
Assigning Inputs to Each Other
The EM 4/8 F-DI DC24V PROFIsafe has 8 fail-safe inputs, DI 0 through DI 7 (SIL2). A pair of
these inputs can each be used as one input (SIL3). The following assignment applies:
● DI 0 with DI 4
● DI 1 with DI 5
● DI 2 with DI 6
● DI 3 with DI 7
Sensor supply
The EM 4/8 F-DI DC24V PROFIsafe provides sensor supply Vs1 for Inputs 0 to 3 and sensor
supply Vs2 for Inputs 4 to 7. The sensors can be powered internally or externally.
Wiring Diagram for Application 2.1 - Connecting one channel of one sensor to two inputs
Single-channel connection of a sensor to two inputs of the F-module for each process signal
(1oo2 evaluation).
Note
If you power the sensors from the F-DI module, you must use the internal sensor supply Vs1.
Connection to Vs2 is not possible.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
117
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
The wiring is carried out on the appropriate terminal module.
PM-E
4/8 F-DI
/ 0
9V
',
',
',
9V
',
',
',
',
',
6
6
6
6
/
0
Figure 7-21
Wiring diagram EM 4/8 F-DI DC24V - one sensor connected via one channel to two
inputs, internal sensor supply
PM-E
4/8 F-DI
/ 0
9V
',
',
',
',
9V
',
',
',
',
6
6
6
6
/ 0
Figure 7-22
118
Wiring diagram EM 4/8 F-DI DC24V - one sensor connected via one channel to two
inputs, external sensor supply
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
WARNING
To achieve SIL3/Category 3/PLe using this wiring, you must use a suitably qualified sensor.
Assignable Parameters for Application 2.1
Set the "1oo2 evaluation" at the corresponding input, and "Single-channel" at the "Type of
sensor interconnection" parameter. The default discrepancy time of 10 ms cannot be
modified.
You can activate or deactivate the "short-circuit test" parameter. For digital inputs connected
to an external supply, set the "Sensor supply" parameter for the corresponding digital input
to "external". The program will otherwise report a "short circuit" diagnostics event if the
"short-circuit test" is activated.
Specific Features of Fault Detection (Application 2.1)
The following table presents fault detection according to the sensor supply and the
parameter assignment for the short-circuit test:
Table 7- 20
EM 4/8 F-DI DC24V PROFIsafe: Fault detection (application 2.1)
Example of fault
Fault detection if ...
Internal sensor supply Internal sensor supply
and short-circuit test
and short-circuit test
are activated
are deactivated
External sensor
supply
Short circuit in DI 0 with DI 1
no
no
no
Short circuit in DI 0 with DI 5
no
no
no
P-short circuit in DI 0
Yes
no
no
M-short circuit in DI 0
Yes*
Yes*
no
Discrepancy error
Yes
Yes
Yes
P-short circuit in sensor
supply 1
Yes
no
no
M-short circuit in sensor
supply 1, or sensor supply 2
defective
Yes
Yes
Yes
Short circuit in sensor supply
1 with sensor supply 2
Yes
no
no
Fault in read/test circuit
Yes
Yes
Yes
Supply voltage fault
Yes
Yes
Yes
*: Fault is detected only in case of signal corruption. In other words, the signal read differs from the
sensor signal (discrepancy error). If there is no signal corruption with respect to the sensor signal,
fault detection is not possible and is not required from a safety standpoint.
WARNING
If the short-circuit test is disabled or cannot be enabled, the wiring between the sensor and
input channel must be short circuit-proof.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
119
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Wiring Diagram for Application 2.2 - Connecting a Two-Channel Sensor to Two Channels
A 2-channel sensor is connected to two inputs of the F-module for each process signal (1oo2
evaluation).
The wiring is carried out on the appropriate terminal module.
30(
)',
/ 0
9V
',
', ',
',
6
9V
',
', ',
',
6
6
6
/ 0
①
Encoder contacts are coupled mechanically
Figure 7-23
Wiring diagram EM 4/8 F-DI DC24V - a 2-channel sensor connected via two channels,
internal sensor supply
30(
)',
/ 0
9V
',
',
',
',
6
9V
',
',
',
',
6
6
6
/ 0
①
Encoder contacts are coupled mechanically
Figure 7-24
120
Wiring diagram EM 4/8 F-DI DC24V - a 2-channel sensor connected via two channels,
external sensor supply
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Wiring Diagram for Application 2.2 – Connecting Two Single-Channel Sensors to Two Channels
Two single-channel sensors are connected via two channels to two inputs of the F-module
for each process signal (1oo2 evaluation). The sensors can also be connected to an external
sensor supply.
30(
)',
/ 0
9V ', ', ', ', 9V ', ', ', ', 6 6 6 6 / 0
Figure 7-25
Wiring diagram EM 4/8 F-DI DC24V - two 1-channel sensors connected via two
channels, internal sensor supply
WARNING
To achieve SIL3/Category 3/PLe using this wiring, you must use a suitably qualified sensor.
Assignable Parameters for Application 2.2
Set the "sensor evaluation" to "1oo2 evaluation" at the corresponding input, and "2-channel
equivalent" at the "Type of sensor interconnection" parameter. Disable the "short-circuit test"
parameter.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
121
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Specific Features of Fault Detection (Application 2.2)
The table below lists the fault detection according to the sensor supply and the parameter
assignment for the short-circuit test:
Table 7- 21
EM 4/8 F-DI DC24V PROFIsafe: Fault Detection (Application 2.2)
Example of fault
Fault detection if ...
Internal sensor supply and
short-circuit test are
deactivated
External sensor supply
Short circuit in DI 0 with DI 1
Yes*
Yes*
Short circuit in DI 0 with DI 4
no
no
Short circuit in DI 0 with DI 5
Yes*
Yes*
P-short circuit in DI 0
Yes*
Yes*
M-short circuit in DI 0
Yes*
Yes*
Discrepancy error
Yes
Yes
P-short circuit in sensor supply 1
no
no
M-short circuit in sensor supply 1, or
sensor supply 2 defective
Yes
Yes
Short circuit in sensor supply 1 with
sensor supply 2
no
no
Fault in read/test circuit
Yes
Yes
Supply voltage fault
Yes
Yes
*: Fault is detected only in case of signal corruption. In other words, the signal read differs from the
sensor signal (discrepancy error). If there is no signal corruption with respect to the sensor signal,
fault detection is not possible and is not required from a safety standpoint.
Wiring Diagram for Application 2.3 - Connecting a Nonequivalent Sensor to Two Nonequivalent
Channels
A nonequivalent connection of a 2-channel sensor is connected to two inputs of the Fmodule for each process signal (1oo2 evaluation).
Alternatively, two one-channel sensors can be connected via two channels non-equivalently
(see figure "Wiring diagram EM 4/8 F-DI DC24V - two one-Channel sensors connected via
two channels nonequivalently, internal sensor supply"). In this case, the same process
variable is acquired with two mechanically separate sensors.
The left-hand channels on the F-module (DI0 through DI3) supply the wanted signals. If no
faults are detected, these signals will be available in the process image for inputs on the FCPU.
Note
If you power the sensors from the F-DI module, you must use the internal sensor supply Vs1.
Connection to Vs2 is not possible.
122
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
The wiring is carried out on the appropriate terminal module.
30(
)', / 0
9V
', ', ', ',
9V
',
',
',
',
6
6
6
6
/ 0
Figure 7-26
7KHOHIWKDQGFKDQQHOVRQWKH)PRGXOHVXSSO\WKHZDQWHGVLJQDOV
Wiring diagram EM 4/8 F-DI DC24V - a nonequivalent 2-channel sensor connected via
two channels non-equivalently, internal sensor supply
30(
)',
/ 0
9V
', ', ', ',
9V
',
',
',
',
6
6
6
6
/ 0
Figure 7-27
7KHOHIWKDQGFKDQQHOVRQWKH)PRGXOHVXSSO\WKHZDQWHGVLJQDOV
Wiring diagram EM 4/8 F-DI DC24V - a non-equivalent sensor connected via two
channels non-equivalently, external sensor supply
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
123
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Wiring Diagram for Application 2.3 – Connecting Two Single-Channel Sensors Nonequivalently via
Two Channels
The left-hand channels on the F-module (DI0 through DI3) supply the wanted signals. If no
faults are detected, these signals will be available in the I/O area for inputs on the F-CPU.
The sensors can also be connected to an external sensor supply.
30(
)',
9V
/ 0
', ', ', ',
9V
',
',
',
',
6
6
6
6
/ 0
Figure 7-28
7KHOHIWKDQGFKDQQHOVRQWKH)PRGXOHVXSSO\WKHZDQWHGVLJQDOV
Wiring diagram EM 4/8 F-DI DC24V - two 1-channel sensors connected via two
channels, internal sensor supply
WARNING
To achieve SIL3/Category 3/PLe using this wiring, you must use a suitably qualified sensor.
Assignable Parameters for Application 2.3
Set the "sensor evaluation" to "1oo2 evaluation" at the corresponding input, and "2-channel
equivalent" at the "Type of sensor interconnection" parameter. Disable the "short-circuit test"
parameter.
For digital inputs connected to an external supply, set the "Sensor supply" parameter for the
corresponding digital input to "external".
124
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Specific Features of Fault Detection (Application 2.3)
The table below presents fault detection according to the sensor supply and the parameter
assignment for the short-circuit test:
Table 7- 22
EM 4/8 F-DI DC24V PROFIsafe: Fault Detection (Application 2.3)
Example of fault
Fault detection if ...
Internal sensor supply and
short-circuit test are
deactivated
External sensor supply
Short circuit in DI 0 with DI 1
Yes*
Yes*
Short circuit in DI 0 with DI 4
Yes
Yes
Short circuit in DI 0 with DI 5
Yes*
Yes*
P-short circuit in DI 0
Yes*
Yes*
M-short circuit in DI 0
Yes*
Yes*
Discrepancy error
Yes
Yes
P-short circuit in sensor supply 1
no
no
M-short circuit in sensor supply 1, or
sensor supply 2 defective
Yes
Yes
Short circuit in sensor supply 1 with
sensor supply 2
no
no
Fault in read/test circuit
Yes
Yes
Supply voltage fault
Yes
Yes
*: Fault is detected only in case of signal corruption. In other words, the signal read differs from the
sensor signal (discrepancy error). If there is no signal corruption with respect to the sensor signal,
fault detection is not possible and is not required from a safety standpoint.
7.5.8
Application 3: Safety mode SIL3/Category 4/PLe
Assigning Inputs to Each Other
The EM 4/8 F-DI DC24V PROFIsafe has 8 fail-safe inputs, DI 0 through DI 7 (SIL2). A pair of
these inputs can each be used as one input (SIL3). The following assignment applies:
● DI 0 with DI 4
● DI 1 with DI 5
● DI 2 with DI 6
● DI 3 with DI 7
Sensor supply
The EM 4/8 F-DI DC24V PROFIsafe provides sensor supply Vs1 for Inputs 0 to 3 and sensor
supply Vs2 for Inputs 4 to 7. The sensor must be supplied internally.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
125
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Wiring Diagram for Application 3.1 - Connecting a Two-Channel Sensor to Two Channels
A 2-channel sensor is connected to two inputs of the F-module for each process signal (1oo2
evaluation).
Wiring diagram of the connection of two single-channel sensors to two channels. In this
case, the same process variable is acquired with two mechanically separate sensors.
The wiring is carried out on the appropriate terminal module.
30(
)',
/ 0
9V
',
', ',
',
6
9V
',
', ',
',
6
6
6
/ 0
①
Encoder contacts are coupled mechanically
Figure 7-29
Wiring diagram EM 4/8 F-DI DC24V - a 2-channel sensor connected via two channels,
internal sensor supply
Alternatively, two one-channel sensors can be connected via two channels (see figure
"Wiring diagram EM4/8 F-DI DC24V - two one-channel sensors connected via two channels,
internal sensor supply"). In this case, the same process variable is acquired with two
mechanically separate sensors.
WARNING
To achieve SIL3/Category 4/PLe using this wiring, you must use a suitably qualified sensor.
Assignable Parameters for Application 3.1
Set the "sensor evaluation" to "1oo2 evaluation" at the corresponding input, and "2-channel
equivalent" at the "Type of sensor interconnection" parameter. Activate the "short-circuit test"
parameter and set "internal" at the "sensor supply" parameter.
126
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Wiring Diagram for Application 3.2 - Connecting a Nonequivalent Sensor to Two Nonequivalent
Channels
4 process signals can be connected to an EM 4/8 F-DI DC24V PROFIsafe. A sensor is
nonequivalently connected via 2 channels to two inputs of the F-module for each process
signal (1oo2 evaluation).
Alternatively, two one-channel sensors can be connected via two channels (see figure
"Wiring diagram EM 4/8 F-DI DC24V - two one-channel sensors connected via two channels
nonequivalently, internal sensor supply"). In this case, the same process variable is acquired
with two mechanically separate sensors.
The left-hand channels on the F-module (DI0 through DI3) supply the wanted signals. If no
faults are detected, these signals will be available in the I/O area for inputs on the F-CPU.
Note
You must use the internal sensor supply Vs1 to supply voltage to the sensor. Connection to
Vs2 is not possible.
The wiring is carried out on the appropriate terminal module.
30(
)',
/ 0
9V
', ', ', ',
9V
',
',
',
',
6
6
6
6
/ 0
Figure 7-30
7KHOHIWKDQGFKDQQHOVRQWKH)PRGXOHVXSSO\WKHZDQWHGVLJQDOV
Wiring diagram EM 4/8 F-DI DC24V - a nonequivalent sensor connected via two
channels non-equivalently, internal sensor supply
WARNING
To achieve SIL3/Category 4/PLe using this wiring, you must use a suitably qualified sensor.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
127
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Wiring Diagram for Application 3.2 – Connecting Two Single-Channel Sensors Nonequivalently via
Two Channels
The left-hand channels on the F-module (DI0 through DI3) supply the wanted signals. If no
faults are detected, these signals will be available in the I/O area for inputs on the F-CPU.
30(
)',
9V
/ 0
', ', ', ',
9V
',
',
',
',
6
6
6
6
/ 0
Figure 7-31
7KHOHIWKDQGFKDQQHOVRQWKH)PRGXOHVXSSO\WKHZDQWHGVLJQDOV
Wiring diagram EM 4/8 F-DI DC24V - two 1-channel sensors connected via two
channels, internal sensor supply
WARNING
To achieve SIL3/Category 4/PLe using this wiring, you must use a suitably qualified sensor.
Assignable Parameters for Application 3.2
Set the "sensor evaluation" to "1oo2 evaluation" at the corresponding input, and "2-channel
equivalent" at the "Type of sensor interconnection" parameter. Activate the "short-circuit test"
parameter and set "internal" at the "sensor supply" parameter.
128
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Special Features of Fault Detection (Application 3.1 and 3.2)
The following table presents fault detection according to the sensor supply and the
parameter assignment for the short-circuit test:
Table 7- 23
EM 4/8 F-DI DC24V PROFIsafe: Fault Detection (Application 3.1 and 3.2)
Example of fault
Fault detection with internal sensor power supply and
activated short-circuit test for...
Sensor 2-channel equivalent
Sensor 2-channel nonequivalent
Short circuit in DI 0 with DI 1
Yes*
Yes*
Short circuit in DI 0 with DI 4
Yes*
Yes
Short circuit in DI 0 with DI 5
Yes*
Yes*
P-short circuit in DI 0
Yes
Yes
M-short circuit in DI 0
Yes*
Yes*
Discrepancy error
Yes
Yes
P-short circuit in sensor supply 1
Yes
Yes
M-short circuit in sensor supply 1, or
sensor supply 2 defective
Yes
Yes
Short circuit in sensor supply 1 with
sensor supply 2
Yes
Yes
Fault in read/test circuit
Yes
Yes
Supply voltage fault
Yes
Yes
*: Fault is detected only in case of signal corruption. In other words, the signal read differs from the
sensor signal (discrepancy error). If there is no signal corruption with respect to the sensor signal,
fault detection is not possible and is not required from a safety standpoint.
Requirements for Machine Protection Applications with Category 4
The following requirements apply for applications in machine protection with category 4:
● The wiring between sensors and automation system and between automation system
and actuators must be designed to state-of-the-art engineering and standards to prevent
short circuits
● All short circuits listed in the above table are covered. It is sufficient to locate a short
circuit, because two faults are required for it to occur (both signal lines in short circuit
have an insulation fault). A multiple short circuit analysis is not required.
Procedures for locating all short circuits are also permissible if single short circuits are not
located,
● provided these do not cause corruption of read signals compared to the sensor signals or
● provided they cause corruption of read signals compared to sensor signals in the
direction that ensures safety.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
129
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
7.5.9
Diagnostic Functions of the EM 4/8 F-DI DC24V PROFIsafe
Behavior in Case of Supply Voltage Failure
Failure of the Vs1 and Vs2 sensor power supply of the EM 44/8 F-DI DC24V PROFIsafe is
indicated by the 1VsF and 2VsF LED on the F-module. This information is also provided in
the module (diagnostic entry). Either all channels of the module are passivated or, in case of
channel-specific passivation, the relevant channels are passivated.
In the case of a voltage dip in the external auxiliary voltage, the SF LED lights up, the
module is passivated.
With the subsequent supply recovery (level must remain above the specified value for at
least 1 minute (refer to the technical specifications: voltages, currents, electrical potentials))
the SF LED goes out again, the module remains passivated. The SF LED flashes if there are
no other errors, until the error is acknowledged.
Behavior in Case of Cross-Circuit/Short-Circuit at the Sensor Supply
When operating with programmed external sensor supply and blocked short-circuit test, you
enable the detection of short-circuits to M at the sensor supplies and signaling at the
corresponding VsFLED. No entries are made in the diagnostics data of the module.
When operating with a configured external sensor supply and cyclic short-circuit test, you
enable the detection of cross-circuits between 1Vs and 2Vs and short-circuits to M and P at
the sensor supplies and signaling at the corresponding VsF LED. No entries are made in the
diagnostics data of the module.
Diagnostic functions
The table below provides an overview of the diagnostic functions of the EM 4/8 F-DI DC24V
PROFIsafe. The diagnostic functions are assigned either to one channel or to the entire
module.
Table 7- 24
Diagnostic functions of the EM 4/8 F-DI DC24V PROFIsafe
Diagnostic Function*
Fault
Number
LED
Signaled in
Application
Effective
Range of
Diagnostics
Can be
Assigned
Parameter
s
Short circuit
1H
SF
1, 2, 3
Channel
Yes
1VsF
2VsF
130
Overtemperature
5H
SF
1, 2, 3
Module
No
Internal error
9H
SF
1, 2, 3
Module
No
Parameter assignment error
10H
SF
1, 2, 3
Module
No
Sensor voltage or load voltage
missing
11H
SF
1, 2, 3
Module
No
Communication error
13H
SF
1, 2, 3
Module
No
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Diagnostic Function*
Fault
Number
LED
Signaled in
Application
Effective
Range of
Diagnostics
Can be
Assigned
Parameter
s
Discrepancy error (1oo2
evaluation)
19H
SF
2,3
Channel
No
safety-oriented tripping
*: Specially for F-modules; display in STEP 7, see "Channel-Specific Diagnostics, Fault Types of FailSafe Modules" table
Note
If you have activated the short-circuit test for the F-DI module in STEP 7 and are using only
one of the two internal sensor supplies of the module (Vs1 or Vs2), a channel M-short circuit
is then detected for each of the four channels with a sensor supply that is not used. Four
"short-circuit" diagnostic functions are generated in the diagnostic buffer of the F-module.
Special Features of Fault Detection
The detection of certain faults (short-circuits or discrepancy errors, for example) depends on
the application, the wiring, and the parameter assignment of the short-circuit test and the
sensor power supply. For this reason, tables on fault detection for the applications are
presented in "Application 1: Safety mode SIL2/Category 3/PLd" to "Use case 3: Safety mode
SIL3/Category 4/PLe".
Causes of Faults and Corrective Measures
The following table contains the possible causes of the faults described for the individual
diagnostic messages of the EM 4/8 F-DI DC24V PROFIsafe and remedies.
Table 7- 25
Diagnostic messages of the EM 4/8 F-DI DC24V PROFIsafe, causes of errors and
remedies
Diagnostic
Message
Possible Causes
Corrective Measures
Short circuit
Short circuit in the sensor
Eliminate short circuit/cross circuit
Cross circuit in the sensor
Check the sensor supply
Encoder supply short-circuit
Internal error
Replace module
Overtemperature Shutdown due to violation of upper or
lower temperature limit value in the
module case.
