Preface
SIMATIC HMI HMI device PP 17-I PROFIsafe
1
Overview
______________
SIMATIC HMI
HMI device
PP 17-I PROFIsafe
Operating Instructions
Safety Instructions and
General Notes
2
______________
3
Planning Application
______________
4
Mounting and Connecting
______________
Control Elements and
Displays
5
______________
6
Configuring the HMI device
______________
7
Fail-safe Mode
______________
8
Maintenance and servicing
______________
9
Technical Data
______________
A
Appendix
______________
B
Abbreviations
______________
Order No. 6AV3991-1XB01-0AB0
05/2006
A5E00430188-02
Safety Guidelines
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
Danger
indicates that death or severe personal injury will result if proper precautions are not taken.
Warning
indicates that death or severe personal injury may result if proper precautions are not taken.
Caution
with a safety alert symbol, indicates that minor personal injury can result if proper precautions are not taken.
Caution
without a safety alert symbol, indicates that property damage can result if proper precautions are not taken.
Notice
indicates that an unintended result or situation can occur if the corresponding information is not taken into
account.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The device/system may only be set up and used in conjunction with this documentation. Commissioning and
operation of a device/system may only be performed by qualified personnel. Within the context of the safety notes
in this documentation qualified persons are defined as persons who are authorized to commission, ground and
label devices, systems and circuits in accordance with established safety practices and standards.
Prescribed Usage
Note the following:
Warning
This device may only be used for the applications described in the catalog or the technical description and only in
connection with devices or components from other manufacturers which have been approved or recommended
by Siemens. Correct, reliable operation of the product requires proper transport, storage, positioning and
assembly as well as careful operation and maintenance.
Trademarks
All names identified by ® are registered trademarks of the Siemens AG. The remaining trademarks in this
publication may be trademarks whose use by third parties for their own purposes could violate the rights of the
owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.
Siemens AG
Automation and Drives
Postfach 48 48
90437 NÜRNBERG
GERMANY
Order No.: 6AV3991-1XB01-0AB0
Edition 06/2006
Copyright © Siemens AG 2006.
Technical data subject to change
Preface
Purpose of the Operating Instructions
This operating instruction manual provides information based on the requirements defined by
DIN 8418 for mechanical engineering documentation. This information relates to the device,
its place of use, transport, storage, installation, use and maintenance.
These operating instructions are intended for:
• Project planning engineers
• Users
• Commissioning engineers
• Service technicians
• Maintenance technicians
Read the information provided in the section "Safety Instructions and General Notes" when
using the HMI device in hazardous areas.
Basic Knowledge Required
General knowledge of automation technology and process communication is needed to
understand the operating instructions.
Experience in the use of personal computers and knowledge of Microsoft operating systems
is required as well.
You should also know how to work with the basis software, STEP 7. This information is
provided in the manual, "Programming with STEP 7 V5.3".
In addition, knowledge of safety engineering and system knowledge of fail-safe engineering
are required.
Operating Instructions' Range of Validity
These operating instructions apply to the HMI device PP 17-I PROFIsafe.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
i
Preface
Information about Fail-safe Operation of the HMI Device
The following sections of these operating instructions contain important information about the
fail-safe operation of the HMI device:
Chapter no.
Title
1.6
Fail-safe Mode
2.2
Standards, Certificates and Approvals
3.7
Prerequisites for fail-safe operation
4.4
Wiring a Standard Component
5.2
Backside HMI Components, LEDs and Ports
6
Configuring the HMI device
7
Fail-safe Mode
9.3
Specifications for the Digital Inputs and Outputs
9.4
Response Times
9.5.3
Digital Inputs and Outputs
Position in the Information Landscape
These instructions are part of the SIMATIC HMI documentation. The following provides an
overview of the information available regarding usage of the HMI:
Operating Instructions
• Operating instructions for SIMATIC Push Button Panels
– PP7, PP17-I. PP17-II
– PP 17-I PROFIsafe
• Operating instructions for other SIMATIC HMI devices
– OP 73micro, TP 177micro
– OP 73, OP 77A, OP 77B
– TP 177A
– TP 170micro, TP 170A, TP 170B, OP 170B
– Mobile Panel 170
– TP 270, OP 270
– MP 270B
– MP 370
• Operating instructions (compact) for the SIMATIC HMI devices OP 77B and
Mobile Panel 170
ii
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Preface
Documentation for Fail-safe Systems
• System description "Safety engineering in SIMATIC S7"
– Provides an overview of the application, configuration, and function principle of
S7 Distributed Safety and S7 F/FH fail-safe automation systems
– Contains a summary of detailed technical information on fail-safe engineering in
S7-300 and S7-400
– Includes monitoring and reaction time calculation for S7 Distributed Safety and
S7 F/FH fail-safe systems
• Manual / Online-help "S7 Distributed Safety Configuring and Programming"
Describes the configuration of the fail-safe CPU and fail-safe I/O and the programming of
the fail-safe CPU in F-FBD and F-LAD.
• Reference manual "S7-400 Automation Systems, CPU data"
Describes the standard functions of the CPU 416F-2
• Reference manual "S7-300 Automation Systems, CPU data"
Describes the standard functions of the CPU 315F-2 and CPU 317F-2
Online Availability
Technical documentation on SIMATIC products and SIMATIC systems is available in PDF
format in various languages at the following addresses:
• SIMATIC Guide Technical Documentation in German:
"http://www.ad.siemens.de/simatic/portal/html_00/techdoku.htm"
• SIMATIC Guide for Technical Documentation in English:
"http://www.ad.siemens.de/simatic/portal/html_76/techdoku.htm"
You will find the valid GSD file for the HMI device and the FB "F_PP17I_SIL3" needed for
attaining SIL3/Cat. 4 on the Internet at the following URL:
"http://www.siemens.com/automation/support"
Screens
The HMI device is sometimes shown in the form of photographs in these operating
instructions. The photographs of the HMI device may differ slightly from the factory state of
the HMI device.
Conventions
Text is highlighted as follows to simplify reading the operating instructions:
Notation
Scope
"Add screen"
Terminology that appears in the user interface, e.g., dialog
names, tabs, buttons, menu entries
Required parameters such as limit values, tag values
Path information
"File > Edit"
Operation sequences such as menu commands, context menu
commands
<F1>, <Alt+P>
Keyboard operation
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
iii
Preface
Please observe notes labeled as follows:
Note
Notes contain important information concerning the product, its use or a specific section of
the documentation to which you should pay particular attention.
Registered Trademarks
Names labeled with a ® symbol are registered trademarks of the Siemens AG. Other names
used in this documentation may be trademarks, the use of which by third parties for their
own purposes could violate the rights of the owner.
• HMI®
• SIMATIC®
• SIMATIC HMI®
• SIMATIC ProTool®
• SIMATIC WinCC®
• SIMATIC WinCC flexible®
• SIMATIC PP 17-I PROFIsafe®
Representatives and Offices
If you have any further questions relating to the products described in this manual, please
contact your local representative at the SIEMENS branch nearest you.
You can locate your contact partner at:
"http://www.siemens.com/automation/partner"
Training Center
Siemens AG offers a variety of training courses in order to familiarize you with automation
systems. Please contact your regional Training Center, or the central Training Center in
D 90327 Nuremberg, Germany.
Telephone: +49 (911) 895-3200
Internet: "http://www.sitrain.com/"
Technical Support
You can contact Technical Support for all A&D products
Using the support request form on the web at
"http://www.siemens.de/automation/support-request"
Telephone: + 49 180 5050 222
Fax: + 49 180 5050 223
Further information about our technical support is available on the Internet at
"http://www.siemens.com/automation/service".
iv
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Preface
Service & Support on the Internet
Service & Support offers online services for additional, comprehensive information on
SIMATIC products at
"http://www.siemens.com/automation/support":
• The newsletter offers you the latest information about to your products.
• A large document base is available using our Service & Support search engine.