Check load wiring, check ambient
temperature, check whether permissible
output current is exceeded for the ambient
temperature. Once the fault has been
eliminated, the module must be removed
and inserted or the power switched OFF
and ON.
Internal error
Replace module
Internal module fault has occurred
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
131
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Diagnostic
Message
Possible Causes
Corrective Measures
Parameter
assignment error
Inserted module does not match
configuration
Correct configuration (compare actual and
preset configuration)
Faulty parameter assignment
Check communication paths
Correct configuration
PROFIsafe address set incorrectly in
the F-module
Check whether the PROFIsafe address on
the module matches the configuration in
Sensor voltage
or load voltage
missing
No supply voltage or supply voltage
is too low
Check the supply voltage on the
interconnected PM
Communication
error
Error in communication between FCheck the PROFIBUS/PROFINET
CPU and module due to defective
connection
PROFIBUS connection or higher than Eliminate the interference
permissible EMI, for example
Discrepancy
error (1oo2
evaluation)
HW Config
Check module for correct contact
PROFIsafe monitoring time set too
low
Set a greater value for the "F monitoring
time" parameter for the module in
Configuration of the F-module does
not match safety program
Generate safety program again; then load
configuration and safety program into FCPU again
Faulty process signal
Check process signal, replace sensor if
necessary
Defective sensor
Short circuit between unconnected
sensor cable and the sensor supply
cable
HW Config
Eliminate short circuit
Wire break in connected sensor cable Eliminate broken wire
or the sensor supply cable
Assigned discrepancy time too short
Check the assigned discrepancy time
Once the fault is eliminated, the F-module
must be reintegrated in the safety
program
Detailed information on F I/O access can be found under "Diagnostics" in the S7 Distributed
Safety, Configuring and Programming manual or the S7 F/FH Systems, Configuring and
Programming manual.
Generally Applicable Information on Diagnostics
For information on diagnostics that affects all fail-safe modules (such as readout of
diagnostic functions; passivation of channels) see this manual in "Diagnostics" and the
S7 Distributed Safety, Configuration and Programming manual or S7 F/FH Systems,
Configuring and Programming.
See also
Fault Diagnostics (Page 43)
132
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
7.5.10
Technical Specifications of the EM 4/8 F-DI DC24V PROFIsafe
Overview
Technical Specifications
Dimensions and Weight
Dimensions W x H x D (mm)
Weight
Data for Specific Module
Number of inputs
• 1-channel
•
2-channel
30 x 81 x 52
Approx. 78 g
8, maximum
4, maximum
Assigned address area
• I/O area for inputs
6 bytes
I/O area for outputs
4 bytes
•
Length of cable
• Unshielded *
•
Shielded *
Maximum achievable safety class
• In accordance with IEC 61508
Max. 200 m
(at input delay 3 ms * and 15 ms)
Max. 200 m
(at input delay 0.5 ms, 3 ms and 15 ms)
1-channel
2-channel
SIL2
SIL3
•
In accordance with EN 954
Category 3
Category 4
•
according to ISO 13849
PLd
PLe
SIL2
< 1.00E-03
SIL3
< 1.00E-05
< 1.00E-10
Fail-safe performance characteristics
• Low demand mode (average probability of
failure on demand)
•
High demand/continuous mode (probability of
dangerous failure per hour)
< 1.00E-08
•
Acceptance ID
FM, cULus, ATEX, CE, C-Tick
Voltages, Currents, Potentials
Rated supply voltage L+
• permissible range **
24 VDC
20.4 V to 28.8 V
•
Power loss ride-through of L+
None
•
Power loss ride-through of internal P5
5 ms
•
Reverse polarity protection
No
Number of simultaneously controllable inputs
• Horizontal installation
– Up to 55°C
– Up to 60°C
– Up to 60°C
•
Vertical installation
– Up to 40 °C
Electrical isolation
• Between channels and backplane bus
•
Between channels and power supply
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
8 (with 28.8 V)
8 (with 24 V)
6 (with 28.8 V)
8
Yes
No
133
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Technical Specifications
No
•
Between channels
•
Between channels/power supply and shield
Yes
Permissible potential difference between
• Shield and ET 200S bus connection
75 VDC/60 VAC
•
Shield and I/O (DIs, P1/P2 buses)
75 VDC/60 VAC
•
ET 200S bus connection and I/O (DIs, P1/P2
buses)
250 VAC
Isolation in the series tested with
• Shield and ET 200S bus connection
500 VDC/1 min or 600 VDC/1 s
•
Shield and I/O (DIs, P1/P2 buses)
500 VDC/1 min or 600 VDC/1 s
•
ET 200S bus connection and I/O (DIs, P1/P2
buses)
1500 VAC/1 min or 2545 VDC/1 s
Isolation in the type test tested with
• Shield and ET 200S bus connection
•
Shield and I/O (DIs, P1/P2 buses)
350 VAC/1 min
•
ET 200S bus connection and I/O (DIs, P1/P2
buses)
2830 VAC/1 min
•
Surge voltage test between ET 200S bus
connection and I/O (DIs, P1/P2 bus)
6000 VDC/5 positive and 5 negative pulses
Current consumption
• From backplane bus
•
From load voltage L+ (without load)
Power dissipation of the module
Status, Interrupts, Diagnostics
Status display
Inputs
Sensor supply
Diagnostic functions
• Group fault display
•
Diagnostic information can be displayed
Sensor Supply Outputs
Number of outputs
Output voltage
• Loaded
Output current
• Rated value
•
134
350 VAC/1 min
Permissible range
28 mA, typical
120 mA, typical
4 W, typical
Green LED per channel
Red LED per channel
Red LED (SF)
Possible
2
Minimum L+ (-1.5 V)
300 mA
0 mA to 300 mA
Permissible total current of outputs
Short-circuit protection
• Operating value
600 mA
Yes, electronic
0.7 A to 1.8 A
Data for selecting a sensor ***
Input voltage
• Rated value
24 VDC
•
For "1" signal
15 V to 30 V
•
For "0" signal
-30 V to 5 V
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.5 4/8 F-DI DC24V PROFIsafe Digital Electronic Module
Technical Specifications
Input current
• For "1" signal
Input delay *
• For "0" after "1"
•
bei "1" nach "0"
Input characteristic
Connection of 2-wire proximity switch (BERO)
• Permissible quiescent current
Time, Frequency
Internal processing times
Acknowledgment time in safety mode
• Short-circuit test activated
With input delay of 0.5 ms:
With input delay of 3 ms:
With input delay of 15 ms:
• Short-circuit test deactivated
3.7 mA, typical
Assignable (for all inputs together)
Typically 0.5 ms
(0.3 ms to 0.7 ms)
Typically 3 ms
(2.6 ms to 3.4 ms)
Typically 15 ms
(13 ms to 17 ms)
Typically 0.5 ms
(0.3 ms to 0.7 ms)
Typically 3 ms
(2.6 ms to 3.4 ms)
Typically 15 ms
(13 ms to 17 ms)
In accordance with IEC 61131-2 Type 1
Not possible
0.6 mA, maximum
See "Response Times"
Min. 4 ms / max. 7 ms
Min. 4 ms / max. 12 ms
Min. 4 ms / max. 9 ms
Min. 4 ms / max. 6 ms
Minimum sensor signal duration
See "Minimum Duration of Sensor Signals to
Protection against Overvoltage
Protection of power supply L+ from surge in
accordance with IEC 61000-4-5 with external
protection elements only
• Symmetrical (L+ to M)
1 kV; 1.2/50 μs
•
Asymmetrical (L+ to PE, M to PE)
Allow Correct Detection by the F-DI Module"
table in "Wiring and Fitting Modules"
+2 kV; 1.2/50 μs
Protection of inputs and outputs from surge in
accordance with IEC 61000-4-5 with external
protection elements only
• Symmetrical (Vs, DI to M)
+1 kV; 1.2/50 μs
Asymmetrical (Vs, DI to PE, M to PE)
+1 kV; 1.2/50 μs
•
*: With an input delay of 0.5 ms, shielded cables must be used for the digital inputs and the sensor
supply.
With 3 ms input delay, shielded cables must be used if there is a danger of overvoltage on the signal
lines (see section "Electromagnetic Compatibility") to prevent possible passivation of the fail-safe
digital inputs and the sensor power supply switching off. If unshielded signal lines are used, the safe
behavior of the process variables is ensured.
**: Operating below the permissible supply voltage is only permissible for the repair time. See chapter
"Introduction (Page 61)."
***: For more information on the requirements for sensors and actuators, see "Wiring and Fitting
Modules".
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
135
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
7.6
EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
7.6.1
Properties of the 4 F-DI/3 F-DO DC24V PROFIsafe Digital Electronic Module
Order Number
6ES7138-4FC01-0AB0
Properties
The 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module possesses the following
properties:
● Achievable safety class SIL2/Category 3/PLd
● Inputs
– Four inputs
– 24 VDC rated input voltage
– Suitable for switches and 3/4-wire proximity switches (BEROs)
– 1 short circuit-proof sensor supply for four inputs
– External sensor supply possible
– The fault display for the sensor supply (VsF) is mapped to VsF and to the associated
channels
– Only 1oo2 evaluation possible
● Outputs
– 3 outputs, P/M-switching
– Output current 2 A
– Rated load voltage 24 VDC
– Suitable for solenoid valves, DC contactors and indicator lights
● Group fault display (SF; red LED)
● Status and fault LEDs for each input/output (two-color green/red LED)
● Only supported in safety mode
Supported Interface Modules
Refer to chapter "Using ET 200S Fail-Safe Modules (Page 14)" for the supported interface
modules.
The EM 4 F-DI/3 F-DO DC24V PROFIsafe can be used centrally with IM 151-7 F-CPU
6ES7151-7FA20-0AB0 V2.6 or higher or IM 151-8 PN/DP F-CPU 6ES7151-8FB00-0AB0.
136
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Supported Power Modules
Table 7- 26
EM 4F-DI/3F-DO DC24V PROFIsafe: Power module for SIL/Category/PL
Power Module
achievable SIL/Category/PL
Supply through PM-E DC24V, PM-E
DC24..48V/AC24..230V or PM-E
DC24..48V
with 1oo2 sensor evaluation of the SIL2/Category 3/PLd
sensor
Switching Grounded Loads
If the EM 4 F-DI/3 F-DO DC24V PROFIsafe switches loads that have a chassis-ground
connection (for example to improve EMC characteristics) and if chassis and ground are
connected at the power supply being used, a "short-circuit" is detected.
From the perspective of the F-module, the M-switch is bridged by the chassis-ground
connection (refer to the diagram below as an example of an EM 4 F-DI/3 F-DO DC24V
PROFIsafe).
Remedy:
● Using the PM-E F pp DC24V PROFIsafe
● The value of the resistance between chassis and ground at the load end must be greater
than 100 kΩ
(0)',)'2'&9$352),VDIH
3
3VZLWFK
5HDGEDFN3RXWSXW
/RDG
0
&HQWUDO
JURXQ
GLQJ
SRLQW
0
0
0VZLWFK
3
5HDGEDFN0RXWSXW
Figure 7-32
Switching Grounded Loads (resistance exists between chassis and ground)
Capacitive Crosstalk of Digital Input/Output Signals
refer to "Properties of the power module PM-E F pm DC24V PROFIsafe".
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
137
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Magnetic capacitance with inductive loads
Note
Note that an inductive load connected to the DO channels can induce voltages in the case of
electromagnetic interference of a strong magnetic field. This can cause a short-circuit error
message.
Remedy:
• Spatially disconnect the inductive loads or shield against the magnetic field.
• Set the parameters for the readback time to 50 ms or higher.
SIL mode in grounded configuration
WARNING
The bridging resistance between the M-output and PE may not be less than 100 kΩ for
SIL2 operation in grounded configurations. The bridging impedance must be sufficiently
high for underflow of the relay release voltage, in order to maintain the proper functioning of
both shutdown circuits (P and M-switch).
3
/
3VZLWFK
/RDG
(76)',)'2
0VZLWFK
3
0
0
5!N˖
3(
Figure 7-33
138
SIL2 mode in grounded configuration
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
7.6.2
Terminal assignment of the EM 4 F-DI/3 F-DO DC24V PROFIsafe
Front view
*URXSHUURUGLVSOD\UHG
352),VDIH
)DXOW/('SHUHQFRGHUVXSSO\UHG
YROWDJHVXSSO\IDXOW
6WDWXVGLVSOD\VSHULQSXW
DQGSHURXWSXWJUHHQUHG
Figure 7-34
Front view 4F-DI/3F-DO
WARNING
The SF LED and the status displays of the inputs/outputs are not designed for safetyrelated functions and may therefore not be evaluated for safety-related activities.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
139
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Terminal assignment
The figure below shows the terminal assignment of the EM 4 F-DI/3 F-DO DC24V
PROFIsafe for the terminal module TM-E30S44-01, TM-E30C44-01, TM-E30S46-A1 and
TM-E30C46-A1.
',
',
',
',
',
'2
3
96
'2
0
96
'2
3
'2
0
',
',
'2
3
',
'2
0
70($
$8; $8;
3(
$8; $8;
$
$ $
$8; $8;
$8; $8;
3(
3(
$
$
$ $
$
DI
Fail-safe digital input
VS
Internal sensor supply for DI0 to DI7
DOx P
Terminal for fail-safe digital output (P/M-switching)
DOx M
Terminal for fail-safe digital output (P/M-switching)
3(
For TM-E...46-A1 AUX1 bus carried out. Connection to terminals A3 to A16 for any connection of PE
(individual grouping of load current power supplies possible)
Figure 7-35
140
Terminal assignment TM-E...44-01/TM-E...46-A1 for EM 4 F-DI/3 F-DO DC24V
PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
7.6.3
Wiring of EM 4 F-DI/3 F-DO DC24V PROFIsafe
Block Diagram
$GGUHVVVZLWFK
/
0
9V)
0
6WDWXVRIWKH
LQSXW
3
3VZLWFK
/
0VZLWFK
6WDWXVRIWKHRXWSXW
0
0
9
9
0LQW
3
5HDGEDFN
6)
3URFHVVLQJORJLF
%DFNSODQHEXVLQWHUIDFH
0
/
0
7KHQRWDWLRQRIWKH12FRQWDFWFRUUHVSRQGVWRWKHPRGXOHLQVFULSWLRQ+RZHYHUWKHHQFRGHU
FRQWDFWVPXVWEH1&FRQWDFWVLQJHQHUDOEHFDXVHRIWKHVDIHVWDWHRIWKHSURFHVVYDULDEOHV
Figure 7-36
Block Diagram of the EM 4F-DI/3 F-DO DC24V PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
141
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
7.6.4
EM 4 F-DI/3 F-DO DC24V PROFIsafe parameters
Parameters in STEP 7
The table below lists the parameters that can be set for the EM 4 F-DI/3 F-DO DC24V
PROFIsafe.
Table 7- 27
Parameters of the EM 4 F-DI/3 F-DO DC24V PROFIsafe
Parameter
Range
Default
Type of
Parameter
Effective
Range
F_destination_address
1 to 1022
is assigned
by STEP 7
Static
Module
F monitoring time
10 to 10000 ms
150 ms
Static
Module
F-Parameters:
Module-specific input parameters
Short-circuit test
Cyclic/disabled
Cyclic
Static
Module
Behavior after channel
faults*
Passivate the entire
module/Passivate the
channel
Passivate the Static
entire module
Module
Channel n, n+4
Activated/deactivated
Activated
Static
Channel
group
Sensor supply
internal/external
internal
Static
Channel
group
Sensor evaluation
1oo2 evaluation
1oo2
evaluation
Static
Channel
group
Type of sensor
interconnection
1-channel
2-channel
equivalent
Static
Channel
group
2-channel equivalent;
2-channel, nonequivalent
Behavior of discrepancy
Provide last valid value; Provide last
provide 0 value
valid value
Static
Channel
group
Discrepancy time
10 to 30000 ms
10 ms
Static
Channel
group
Reintegration after
discrepancy error
Zero signal test not
required/Zero signal
test required
Zero signal
test not
required
Static
Channel
group
Passivate the
entire module
Static
Module
Module-specific output parameters:
Behavior after channel
faults*
Passivate the entire
module/Passivate the
channel
DO channel n
Activated/deactivated
Activated
Static
Channel
Readback time
1 to 400 ms
1 ms
Static
Channel
* This setting is only relevant when S7 Distributed Safety V5.4 or higher is installed.
Short-circuit test parameter
This parameter can be used to activate short-circuit detection for channels set up for
"internal sensor supply."
142
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
The short-circuit test is only useful when operating with simple switches which are not
connected to their own power supply.
Short-circuit detection temporarily cuts off the sensor supply. The cut-off period equals the
input delay (= 3 ms) (see also "Applications for the 4 F-DI/3 F-DO DC24V PROFIsafe
electronic module").
Sensor Supply Parameter
This parameter can be used to activate the "internal sensor supply" of the F-module. This
setting is a prerequisite for using the short-circuit test.
Note
When there are different sensor supply parameter settings (internal/external) for the
individual channel groups, the applications shown in the next chapter apply to specific
channel groups.
Discrepancy behavior parameter
For "Behavior of Discrepancy" you assign the value that is to be made available to the safety
program in the F-CPU during the time that a discrepancy exists between two input channels,
i.e., when the discrepancy time is running. To program discrepancy behavior:
● "Provide last valid value" or
● "Provide 0 value"
"Provide last valid value"
The last valid value (old value) from before the discrepancy occurred is immediately made
available to the safety program in the fail-safe CPU as soon as a discrepancy is detected
between the signals of the two input channels involved. This value remains available until the
discrepancy is cleared, or until the discrepancy time has expired and a discrepancy error is
detected. The sensor-actuator response time is extended by this time.
As a result, the discrepancy time for sensors connected over two channels for high-speed
reactions must be tuned to short response times. Thus, it makes no sense, for example, if
sensors connected via 2 channels with a discrepancy time of 500 ms trigger a time-critical
shutdown. In the worst case scenario the sensor-actuator response time is extended by an
amount approximately equal to the discrepancy time:
● For this reason, position the sensors in the process in such a way as to minimize
discrepancy.
● Then select the shortest possible discrepancy time which is also sufficient to compensate
for faulty triggering of discrepancy errors.
"Provide 0 value"
The "0" value is immediately made available to the safety program in the F-CPU as soon as
discrepancy is detected between the signals of the two input channels involved.
If the "Provide 0 value" parameter is set, the sensor-actuator response time will not be
influenced by the discrepancy time.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
143
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Discrepancy Time Parameter
You can define the discrepancy time for each channel pair with this parameter. The entered
value is rounded to a multiple of 10 ms.
Requirements
Parameter settings:
● Type of sensor interconnection: "2-channel equivalent" or "2-channel nonequivalent"
Discrepancy Analysis and Discrepancy Time
When using a dual-channel or non-equivalent sensor which measure the same process
variable, the sensors interact with a slight time delay due to the limited precision of their
arrangement.
The discrepancy analysis for equality/non-equality is used at fail-safe inputs to detect errors
based on the timing of two signals with the same functionality. Discrepancy analysis is
initiated when different levels (when testing for nonequivalence: same levels) are detected
for two associated input signals. A test is conducted to determine whether the difference in
levels (when testing for nonequivalence: the consistency) disappears after a programmable
period of time known as the discrepancy time. If not, this means that a discrepancy error
exists.
In most cases, a discrepancy time is started, but does not fully expire since the signal
differences are cleared within a short time.
Select a discrepancy time of sufficient length so that in case of no error, the difference
between the two signals (when checking for nonequivalence: the consistency) has definitely
disappeared before the discrepancy time expires.
Response During Discrepancy Time
While the programmed discrepancy time is running internally on the module, either the last
valid valueor "0" is returned to the safety program on the F-CPU by the input channels
involved, depending on the parameter settings for the behavior of discrepancy.
Response During Discrepancy Time
If the input signals are not equivalent following expiration of the specified discrepancy time
(when checking for nonequivalence: no inequality), for example due to wire break at a
sensor line, the system detects a discrepancy error and generates a "discrepancy"
diagnostic message in the diagnostic buffer of the F-I/O module to identify the faulty
channels.