• A forum for global exchange of information by users and experts
• Current product information, FAQs and downloads
• Your local Automation & Drives representative
• Information about on-site services, repairs, spare parts and lots more is available on our
"Services" pages.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
v
Preface
vi
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Table of contents
Preface ........................................................................................................................................................i
1
2
3
4
Overview................................................................................................................................................. 1-1
1.1
Product Overview....................................................................................................................... 1-1
1.2
Design of the HMI Device .......................................................................................................... 1-2
1.3
Accessories................................................................................................................................ 1-3
1.4
Functional Scope ....................................................................................................................... 1-4
1.5
Communication with PLCs......................................................................................................... 1-5
1.6
Fail-safe Mode ........................................................................................................................... 1-6
Safety Instructions and General Notes ................................................................................................... 2-1
2.1
Safety Instructions ..................................................................................................................... 2-1
2.2
Standards, Certificates and Approvals ...................................................................................... 2-1
2.3
Notes about Usage .................................................................................................................... 2-3
2.4
Electromagnetic compatibility .................................................................................................... 2-4
2.5
Transport and Storage Conditions ............................................................................................. 2-7
Planning Application ............................................................................................................................... 3-1
3.1
Checklist for fail-safe operation.................................................................................................. 3-1
3.2
Mounting Information ................................................................................................................. 3-1
3.3
Mounting Positions and Type of Fixation................................................................................... 3-4
3.4
Preparing for Mounting .............................................................................................................. 3-5
3.5
Information on insulation tests, protection classes and degrees of protection .......................... 3-7
3.6
Nominal Voltages....................................................................................................................... 3-8
3.7
Prerequisites for fail-safe operation ........................................................................................... 3-8
Mounting and Connecting ....................................................................................................................... 4-1
4.1
Checklist for fail-safe operation.................................................................................................. 4-1
4.2
Checking the package contents................................................................................................. 4-1
4.3
Mounting Standard Components ............................................................................................... 4-2
4.4
Wiring a Standard Component................................................................................................... 4-5
4.5
Mounting the HMI device ........................................................................................................... 4-8
4.6
4.6.1
4.6.2
4.6.3
4.6.4
Connecting the HMI device........................................................................................................ 4-9
Ports......................................................................................................................................... 4-10
Connecting the equipotential bonding circuit ........................................................................... 4-10
Connecting the power supply................................................................................................... 4-13
Connecting the PLC................................................................................................................. 4-15
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
vii
Table of contents
4.7
5
6
7
8
9
A
viii
Switching on and testing the HMI device ................................................................................. 4-16
Control Elements and Displays............................................................................................................... 5-1
5.1
Front-sided Control Elements and Displays............................................................................... 5-1
5.2
Backside HMI Components, LEDs and Ports ............................................................................ 5-3
5.3
Labeling of Keys or Standard Components ............................................................................... 5-6
Configuring the HMI device..................................................................................................................... 6-1
6.1
Checklist for fail-safe operation.................................................................................................. 6-1
6.2
Integrating the GSD File in STEP 7 ........................................................................................... 6-2
6.3
Communication between the HMI Device and the PLC............................................................. 6-3
6.4
Configuring the HMI device in STEP 7 ...................................................................................... 6-6
6.5
6.5.1
6.5.2
Configure FB "F_PP17I_SIL3" ................................................................................................... 6-9
Overview .................................................................................................................................... 6-9
FB170 "F_PP17I_SIL3" ............................................................................................................ 6-10
6.6
Configuring the PROFIBUS DP Interface ................................................................................ 6-14
Fail-safe Mode ........................................................................................................................................ 7-1
7.1
Overview .................................................................................................................................... 7-1
7.2
Query the State of the Emergency Stop Buttons....................................................................... 7-2
7.3
Passivation of the HMI device.................................................................................................... 7-3
7.4
Troubleshooting Check List ....................................................................................................... 7-5
7.5
Error Diagnostics........................................................................................................................ 7-6
7.6
Error Elimination and Reintegration ........................................................................................... 7-8
Maintenance and servicing ..................................................................................................................... 8-1
8.1
Maintenance and Servicing........................................................................................................ 8-1
8.2
Testing Hardware....................................................................................................................... 8-1
8.3
Carry out lamp test..................................................................................................................... 8-3
8.4
Spare Parts and Repairs............................................................................................................ 8-4
Technical Data........................................................................................................................................ 9-1
9.1
Dimensional Drawings ............................................................................................................... 9-1
9.2
General Specifications ............................................................................................................... 9-1
9.3
Specifications for the Digital Inputs and Outputs ....................................................................... 9-3
9.4
Response Times ........................................................................................................................ 9-5
9.5
9.5.1
9.5.2
9.5.3
Description of Ports.................................................................................................................... 9-7
Power supply.............................................................................................................................. 9-7
RS 485 (IF 1B) ........................................................................................................................... 9-7
Digital Inputs and Outputs.......................................................................................................... 9-8
9.6
Assignment of PLC Bits in the Process Images ........................................................................ 9-9
Appendix.................................................................................................................................................A-1
A.1
ESD Directives ...........................................................................................................................A-1
A.2
System Alarms ...........................................................................................................................A-3
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Table of contents
B
Abbreviations..........................................................................................................................................B-1
Glossary ..................................................................................................................................... Glossary-1
Index................................................................................................................................................ Index-1
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
ix
Table of contents
x
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
1
Overview
1.1
1.1
Product Overview
Application Scenarios of the HMI Device
The HMI device is used to display the operating states of machines or plants and to control
the process.
The HMI device is designed for mounting in control panels and replaces keys, switches and
LEDs that are individually mounted. You should install the HMI device in an installation
cutout and connect it to a PLC of type SIMATIC CPU 416F-2, CPU 315F-2 or CPU 317F-2
via PROFIBUS. The HMI is pre-configured and is operational almost immediately. In
comparison to conventional wiring, substantially less time is needed for commissioning and
the device provides increase security against failure during runtime.
Use in Fail-safe Mode
Thanks to the integrated PROFIsafe communication, the HMI device can be used in fail-safe
mode for simple emergency stop applications. Concerning safety relevant signals, at least
SIL2/category 3 can be achieved. You should integrate a supplied FB "F_PP17I_SIL3" into
your STEP 7 safety program for use cases requiring the higher SIL 3/category 4.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
1-1
Overview
1.2 Design of the HMI Device
1.2
1.2
Design of the HMI Device
Front view of the HMI device
1
①
2
3
Keys with integrated LEDs
②
Mounting position for standard components
③
"Power" LED and "Error" LED
Side view of the HMI device
1
2
1-2
①
Clamping recess
②
Labeling strips
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Overview
1.3 Accessories
Rear view of the HMI device
1
2
3
1
4
1.3
1.3
①
Ports
②
Configuration module
③
Knockout apertures for mounting standard components
④
Labeling strips
Accessories
Accessory kit
The accessory kit contains the following:
• A terminal block for the power supply
• Two coded non-interchangeable terminal blocks for the digital inputs and outputs
• Eight spring clamps for mounting the HMI device
Additional documents may be enclosed with the accessory kit.
Labeling strips
The HMI comes with a sheet of removable labeling strips.
Additional sets of labeling strips can be ordered under order number 6AV3 671-8CB00.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
1-3
Overview
1.4 Functional Scope
1.4
1.4
Functional Scope
Performance features
The HMI device offers a wide range of features that can be used without having to program
it:
• Short-stroke keys with two-color flat surface LEDs
• Additional 24 V digital inputs and outputs (maximum of 14 can be used in standard mode)
• All short-stroke keys and digital inputs can also be individually configured as switches
• Integrated lamp test
• Integrated flash rate
• LED colors: red, green, yellow
• Configurable pulse stretching
• Pre-perforated cut-outs for 22.5 mm standard add-on components such as key switches
and emergency stop
• SIMATIC HMI device design, gaplessly buttable
• Fail safe mode of maximum 4 emergency stop buttons by means of PROFIsafe
communication
• Simultaneous standard mode and fail-safe mode
Expandable with Standard Components
The functionality of the HMI can be extended with 22.5 mm standard components (hereafter
referred to as "standard components"), e.g. with lamps or key switches. If you wish to use
more standard components, mount them in the pre-perforated cut-outs in the lower half of
the HMI device. Wire the components either directly or with the standard digital inputs and
standard digital outputs of the HMI.
In fail-safe mode, one to four emergency stop buttons (two-channel with break contact) can
be connected to the fail-safe channels. The design of these components has to correspond
to the selected safety category.
Buttons/Switches
The keys of the HMI device can be configured as keys or switches. The following table
shows when the corresponding bit for the key is set or reset in the PLC for both
configurations.
Configuration
Bit set
Bit reset
Button
Key pressed
Key released
Switch
Key pressed the first time and
then released
Key pressed the second time
and then released
Additionally installed standard components can also be configured as keys or switches. For
this purpose, the standard digital input to which the standard component is wired should be
configured as button or switch.
All buttons and standard digital inputs are configured as buttons by default.
1-4
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Overview
1.5 Communication with PLCs
Pulse Stretching
The signal pulse for all operations initiated by pressing buttons on the PLC can be
lengthened in order to ensure reliable switch/key polling by the PLC even when pressed very
briefly.