Reintegration After Discrepancy Error Parameter
With this parameter you can define the criteria for clearing discrepancy errors which, when
fulfilled, facilitate reintegration of the relevant input channels. Programming options:
● "Zero signal test required" or
● "Zero signal test not required"
"Zero signal test required"
When "Zero signal test required" is set, a discrepancy error is not considered cleared until a
zero signal is set at both input channels.
When using nonequivalent sensors, that is, "2-channel nonequivalent" is set at the "Type of
sensor interconnection" parameter, the zero signal must again be set at the channel which
provides the wanted signal.
"Zero signal test not required"
When "Zero signal test not required" is set, a discrepancy error is considered cleared when a
discrepancy no longer exists between the two input channels.
SIMATIC S7 F-modules, for which you cannot program the "Reintegration after discrepancy
error" parameter, also behave in this way.
144
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Readback Time Parameter
Each output channel has its own selectable readback time. This time specifies the maximum
duration of the turn off test for the corresponding channel and therefore also the readback
time for turning off the channel.
The following readback times can be set: 1 ms, 5 ms, 10 ms, 50 ms, 100 ms, 200 ms and
400 ms.
You should set an adequately high readback time if the channel involved switches high
capacitive loads. If the readback time for a controlled capacitive load is set too low, the
output channel is passivated because the discharge of the capacitance does not take place
within the turn off test.
If the readback signals are incorrect, the "short circuit" fault only causes passivation of the
output channel after the readback time elapses.
WARNING
With a configured readback time of ≥ 50 ms, short-circuits (cross-circuits) can be
suppressed with an interference signal with a frequency > 10 Hz (50:50 duty cycle).
Short-circuits (cross-circuits) on an output of the same module will be detected.
7.6.5
Input applications of EM 4 F-DI/3 F-DO DC24V PROFIsafe
Conditions for achieving SIL/Category/PL
The table below lists the conditions which have to be met for achieving the various safety
categories.
Table 7- 28
EM 4 F-DI/3 F-DO DC24V PROFIsafe: Conditions for achieving SIL/Category/PL
Application
Sensors
Sensor
evaluation
Sensor supply
achievable
SIL/Category/
PL
1.1
1-channel
1oo2
Internal, with/without
short-circuit test
2/3/d
external
1.2
2-channel
equivalent
1oo2
Internal, with/without
short-circuit test
external
1.3
2-channel,
nonequivalent
1oo2
Internal, with/without
short-circuit test
external
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
145
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Sensor Requirements
Please note the information in section "Requirements for Sensors and Actuators" when using
sensors for safety-related applications.
Assigning Inputs to Each Other
The EM 4 F-DI/3 F-DO DC24V PROFIsafe has 8 fail-safe inputs, DI 0 through DI 7 (SIL2).
Each pair of these inputs can be operated as one input (SIL2). The following assignment
applies:
● DI0 with DI4
● DI1 with DI5
● DI2 with DI6
● DI3 with DI7
Sensor Supply
The 4 F-DI/3 F-DO DC24V PROFIsafe EM makes available the VS sensor supply for the
Inputs 0 to 7.
The sensors can be powered internally or externally.
Application 1.1: Wiring diagram for connecting single-channel sensor to two inputs
Single-channel connection of a sensor to two inputs of the F-module for each process signal
(1oo2 evaluation).
The wiring is carried out on the appropriate terminal module.
30(
)',)'2
/ 0
96
',
',
',
',
',
',
',
',
6
6
6
6
/
0
Figure 7-37
146
Wiring diagram EM 4 F-DI/3 F-DO DC24V - one sensor connected via one channel to
two inputs, internal sensor supply
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
30(
)',)'2
/ 0
96
',
',
',
',
',
',
',
',
6
6
6
6
/ 0
Figure 7-38
Wiring diagram EM 4 F-DI/3 F-DO DC24V - one sensor connected via one channel to
two inputs, external sensor supply
WARNING
To achieve SIL2/Category 3/PLd using this wiring, you must use a suitably qualified sensor.
Assignable Parameters for Application 1.1
You can activate or deactivate the "short-circuit test" parameter. For digital inputs connected
to an external supply, set the "Sensor supply" parameter for the corresponding digital input
to "external". The program will otherwise report a "short circuit" diagnostics event if the
"short-circuit test" is activated.
Special Features of Fault Detection in Application 1.1
The following table presents fault detection according to the sensor supply and the
parameter assignment for the short-circuit test:
Table 7- 29
EM 4 F-DI/3 F-DO DC24V PROFIsafe: Fault detection
Example of fault
Fault detection if ...
internal sensor supply internal sensor power
and short-circuit test
supply and shortactivated
circuit test are
deactivated
Short-circuit DI0 with DI1
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
No
No
external sensor
supply
No
147
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Fault detection if ...
Short-circuit DI0 with DI5
No
No
No
P short-circuit DI0
Yes
No
No
M short-circuit DI0
Yes*
Yes*
No
Discrepancy error
Yes
Yes
Yes
P-short circuit in sensor
supply
Yes
No
No
M-short-circuit in sensor
supply or defective
Yes
Yes
Yes
Short-circuit SS with DI0
No
No
No
Supply voltage fault
Yes
Yes
Yes
*: Fault is detected only in case of signal corruption. In other words, the signal read differs from the
sensor signal (discrepancy error). If there is no signal corruption with respect to the sensor signal,
fault detection is not possible and is not required from a safety standpoint.
WARNING
If the short-circuit test is disabled or cannot be enabled, the wiring between the sensor and
input channel must be short circuit-proof.
148
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Application 1.2: Wiring diagram for connecting a 2-channel sensor to two channels
A 2-channel sensor is connected to two inputs of the F-module for each process signal (1oo2
evaluation).
The wiring is carried out on the appropriate terminal module.
30(
)',)'2
/
0
96
',
',
',
',
',
',
',
',
6
6
6
6
/
①
0
Encoder contacts are coupled mechanically
Figure 7-39
Wiring diagram EM 4 F-DI/3 F-DO DC24V - a 2-channel sensor connected via two
channels, internal sensor supply
30(
)',)'2
/
0
96
',
',
',
',
',
',
',
',
6
6
6
6
/
①
0
Encoder contacts are coupled mechanically
Figure 7-40
Wiring diagram EM 4 F-DI/3 F-DO DC24V - a 2-channel sensor connected via two
channels, external sensor supply
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
149
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Wiring diagram of the connection of two single-channel sensors to two channels
Two single-channel sensors are connected via two channels to two inputs of the F-module
for each process signal (1oo2 evaluation). The sensors can also be connected to an external
sensor supply.
30(
)',)'2
/ 0
96
',
',
',
',
',
',
',
',
6
6
6
6
/ 0
Figure 7-41
Wiring diagram EM 4 F-DI/3 F-DO DC24V - two 1-channel sensors connected via two
channels, internal sensor supply
WARNING
To achieve SIL3/Category 3/PLd using this wiring, you must use a suitably qualified sensor.
Assignable Parameters for Application 1.2
Set the "Type of sensor interconnection" parameter to "2-channel equivalent" for the
corresponding input.
You can activate or deactivate the "short-circuit test" parameter. For digital inputs connected
to an external supply, set the "Sensor supply" parameter for the corresponding digital input
to "external". The program will otherwise report a "short circuit" diagnostics event if the
"short-circuit test" is activated.
150
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Special Features of Fault Detection in Application 1.2
The following table presents fault detection according to the sensor supply and the
parameter assignment for the short-circuit test:
Table 7- 30
EM 4 F-DI/3 F-DO DC24V PROFIsafe: Fault detection
Example of fault
Error detection condition ...
Internal sensor supply Internal sensor supply
and short-circuit test
and short-circuit test
are activated
are deactivated
external sensor
supply
Short-circuit DI0 with DI1
Yes*
Yes*
Yes*
Short-circuit DI0 with DI4
No
No
No
Short-circuit DI0 with DI5
Yes*
Yes*
Yes*
P short-circuit DI0
Yes*
Yes*
Yes*
M short-circuit DI0
Yes*
Yes*
Yes*
Discrepancy error
Yes
Yes
Yes
P-short circuit in sensor
supply
Yes
No
No
M-short circuit in sensor
supply or defective
Yes
Yes
Yes
Short-circuit SS with DI0
Yes*
Yes*
Yes*
Supply voltage fault
Yes
Yes
Yes
*: Fault is detected only in case of signal corruption. In other words, the signal read differs from the
sensor signal (discrepancy error). If there is no signal corruption with respect to the sensor signal,
fault detection is not possible and is not required from a safety standpoint.
WARNING
If the short-circuit test is not activated or the sensor supply to digital inputs is set to
"external", the wiring between the sensor and the input channel must be short circuit-proof.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
151
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Application 1.3: Wiring diagram of the nonequivalent connection of a nonequivalent sensor to two
channels
A nonequivalent connection of a 2-channel sensor is connected nonequivalently to two
inputs of the F-I/O module for each process signal (1oo2 evaluation).
The left-hand channels on the F-module (DI0 through DI3) supply the wanted signals. If no
faults are detected, these signals will be available in the I/O area for inputs on the F-CPU.
The wiring is carried out on the appropriate terminal module.
30(
)',)'2
/
0
96
',
',
',
',
',
',
',
',
6
6
6
6
/
0
Figure 7-42
7KHOHIWKDQGFKDQQHOVRQWKH)PRGXOHVXSSO\
WKHZDQWHGVLJQDOV
Wiring diagram EM 4 F-DI/3 F-DO DC24V - a nonequivalent 2-channel sensor
connected via two channels non-equivalently, internal sensor supply
30(
)',)'2
/
0
96
', ',
',
',
',
',
',
',
6
6
6
6
/
0
Figure 7-43
152
7KHOHIWKDQGFKDQQHOVRQWKH)PRGXOHVXSSO\
WKHZDQWHGVLJQDOV
Wiring diagram EM 4 F-DI/3 F-DO DC24V - a non-equivalent sensor connected via two
channels non-equivalently, external sensor supply
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Wiring Diagram for Nonequivalent Connection of Two Single-Channel Sensors to Two Channels
Two single-channel sensors are connected via two channels to two inputs of the F-module
for each process signal (1oo2 evaluation).
The left-hand channels on the F-module (DI0 through DI3) supply the wanted signals. If no
faults are detected, these signals will be available in the I/O area for inputs on the F-CPU.
The sensors can also be connected to an external sensor supply.
30(
)',)'2
/
0
96
',
',
',
',
',
',
',
',
6
6
6
6
/ 0
Figure 7-44
7KHOHIWKDQGFKDQQHOVRQWKH)PRGXOHVXSSO\WKHZDQWHGVLJQDOV
Wiring diagram EM 4 F-DI/3 F-DO DC24V - two 1-channel sensors connected via two
channels, internal sensor supply
WARNING
To achieve SIL3/Category 3/PLd using this wiring, you must use a suitably qualified sensor.
Assignable Parameters for Application 1.3
You can activate or deactivate the "short-circuit test" parameter. For digital inputs connected
to an external supply, set the "Sensor supply" parameter for the corresponding digital input
to "external". The program will otherwise report a "short circuit" diagnostics event if the
"short-circuit test" is activated.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
153
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Special Features of Fault Detection in Application 1.3
The following table presents fault detection according to the sensor supply and the
parameter assignment for the short-circuit test:
Table 7- 31
EM 4 F-DI/3 F-DO DC24V PROFIsafe: Fault Detection (Application 1.3)
Example of fault
Fault detection if ...
Internal sensor supply Internal sensor supply
and short-circuit test
and short-circuit test
are activated
are deactivated
external sensor
supply
Short-circuit DI0 with DI1
Yes*
Yes*
Yes*
Short-circuit DI0 with DI4
Yes
Yes
Yes
Short-circuit DI0 with DI5
Yes*
Yes*
Yes*
P short-circuit DI0
Yes*
Yes*
Yes*
M short-circuit DI0
Yes*
Yes*
Yes*
Discrepancy error
Yes
Yes
Yes
P-short circuit in sensor
supply
Yes
No
No
M-short circuit in sensor
supply or sensor supply
defective
Yes
Yes
Yes
Short-circuit SS with DI0
Yes*
Yes*
Yes*
Supply voltage fault
Yes
Yes
Yes
*: Fault is detected only in case of signal corruption. In other words, the signal read differs from the
sensor signal (discrepancy error). If there is no signal corruption with respect to the sensor signal,
fault detection is not possible and is not required from a safety standpoint.
See also
Requirements for Sensors and Actuators (Page 37)
Using ET 200S Fail-Safe Modules (Page 14)
154
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
7.6.6
Output applications of EM 4 F-DI/3 F-DO DC24V PROFIsafe
Application 1: Wiring a load to each digital output
Each of the three fail-safe digital outputs consists of one DOx P P-switch and one DOx M Mswitch. You connect the load between P and M-switches. The two switches are always
activated so that voltage is applied to the load.
The wiring is carried out on an appropriate terminal module.
30(
)',)'2
/
0
'2
3
'2
0
.
/
'2
3
'2
0
.
'2
3
'2
0
.
0
Figure 7-45
Wiring Diagram EM 4 F-DI/3 F-DO DC24V - Output Circuit
Note
In order to achieve SIL2/Category 3/PLd with this wiring, you must install a suitably-qualified
actuator, for example in accordance with IEC 60947.
Application 2: Wiring loads to L+ and M at each digital output
Not allowed.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
155
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Application 3: Wiring Two Loads in Parallel to each Digital Output
Avoiding/Managing Cross-Circuits:
To protect against cross circuits between P and M-switches in fail-safe digital outputs, we
recommend the following wiring scheme:
PM-E
4 F-DI/3 F-DO
/ 0
'2
3
'2 0 '2 3 .
.
.
.
7.6.7
'2 '2
3
0
0
/ 0
Figure 7-46
'2 0 .
.
.
.
0
Diagram of Two Relays Wired in Parallel to 1 F-DO of EM 4 F-DI/3 F-DO DC24V
Diagnostic functions of EM 4 F-DI/3 F-DO DC24V PROFIsafe
Behavior in Case of Supply Voltage Failure
Failure of the Vs sensor power supply of the EM 4 F-DI/3 F-DO DC24V PROFIsafe is
indicated by the VsF LED on the F-module. This information is also provided in the module
(diagnostic entry). Either all channels of the module are passivated or, in the case of
channel-specific passivation, the relevant channels are passivated.
In the case of a voltage dip in the external auxiliary voltage, the SF LED lights up, the
module is passivated.
With the subsequent supply recovery (level must remain above the specified value for at
least 1 minute (refer to the technical specifications: voltages, currents, electrical potentials))
the SF LED goes out again, the module remains passivated. The SF LED flashes if there are
no other errors, until the error is acknowledged.
156
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Behavior in Case of Cross-Circuit/Short-Circuit at the Sensor Supply
When operating with programmed external sensor supply and blocked short-circuit test, you
enable the detection of M-short circuits to M at the sensor supply and signaling at the
corresponding VsF LED. No entries are made in the diagnostics data of the module.
When operating with external sensor supply and cyclic short-circuit test, you enable the
detection of M and P-short circuits at the sensor supply and signaling at the corresponding
VsF LED. No entries are made in the diagnostics data of the module.
Diagnostic Functions
The table below provides an overview of the diagnostic functions of the EM 4 F-DI/3 FDO DC24V PROFIsafe. The diagnostic functions are assigned either to one channel or to
the entire module.
Table 7- 32
Diagnostic functions of the EM 4 F-DI/3 F-DO DC24V PROFIsafe
Diagnostic function*
Fault
number
LED
is signaled in
application
Effective range
of diagnostic
programm
able
Short-circuit
Short circuit (on the encoder
supply)
1H
SF
1.1 - 1.3
Channel
No
1H
VsF
1.1 - 1.3
Channel
Yes
Internal error
9H
SF
1.1 - 1.3
Module
No
Parameter assignment error
10H
SF
1.1 - 1.3
Module
No
Sensor voltage or load voltage
missing
11H
SF
1.1 - 1.3
Module
No
Communication error
13H
SF
1.1 - 1.3
Module
No
Safety-related shutdown
19H
SF
1.1 - 1.3
Channel
No
Discrepancy error
19H
SF
1.1 - 1.3
Channel
No
SF
*: Specially for F-modules; display in STEP 7, see "Channel-Specific Diagnostics, Fault Types of FailSafe Modules" table
WARNING
Before acknowledging the short-circuit diagnosis, remedy the respective error and validate
your safety function. In this case, follow the steps described in chapter "Reactions to Faults
(Page 41)".
Special Features for Fault Detection
The detection of certain faults (short-circuits or discrepancy errors, for example) depends on
the application, the wiring, and the parameter assignment of the short-circuit test and the
sensor power supply. For this reason, tables on fault detection for the applications are
presented in "Application 1.1" to "Application 1.3".
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
157
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Causes of Faults and Corrective Measures
The following table contains the possible causes of the faults described for the individual
diagnostic messages of the EM 4 F-DI/3 F-DO DC24V PROFIsafe and remedies.
Table 7- 33
Diagnostic messages of the EM 4 F-DI/3 F-DO DC24V PROFIsafe, causes of errors and
remedies
Diagnostic
Message
Short-circuit
Fault
detection
Depends
on
parameter
settings
Internal error
Parameter
assignment
error
Always
Always
Sensor
Always
voltage or
load voltage
missing
Communicati Always
on error
Possible Causes
Corrective Measures
Short circuit in the sensor/actuator Eliminate the short-circuit.
Cross-circuit at the sensor/actuator Eliminate the cross-circuit within
100 hours after the error has
occurred.
Encoder supply short circuit
Eliminate the short-circuit.
Internal error
Replace module
Internal module fault has occurred Replace module
Inserted module does not match
Correct configuration (compare
configuration
actual and preset configuration)
Faulty parameter assignment
Check communication paths
Correct configuration
PROFIsafe address set incorrectly Check whether the PROFIsafe
in the F-module
address on the module matches
the configuration in HW Config
No supply voltage or supply
Check the supply voltage on the
voltage is too low
interconnected PM,
Check module for correct contact
Error in communication between FCPU and module due to defective
PROFIBUS connection or higher
than permissible EMI, for example
PROFIsafe monitoring time set too
low
Configuration of the F-module
does not match safety program
Safetyrelated
shutdown
Always
Faulty process signal
Defective sensor
Short circuit between unconnected
sensor cable and the sensor
supply cable
Wire break in connected sensor
cable or the sensor supply cable
Assigned discrepancy time too
short
Switching frequency exceeded
Check the PROFIBUS/PROFINET
connection
Eliminate the interference
Set a greater value for the "F
monitoring time" parameter for the
module in HW Config
Generate safety program again;
then load configuration and safety
program into F-CPU again
Check process signal, replace
sensor if necessary
Eliminate short circuit
Eliminate broken wire
Check the assigned discrepancy
time
Reduce the switching frequency
Once the fault is eliminated, the Fmodule must be reintegrated in the
safety program
Detailed information on F I/O access can be found under "Diagnostics" in the S7 Distributed
Safety, Configuring and Programming manual or the S7 F/FH Systems, Configuring and
Programming manual.
158
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Generally applicable information on diagnostics
For information on diagnostics that affects all fail-safe modules (such as readout of
diagnostic functions; passivation of channels) see this manual in "Diagnostics" and the
S7 Distributed Safety, Configuration and Programming manual or S7 F/FH Systems,
Configuring and Programming.
See also
Fault Diagnostics (Page 43)
7.6.8
Technical specifications of the EM 4 F-DI/3 F-DO DC24V PROFIsafe
Overview
Technical Specifications
Dimensions and Weight
Dimensions W x H x D (mm)
30 x 81 x 52
Weight
Approx. 73 g
Data for Specific Module
Number of inputs
•
2-channel
Number of outputs (P/M switching)
4, maximum
3, maximum
Assigned address area
•
I/O area for inputs
7 bytes
•
I/O area for outputs
5 bytes
Length of cable
•
Unshielded *
30 m, maximum
•
Shielded *
30 m, maximum
Maximum achievable safety class
•
In accordance with IEC 61508
SIL2
•
In accordance with EN 954
Category 3
•
In accordance with ISO 13849
PLd
Fail-safe performance characteristics
SIL2
•
Low demand mode (average probability of
failure on demand)
< 1.00E-04
•
High demand/continuous mode (probability of
a dangerous failure per hour)
< 1.00E-08
•
Acceptance ID
cULus, FM, ATEX, CE, C-Tick
Voltages, Currents, Potentials
Rated supply voltage L+
•
permissible range **
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
24 VDC
20.4 V to 28.8 V
159
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Technical Specifications
•
Power loss ride-through of L+
None
•
Power loss ride-through of internal P5
5 ms
•
Reverse polarity protection
No
Number of simultaneously controllable inputs
•
•
Horizontal installation
– Up to 60°C
8 (with 28.8 V)
Vertical installation
– Up to 40 °C
8
Total current of outputs
•
•
Horizontal installation
– Up to 40 °C
– Up to 60°C
6A
4A
Vertical installation
– Up to 40 °C
4A
Electrical isolation
•
Between channels and backplane bus
Yes
•
Between channels and power supply
No
•
Between channels
No
•
Between channels/power supply and shield
Yes
Permissible potential difference between
•
Shield and ET 200S bus connection
75 VDC/60 VAC
•
Shield and I/O (DIs, P1/P2 buses)
75 VDC/60 VAC
•
ET 200S bus connection and I/O (DIs, P1/P2
buses)
250 VAC
Isolation in the series tested with
•
ET 200S bus connection and I/O (DIs, P1/P2
buses)
1500 VAC/1 min or 2545 VDC/1 s
Isolation in the type test tested with
•
Shield and ET 200S bus connection
370 VAC/1 min
•
Shield and I/O (DIs, P1/P2 buses)
370 VAC/1 min
•
ET 200S bus connection and I/O (DIs, P1/P2
buses)
2830 VAC/1 min
Current consumption
•
From backplane bus
< 20 mA
•
From load voltage L+ (without load)
70 mA, typical
Power dissipation of the module
3.5 W, typical
Status, Interrupts, Diagnostics
Status display
160
Inputs
Red/green LED per channel
Outputs
Red/green LED per channel
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Technical Specifications
Sensor supply
Red VsF LED and display at channel LED
Diagnostic functions
•
Group fault display
Red LED (SF)
•
Diagnostic information can be displayed
Possible
Sensor Supply Outputs
Number of outputs
1
Output voltage
•
Loaded
Minimum L+ (-1.5 V)
Output current
•
Rated value
400 mA
•
Permissible range
0 mA to 400 mA
Short-circuit protection
•
Operating value
Yes, electronic
4 A to 9 A
Specifications for sensor selection *
Input voltage
•
Rated value
24 VDC
•
For "1" signal
15 V to 30 V
•
For "0" signal
-30 V to 5 V
Input current
•
For "1" signal
3.5 mA, typical
Input delay *
•
For "0" after "1"
Typically 3 ms
(2.6 ms to 3.4 ms)
•
For "1" after "0"
Typically 3 ms
(2.6 ms to 3.4 ms)
Input characteristic
In accordance with IEC 61131-2 Type 1
Connection of 2-wire proximity switch (BERO)
Not possible
Data for Selecting an Actuator*
Output voltage
•
For "1" signal
•
•
Minimum L+ (-2 V)
P-switch: Minimum L+ (-1.5 V); voltage drop
in M-switch: 0.5 V, maximum
Output current for "1" signal
•
Rated value
2A
•
Permissible range
20 mA to 2.4 A
For "0" signal (residual current)
0.5 mA, maximum
Indirect control of load by means of interface
relay:
For "0" signal (residual current)
0.5 mA, maximum
Load resistance range
12 Ω to 1 kΩ
Lamp load
10 W, maximum
Parallel connection of 2 outputs
Not possible
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
161
Fail-Safe Modules
7.6 EM 4 F-DI/3 F-DO DC24V PROFIsafe digital electronic module
Technical Specifications
Control of a digital input
Not possible
Switching frequency
•
With resistive load
30 Hz, maximum
•
With inductive load in accordance with IEC
60947-5-1, DC13
0.1 Hz, maximum
•
With lamp load
10 Hz, maximum
Voltage induced on current interruption limited to
L+ (-2×47 V), typical
Short-circuit protection of output
Yes, electronic
•
Response threshold (short circuit)
5 A to 12 A
•
Response threshold (external M-short circuit)
5 A to 12 A
•
Response threshold (external P-short circuit)
4 A to 12 A
Time, Frequency
Internal processing times
See "Response Times"
Minimum sensor signal duration
See "Minimum Duration of Sensor Signals to
Allow Correct Detection by the F-DI Module"
table in "Wiring and Fitting Modules"
Protection against Overvoltage
Protection of power supply L+ from surge in
accordance with IEC 61000-4-5 with external
protection elements only
•
Symmetrical (L+ to M)
+ 1 kV; 1.2/50 μs
•
Asymmetrical (L+ to PE, M to PE)
+ 2 kV; 1.2/50 μs
*: For more information on the requirements for sensors and actuators, see "Wiring and Fitting
Modules".
**: Operating below the permissible supply voltage is only permissible for the repair time. See chapter
"Introduction (Page 61)."
162
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
7.7
4 F-DO DC24V/2A PROFIsafe digital electronic module
7.7.1
Properties of the 4 F-DO DC24V/2A PROFIsafe digital electronic module
Order Number
6ES7138-4FB03-0AB0
Properties
The 4 F-DO DC24V/2A PROFIsafe digital electronic module possesses the following
properties:
● Four outputs, P/M switching
● 2 A output current
● Rated load voltage 24 VDC
● Suitable for solenoid valves, DC contactors and indicator lights
● Group fault display (SF; red LED)
● Status display for each output (green LED)
● Assignable diagnostics
● Safety class SIL3 attainable
Power Modules Suitable for SIL2 or SIL3
Table 7- 34
EM 4 F-DO DC24V/2A PROFIsafe: Power module for SIL/Category/PL
Power Module
achievable SIL/Category/PL
Supply through PM-E DC24V, PM-E DC24V/AC120/230V or
PM-E DC24..48V
SIL3/Category 4/PLe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
163
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
Switching Grounded Loads
If the EM 4 F-DO DC24V/2A PROFIsafe switches loads that have a chassis-ground
connection (for example to improve EMC characteristics) and if chassis and ground are
connected at the power supply being used, a "short circuit" is detected.
From the perspective of the F-module, the M-switch is bridged by the chassis-ground
connection (refer to the diagram below as an example of an EM 4 F-DO DC24V/2A
PROFIsafe).
Remedy:
● Using the PM-E F pp DC24V PROFIsafe
● The value of the resistance between chassis and ground at the load end must be greater
than 100 kΩ
(0)'2'&9$352),VDIH
3
3VZLWFK
5HDGEDFNRIFXUUHQWVRXUFHRXWSXW
/RDG
0
&HQWUDO
JURXQGLQJ
SRLQW
0
0
0VZLWFK
3
5HDGEDFN0RXWSXW
Figure 7-47
Switching Grounded Loads (with resistance between chassis and ground)
Capacitive Crosstalk of Digital Input/Output Signals
Refer to "Properties of the power module PM-E F pm DC24V PROFIsafe".
164
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
Magnetic capacitance with inductive loads
Note
Note that an inductive load connected to the DO channels can induce voltages in the case of
electromagnetic interference of a strong magnetic field. This can cause a short-circuit error
message.
Remedy:
• Spatially disconnect the inductive loads or shield against the magnetic field.
• Set the parameters for the readback time to 50 ms or higher.
7.7.2
Terminal assignment of the EM 4 F-DO DC24V/2A PROFIsafe
Front View
*URXSIDXOWGLVSOD\UHG
6WDWXVGLVSOD\VIRU
RXWSXWVJUHHQ
Figure 7-48
Front view EM 4 F-DO DC24V/2A PROFIsafe
WARNING
The SF LED and the status displays of the inputs/outputs are not designed for safetyrelated functions and may therefore not be evaluated for safety-related activities.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
165
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
Terminal Assignment
The diagram below shows the terminal assignment of the EM 4 F-DO DC24V/2A PROFIsafe
for the supported terminal modules TM-E30S44-01, TM-E30C44-01, TM-E30S46-A1 and
TM-E30C46-A1.
'2'2
3 3 '2'2 33 '2'2
00 '2'2 00 70($
70($
$
$8;$8;3(
$
$ $
$8;$8;3(
$
$ $
$8;$8;3(
$8;$8;3(
$
DOx P: Terminal for fail-safe digital output (P/M switching)
DOx M: Terminal for fail-safe digital output (P/M switching)
At TM-E...46-A1: AUX 1 bus implemented. Connection to terminals A3 to A16 for any connection of
PE (individual grouping of load current power supplies possible)
Figure 7-49
Terminal Assignment of TM-E...44-01/TM-E...46-A1 for EM 4 F-DO DC24V/2A
PROFIsafe
See also
Properties of the PM-E F pm DC24V PROFIsafe Power Module (Page 62)
166
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
7.7.3
Wiring diagram of the EM 4 F-DO DC24V/2A PROFIsafe
Block Diagram
$GGUHVVVZLWFK
3VZLWFK
3URFHVVLQJORJLF
%DFNSODQHEXVLQWHUIDFH
5HDGEDFN
0
VZLWFKHV
0
6)
0
6WDWXV
RIWKH
RXWSXW
9
9
3
3
Figure 7-50
Block diagram of the EM 4 F-DO DC24V/2A PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
167
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
Application 1: Wiring a load to each digital output
Each of the four fail-safe digital outputs consists of a DOx P P-switch and a DOx M M-switch.
You connect the load between the P and M-switches. The two switches are always activated
so that voltage is applied to the load. This configuration achieves safety class SIL3/Category
4/PLe.
The wiring is carried out on an appropriate terminal module.
30(
)'2
/
0
'2
3
.
/
'2
0
'2
3
.
'2
0
'2
3
'2
0
'2
3
.
'2
0
.
0
Figure 7-51
Wiring diagram of the EM 4 F-DO DC24V/2A PROFIsafe
WARNING
In order to achieve SIL3/Category 4/PLe with this wiring, you must install a suitablyqualified sensor, for example in accordance with IEC 60947.
168
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
Application 2: Wiring loads to L+ and M at each digital output
You can connect two relays using one fail-safe digital output. The following conditions should
be kept in mind:
● L+ and M of the relays must be connected with L+ and M of the F-DO module (reference
potential must be equal).
● The normally open contacts of the two relays must be connected in series.
A connection to each of the four digital outputs is possible. The figure below shows an
example of the connection to DO0. This configuration achieves safety class SIL3/Category
4/PLe (process status readback required).
30(
)'2 / 0 '2 '2
3
0
.
'2 '2
3
0
'2 '2
3
0
'2 '2
3
0
.
.
.
0
/ 0
Figure 7-52
Wiring diagram for in each case 2 relays on 1 F-DO of the EM 4 F-DO DC24V/2A
PROFIsafe
WARNING
When connecting two relays on one digital output, (as shown in the figure above), the
errors "wire break" and "overload" are detected only at the P-switch (not at the M-switch).
WARNING
The controlled actuator can no longer be switched off should a cross circuit occur between
the P and M-switches of the output. To avoid cross circuits between the P and M-switches
of a fail-safe digital output, you should always wire the relay connection to the P and Mswitches separately, in order to prevent any cross circuits (for example with separatelysheathed cables or using separate cable ducts).
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
169
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
Note
The EM 4 F-DO DC24V/2A PROFIsafe carries out a bit pattern test every 15 minutes or so.
The module then sends an impulse for max. 4 ms. This test is run with a time offset between
the P and M-switches in order to prevent the actuator from being activated. This impulse
may cause the corresponding relay to tighten, which may reduce its service life.
We therefore recommend adhering to the wiring scheme detailed below.
Application 3: Wiring two loads in parallel to each digital output
Avoiding/Managing Cross Circuits:
To protect against cross-circuits between P and M-switches in fail-safe digital outputs, we
recommend the following wiring scheme. This configuration achieves safety class
SIL3/Category 4/PLe.
30(
)'2 / 0
/0
Figure 7-53
'2 '2
3
0
'2 '2
3
0
.
.
.
.
'2 '2
3
0
'2 '2
3
0
.
.
.
.
0
0
Wiring diagram for in each case 2 relays parallel on 1 F-DO of the EM 4 FDO DC24V/2A PROFIsafe
Note
With a parallel connection of two relays on one digital output (as shown above) the "wire
break" fault is only detected if the wire break disconnects both relays from P or M. This
diagnosis is not safety-related.
170
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
7.7.4
Parameters for the EM 4 F-DO DC24V/2A PROFIsafe
Parameters in STEP 7
The table below lists the parameters that can be assigned for the F-DO module (see also
"Configuring and programming").
Table 7- 35
Parameters of the F-DO Module
Parameter
Range
Default
Type of
Parameter
Effective
Range
F_destination_address
1 to 1022
is assigned
by STEP 7
Static
Module
F monitoring time
10 to 10000 ms
150 ms
Static
Module
F Parameters:
Module Parameters:
Behavior after channel faults*
Passivate the entire
Passivate
module/Passivate the the entire
channel
module
Static
Module
DO channel n
Activated/deactivated Activated
Static
Channel
Readback time
1 to 400 ms
Static
Channel
Diagnostics: Wire break
Activated/deactivated Deactivate
d
Static
Channel
1 ms
* This setting is only relevant when S7 Distributed Safety V5.4 or higher is installed.
Readback Time Parameter
Each output channel has its own selectable readback time. This time specifies the maximum
duration of the turn off test for the corresponding channel and therefore also the readback
time for turning off the channel.
The following readback times can be set: 1 ms, 5 ms, 10 ms, 50 ms, 100 ms, 200 ms and
400 ms.
You should set an adequately high readback time if the channel involved switches high
capacitive loads. If the readback time for a controlled capacitive load is set too low, the
output channel is passivated because the discharge of the capacitance does not take place
within the turn off test.
If the readback signals are incorrect, the "short circuit" fault only causes passivation of the
output channel after the readback time has elapsed.
WARNING
With a configured readback time of ≥ 50 ms, short-circuits (cross circuits) can be
suppressed with an interference signal with a frequency > 10 Hz (50:50 duty cycle).
Short-circuits (cross-circuits) on an output of the same module will be detected.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
171
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
7.7.5
Diagnostic Functions of the EM 4 F-DO DC24V/2 A PROFIsafe
Behavior in case of supply voltage failure
In the case of a voltage dip in the external auxiliary voltage, the SF LED lights up, the
module is passivated.
With the subsequent supply recovery (level must remain above the specified value for at
least 1 minute (refer to the technical specifications: voltages, currents, electrical potentials))
the SF LED goes out again, the module remains passivated. The SF LED flashes if there are
no other errors, until the error is acknowledged.
Diagnostic functions
The table below provides an overview of the diagnostic functions of the EM 4 FDO DC24V/2A PROFIsafe. The diagnostic functions are assigned either to one channel or to
the entire module.
Table 7- 36
Diagnostic functions of the EM 4 F-DO DC24V/2A PROFIsafe
Diagnostic Function*
Fault
Number
LED
Effective Range of
Diagnostics
Can be
Assigned
Parameter
s
Short circuit
1H
SF
Channel
No
Overload
4H
SF
Channel
No
Overtemperature
5H
SF
Module
No
Wire break
6H
SF
Channel
Yes
Internal error
9H
SF
Module
No
Parameter assignment error
10H
SF
Module
No
Sensor voltage or load voltage missing
11H
SF
Module
No
Communication error
13H
SF
Module
No
Safety-related shutdown
19H
SF
Channel
No
*: specially for F-modules; display in STEP 7, see "Channel-Specific Diagnostics, Fault Types of FailSafe Modules" table
WARNING
Before acknowledging the short-circuit diagnosis, remedy the respective error and validate
your safety function. In this case, follow the steps described in chapter "Reactions to Faults
(Page 41)".
172
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
Causes of Faults and Corrective Measures
The following table contains the possible causes of the faults described for the individual
diagnostic messages of the EM 4 F-DO DC24V/2A PROFIsafe and remedies.
Table 7- 37
Diagnostic messages of the EM 4 F-DO DC24V/2A PROFIsafe, causes of errors and
remedies
Diagnostic
Message
Short circuit
Fault
Detection
Always
Overload
For "1"
output signal
only
Always
Overtemperat
ure
Wire break
Internal error
Parameter
assignment
error
For "1"
output signal
only
Always
Always
Sensor
Always
voltage or
load voltage
missing
Communicatio Always
n error
Safety-related
shutdown
Always
Possible Causes
Corrective Measures
Short circuit in the actuator Eliminate the short-circuit
Cross circuit in the actuator Eliminate the cross-circuit within 100
hours after the error has occurred.
Internal error
Replace module
Output stage is overloaded Eliminate overload
and becomes too hot
Shutdown due to violation
of upper or lower
temperature limit value in
the module case
Line break
Internal module fault has
occurred
Inserted module does not
match configuration.
Incorrect parameter
assignment.
PROFIsafe address set
incorrectly in the F-module
No supply voltage or
supply voltage is too low
Check load wiring, check ambient
temperature, check whether permissible
output current (total current) is
exceeded for the ambient temperature.
Once the fault has been eliminated, the
module must be removed and inserted
or the power switched off and on.
Eliminate broken wire, ensure specified
minimum load (see Technical
Specifications)
Replace module
Correct the configuration (compare
actual and preset configuration), check
communication paths
Correct configuration
Check whether the PROFIsafe address
on the module matches the
configuration in HW Config
Check the supply voltage on the
interconnected PM, check the module
for correct contact
Error in communication
between F-CPU and
module, e.g. due to
defective PROFIBUS
connection or higher than
permissible EMI
PROFIsafe monitoring time
set too low
Test PROFIBUS/PROFINET
connection. Correct faults
Configuration of the Fmodule does not match
safety program
Switching frequency
exceeded
Generate safety program again; then
load configuration and safety program
into F-CPU again
Reduce the switching frequency
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Set a greater value for the "F monitoring
time" parameter for the module in
HW Config
173
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
Generally Applicable Information on Diagnostics
For information on diagnostics that pertains to all fail-safe modules (for example, for reading
diagnostics functions, or passivating channels), refer to "Diagnostics" chapter in this manual.