LEDs
LEDs are integrated into the keys of the HMI device. The LEDs indicate whether or not
specific bits are set in the PLC.
The LEDs can light continuously or flash in various colors (red, green, yellow).
Enable Input
Enable input disables the standard mode of the HMI. The HMI device then operates in
monitoring mode in which the following restrictions are in effect:
• The inputs are locked, no signal transitions are reported to the PLC.
• The state of all keys previous to the locking continues to be reported to the PLC until the
device returns to normal operation.
The fail-safe mode of the HMI is not affected by the enable input.
1.5
1.5
Communication with PLCs
Compatible PLCs
The HMI device is approved for use with one of the following PLCs:
• SIMATIC CPU 416F-2
• SIMATIC CPU 315F-2
• SIMATIC CPU 317F-2
Protocols
The HMI uses the following protocols for communication with the controller:
• for standard communication: PROFIBUS DP V.1, although alarm diagnostics are not
supported
• for fail-safe communication: PROFIsafe Mode V1.0
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
1-5
Overview
1.6 Fail-safe Mode
1.6
1.6
Fail-safe Mode
Requirement
For fail-safe operation of the HMI, the following software is required:
• SIMATIC S7 Distributed Safety as of V5.3
Fail-safe automation system
Fail-safe automation system (F systems) are used in plants requiring higher levels of safety.
F systems control processes in such a way that a safe state is achieved in every situation.
An immediate shutdown therefore does not pose a danger to people or the environment.
Fail-safe Application of the HMI Device
PP 17-I PROFIsafe is a DP-slave on PROFIBUS DP.
In fail-safe mode the HMI device registers the signal states of compatible emergency stop
buttons and transmits corresponding safety frames to CPU. The CPU and HMI device
communicate with each other via the fail-safe protocol, PROFIsafe.
SIL2/cat. 3 and SIL3/cat. 4 can be achieved with the HMI device by means of appropriate
configuration of the safety functions in STEP 7 and the optional package "S7 Distributed
Safety".
Fail-safe mode of the HMI differs from standard mode essentially in that for each fail-safe
channel, two digital inputs and two digital outputs are used to relay the fail-safe input signals
from the HMI to the CPU. The signals are monitored for errors during the communication. In
the event of a fault, the HMI is placed into a safe state (1oo2 evaluation of the sensor).
The HMI device can be operated simultaneously in standard mode and fail-safe mode.
Diagnostic Function the HMI Device
The fail-safe HMI device includes a non-configurable diagnostic function. The diagnostics
are always activated and are automatically made available by the HMI in STEP 7 and
passed on to the CPU in the event of a fault.
The diagnostic function passes the following diagnostics information to the CPU:
• Communication fault
Communication between the HMI as DP-slave and the CPU as DP Master has been
interrupted (e.g. due to wrong PROFIBUS address or PROFIsafe address).
• HW fault
External wiring or internal hardware fault, data corruption or procedure error.
• Configuration error
Error in the PROFIsafe configuration
1-6
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Overview
1.6 Fail-safe Mode
Enable Input
Note
Enable input does not affect the fail-safe channels
The enable input of the HMI does not affect the digital inputs for the fail-safe channels.
Fail-safe inputs are not locked when the HMI device is locked by an enable input.
Emergency stop signals are always forwarded to the PLC.
Example Configuration of an F System with a Fail-safe HMI Device
SIMATIC S7 416F-2 as
DP Master (Class 1)
Standard Host/SPS
as
DP Master (Class 1)
PROFIBUS Part 3 = PROFIBUS DP
Operating and
monitoring device as
DP Master (Class 2)
Figure 1-1
F I/O
as
DP Slave
PP 17-I PROFIsafe
as
DP Slave with F-I/O
Standard I/O
as
DP Slave
Standard I/O
as
DP Slave
Simultaneous operation of fail-safe and standard stations
In the depicted configuration, each DP-slave communicates with just one DP-master. The
PP 17-I PROFIsafe communicates exclusively with the SIMATIC S7-416F-2 in this case.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
1-7
Overview
1.6 Fail-safe Mode
1-8
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Safety Instructions and General Notes
2.1
2.1
2
Safety Instructions
Working on the cabinet
Warning
Open equipment
The HMI device is an open equipment. This means that the HMI device may only be
installed in cubicles or cabinets, whereby the device can be operated from the front panel.