See also
Fault Diagnostics (Page 43)
7.7.6
Technical Specifications of the EM 4 F-DO DC24V/2A PROFIsafe
Overview
Technical Specifications
Dimensions and Weight
Dimensions W x H x D (mm)
30 x 81 x 52
Weight
Approx. 85 g
Data for Specific Module
Number of outputs (P/M switching)
4
Assigned address area
•
I/O area for inputs
5 bytes
•
I/O area for outputs
5 bytes
Length of cable*
•
Unshielded
200 m, maximum
•
Shielded
200 m, maximum
Maximum achievable safety class
•
In accordance with IEC 61508
SIL3
•
In accordance with EN 954
Category 4
•
In accordance with ISO 13849
PLe
Safety characteristics
SIL3
•
Low demand mode (average probability of
failure on demand)
< 1.00E-05
•
High demand/continuous mode (probability of
a dangerous failure per hour)
< 1.00E-10
•
Acceptance ID
FM, cULus, ATEX, CE, C-Tick
Voltages, Currents, Potentials
Rated supply voltage L+
174
24 VDC
•
permissible range **
20.4 V to 28.8 V
•
Power loss ride-through of L+
None
•
Power loss ride-through of internal P5
5 ms
•
Reverse polarity protection
No
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
Technical Specifications
Total current of outputs
•
•
Horizontal installation
– Up to 40 °C
– Up to 55 °C
– Up to 60 °C
Vertical installation
– Up to 40 °C
6A
5A
4A
4A
Electrical isolation
•
Between channels and backplane bus
Yes
•
Between channels and power supply
No
•
Between channels
No
•
Between channels/power supply and shield
Yes
Permissible potential difference between
•
Shield and ET 200S bus connection
75 VDC/60 VAC
•
Shield and I/O (DOs, P1/P2 buses)
75 VDC/60 VAC
•
ET 200S bus connection and I/O (DOs, P1/P2 250 VAC
buses)
Isolation in the series tested with
•
Shield and ET 200S bus connection
500 VDC/1 min or 600 VDC/1 s
•
Shield and I/O (DOs, P1/P2 buses)
500 VDC/1 min or 600 VDC/1 s
•
ET 200S bus connection and I/O (DOs, P1/P2 1500 VAC/1 min or 2545 VDC/1 s
buses)
Isolation in the type test tested with
•
Shield and ET 200S bus connection
350 VAC/1 min
•
Shield against I/O (DOs, P1/P2 buses)
350 VAC/1 min
•
ET 200S bus connection against I/O (DOs,
P1/P2 buses)
2830 VAC/1 min
•
Surge voltage test between ET 200S bus
connection and I/O (DOs, P1/P2 buses)
6000 VDC/5 positive and 5 negative pulses
Current consumption
•
From backplane bus
28 mA, maximum
•
From load voltage L+ (without load)
100 mA, typical
Power dissipation of the module
3.5 W, typical
Status, Interrupts, Diagnostics
Status display
Outputs
Green LED per channel
Diagnostic functions
•
Group fault display
Red LED (SF)
•
Diagnostic information can be displayed
Possible
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
175
Fail-Safe Modules
7.7 4 F-DO DC24V/2A PROFIsafe digital electronic module
Technical Specifications
Data for selecting an actuator***
Output voltage
•
For "1" signal
•
•
Minimum L+ (-2.0 V)
P-switch: Minimum L+ (-1.5 V); Voltage drop
in M-switch: 0.5 V, maximum
Output current for "1" signal
•
Rated value
2A
•
Permissible range
20 mA to 2.4 A
For "0" signal (residual current)
0.5 mA, maximum
Indirect control of load by means of interface
relay:
For "0" signal (residual current)
•
P-switch
0.5 mA, maximum
•
M-switch
4 mA, maximum
Load resistance range
12 Ω to 1 kΩ
Lamp load
10 W, maximum
Wire break monitoring (open load detection) and
overload monitoring
•
Response threshold
I < 4 to 19 mA
•
Fault detection time
depending on the selected readback time (see
"Response Times")
Parallel connection of 2 outputs
Not possible
Control of a digital input
Not possible
Switching frequency
•
With resistive load
30 Hz symmetrical, maximum
•
With inductive load in accordance with IEC
60947-5-1, DC13
0.1 Hz symmetrical, maximum
•
With lamp load
10 Hz symmetrical, maximum
Voltage induced on current interruption limited to
Typ. L+ (-2x 47 V)
Short-circuit protection of output
Yes, electronic
•
Response threshold (short circuit)
5 A to 12 A
•
Response threshold (external M-short circuit)
5 A to 12 A
•
Response threshold (external P-short circuit)
25 A to 45 A
Overload protection
•
Response threshold
Yes
I >2.6 A to 2.8 A
Time, Frequency
Internal processing times
See "Response Times"
Acknowledgment time in safety mode
4 ms minimum/8 ms maximum
Protection against Overvoltage
Protection of power supply L+ from surge in
accordance with IEC 61000-4-5 with external
protection elements only
176
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
Technical Specifications
•
Symmetrical (L+ to M)
+ 1 kV; 1.2/50 μs
•
Asymmetrical (L+ to PE, M to PE)
+2 kV; 1.2/50 μs
Protection of inputs and outputs from surge in
accordance with IEC 61000-4-5 with external
protection elements only
•
Symmetrical (L+ to M)
+1 kV; 1.2/50 μs
•
Asymmetrical (L+ to PE, M to PE)
+2 kV; 1.2/50 μs
*: In order to achieve the specified cable length, you must route the P and M-signal lines in a cable or
a sheathed cable.
**: Operating below the permissible supply voltage is only permissible for the repair time. See chapter
"Introduction (Page 61)."
***: For more information on the requirements for sensors and actuators see "Wiring and Fitting
Modules".
7.8
1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
7.8.1
Properties of the EM 1 F-RO DC24V/AC24..230V/5A
Order Number
6ES7138-4FR00-0AA0
Properties
The 1 F-RO DC24V/AC24..230V/5A digital electronic module disposes of the following
properties:
● 1 relay output (2 2-channel contacts)
● Output current 5 A
● Rated load voltage 24 VDC and 24 VAC to 230 VAC
● Status display for output (green LED)
● safety class SIL3/Category 4/PLe can be achieved if the F-RO module is controlled by a
fail-safe output (for example, by EM 4F-DO DC24V/2A PROFIsafe)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
177
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
7.8.2
Terminal assignment of EM 1F-RO DC24V/AC24..230V/5A
Front view
6WDWXVGLVSOD\IRU
RXWSXWJUHHQ
Figure 7-54
Front view EM 1 F-RO DC24V/AC24..230V/5A
WARNING
The status display of the output is not designed for safety-related functions and may
therefore not be evaluated for safety-related activities.
178
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
Terminal assignment
The figure below shows the terminal assignment of the EM 1 F-RO DC24V/AC24..230V/5A
for the supported terminal module TM-E30S44-01, TM-E30C44-01, TM-E30S46-A1 and TME30C46-A1.
287287
287287
,13,13
287287
,10,10
287287
70($
70($
$
$
$$
$8;$8;3( $
$$
$8;$8;3( $8;$8;3( $
$8;$8;3( Figure 7-55
Terminal assignment TM-E...44-01/TM-E...46-A1 for EM 1 F-RO DC24V/AC24..230V/5A
Table 7- 38
Terminal assignment of the TM-E...44-01/TM-E...46-A1
Terminal
Designation
3
IN P
Terminal for 24 VDC control voltage
4
IN M
Terminal for control voltage ground
A4
AUX 1
At TM-E...46-A1: AUX 1 bus implemented. Connection to terminals A3
to A16 for any PE connection.
Individual grouping of load current supplies is supported.
A3
AUX 1
At TM-E...46-A1: AUX 1 bus implemented. Connection to terminals A3
to A16 for any PE connection.
Individual grouping of load current supplies is supported.
7
IN P
Terminal for 24 VDC control voltage
8
IN M
Terminal for control voltage ground
A8
AUX 1
At TM-E...46-A1: AUX 1 bus implemented. Connection to terminals A3
to A16 for any PE connection.
Individual grouping of load current supplies is supported.
A7
AUX 1
At TM-E...46-A1: AUX 1 bus implemented. Connection to terminals A3
to A16 for any PE connection.
Individual grouping of load current supplies is supported.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
179
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
Terminal
Designation
9
OUT 1
NO contact, channel 0 for fail-safe switching of load 1
10
OUT 1
11
OUT 2
12
OUT 2
A12
AUX 1
At TM-E...46-A1: AUX 1 bus implemented. Connection to terminals A3
to A16 for any PE connection.
Individual grouping of load current supplies is supported.
A11
AUX 1
At TM-E...46-A1: AUX 1 bus implemented. Connection to terminals A3
to A16 for any PE connection.
Individual grouping of load current supplies is supported.
13
OUT 1
NO contact, channel 0 for fail-safe switching of load 1
14
OUT 1
15
OUT 2
16
OUT 2
A16
AUX 1
At TM-E...46-A1: AUX 1 bus implemented. Connection to terminals A3
to A16 for any PE connection.
Individual grouping of load current supplies is supported.
A15
AUX 1
At TM-E...46-A1: AUX 1 bus implemented. Connection to terminals A3
to A16 for any PE connection.
Individual grouping of load current supplies is supported.
NO contact, channel 1 for fail-safe switching of load 2
NO contact, channel 1 for fail-safe switching of load 2
CAUTION
Wire these terminals in parallel if high currents are generated at OUT 1 or OUT 2 (≥ 50% of
the rated current of the respective output channel):
• For OUT 1: Terminals 9/10 and 13/14
• For OUT 2: Terminals 11/12 and 15/16
Otherwise, high current loads may cause the terminals to heat up.
180
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
7.8.3
Wiring of EM 1 F-RO DC24V/AC24..230V/5A
Block diagram
)'2
)52
287
3VZLWFK
287
0VZLWFK
%DFNSODQHEXV
(76
EDFNSODQH
EXV
LQWHUIDFH
5HDGEDFN
6WDWXVRI
UHOD\RXWSXW
3
3
Figure 7-56
Block diagram of the EM 1 F-RO DC24V/AC24..230V/5A
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
181
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
Wiring Diagram
30(
3
3
/ 0
(0)'2
'2[
3
'2[
0
(0)52
,10
,13 287 287
/ 0
$&'&
Figure 7-57
287 287
.
.
)
)
$&'&
Wiring diagram of the EM 1 F-RO DC24V/AC24..230V/5A
WARNING
* Please always install an external fuse with the following properties in order to protect the
relay contacts against overload and short-circuits: Fusible cut-out, 6 A, operating class
gL/gG.
Note that for applications in accordance with EN 50156-1, the specified rated current of the
overcurrent protective device must be multiplied by the safety factor 0.6 to rule out the error
"non-opening of contact elements due to permanent contact welding".
Wiring the 24 VDC power supply
Apply the 24 VDC control voltage to IN P (terminals 3;7) and IN M (terminals 4;8). The 24
VDC line is usually connected via a PM-switching fail-safe output (e.g. EM 4 FDO DC24V/2A PROFIsafe). Wire the P-output of F-DO to IN P and the M-output to IN M of
the F-RO module.
You can also wire the circuit using a PP-switching fail-safe output. However, note that
external short-circuits to P at the P input cannot be controlled. In this case IN M would be
connected directly to the control voltage ground.
182
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
Wiring the Load Voltage and the Load
The connections of the relay output features electrically isolated NO contacts. This means
that power must be fed to these contacts from an external source. Connect the load supply
(supply 1) and the load (load 1) in series to the connections OUT 1
(terminals 9;13)/(terminals 10;14). This circuit ensures that the NO contacts of the relay
reliably cut off power to the load voltage supply. This redundant series circuit of the relay
contacts allows shutdown if one of the two relays fails.
The two circuits are not electrically interdependent. They are logically interconnected by way
of common control. This means that the potential in the OUT 2 (terminals 11;15)/(terminals
12;16), supply 2 and load 2 electric circuit may be different.
WARNING
If you have connected extra low voltage (SELV/PELV) to one channel, then the other
channel of the F-RO module must also be connected to extra low voltage.
Information on the F-RO module and the current TÜV certificate report are available for
download on the Internet from http://support.automation.siemens.com, "Product Support"
pages.
Reading back the relay contacts
Always compare the readback value returned from the F-RO module with the control status
in the safety program. The S7 Distributed Safety F-systems provide an F-application block
FB 216 "F_FDBACK" for this purpose: You can use the "Feedback circuit monitoring" in your
safety program (see the S7 Distributed Safety, Configuring and Programming) manual.
)'2
3
)52
0
$FWXDWRU
①
F-RO with Integrated FEEDBACK input
②
Relay contacts for switching the load
③
Output Q
Figure 7-58
Example of an interconnection with F-application block FB 216
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
183
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
If the 24 VDC control voltage falls below the required value for relay pick-up or the wire to
the input connections breaks, the relays will be released and "0" will be read back instead of
"1." This fault is only detected if the control voltage is switched on.
The value "1" is read back from the module if one of the two relays gets stuck (NO contacts
remain closed). The fault is detected by comparing this readback value with the expected
value "0" in the safety program. This fault is only detected if the control voltage is switched
off.
Note
SIL3/Category 4/PLe requires the readback of process states and at least daily signal
transitions.
7.8.4
Diagnostic functions of EM 1 F-RO DC24V/AC24..230V/5A
Output status display
Behavior of the output status display at the F-RO module:
● Relay not activated: LED is not lit
● Relay is activated: LED is lit
● Relay not activated and relay contact welded: LED is lit
Causes of Faults and Corrective Measures
In S7 Distributed Safety F-systems you can run diagnostics by evaluating output "DIAG" of
FB 216 "F_FDBACK" when using this F-application block in your safety program to read
back the relay contacts (refer to the S7 Distributed Safety, Configuring and Programming
manual).
7.8.5
Technical specifications of the EM 1 F-RO DC24V/AC24..230V/5A
Overview
Technical Specifications
Dimensions and Weight
Dimensions W x H x D (mm)
30 x 81 x 52
Weight
Approx. 90 g
Data for Specific Module
Number of outputs
•
Relay outputs
1 (2 channels)
Assigned address area
184
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
Technical Specifications
•
In the I/O area for inputs
2 bits
•
In the I/O area for outputs
--
Length of cable
•
Unshielded for load contact
200 m, maximum
•
Shielded for load contact
200 m, maximum
•
Control cable (input)
10 m, maximum
Maximum achievable safety class
•
In accordance with IEC 61508
SIL3
•
In accordance with EN 954
Category 4
•
In accordance with ISO 13849
PLe
Fail-safe performance characteristics
SIL3
•
Low demand mode (average probability of
failure on demand)
•
High demand/continuous mode (probability of < 1.00E-09
a dangerous failure per hour)
•
Acceptance ID
< 1.00E-05
cULus, CE, C-Tick
Voltages, Currents, Potentials
Control voltage
20.4 to 28.8 VDC (supplied from fail-safe output of
an F-DO)
Total current at both channels
•
Horizontal installation
– Up to 40 °C
– Up to 50 °C
– Up to 60 °C
•
Vertical installation
– Up to 40 °C
8A
6A
5 A at max. control voltage 24.8 VDC
3 A at max. control voltage 28.8 VDC
6A
Electrical isolation
•
Between channels and backplane bus
Yes
•
Between channels and control voltage
Yes
•
Between channels
Yes
•
Between channels/control voltage and shield
Yes
Permissible potential difference between
•
Shield and ET 200S bus connection
75 VDC/60 VAC
•
Control voltage and shield
75 VDC/60 VAC
•
ET 200S bus connection and control voltage
75 VDC/60 VAC
•
Channel 1 and shield, ET 200S bus
connection, control voltage, channel 2
250 VAC
•
Channel 2 and shield, ET 200S bus
connection, control voltage, channel 1
250 VAC
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
185
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
Technical Specifications
Isolation in the series tested with
•
Shield against ET 200S bus connection,
control input, channel 1, channel 2
600 VDC/1 s
•
Control input against ET 200S bus
connection, shield, channel 1, channel 2
600 VDC/1 s
•
ET 200S bus connection against control
voltage, shield, channel 1, channel 2
600 VDC/1 s
•
Channel 1 against shield, ET 200S bus
connection, control voltage, channel 2
2545 VDC/1 s
•
Channel 2 against shield, ET 200S bus
connection, control voltage, channel 1
2545 VDC/1 s
Isolation in the type test tested with
•
Shield against ET 200S bus connection,
control input, channel 1, channel 2
370 VAC / 520 VDC / 1 min
•
Control input against ET 200S bus
connection, shield, channel 1, channel 2
370 VAC / 520 VDC / 1 min
•
ET 200S bus connection against control
voltage, shield, channel 1, channel 2
370 VAC / 520 VDC / 1 min
•
Channel 1 against shield, ET 200S bus
connection, control voltage, channel 2
2300 VAC / 3250 VDC / 1 min
•
Channel 2 against shield, ET 200S bus
connection, control voltage, channel 1
2300 VAC / 3250 VDC / 1 min
•
Surge test voltage between control voltage
and channel 1, channel 2
7200 VDC/5 positive and 5 negative pulses
Current consumption
•
From backplane bus
10 mA, maximum
•
From control voltage (IN P, IN M)
100 mA, maximum
Power dissipation of the module
2.1 W, typical
Status, Interrupts, Diagnostics
Status display
Green LED
Diagnostic functions
•
Diagnostic information can be displayed
No
Data for Selecting an Actuator*
Output current
•
Continuous thermal current
Max. 5 A
•
Minimum load current
5 mA
Contact protection (internal)
186
No
At the relay output
No
Wire break monitoring
No
Parallel connection of 2 outputs
Supported, observe max. total current
Control of a digital input
Possible
•
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
Technical Specifications
Switching frequency
•
With resistive load
2 Hz, maximum
•
With inductive load in accordance with IEC
60947-5-1, DC13
0.1 Hz, maximum
•
With inductive load in accordance with IEC
60947-5-1, AC15
2 Hz, maximum
•
Inductive load in accordance with UL 508
Pilot Duty B300, R300
Voltage induced on current interruption
(internally) limited
No
Short-circuit protection of output
No, external fusible cut-out, 6 A, operating class
gL/gG; with two outputs wired in parallel, each
output must be fused with a 6 A fusible cut-out,
operating class gL/gG. Note that for applications
in accordance with EN 50156-1, the specified
rated current of the overcurrent protective device
must be multiplied by the safety factor 0.6 to rule
out the error "non-opening of contact elements
due to permanent contact welding".
Time, Frequency
Switching time
Typically 13 ms
Release time
Typically 16 ms
Protection against Overvoltage
Protection of outputs from surge in accordance
with IEC 61000-4-5 (no protection elements
required)
•
Symmetrical
– Channel 1 (9/13) against (10/14)
– Channel 2 (11/15) against (12/16)
+1 kV; 1.2/50 μs
•
Asymmetrical
– Channel 1 (9/13) or (10/14) against PE
– Channel 2 (11/15) or (12/16) against PE
+2 kV; 1.2/50 μs
*: For more information on the requirements for sensors and actuators, see the "Wiring and Fitting
Modules" chapter in this manual.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
187
Fail-Safe Modules
7.8 1 F-RO DC24V/AC24..230V/5A Digital Electronic Module
Switching Performance and Service Life of Contacts
The table below shows the switching performance and service life of contacts. You can
extend the service life beyond the value indicated in the table by installing an external
protective circuit.
Table 7- 39
Switching Performance and Service Life of Contacts
Resistive Load
For resistive load
Voltage
24 VDC
230 VAC
For inductive load to
24 VDC
IEC 60947-5-1 DC13/
AC15
230 VAC
188
Current
Duty cycle (typ.) NO contact
5.0 A
0.35 million
3.0 A
0.5 million
2.0 A
0.75 million
1.0 A
1.8 million
0.5 A
4 million
5.0 A
0.1 million
3.0 A
0.15 million
2.0 A
0.2 million
1.0 A
0.4 million
0.5 A
0.8 million
1.0 A
0.1 million
0.5 A
0.2 million
1.0 A
0.2 million
0.5 A
0.35 million
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Diagnostic Data of Fail-Safe Modules
A.1
A
Einleitung
Introduction
This appendix describes the structure of diagnostic data in the system data. You need to
know this structure if you want to evaluate diagnostic data of fail-safe modules in the
standard user program.
Further Reading
The System and Standard Functions reference manual describes in detail the principles of
evaluating diagnostic data of F-modules in the standard user program and describes the
SFCs used for this.
A.2
Structure and Content of Diagnostic Data
SFCs for Reading out Diagnostic Data
The following SFCs are available for reading out diagnostic data of fail-safe modules in the
standard user program:
Table A- 1
SFCs for Reading out Diagnostic Data
SFC Number
Identifier
Application
59
RD_REC
Reading out data records of S7 diagnostics (saved to the
data area of the standard user program)
13
DPNRM_DG
Reading out slave diagnostic data (saved to the data area
of the standard user program)
Position in the Diagnostic Message Frame of the Slave Diagnostics
When fail-safe modules are being used in the ET 200S and a diagnostic interrupt occurs,
data records 0 and 1 are entered in the slave diagnostics of the ET 200 (= interrupt section).
The position of the interrupt section in the slave diagnostic data depends on the structure of
the diagnostic message frame and on the length of the channel-specific diagnostics.
A detailed description of the structure of the diagnostic message frame and the position of
the interrupt section in accordance with the PROFIBUS standard is available in the
"Commissioning and Diagnostics" chapter of the ET 200S Distributed I/O System operating
instructions.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
189
Diagnostic Data of Fail-Safe Modules
A.2 Structure and Content of Diagnostic Data
Data Records 0 and 1 of the System Data
The diagnostic data of a module can be up to 40 bytes long and is located in data records 0
and 1 of the system data area:
● Data record 0 contains 4 bytes of diagnostic data that describe the state of the F-module.
● Data record 1 contains
– The 4 bytes of diagnostic data of the F-module that are also in data record 0 and
– Up to 36 bytes of channel-specific diagnostics data, depending on the F-module (see
"Channel-Specific Diagnostics from Byte 8").
Description
The next section describes the content and structure of the individual diagnostic data bytes.
General rule: If a fault occurs, the corresponding bit is set to "1".
Bytes 0 and 1
The figure below shows the contents of bytes 0 and 1 in the diagnostic data.
%\WH
0RGXOHHUURU
)PRGXOHRN
)PRGXOHIDXOWHGWKHQ
%LWVDQGDUHDOVRVHW
([WHUQDOHUURU
&KDQQHOHUURU
%\WH
0RGXOHFODVV
%IRU)PRGXOHV
&KDQQHOLQIRUPDWLRQH[LVWV
Figure A-1
190
Bytes 0 and 1 of Diagnostic Data
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Diagnostic Data of Fail-Safe Modules
A.2 Structure and Content of Diagnostic Data
Bytes 2 and 3
The figure below shows the contents of bytes 2 and 3 in the diagnostic data.
%\WH
DOZD\V
%\WH
Figure A-2
DOZD\V
Bytes 2 and 3 of Diagnostic Data
Bytes 4 to 6
The figure below shows the contents of bytes 4 to 6 in the diagnostic data.
%\WH
&KDQQHOW\SH
%\WH
%%IDLOVDIH','2PRGXOH
%%IDLOVDIH',PRGXOH
%&IDLOVDIH'2PRGXOH
%&IDLOVDIHSRZHUPRGXOH
DOZD\V+H[
%\WH 1XPEHURIFKDQQHOV
(0)',
(0)'2',RIWKH(0)',)'2
30()
30()33
30'b)
Figure A-3
Bytes 4 to 6 of Diagnostic Data
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
191
Diagnostic Data of Fail-Safe Modules
A.2 Structure and Content of Diagnostic Data
Byte 7 with EM 4/8 F-DI DC24V PROFIsafe
The figure below shows the content of Byte 7 of the diagnostic data for EM 4/8 F-DI DC24V
PROFIsafe.
%\WH
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
Figure A-4
Byte 7 of diagnostic data for EM 4/8 F-DI DC24V PROFIsafe
Byte 7 with EM 4 F-DI/3 F-DO DC24V PROFIsafe
%\WH
&KDQQHOIDXOWLQSXWFKDQQHO
&KDQQHOIDXOWLQSXWFKDQQHO
&KDQQHOIDXOWLQSXWFKDQQHO
&KDQQHOIDXOWLQSXWFKDQQHO
Figure A-5
Byte 7 of diagnostic data for EM 4 F-DI/3 F-DO DC24V PROFIsafe
Byte 7 with EM 4 F-DO DC24V/2A PROFIsafe
The figure below shows the content of Byte 7 of the diagnostic data for EM 4 FDO DC24V/2A PROFIsafe.
%\WH
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
Figure A-6
192
Byte 7 of diagnostic data for EM 4 F-DO DC24V/2A PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Diagnostic Data of Fail-Safe Modules
A.2 Structure and Content of Diagnostic Data
Byte 7 with PM-E F pm DC24V PROFIsafe
The figure below shows the content of Byte 7 of the diagnostic data for the PME F pm DC24V PROFIsafe.
%\WH
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
Figure A-7
Byte 7 of diagnostic data for PM-E F pm DC24V PROFIsafe
Byte 7 with PM-E F pp DC24V PROFIsafe
The figure below shows the content of Byte 7 of the diagnostic data for the PME F pp DC24V PROFIsafe
%\WH
&KDQQHOIDXOWFKDQQHO
Figure A-8
Byte 7 of diagnostic data for PM-E F pp DC24V PROFIsafe
Byte 7 with PM-D F DC24V PROFIsafe
The figure below shows the content of Byte 7 of the diagnostic data for the PM-D F DC24V
PROFIsafe.
%\WH
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
&KDQQHOIDXOWFKDQQHO
Figure A-9
Byte 7 of diagnostic data for PM-D F DC24V PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
193
Diagnostic Data of Fail-Safe Modules
A.2 Structure and Content of Diagnostic Data
Channel-Specific Diagnostics from Byte 8
Channel-specific diagnostics start at byte 8 of the diagnostic data. Each channel is provided
with 4 bytes of diagnostic information. The inputs apply to the EM 4 F-DI/3 F-DO.
%\WH
6KRUWFLUFXLW
2YHUORDG
2YHUWHPSHUDWXUH
:LUHEUHDN
%\WH
,QWHUQDOHUURU
%\WH
3DUDPHWHUDVVLJQPHQWIDXOW
6HQVRUYROWDJHRUORDGYROWDJHPLVVLQJ
&RPPXQLFDWLRQHUURU
%\WH
6DIHW\RULHQWHGWULSSLQJ
)',PRGXOH'LVFUHSDQF\HUURU
)'2PRGXOHDQG30(
6ZLWFKLQJIUHTXHQF\H[FHHGHG
%\WH
WR
1H[WFKDQQHOVSHFLILFGLDJQRVWLFPHVVDJH
DVVLJQPHQWDVE\WHVWR
Figure A-10
Channel-Specific Diagnostics Starting at Byte 8 of the Diagnostics Data
Byte 27 on 4 F-DI/3 F-DO (Outputs)
The figure below shows the content of Byte 27 of the diagnostic data for the outputs of the
4 F-DI/3 F-DO.
%\WH
)DXOWDWRXWSXWFKDQQHO
)DXOWDWRXWSXWFKDQQHO
)DXOWDWRXWSXWFKDQQHO
Figure A-11
194
Byte 27 of the diagnostic data for the outputs of the 4 F-DI/3 F-DO
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Diagnostic Data of Fail-Safe Modules
A.2 Structure and Content of Diagnostic Data
Channel-Specific Diagnostics in Bytes 28 to 43
Channel-specific diagnostics start at byte 28 of the diagnostic data. Each channel is provided
with four bytes of diagnostic information.
%\WH
6KRUWFLUFXLW
%\WH
,QWHUQDOHUURU
%\WH
3DUDPHWHUDVVLJQPHQWIDXOW
6HQVRUYROWDJHRUORDGYROWDJHPLVVLQJ
&RPPXQLFDWLRQHUURU
%\WH
6DIHW\UHODWHGVKXWGRZQ
)',)'2RXWSXWV6ZLWFKLQJIUHTXHQF\H[FHHGHG
%\WH
WR
Figure A-12
1H[WFKDQQHOVSHFLILFGLDJQRVWLF
DVVLJQPHQWVDPHDV%\WHVWR
Channel-Specific Diagnostics Starting at Byte 28 of the Diagnostic Data
Due to the different numbers of channels of the F-modules, data record 1 has differing
lengths:
EM 4/8 F-DI DC24V PROFIsafe:
40 bytes
EM 4 F-DO DC24V/2A PROFIsafe:
24 bytes
EM 4 F-DI/3 F-DO DC24V PROFIsafe:
36 bytes
PM-E F pm DC24V PROFIsafe:
20 bytes
PM-E F pp DC24V PROFIsafe:
12 bytes
PM-D F DC24V PROFIsafe:
32 bytes
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
195
Diagnostic Data of Fail-Safe Modules
A.2 Structure and Content of Diagnostic Data
196
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
B
Dimension drawings
Terminal Modules with F-Module Inserted
The section below shows dimensional drawings for each of the following:
● Terminal modules TM-x30x4x-xx with PM-E F pm, PM-E F pp, F-DI or F-DO module
● Terminal module TM-PF30S47-F1 with PM-D F-module
&LUFXODWLRQ
0RXQWLQJUDLO
&LUFXODWLRQ
0RXQWLQJUDLO
Figure B-1
Dimension Drawing of Terminal Modules with PM-E F pm, PM-E F pp, F-DI or F-DO
module
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
197
Dimension drawings
Figure B-2
198
Dimension drawing of terminal module with PM-D F DC24V PROFIsafe
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
C
Accessories and Order Numbers
Accessories and Order Numbers
The table below lists the order numbers of terminal modules, of fail-safe PMs and EMs, and
of accessories which can be ordered for the fail-safe modules.
Component
Order Number
Terminal modules for F-DI and F-DO:
TM-E30S44-01 (screw-in type), 1 item
6ES7193-4CG20-0AA0
TM-E30C44-01 (snap-on type), 1 item
6ES7193-4CG30-0AA0
TM-E30S46-A1 (screw-in type), 1 item
6ES7193-4CF40-0AA0
TM-E30C46-A1 (snap-on type), 1 item
6ES7193-4CF50-0AA0
Terminal modules for PM-E F pm DC24V PROFIsafe and PM-E F pp DC24V PROFIsafe:
TM-P30S44-A0 (screw-in type), 1 item
6ES7193-4CK20-0AA0
TM-P30C44-A0 (snap-on type), 1 item
6ES7193-4CK30-0AA0
Terminal module for PM-D F DC24V PROFIsafe:
TM-PF30S47-F1 (screw-in type), 1 item
3RK1903-3AA00
Fail-safe power modules:
PM-E F pm DC24V PROFIsafe
6ES7138-4CF03-0AB0
PM-E F pp DC24V PROFIsafe
6ES7138-4CF42-0AB0
PM-D F DC24V PROFIsafe
3RK1903-3BA02
Fail-safe electronic module:
4/8 F-DI DC24V PROFIsafe
6ES7138-4FA04-0AB0
4 F DI/3 DO DC24V PROFIsafe
6ES7138-4FC01-0AB0
4 F-DO DC24V/2A PROFIsafe
6ES7138-4FB03-0AB0
1 F-RO DC24V/AC24..230V/5A
6ES7138-4FR00-0AA0
Accessories:
Label sheets DIN A4, yellow, quantity of 10
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
6ES7193-4BB00-0AA0
199
Accessories and Order Numbers
200
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
D
Response times
Introduction
The response times of the ET 200S F-modules are listed below. The response time of Fmodules is included in the calculation of the F-system response time.
Information about the calculation of F-system response times is available in the Safety
Engineering in SIMATIC S7System Description.
Definition of Response Time
For fail-safe digital inputs: The response time defines the interval between a signal transition
at the digital input and the reliable availability of the safety message frame on the backplane
bus.
For fail-safe digital outputs: The response time defines the interval between the receipt of a
safety message frame from the backplane bus and the signal transition at the digital output.
Maximum response time of the PM-E F pm DC24V PROFIsafe
The maximum response time of the PM-E F pm DC24V PROFIsafe (with or without fault) is
equivalent to the maximum internal processing time Tmax.
The internal processing times of the electronic PM channel depend on the readback time
parameter setting (see table below).
Table D- 1
PM-E F pm DC24V PROFIsafe: Internal processing times of the electronic PM channel
PM-E F pm DC24V PROFIsafe (electronic PM channel)
Programmed
Readback Time
Limit Frequency
Minimum Internal Processing
Time Tmin
Maximum Internal
Processing Time Tmax
1 ms
32.3 Hz
4 ms
16 ms
5 ms
28.6 Hz
4 ms
20 ms
10 ms
25.0 Hz
4 ms
25 ms
50 ms
12.5 Hz
4 ms
55 ms
100 ms
7.7 Hz
4 ms
90 ms
200 ms
4.3 Hz
4 ms
150 ms
400 ms
2.3 Hz
4 ms
300 ms
Table D- 2
PM-E F pm DC24V PROFIsafe: Internal processing times of the P1/2 channel
Measuring Channel
Minimum Internal
Processing Time Tmin
Maximum Internal
Processing Time Tmax
PM-E F pm DC24V PROFIsafe (P1/2
channel; relay; switch on)
4 ms
10 ms
PM-E F pm DC24V PROFIsafe (P1/2
channel; relay; switch off)
6 ms
14 ms
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
201
Response times
Maximum response time of the PM-E F pp DC24V PROFIsafe
The maximum response time of the PM-E F pp DC24V PROFIsafe (with or without fault) is
equivalent to the maximum internal processing time Tmax.
Table D- 3
PM-E F pp DC24V PROFIsafe: Internal processing times
Measurement channel
PM-E F pp DC24V PROFIsafe (P1/2
channel; relay; switch on)
PM-E F pp DC24V PROFIsafe (P1/2
channel; relay; switch off)
minimum internal processing
time Tmin
4 ms
maximum internal
processing time Tmax
10 ms
6 ms
12 ms
Maximum response time of the PM-D F DC24V PROFIsafe
The maximum response time of the PM-D F DC24V PROFIsafe (with or without fault) is
equivalent to the maximum internal processing time Tmax.
Table D- 4
PM-D F DC24V PROFIsafe: Internal processing times
Measuring Channel
PM-D F DC24V PROFIsafe
(electronic PP channel)
Minimum Internal Processing
Time Tmin
3 ms
Maximum Internal Processing
Time Tmax
9 ms
Maximum response time of the EM 4/8 F-DI DC24V PROFIsafe
Formula for calculating the maximum response time if there is no fault:
Maximum response time
without fault = Tmax + input delay + short-circuit test time*
*: Short-circuit test time = 2 x input delay
Program the input delay and short-circuit test in STEP 7.
Table D- 5
EM 4/8 F-DI DC24V PROFIsafe: Internal Processing Times
Sensor evaluation
1oo1 and 1oo2
minimum internal processing
time Tmin
5 ms
maximum internal
processing time Tmax
11 ms
Maximum response time if a fault occurs:
The table below contains the maximum response times of the F-DI module when a fault
occurs, depending on the parameter settings in STEP 7 and on the sensor evaluation.
Table D- 6
EM 4/8 F-DI DC24V PROFIsafe: Maximum Response Time if a Fault Occurs
1oo1 evaluation
1oo2 evaluation**
Input Delay
0.5 ms
3 ms
15 ms
0.5 ms
3 ms
15 ms
Short-circuit test deactivated
18 ms
20 ms
32 ms
12 ms
14 ms
26 ms
Short-circuit test activated
29 ms
40 ms
91 ms
13 ms
20 ms
56 ms
**: The response times with 1oo2 evaluation also depend on the configured discrepancy behavior:
Provide 0 value: The times defined in the table above apply.
Provide last valid value: The times in the table above are extended by the programmed discrepancy
time.
202
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Response times
Note
Please note that the Excel files for calculating the maximum response times (s7fcotia.xls and
s7ftimea.xls) included with the S7 Distributed Safety and S7 F/FH Systems option packages
already support calculation of the extension of the "Maximum response time in the event of a
fault" by the programmed discrepancy time.
Maximum response time of the EM 4 F-DI/3 F-DO DC24V PROFIsafe
Formula for calculating the maximum response time if there is no fault:
maximum response time
without a fault = Tmax + input delay + short-circuit test time*
*: Short-circuit test time = 2 x input delay
Parameters for the input delay and the short-circuit test are assigned in STEP 7.
Table D- 7
EM 4 F-DI/3 F-DO DC24V PROFIsafe: Internal Processing Times
Evaluation of the Sensors
minimum internal processing
time Tmin
maximum internal
processing time Tmax
4 ms
9 ms
1oo2
Maximum response time if a fault occurs:
The table below contains the maximum response times of the F-DI/F-DO module when a
fault occurs, depending on the parameter settings in STEP 7 and on the sensor evaluation.
Table D- 8
EM 4 F-DI/3 F-DO DC24V PROFIsafe: Maximum Response Time if a Fault Occurs
1oo2 evaluation*
Input Delay
3 ms
Short-circuit test deactivated
14 ms
Short-circuit test activated
22 ms
*: The response times with 1oo2 evaluation also depend on the configured discrepancy behavior:
Provide 0 value: The times defined in the table above apply.
Provide last valid value: The times in the table above are extended by the programmed discrepancy
time.
Note
Please note that the Excel files for calculating the maximum response times (s7fcotia.xls and
s7ftimea.xls) included with the S7 Distributed Safety and S7 F/FH Systems option packages
already support calculation of the extension of the "Maximum response time in the event of a
fault" by the programmed discrepancy time.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
203
Response times
Maximum response time of outputs:
The maximum response time of the EM 4 F-DI/3 F-DO DC24V PROFIsafe (with or without
fault) is equivalent to the maximum internal processing time Tmax.
The internal processing times of the electronic PM channel depend on the readback time
parameter setting (see table below).
Table D- 9
EM 4 F-DI/3 F-DO DC24V PROFIsafe: Internal Processing Times
EM 4 F-DI/3 F-DO DC24V PROFIsafe (electronic PM channel)
Programmed
Readback Time
Limit Frequency
Minimum Internal Processing
Time Tmin
Maximum Internal
Processing Time Tmax
1 ms
37.0 Hz
4 ms
13 ms
5 ms
32.2 Hz
4 ms
14 ms
10 ms
27.7 Hz
4 ms
20 ms
50 ms
13.2 Hz
4 ms
32 ms
100 ms
7.9 Hz
4 ms
50 ms
200 ms
4.4 Hz
4 ms
75 ms
400 ms
2.3 Hz
4 ms
140 ms
Maximum response time of the EM 4 F-DO DC24V/2A PROFIsafe
The maximum response time of the EM 4 F-DO DC24V/2A PROFIsafe (with or without fault)
is equivalent to the maximum internal processing time Tmax.
The internal processing times of the electronic PM channel depend on the readback time
parameter setting (see table below).
Table D- 10
EM 4 F-DO DC24V/2A PROFIsafe: Internal Processing Times
EM 4 F-DO DC24V/2A PROFIsafe (electronic PM channel)
Programmed
Readback Time
Limit Frequency
Minimum Internal Processing
Time Tmin
Maximum Internal
Processing Time Tmax
1 ms
32.3 Hz
4 ms
16 ms
5 ms
28.6 Hz
4 ms
20 ms
10 ms
25.0 Hz
4 ms
25 ms
50 ms
12.5 Hz
4 ms
55 ms
100 ms
7.7 Hz
4 ms
100 ms
200 ms
4.3 Hz
4 ms
150 ms
400 ms
2.3 Hz
4 ms
300 ms
Maximum response time of the EM 1 F-RO DC24V/AC24..230V/5A
The maximum response time of the EM 1 F-RO DC24V/AC24..230V/5A (with or without
fault) is equivalent to the total of:
● the maximum response time of the fail-safe output used to activate the F-RO module
● plus the relay switching or release time of the F-RO module
See also
204
Properties of the 4/8 F-DI 24 VDC PROFIsafe Digital Electronic Module (Page 105)
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
E
Connecting Loads
E.1
Connecting capacitive loads
Connecting capacitive loads on PM-E F pm DC24V PROFIsafe, EM 4 F-DO DC24V/2A PROFIsafe
If the electronic outputs of the PM-E F pm DC24V PROFIsafe, of EM 4 F-DO DC24V/2A are
connected to low-power loads that have capacitance, this can lead to generation of a "shortcircuit" error message. Reason: The capacitance cannot be sufficiently discharged during the
programmed self-test readback time.
The figure below shows the typical curves of the parameterized readback times indicating
the relationship between load resistance and connectable load capacitance.
&DSDFLWLYHORDGSDUWLQ˩)
/RDGFXUUHQWLQP$
ZLWKFRQILJXUHGUHDGEDFNWLPHLQPV
ZLWKFRQILJXUHGUHDGEDFNWLPHLQPV
ZLWKFRQILJXUHGUHDGEDFNWLPHLQPV
ZLWKFRQILJXUHGUHDGEDFNWLPHLQPV
ZLWKFRQILJXUHGUHDGEDFNWLPHLQPV
ZLWKFRQILJXUHGUHDGEDFNWLPHLQPV
ZLWKFRQILJXUHGUHDGEDFNWLPHLQPV
Remedy:
1. Determine the load current and capacitance of the load.
2. Locate the operating point in the diagram above.
3. If the operating point is above the curve, you must increase the load current until the new
operating point is below the curve by connecting a resistor in parallel.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
205
Connecting Loads
E.1 Connecting capacitive loads
Connecting Capacitive Loads at the EM 4 F-DI/3 F-DO DC24V PROFIsafe
The figure below shows the typical curves of the parameterized readback times indicating
the relationship between load resistance and connectable load capacitance.
Behavior is as described above.
100,0
&DSDFLW\LQ˩)
10,0
1,0
0,1
9
20
50
100
200
500
750
1000
1250
1500 1750
2000
/RDGFXUUHQWLQP$
ZLWKSDUDPHWHUL]HGUHDGEDFNWLPHLQPV
ZLWKSDUDPHWHUL]HGUHDGEDFNWLPHLQPV
ZLWKSDUDPHWHUL]HGUHDGEDFNWLPHLQPV
ZLWKSDUDPHWHUL]HGUHDGEDFNWLPHLQPV
ZLWKSDUDPHWHUL]HGUHDGEDFNWLPHLQPV
ZLWKSDUDPHWHUL]HGUHDGEDFNWLPHLQPV
ZLWKSDUDPHWHUL]HGUHDGEDFNWLPHLQPV
206
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Connecting Loads
E.2 Switching inductive loads
E.2
Switching inductive loads
Connecting inductive loads on PM-E F pm DC24V PROFIsafe, EM 4 F-DO DC24V/2A PROFIsafe
and EM 4 F-DI/3 F-DO DC24V PROFIsafe
,QGXFWLYLW\LQ+
The diagram below shows the maximum permitted inductive loads as a function of the load
current and switching frequency.