Access to the cubicle or cabinet in which the HMI device is installed should only be possible
by means of a key or tool and for personnel who have received instruction or are authorized.
Danger, High Voltage
Opening the cabinet will expose high voltage parts. Contact with these parts could be fatal.
Switch off the power supply to the cabinet before opening it.
High frequency radiation
Notice
Unintentional operating situations
High frequency radiation, from mobile phones for example, can cause unintentional
operating situations.
2.2
2.2
Standards, Certificates and Approvals
Valid approvals
Caution
Valid approvals
The overview below provides information on available approvals
The HMI device itself is certified as shown on the label on its rear panel.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
2-1
Safety Instructions and General Notes
2.2 Standards, Certificates and Approvals
CE approval
The automation system meets the general and safety-related requirements of the following
EC directives and conforms to the harmonized European standards (EN) for programmable
logic controllers published in the official gazettes of the European Union:
• 89/336/EEC "Electromagnetic Compatibility" (EMC guideline)
• 98/37/EG Directive of the European Parliament and Council of 22 June 1998 on the
approximation of the laws and administrative regulations of the Member States
concerning machinery
EC declaration of conformity
The EC declarations of conformity are kept available for the responsible authorities at the
following address:
Siemens Aktiengesellschaft
Automation & Drives
A&D AS RD ST PLC
PO Box 1963
D-92209 Amberg
UL certification
Underwriters Laboratories Inc. conforming to
• UL 508 (Industrial Control Equipment)
• CSA C22.2 No. 142, (Process Control Equipment)
or
Underwriters Laboratories Inc. conforming to
• UL 508 (Industrial Control Equipment)
• CSA C22.2 No. 142, (Process Control Equipment)
• UL 1604 (Hazardous Location)
• CSA-213 (Hazardous Location)
Approved for use in
• Class I, Division 2, Group A, B, C, D T4
• Class I, Zone 2, Group IIC T4
2-2
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Safety Instructions and General Notes
2.3 Notes about Usage
(German) Technical Inspectorate Certificates and Standards
The HMI device is certified according to the following standards. The latest version/edition of
the standard can be found in the report for the Technical Inspectorate Certificate.
Standards/guidelines
Name
Standards/Directives Functional Safety
IEC 61508-1 to 4
Standards/Directives Process engineering
VDI/VDE 2180-1 to 5
IEC 61511
Standards/Directives Machine Safety
98/37/EC
EN 60204-1
NFPA 79
IEC 62061
prEN 954
DRAFT ISO 13849
Standards/Directives Burner Management
Systems
Standards/Directives PROFIsafe
EN 50156-1
PROFIBUS PROFIsafe V1.30 (June 2004)
PROFIBUS PROFIsafe Edition 2/2003
Requesting Certificates from the Technical Inspectorate
Copies of certificates can be obtained from the Technical Inspectorate at the following
address:
Siemens Aktiengesellschaft
Automation & Drives
A&D AS RD ST PLC
PO Box 1963
D-92209 Amberg, Germany
2.3
2.3
Notes about Usage
Use in Industry
The HMI device is designed for industrial use. The following standards are met:
• Requirements of the emission of interference EN 61000-6-4: 2001
• Requirements for noise immunity EN 61000-6-2: 2001
Residential Use
If the HMI device is used in a residential area, you must take measures to achieve Limit
Class B conforming to EN 55011 for RF interference.
Suitable measures to achieve Limit Class B for suppression of radio interference include:
• Installation of the HMI device in a grounded control cabinet
• Use of filters in electrical supply lines
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
2-3
Safety Instructions and General Notes
2.4 Electromagnetic compatibility
2.4
2.4
Electromagnetic compatibility
Introduction
The HMI device fulfills requirements of the EMC Directive of the domestic European market
and other requirements.
EMC-compliant installation of HMI devices
An EMC-compliant installation of the HMI device and the use of interference-proof cables
form the basis of trouble-free operation. The "Directives for interference-free installation of
PLCs" and the "PROFIBUS Networks" manual also apply for the installation of the HMI
device.
Pulseshaped Interference
The following table shows the electromagnetic compatibility of modules compared to pulseshaped interference. These specifications only apply when the HMI device meets the
specifications and directives regarding electrical installation.
Table 2-1
Pulseshaped Interference
Pulse-shaped interference
Tested with
Corresponds to test
intensity
Electrostatic discharge
conforming to IEC 61000-4-2
Air discharge: 8 kV
Contact discharge: 4 kV
3
Burst pulses
(high-speed transient
interference)
conforming to IEC 61000-4-4
2 kV power supply cable
2 kV signal cable, > 30 m
1 kV signal cable, < 30 m
3
High-power surge pulses conforming to IEC 61000-4-5, external protective circuit required (refer to
S7 300 PLC, Installation, chapter “Lightning and overvoltage protection”).
•
Asymmetric coupling
2 kV power cable
DC voltage with protective elements
3
2 kV signal/data cable, > 30 m,
with protective elements as required
•
Symmetric coupling
1 kV power cable
DC voltage with protective elements
3
1 kV signal cable, > 30 m,
with protective elements as required
2-4
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Safety Instructions and General Notes
2.4 Electromagnetic compatibility
Sinusoidal Interference
The table below shows the EMC properties of the modules with respect to sinusoidal
interference. These specifications only apply when the HMI device meets the specifications
and directives regarding electrical installation.
Table 2-2
Sinusoidal Interference
Sinusoidal interference
RF interference
(electromagnetic fields)
• conforming to
IEC 61000-4-3
•
3
10 V/m with 80 % amplitude modulation of 1 kHz
in the range from 80 MHz to 1 GHz and 1.4 GHz
to 2 GHz
10 V/m with 50% pulse modulation at 1.89 GHz
RF interference current on
cables and cable shielding
conforming to IEC 61000-4-6
System
Corresponds to
test intensity
10 V/m with 50% pulse modulation at 900 MHz
conforming to
IEC 61000-4-3
Table 2-3
Test values
Test voltage 10 V at 80 % amplitude modulation
of 1 kHz in the range from 9 kHz to 80 MHz
3
GSM/ISM field interferences of different frequencies (EN 298: 1998)
Frequency
Test level
Modulation
GSM
890-915 MHz
20 V/m
Pulse modulation 200 Hz
GSM
1710-1785 MHz
20 V/m
Pulse modulation 200 Hz
GSM
1890 MHz
20 V/m
Pulse modulation 200 Hz
ISM
433.05-434.79 MHz
20 V/m
AM, 80%, 1 kHz
ISM
83.996-84.004 MHz
20 V/m
AM, 80%, 1 kHz
ISM
167.992-168.008 MHz
20 V/m
AM, 80%, 1 kHz
ISM
886.000-906.000 MHz
20 V/m
AM, 80%, 1 kHz
Table 2-4
System
ISM field interferences of different frequencies (EN 298: 1998)
Frequency
Test level
Modulation
ISM
6.765-6.795 MHz
20 V
AM, 80%, 1 kHz
ISM
13.553-13.567 MHz
20 V
AM, 80%, 1 kHz
ISM
26.957-27.283 MHz
20 V
AM, 80%, 1 kHz
ISM
40.66-40.70 MHz
20 V
AM, 80%, 1 kHz
ISM
3.370-3.410 MHz
20 V
AM, 80%, 1 kHz
ISM
13.533-13.533 MHz
20 V
AM, 80%, 1 kHz
ISM
13.567-13.587 MHz
20 V
AM, 80%, 1 kHz
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
2-5
Safety Instructions and General Notes
2.4 Electromagnetic compatibility
Table 2-5
Additional special frequencies according to DIN IEC 61326-3
System
Frequency
Test level
Modulation
Various
mobile and
SRD
137-174 MHz
20 V/m
AM, 80 %, 1 kHz
Amateur
430-470
20 V/m
AM, 80 %, 1 kHz
ISM only
region 2
902-928
20 V/m
AM, 80 %, 1 kHz
GSM
925-960
20 V/m
Pulse modulation 200 Hz
GSM
1805-1880
20 V/m
Pulse modulation 200 Hz
UMTS
1900-2025
20 V/m
Pulse modulation 200 Hz
UMTS
2110-2200
3 V/m
Pulse modulation 200 Hz
ISM
2400-2500
3 V/m
AM, 80 %, 1 kHz
UMTS
2500-2690
3 V/m
Pulse modulation 200 Hz
Emission of radio interference
Emission of electromagnetic interference conforming to 55011,
Limit value class A, Group 1, measured at a distance of 10 m:
From 30 MHz to 230 MHz
< 40 dB (V/m) quasi-peak
From 230 MHz to 1000 MHz
< 47 dB (V/m) quasi-peak
Additional Measures
Before you connect an HMI device to the public network, ensure that it is compliant with Limit
Class B conforming to 55022.