/RDGFXUUHQWLQP$
)UHTXHQF\ +]
)UHTXHQF\ +]
)UHTXHQF\ +]
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
)UHTXHQF\ +]
)UHTXHQF\ +]
)UHTXHQF\ +]
)UHTXHQF\ +]
)UHTXHQF\ +]
207
Connecting Loads
E.2 Switching inductive loads
208
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Glossary
1oo1 evaluation1oo1 evaluation
-> 1oo1 evaluation
Type of -> sensor evaluation – with the 1oo1 evaluation -> sensor is non-redundant and
connected to the F-module via one channel.
1oo1 evaluation1oo1 evaluation
-> 1oo1 evaluation
Type of -> sensor evaluation – with the 1oo1 evaluation -> sensor is non-redundant and
connected to the F-module via one channel.
1oo2 evaluation1oo2 evaluation
-> 1oo2 evaluation
Type of -> sensor evaluation - 1oo2 evaluation covers two input channels which are
interconnected either with a single dual-channel sensor, or with two single-channel sensors.
The input signals are compared internally for equivalence or nonequivalence.
1oo2 evaluation1oo2 evaluation
-> 1oo2 evaluation
Type of -> sensor evaluation - 1oo2 evaluation covers two input channels which are
interconnected either with a single dual-channel sensor, or with two single-channel sensors.
The input signals are compared internally for equivalence or nonequivalence.
Acknowledgment time
The -> F-I/O acknowledges the sign of life specified by the -> F-CPU within the
acknowledgment time. The acknowledgment time is included in the calculation of the overall
> monitoring time and -> response time for the F-system.
Actuator
Actuators can be power relays or contactors for switching on loads, or they can be loads
themselves (e.g. directly controlled solenoid valves).
AUX1 bus
Power modules allow the additional connection of a voltage (24 VDC) which you can wire via
the AUX(iliary) bus. AUX(iliary) buses can be used individually as a protective conductor bus
or to supply additionally-required voltage.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
209
Glossary
Availability
Availability is the probability that a system is functional at a specific point in time. Availability
can be enhanced by redundancy, for example by using multiple -> sensors at the same
measuring point.
Backplane bus
The backplane bus is a serial data bus via which the IM 151 interface module communicates
with the electronic modules/motor starters, supplying them with the required voltage. The
modules are interconnected by way of terminal modules.
Category
Category in accordance with EN 954-01.
-> Fail-safe modules can be used in safety mode up to Category 4.
Channel error
Channel-specific fault, such as a wire break or short circuit.
In channel-specific passivation, the affected channel is either automatically reintegrated or
the F-module must be removed and reinserted after the fault has been eliminated.
Channel group
The channels of a module are grouped together in a channel group. Certain parameters in
STEP 7 can only be assigned to channel groups and not to individual channels.
Channel number
Channel numbers are used to uniquely identify the inputs and outputs of a module and to
assign channel-specific diagnostic messages.
Channel-specific passivation
With this type of passivation, only the affected channel is passivated when a -> channel fault
occurs. All channels of the -> fail-safe module are passivated when a -> module fault is
detected.
Configuring
A configuration denotes the systematic arrangement of the individual ET 200S modules (setup).
CRC
Cyclic Redundancy Check -> CRC signature
210
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Glossary
CRC signature
The validity of the process values in the safety message frame, the accuracy of the assigned
address references, and the safety-related parameters are validated by means of the CRC
signature in the safety message frame.
Dark period
Dark periods occur during shutdown tests and complete bit pattern tests. The fail-safe output
module switches test-related zero signals to the active output. This output is then briefly
disabled (= dark period). An -> actuator with sufficient lag does not respond to these signals
and remains switched on.
Discrepancy analysis
The discrepancy analysis for equality/non-equality is used at fail-safe inputs to detect errors
based on the timing of two signals with the same functionality. Discrepancy analysis is
initiated when different levels (when testing for nonequivalence: same voltage levels) are
detected at two associated input signals. The signals are checked to determine whether the
difference (when checking for nonequivalence: the consistency) has disappeared within a
programmable period known as the -> discrepancy time. If not, this means that a
discrepancy error exists.
The discrepancy analysis compares the two input signals of the 1oo2 sensor evaluation in
the fail-safe input module.
Discrepancy time
Configured time for the -> discrepancy analysis. If the discrepancy time is set too high, the
times for fault detection and -> fault reaction are extended unnecessarily. If the discrepancy
time is set too low, availability is decreased unnecessarily since a discrepancy error is
detected when, in reality, no error exists.
DP master
A master that behaves in accordance with IEC 61784-1:2002 Ed1 CP 3/1 is known as a DP
master.
DP slave
A DP slave is a slave operated on PROFIBUS with the PROFIBUS DP protocol that behaves
in accordance with IEC 61784-1:2002 Ed1 CP 3/1.
F monitoring time
-> PROFIsafe monitoring time
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
211
Glossary
Fail-safe modules
These are ET 200S modules that can be used for safety-related operation (-> safety mode)
in the ET 200S distributed I/O system. These modules are equipped with integrated -> safety
functions.
Fail-safe systems
Fail-safe systems (F-systems) remain in a safe state or immediately assume another safe
state as soon as particular failures occur.
Fault response time
The maximum fault response time of an F-system defines the interval between the
occurrence of any fault and a safe reaction at all affected fail-safe outputs.
For -> F-systems in general: The maximum fault response time defines the interval between
the occurrence of any fault at any -> F-I/O and the safe reaction at the corresponding failsafe output.
For digital inputs: The maximum fault response time defines the interval between the
occurrence of the fault and the safe reaction at the backplane bus.
For digital outputs: The maximum fault response time defines the interval between the
occurrence of the fault and the safe reaction at the digital output.
Fault tolerance time
The fault tolerance time of a process is the time a process can be left unattended without risk
to life and limb of the operating personnel, or damage to the environment.
Within the fault tolerance time, the F-system can initiate any process control actions, i.e. it
can control its process incorrectly or even not at all. The fault tolerance time depends on the
type of process and must be determined on a case-by-case basis.
F-CPU
An F-CPU is a central processing unit with fail-safe capability which is approved for use in
S7 Distributed Safety/S7 F/FH systems.
For S7 F/FH Systems, the F-copy license allows the central processing unit to be used as an
F-CPU. In other words, it can execute a -> safety program.
An F-copy license is not required for S7 Distributed Safety. The F-CPU can also execute a ->
standard user program.
212
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Glossary
F-I/O
Group designation for fail-safe inputs and outputs available in SIMATIC S7 for the integration
in the S7 Distributed Safety and S7 F/FH Systems fail-safe systems. Available F-I/O
modules:
● Fail-safe I/O module for ET 200eco
● S7-300 fail-safe signal modules (F-SMs)
● Fail-safe modules for ET 200S
● Fail-safe DP standard slaves (for S7 Distributed Safety only)
● fail-safe PA field devices
● fail-safe IO devices
F-Systems
-> Fail-safe systems
Interconnecting
Refers to the opening of a new voltage group by a power module.
This allows individual grouping of sensor and load supplies.
IO controller
-> PROFINET IO controller
IO device
-> PROFINET IO device
Module fault
Module faults can be external faults (e.g. missing load voltage) or internal faults (e.g.
processor failure). Internal faults always require module replacement.
Monitoring time
-> PROFIsafe monitoring time
Motor starter (MS)
Motor starter is a generic term for direct and reversing starters. Motor starters are used to
determine motor startup and the direction of rotation.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
213
Glossary
M-switch
Each fail-safe digital output of the ET 200S F-modules consists of a P-switch DOx P and an
M-switch DOx M. The load is connected between the P and M-switches. To ensure voltage
is applied to the load, both switches are always activated.
Nonequivalent sensor
An exclusive OR -> sensor is a changeover switch that is wired in -> fail-safe systems (dualchannel connection) to two inputs of a -> fail-safe I/O (for -> 1oo2 evaluation of sensor
signals).
Parameter assignment
Assigning parameters with PROFIBUS DP: Transfer of slave parameters from the DP master
to the DP slave
Assigning parameters to modules/submodules: Sets the behavior of modules/submodules
with the STEP 7 configuration software
Passivation
If an -> F-I/O detects a fault, it switches either the affected channel or all channels to a ->
safe state; i.e. the channels of this F-I/O are passivated. The F-I/O reports the detected fault
to the -> F-CPU.
When passivating channels at F-I/O with inputs, the -> F-system returns fail-safe values
instead of the process values pending at the fail-safe inputs to the -> safety program.
When passivating channels at F-I/O with outputs, the F-system returns fail-safe values (0) to
the fail-safe outputs instead of the output values provided by the safety program.
PD
PProgramming ddevice (PD): Personal computer in special compact industrial design. A PD
is fully equipped for programming SIMATIC automation systems.
Performance Level
Performance Level (PL) to ISO 13849
Potential group
A group of electronic modules supplied by the same power module.
Prewiring
Denotes the wiring of terminal modules prior to insertion of the electronic modules.
214
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Glossary
Process image
The process image is part of the system memory of the CPU. At the start of cyclic program
execution, the signal states of the inputs are transferred to the process image of the inputs.
At the end of the cyclic program, the process output image is transferred to the outputs as
the signal state.
PROFIBUS
PROcess FIeld BUS, process and fieldbus standard specified in IEC 61784-1:2002 Ed1 CP
3/1. This standard specifies the functional, electrical and mechanical properties of a bit-serial
fieldbus system.
PROFIBUS is available with the DP (= distributed I/O), FMS (= fieldbus message
specification), PA (= process automation), or TF (= technological functions) protocols.
PROFINET IO
PROFINET IO is the PROFINET communication concept for implementing modular,
distributed applications.
PROFINET IO enables creation of automation solutions using the familiar, proven methods
of PROFIBUS.
PROFINET IO implementation is based on both the PROFINET standard for automation
devices and the STEP 7 engineering tool.
This means that you have the same application view in STEP 7, regardless of whether you
are configuring PROFINET or PROFIBUS devices. Creation of your user program is similar
for PROFINET IO and PROFIBUS DP, provided you use the expanded blocks and system
status lists for PROFINET IO.
PROFINET IO controller
Device via which connected IO devices are addressed. That is, the IO controller exchanges
input and output signals with assigned field devices. The IO controller is often the controller
in which the automation program runs.
PROFINET IO device
A PROFINET IO device is a decentralized field device that is assigned to one of the IO
controllers (e.g. remote IO, valve terminals, frequency converters, switches)
PROFINET IO supervisor
Programming device (PD), PC or HMI device used for commissioning and diagnostics.
PROFINET IO controller with assigned PROFINET IO devices.
PROFIsafe
PROFIsafe is the safety-related PROFIBUS DP/PA bus profile for communication between
the -> safety program and the -> F-I/O in an -> F-system.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
215
Glossary
PROFIsafe address
Each -> fail-safe module is assigned a separate PROFIsafe address. The PROFIsafe
address must be configured in STEP 7 HW Config and set via a switch on the fail-safe I/O.
PROFIsafe monitoring time
Monitoring time for safety-related communication between the F-CPU and F-I/O.
Proof-test interval
Period after which a component must be forced to fail-safe state, that is, it is either replaced
with an unused component, or is proven faultless.
P-switch
-> M-switch
Redundancy, availability-enhancing
Multiple instances of components with the objective of maintaining component functionality in
the event of hardware faults.
Redundancy, safety-enhancing
Multiple installations of components with the goal of reducing hardware faults; for example, > 1oo2 evaluation in -> fail-safe modules.
Reintegration
The -> F-I/O must be reintegrated (depassivated) after a fault has been cleared.
Reintegration (switchover from fail-safe values to process values) occurs either automatically
or only after a user acknowledgment in the safety program.
For an F-I/O module with inputs, the process values pending at the fail-safe inputs are again
made available to the -> safety program following reintegration. For an F-I/O module with
outputs, the output values provided by the -> safety program are again made available to the
fail-safe outputs following reintegration.
Response time
The response time starts with the detection of an input signal and ends with the modification
of a logically linked output signal.
The actual response time is between the shortest and the longest response time. The
longest response time must always be anticipated when configuring a plant.
For fail-safe digital inputs: The response time defines the interval between a signal transition
at the digital input and the reliable availability of the -> safety message frame on the
backplane bus.
For fail-safe digital outputs: The response time defines the interval between the receipt of a
safety message frame from the backplane bus and the signal transition at the digital output.
216
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Glossary
Reversing starter
A -> motor starter which determines the rotational direction of a motor. Consists of a circuitbreaker and two contactors.
Safe state
The basic principle of the safety concept in F-systems is the existence of a safe state for all
process variables. For the digital F-I/O, for example, the safe state is the value "0".
Safety class
Safety Integrity Level (SIL) in accordance with IEC 61508. The higher the Safety Integrity
Level, the more rigid the measures for prevention of systematic faults and for management
of systematic faults and hardware failures.
The fail-safe modules support operation in safety mode up to safety class SIL3.
Safety function
The safety function is a mechanism built into the -> F-CPU and -> F-I/O that allows them to
be used in -> S7 Distributed Safety or S7 F/FH fail-safe systems.
In accordance with IEC 61508: A safety function is implemented by a safety system in order
to maintain or force a system safe state in the event of a specific fault.
Safety message frame
In safety mode, data are transferred between the -> F-CPU and the -> F-I/O in a safety
message frame.
Safety mode
Operating mode of the -> F-I/O which allows -> safety-related communication by means of ->
safety message frames.
ET 200S -> fail-safe modules can only be operated in safety mode.
Safety program
Safety-related user program.
Safety-related communication
Type of communication for the exchange of fail-safe data.
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
217
Glossary
Sensor evaluation
There are two types of sensor evaluation:
-> 1oo1 evaluation – sensor signal is read once
-> 1oo2 evaluation – sensor signal is read in twice from the same F-module and compared
internally
Sensors
Sensors are used for accurate detection of digital and analog signals as well as routes,
positions, velocities, rotational speeds, masses, etc.
SIL
Safety Integrity Level -> safety class
Standard mode
Operating mode of the F-I/O which supports standard communication, but not -> safetyrelated communication by means of -> safety message frames.
Fail-safe signal modules of the S7-300 can be operated in standard mode or in -> safety
mode. Fail-safe ET 200S modules are designed for operation in safety mode only.
Static parameters
Static parameters can only be set when the CPU is in STOP mode, and cannot be changed
while the user program is running by means of SFC (system function).
Terminal module
The ET 200S distributed I/O system is terminated with the terminal module. An ET 200S
cannot be operated without a terminal module.
Voltage bus (P1/P2)
Two internal buses (P1 and P2) supply the electronic modules with voltage. The voltage
buses are fed by the power module and are connected via terminal modules.
218
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Index
1
1oo1 evaluation
EM 4/8 F-DI DC24V PROFIsafe, 115
1oo2 evaluation
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 149, 150,
152, 153
EM 4/8 F-DI DC24V PROFIsafe, 120, 121, 122,
124, 126, 127, 128
1VsF LED, 44
EM 4/8 F-DI DC24V PROFIsafe, 130
Approval
CE, 49
CSA, 50
cULus, 50
FM, 51
Shipbuilding, 52
UL, 50
Assignable diagnostics
Functions, 44
Assignment
Fail-safe inputs, 117, 125, 146
Automation system
fail-safe, 13
AUX 1 bus, 21
2
2VsF LED, 44
EM 4/8 F-DI DC24V PROFIsafe, 130
A
Accessories
Order numbers, 199
Acknowledgment time
EM 4 F-DO DC24V/2A PROFIsafe, 176
EM 4/8 F-DI DC24V PROFIsafe, 135
PM-E F 24 VDC PROFIsafe, 104
Acknowledgment Time
PM-E F pm DC24V PROFIsafe, 82
PM-E F pp DC24V PROFIsafe, 95
Actuators
external power supply, 33
Requirements, 37
with sufficient lag, 38
Additional potential
Connecting, 21
Address
PROFIsafe, 29
Address assignment
PROFIsafe, 29
Address Assignment
F-modules in the F-CPU, 27
Useful data in F-CPU, 27
Address switch
for PROFIsafe addresses, 29
setting, 29
Applications
EM 4/8 F-DI DC24V PROFIsafe, 113
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
B
Basic knowledge, required, 3
Behavior of discrepancy
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 142
EM 4/8 F-DI DC24V PROFIsafe, 108
Behavior of discrepancy, 110
Block diagram
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 141
EM 4/8 F-DI DC24V PROFIsafe, 108
Block Diagram
EM 1 F-RO DC24V/AC24..230V/5A
PROFIsafe, 181
EM 4 F-DO DC24V/2A PROFIsafe, 167
PM-D F DC24V PROFIsafe, 100
PM-E F pm DC24V PROFIsafe, 70
PM-E F pp DC24V PROFIsafe, 88
C
cables
shielded, 109
Capacitive crosstalk
Input signals, 66
Output signals, 66
capacitive loads
switching, 74
Capacitive loads
switching, 145, 171
Category (Cat.)