2-6
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Safety Instructions and General Notes
2.5 Transport and Storage Conditions
2.5
2.5
Transport and Storage Conditions
Mechanical and climatic transport and storage conditions
The transport and storage conditions of this HMI device exceed requirements conforming to
IEC 61131-2. The following specifications apply to the transport and storage of an HMI
device in its original packing.
The climatic conditions comply to the following standards:
• IEC 60721-3-3, Class 3K7 for storage
• IEC 60721-3-2, Class 2K4 for transport
The mechanical conditions are compliant with IEC 60721-3-2, Class 2M2.
Table 2-6
Transport and Storage Conditions
Type of condition
Permitted range
Drop test (in transport package)
≤1m
Temperature
–20 to +70° C
Air pressure
from 1030 to 581 hPa
Max. pressure difference (front/rear)
2 hPa
Relative humidity
≤ 90%, w/o condensation
Sinusoidal vibration conforming to
IEC 60068-2-6
5 Hz to 9 Hz: 3.5 mm
9 Hz to 150 Hz: 9.8 m/s2
Shock conforming to IEC 60068-2-29
250 m/s2, 6 ms, 1000 shocks
Notice
Ensure that no condensation (dewing) develops on or inside the HMI device after
transporting it at low temperatures or after it has been exposed to extreme temperature
fluctuations.
The HMI device must have acquired room temperature before it is put into operation. Do not
expose the HMI device to direct radiation from a heater in order to warm it up. If dewing has
developed, wait approximately 4 hours before you switch on the HMI device.
Prerequisite for the trouble-free and safe operation of the HMI device is proper transport and
storage, installation and assembly and careful operation and maintenance.
Warranty for the HMI device is deemed void if these specifications are ignored.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
2-7
Safety Instructions and General Notes
2.5 Transport and Storage Conditions
2-8
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
3
Planning Application
3.1
3.1
Checklist for fail-safe operation
Application Planning
Before deploying the HMI, you should check that the planned application of the HMI
complies with the following prerequisites.
Check list for application planning
Step
Information
Check the ambient climatic and mechanical conditions
Chapter 3.2
Define the mounting position, installation location and mounting type of the
HMI.
Chapter 3.3
Preparation of the mounting cutout
Chapter 3.4
Check that the requirements for insulation voltage, protection class and
seal tightness will be met if the HMI is used in this way.
Chapter 3.5
Check that the allowed nominal line voltages are met
Chapter 3.6
Check
For fail-safe mode: Determination of safety class (SIL2/cat. 3 or SIL3/cat. 4) Chapter 3.7
that is to be achieved
Selection of sensors that fulfill the fail-safe mode requirements
3.2
3.2
Chapter 3.7
Mounting Information
Mechanical and Climatic Conditions of Use
The HMI device is intended for installation in weatherproof permanent locations. The
conditions of use are compliant with requirements to DIN IEC 60721-3-3:
• Class 3M3 (mechanical requirements)
• Class 3K3 (climatic requirements)
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
3-1
Planning Application
3.2 Mounting Information
Use with additional measures
Examples of applications where the use of the HMI device requires additional measures:
• In locations with a high degree of ionizing radiation
• In locations with extreme operating conditions resulting from situations as follows:
– Corrosive vapors, gases, oils or chemicals
– Electrical or magnetic fields of high intensity
• In plants requiring special monitoring features, for example:
– Elevator systems
– Systems in especially hazardous rooms
Mechanical environmental conditions
The mechanical ambient conditions for the HMI device are specified in the following table in
terms of sinusoidal vibration.
Table 3-1
Mechanical environmental conditions
Frequency range in Hz
Continuous
Infrequently
10 ≤ f ≤ 58
Amplitude 0.0375 mm
Amplitude 0.075 mm
58 ≤ f ≤ 150
Constant acceleration 0.5 g
Constant acceleration 1 g
Reduction of vibration
If the HMI device