achievable, 17
219
Index
Causes of faults
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 158
EM 4 F-DO DC24V/2A PROFIsafe, 173
EM 4/8 F-DI DC24V PROFIsafe, 131
PM-D F DC24V PROFIsafe, 102
PM-E F pm DC24V PROFIsafe, 77
PM-E F pp DC24V PROFIsafe, 91
CE approval, 49
Changes
in this manual, 3
Channel
deactivated, 41
Channel fault, 42
Channel group fault, 41
Channel-specific diagnostics
from byte 8 in diagnostic data, 194
of F-modules, 45
Climatic conditions
permitted, 59
Commissioning
the ET 200S, 18
Communication error, 36, 46
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 157
EM 4 F-DO DC24V/2A PROFIsafe, 172
EM 4/8 F-DI DC24V PROFIsafe, 130
PM-D F DC24V PROFIsafe, 101
PM-E F pm DC24V PROFIsafe, 76
PM-E F pp DC24V PROFIsafe, 91
Reaction of the F-DI module, 43
Conditions
for safety class with EM 4 F-DI/3 F-DO DC24V
PROFIsafe, 137, 145
for safety class with EM 4 F-DO DC24V/2A
PROFIsafe, 163
for safety class with EM 4/8 F-DI DC24V
PROFIsafe, 105
For safety class with EM 4/8 F-DI DC24V
PROFIsafe, 114
for safety classes with PM-D F DC24V
PROFIsafe, 97
of use, 57
Shipping and storage of F-modules, 57
Conditions of use, 57
Configuration
ET 200S with fail-safe modules, 19
ET 200S with fail-safe motor starters, 20
Configuration example
Potential group, 19
with fail-safe motor starters, 20
Configuration rules
Fail-safe potential groups, 20
Configuring
F-modules, 26
220
Connecting
two relays on one digital output, 72
Connecting capacitive loads, 74, 145, 171
Connecting potentials
additional, 21
Conventions
in this manual, 6
Corrective measures
PM-D F DC24V PROFIsafe, 102
Corrective Measures
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 158
EM 4 F-DO DC24V/2A PROFIsafe, 173
EM 4/8 F-DI DC24V PROFIsafe, 131
PM-E F pm DC24V PROFIsafe, 77
PM-E F pp DC24V PROFIsafe, 91
Cross circuit
EM 4 F-DO DC24V/2A PROFIsafe, 169
PM-E F pm DC24V PROFIsafe, 72
CSA Approval, 50
cULus approval, 50
Current carrying capacity
maximum, 25
D
Dark period
for actuators, 38
Deactivated channel, 41
Determining the parameter length
F-modules, 25
Determining the parameter length, 25
Diagnostic data
Byte 7 for PM-D F DC24V PROFIsafe, 193
Byte 7 on EM 4 F-DI/3 F-DO DC24V
PROFIsafe, 192
Byte 7 on EM 4 F-DO DC24V/2A PROFIsafe, 192
Byte 7 on EM 4/8 F-DI DC24V PROFIsafe, 192
Byte 7 on PM-E F pm DC24V PROFIsafe, 193
Byte 7 on PM-E F pp DC24V PROFIsafe, 193
Bytes 0 and 1, 190
Bytes 2 and 3, 191
Bytes 4 to 6, 191
Position in the message frame, 189
Structure and content, 190
diagnostic functions
Reading out, 47
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Index
Diagnostic functions, 43
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 157
EM 4 F-DO DC24V/2A PROFIsafe, 172
EM 4/8 F-DI DC24V PROFIsafe, 130
non-programmable, 43
PM-D F DC24V PROFIsafe, 101
PM-E F pm DC24V PROFIsafe, 75, 76
PM-E F pp DC24V PROFIsafe, 91
programmable, 44
diagnostics
Channel-specific, 45
Diagnostics
at the slave, 44
by LED display, 44
Purpose, 43
Digital I/O module
fail-safe, 13
Digital output
Connecting to two relays, 72
Dimension drawings
F-modules, 197
Directives, 52
Discrepancy analysis, 111, 144
Discrepancy error
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 157
EM 4/8 F-DI DC24V PROFIsafe, 130
Discrepancy time, 111, 144
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 142
EM 4/8 F-DI DC24V PROFIsafe, 108
Disposal, 6
Distributed I/O system
Definition, 13
Documentation, additional, 4
Duration of sensor signals
Requirements, 38
E
Electrical connection, 33
Electromagnetic Compatibility, 53
Electronics power supply, failure of
PM-D F DC24V PROFIsafe, 101
EM 1 F-RO DC24V/AC24..230V/5A PROFIsafe
Block Diagram, 181
Fail-safe performance characteristics, 184
Maximum response time, 204
Order Number, 177
Technical Specifications, 184
Terminal assignment, 179
Wiring diagram, 182
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
EM 4 F-DI/3 F-DO DC24V PROFIsafe
Block diagram, 141
Byte 7 of diagnostic data, 192
Diagnostic functions, 157
Discrepancy time, 144
Errors and Corrective Measures, 158
Fail-safe performance characteristics, 159
Fault types, 46
Front view, 139
Maximum response time, 203
Order number, 145
Order Number, 136
Parameters in STEP 7, 142
Readback time, 145
Sensor supply, 146
Short-circuit test, 142
Special features of fault detection, 148, 151, 154
Switching grounded loads, 137
Technical specifications, 159
Terminal assignment, 140
Wiring diagram, 146, 149, 150, 152, 153, 155
EM 4 F-DO DC24V/2A PROFIsafe
Acknowledgment time, 176
Block Diagram, 167
Byte 7 of diagnostic data, 192
Diagnostic functions, 172
Errors and Corrective Measures, 173
Fail-safe performance characteristics, 174
Fault types, 46
Front view, 165
Maximum response time, 204
Order Number, 163
Parameters in STEP 7, 171
Readback time, 171
Switching grounded loads, 164
Technical Specifications, 174
Terminal assignment, 166
Wiring Diagram, 168
EM 4/8 F-DI DC24V PROFIsafe
Acknowledgment time, 135
Applications, 113
Block diagram, 108
Byte 7 of diagnostic data, 192
Diagnostic functions, 130
Discrepancy time, 111
Errors and corrective measures, 131
Fail-safe performance characteristics, 133
Fault types, 46
Front view, 106
Input delay, 109
Maximum response time, 202
Order number, 105
Parameters in STEP 7, 108
221
Index
Sensor supply, 115, 117, 125
Short-circuit test, 109
Special features for fault detection, 125
Special Features for Fault Detection, 122
Special features of fault detection, 116, 119, 129
Technical Specifications, 133
Terminal assignment, 107
Wiring diagram, 117, 120, 121, 122, 124, 126, 127,
128
Wiring Diagram, 115
EM 4F-DI/3F-DO DC24V PROFIsafe
Supported interface modules, 136
EMC, 53
Emission
of radio interference, 56
Environmental conditions, 57
Climatic, 59
Mechanical, 58
ET 200S
Commissioning, 18
Distributed I/O system, 13
External protective circuit, 54
protection from overvoltage, 54
ET 200S with fail-safe modules
Configuring, 19
External auxiliary supply missing
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 157
EM 4 F-DO DC24V/2A PROFIsafe, 172
EM 4/8 F-DI DC24V PROFIsafe, 130
PM-D F DC24V PROFIsafe, 101
PM-E F pm DC24V PROFIsafe, 76
PM-E F pp DC24V PROFIsafe, 91
F
F Configuration Pack, 26
F monitoring time
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 142
EM 4 F-DO DC24V/2A PROFIsafe, 171
EM 4/8 F-DI DC24V PROFIsafe, 108
PM-D F DC24V PROFIsafe, 100
PM-E F pm DC24V PROFIsafe, 74
PM-E F pp DC24V PROFIsafe, 90
F_destination_address, 29
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 142
EM 4 F-DO DC24V/2A PROFIsafe, 171
EM 4/8 F-DI DC24V PROFIsafe, 108
PM-D F DC24V PROFIsafe, 100
PM-E F pm DC24V PROFIsafe, 74
PM-E F pp DC24V PROFIsafe, 90
F_source_address, 29
Fail-safe automation systems, 13
Fail-Safe Electronic Module
supported terminal modules, 22
222
Fail-safe module
Reintegration, 42
Fail-safe motor starters
Configuration example, 20
Fail-safe performance characteristics
EM 1 F-RO DC24V/AC24..230V/5A
PROFIsafe, 184
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 159
EM 4 F-DO DC24V/2A PROFIsafe, 174
EM 4/8 F-DI DC24V PROFIsafe, 133
PM-D F DC24V PROFIsafe, 103
PM-E F pm DC24V PROFIsafe, 78
PM-E F pp DC24V PROFIsafe, 93
Scope, 61
Fail-safe potential groups
Configuration rules, 20
Fail-Safe Systems
example configuration, 15
Fail-safe value output
for fail-safe modules, 42
Fault detection
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 148, 151,
154
EM 4/8 F-DI DC24V PROFIsafe, 116, 119, 122,
125, 129
Fault reaction
of F-modules, 41
Fault types
of F-modules, 46
F-CPU
Addresses Occupied by Useful Data, 27
F-inputs
Assignment, 117, 125, 146
FM Approval, 51
F-modules, 13
Address assignment in the F-CPU, 27
available, 16
Configuring, 26
Dimension drawings, 197
Fault reaction, 41
inserting and removing, 36
insertion and removal during operation, 36
Installation dimensions, 31
installing, 31
Mixing with standard modules, 19
Output fail-safe values, 42
Parameter Assignment, 26
Parameter length, 24
possible uses, 14
Response times, 201
Use in F-systems, 14
wiring, 34
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Index
F-Power Modules
supported terminal modules, 22
F-Systems, 13
functional extra-low voltage
safe, 33
Functions
for diagnostics, 43
Fuse, external
PM-E F pm DC24V PROFIsafe, 71
PM-E F pp DC24V PROFIsafe, 89
G
General Technical Specifications, 49
Grounding bus, 21
Guide
to manual, 5
H
H/F Competence Center, 6
I
I/O system
Distributed, 13
IEC 61131, 51
Information
About this manual, 3
Input delay, 38
EM 4/8 F-DI DC24V PROFIsafe, 108, 109
Input signals
Capacitive crosstalk, 66
Inserted F-module (dimension drawing)
With terminal modules, 197
Inserting
F-Module, 36
Insertion and removal
F-modules during operation, 36
Installation dimension
F-modules, 31
Installing
F-modules, 31
interconnecting
of power modules, 21
Interface module
Can be used for ET 200S, 16
Interference
pulse-shaped, 53
sinusoidal, 56
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Internal error
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 157
EM 4 F-DO DC24V/2A PROFIsafe, 172
EM 4/8 F-DI DC24V PROFIsafe, 130
PM-D F DC24V PROFIsafe, 101
PM-E F pm DC24V PROFIsafe, 76
PM-E F pp DC24V PROFIsafe, 91
reaction to, 47
Internal sensor supply, 109, 142
Internet
Service & Support, 7
IP20, 60
Isolation stability, 60
Isolation test voltages, 60
L
Lag requirement
of actuators, 38
LED display
Diagnostics, 44
of faults, 44
Limitation Maximum configuration, 25
Line break, 46
line cross-section, 33
Literature, additional, 4
Load current supply, failure
PM-D F DC24V PROFIsafe, 101
Load voltage missing, 46
Loads
capacitive switching, 74, 145, 171
Switching grounded, 65
M
Machine protection
Applications in, 44
Manual
Contents, 5
Purpose, 3
Scope, 3
Marking for Australia, 51
Maximum configuration
ET 200S with F-modules, 24
Limitation, 25
per potential group, 25
223
Index
Maximum response time
EM 1 F-RO DC24V/AC24..230V/5A
PROFIsafe, 204
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 203
EM 4 F-DO DC24V/2A PROFIsafe, 204
EM 4/8 F-DI DC24V PROFIsafe, 202
PM-D F DC24V PROFIsafe, 202
PM-E F pm DC24V PROFIsafe, 201
PM-E F pp DC24V PROFIsafe, 202
Mechanical conditions
approved, 58
Test method, 58
Mixing standard and F-modules, 19
Module diagnostics, 47
Module failure
reaction to, 47
Module fault
Diagnostic Message, 47
Module properties
Parameter Assignment, 26
Module replacement
PROFIsafe address setting, 36
Modules
fail-safe, 13
Monitoring time
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 142
EM 4 F-DO DC24V/2A PROFIsafe, 171
EM 4/8 F-DI DC24V PROFIsafe, 108
PM-D F DC24V PROFIsafe, 100
PM-E F pm DC24V PROFIsafe, 74
PM-E F pp DC24V PROFIsafe, 90
Mounting Rails
supported, 35
N
NAMUR recommendation
Power supply requirements, 34
Number of modules
ET 200S with F-modules, 24
O
of radio interference
Emission, 56
Optional package
S7 Distributed Safety, 26
S7 F Systems, 26
Order numbers
of accessories, 199
Output
Status display, 184
224
Output signals
Capacitive crosstalk, 66
Overall width
ET 200S, 24
Overload, 46
EM 4 F-DO DC24V/2A PROFIsafe, 169, 172
PM-E F pm DC24V PROFIsafe, 72
Overtemperature, 46
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 157
EM 4 F-DO DC24V/2A PROFIsafe, 172
EM 4/8 F-DI DC24V PROFIsafe, 130
PM-D F DC24V PROFIsafe, 101
PM-E F pm DC24V PROFIsafe, 76
PM-E F pp DC24V PROFIsafe, 91
P
Parameter
EM 4 F-DO DC24V/2A PROFIsafe, 171
EM 4/8 F-DI DC24V PROFIsafe, 108
PM-D F DC24V PROFIsafe, 100
PM-E F pm DC24V PROFIsafe, 74
PM-E F pp DC24V PROFIsafe, 90
Parameter assignment
F-modules, 26
Module properties, 26
of the safety function, 17
Parameter assignment error, 46
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 157
EM 4 F-DO DC24V/2A PROFIsafe, 172
EM 4/8 F-DI DC24V PROFIsafe, 130
PM-D F DC24V PROFIsafe, 101
PM-E F pm DC24V PROFIsafe, 76
PM-E F pp DC24V PROFIsafe, 91
Parameters
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 142
Passivation, 42
Performance Level (PL)
achievable, 17
PM-D F DC24V PROFIsafe, 23
Block Diagram, 100
Byte 7 of diagnostic data, 193
Diagnostic functions, 101
Errors and Corrective Measures, 102
Fail-safe performance characteristics, 103
Fault types, 46
Front view, 98
Maximum response time, 202
Order Number, 96
Parameters in STEP 7, 100
Technical Specifications, 103
Terminal assignment, 99
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Index
PM-E DC24..48V, 23
PM-E DC24..48V/AC24..230V, 23
PM-E DC24V, 23
PM-E F 24 VDC PROFIsafe
Acknowledgment time, 104
PM-E F pm DC24V PROFIsafe, 23
acknowledgment time, 82
Block Diagram, 70
Byte 7 of diagnostic data, 193
Diagnostic functions, 75, 76
Errors and Corrective Measures, 77
Fail-safe performance characteristics, 78
Fault types, 46
Front view, 67
Maximum response time, 201
Order Number, 62
Parameters in STEP 7, 74
Readback time, 74
Relay output, 71
Technical Specifications, 78
Terminal assignment, 68
Wiring Diagram, 71
PM-E F pp DC24V PROFIsafe, 23
Acknowledgment time, 95
Block Diagram, 88
Byte 7 of diagnostic data, 193
Diagnostic Functions, 91
Errors and Corrective Measures, 91
Fail-safe performance characteristics, 93
Fault types, 46
Front view, 86
Maximum response time, 202
Order Number, 83
Parameters in STEP 7, 90
Relay output, 89
Technical Specifications, 93
Terminal assignment, 87
Wiring Diagram, 89
Wiring the ground conductor, 84
Positioning
of power modules, 21
possible uses
F-modules, 14
potential group
new, 21
Potential group
Configuration example, 19
Maximum configuration, 25
Power failure
ride-through requirements, 34
power module
supported electronic modules, 23
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Power module
fail-safe, 13
Positioning and interconnecting, 21
supported motor starters, 23
Power supply
Requirements, 34
Power supply to standard ET 200S module
with power module, 63
Probability
Dangerous faults, 37
Product
Overview, 13
PROFIBUS
Standard, 51
PROFIsafe, 13
Address, 29, 36
Address switch, 29
PROFIsafe Address Assignment, 29
PROFIsafe address assignment
Rules, 30
PROFIsafe address setting
when replacing a module, 36
Proof-test interval, 37, 113
for fail-safe performance characteristics, 61
Protection class, 60
P-switch, 89
Pulse-shaped interference, 53
Purpose of this Manual, 3
PWR LED, 44
PM-D F DC24V PROFIsafe, 101
PM-E F pm DC24V PROFIsafe, 75
PM-E F pp DC24V PROFIsafe, 90
R
Rated voltage, 60
Reaction
to module failure, 47
with discrepancy, 110
Reaction of the F-DI module
to communication errors, 43
Readback time
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 145
EM 4 F-DO DC24V/2A PROFIsafe, 171
Readback Time
PM-E F pm DC24V PROFIsafe, 74
Reading out
Diagnostic Functions, 47
Recycling, 6
Reduction
of vibration, 58
225
Index
Reintegration
fail-safe module, 42
Relay output
PM-E F pm DC24V PROFIsafe, 71
PM-E F pp DC24V PROFIsafe, 89
Relays, two
on one digital output, 169
Requirements
Sensors and actuators, 37
Response time
Definition, 201
F-modules, 201
ride-through
minimum for power failure, 34
S
S7 Distributed Safety
example configuration, 15
Optional package, 17, 26
S7 F Systems
Optional package, 26
Safe functional extra-low voltage, 33
Safe shutdown, 23
Safe state, 41
Safety class
achievable, 23
achieve with EM 4/8 F-DI DC24V PROFIsafe, 105
achieved with EM 4 F-DO DC24V/2A
PROFIsafe, 163
achieved with PM-D F DC24V PROFIsafe, 97
Safety Class, 113
achievable, 17
achieve with EM 4 F-DI/3 F-DO DC24V
PROFIsafe, 137
achieve with EM 4/8 F-DI DC24V PROFIsafe, 114,
145
Safety function
Parameter Assignment, 17
Safety mode, 29
Safety-related shutdown, 46, 85
EM 4 F-DO DC24V/2A PROFIsafe, 172
PM-E F pm DC24V PROFIsafe, 76
PM-E F pp DC24V PROFIsafe, 91
Standard output modules, 64
Saving faults, 41
Scope
of this manual, 3
226
Sensor evaluation
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 142, 147,
150, 153
EM 4/8 F-DI DC24V PROFIsafe, 108, 116, 119,
121, 124, 126, 128
Sensor interconnection
1-channel, 108, 142
2-channel equivalent, 108, 142
2-channel, nonequivalent, 127
2-channel, non-equivalent, 108
2-channel, non-equivalent, 142
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 142, 150,
153
EM 4/8 F-DI DC24V PROFIsafe, 108, 121, 124, 128
Sensor signal
Duration Requirements, 38
Sensor supply
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 146, 147
EM 4/8 F-DI DC24V PROFIsafe, 115, 116, 117,
119, 125
internal, 142
Internal, 109
Sensor voltage missing, 46
Sensors
external power supply, 33
Requirements, 37
Service & Support
In the Internet, 7
Setting
PROFIsafe address switch, 29
SF LED, 44
EM 4 F-DO DC24V/2A PROFIsafe, 165
PM-D F DC24V PROFIsafe, 98
PM-E F pm DC24V PROFIsafe, 67
PM-E F pp DC24V PROFIsafe, 86
SFC 13, 47
SFCs
For reading out diagnostic data, 189
Shielded cables, 109
Shipbuilding approval, 52
Shipping and storage conditions, 57
Short circuit, 46
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 147, 157
EM 4 F-DO DC24V/2A PROFIsafe, 172
EM 4/8 F-DI DC24V PROFIsafe, 116, 119, 130
on outputs of standard output modules, 64, 85
PM-D F DC24V PROFIsafe, 101
PM-E F pm DC24V PROFIsafe, 76
PM-E F pp DC24V PROFIsafe, 91
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Index
Short-circuit test, 38, 44
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 142, 147,
150, 153, 157
EM 4/8 F-DI DC24V PROFIsafe, 108, 109, 116,
119, 121, 124, 126, 128, 130
shutdown
Safe, 23
SIMATIC product
Use in Industry, 52
Sinusoidal interference, 56
Slave diagnostics, 44
Slave Diagnostics
Reading out, 47
Standard modules
Mixing with F-modules, 19
Standard output modules
Safety-related shutdown, 64, 85
Standards, 52
state
Safe, 41
Status display
Output, 184
Storage conditions, 57
Structure
ET 200S with fail-safe modules, 19
ET 200S with fail-safe motor starters, 20
Supply voltage, failure of
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 156
EM 4/8 F-DI DC24V PROFIsafe, 130
PM-D F DC24V PROFIsafe, 101
PM-E F pm DC24V PROFIsafe, 75
PM-E F pp DC24V PROFIsafe, 90
Support, additional, 6
Surge filter, 54
Switching grounded loads
using PM-E F pm DC24V PROFIsafe, 65
with EM 4 F-DI/3 F-DO DC24V PROFIsafe, 137
With EM 4 F-DO DC24V/2A PROFIsafe, 164
T
Technical Specifications
EM 1 F-RO DC24V/AC24..230V/5A
PROFIsafe, 184
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 159
EM 4 F-DO DC24V/2A PROFIsafe, 174
EM 4/8 F-DI DC24V PROFIsafe, 133
General, 49
PM-D F DC24V PROFIsafe, 103
PM-E F pm DC24V PROFIsafe, 78
PM-E F pp DC24V PROFIsafe, 93
Technical Support, 6
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Terminal assignment
EM 1 F-RO DC24V/AC24..230V/5A
PROFIsafe, 179
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 140
EM 4 F-DO DC24V/2A PROFIsafe, 166
PM-D F DC24V PROFIsafe, 99
PM-E F pm DC24V PROFIsafe, 68
PM-E F pp DC24V PROFIsafe, 87
Terminal modules, 35
Terminal Assignment
EM 4/8 F-DI DC24V PROFIsafe, 107
Terminal module, 99, 107, 140
Terminal assignment, 35
Terminal module (dimension drawing)
With inserted F-module, 197
Test, mechanical
F-modules, 58
TM-E30C44-01, 107, 166, 179
TM-E30C46-A1, 107, 140
TM-E30S44-01, 107, 166, 179
TM-E30S46-A1, 107, 140
TM-P30C44-A0, 68
TM-P30S44-A0, 68
TM-PF30S47-F1, 99
Total current
per potential group, 25
Training center, 6
TÜV certificate, 52
Two Relays
on one digital output, 72
Type of protection IP20, 60
U
UL approval, 50
Use of ET 200S
In industry, 52
In residential areas, 52
V
Vibration
Reduction, 58
VsF LED, 44
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 156
227
Index
W
Wire break
Detection with two relays on one digital output, 170
EM 4 F-DO DC24V/2A PROFIsafe, 171, 172
PM-E F pm DC24V PROFIsafe, 72, 74, 76
Wiring
F-modules, 34
Wiring diagram
EM 1 F-RO DC24V/AC24..230V/5A
PROFIsafe, 182
EM 4 F-DI/3 F-DO DC24V PROFIsafe, 146, 149,
150, 152, 153, 155
EM 4/8 F-DI DC24V PROFIsafe, 117, 120, 121,
122, 124, 126, 127, 128
PM-E F pp DC24V PROFIsafe, 89
Wiring Diagram
EM 4 F-DO DC24V/2A PROFIsafe, 168
EM 4/8 F-DI DC24V PROFIsafe, 115
PM-E F pm DC24V PROFIsafe, 71
Wiring the ground conductor
PM-E F pp DC24V PROFIsafe, 84
228
ET 200S Distributed I/O System - Fail-Safe Modules
Installation and Operating Manual, 08/2008, A5E00103686-07
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement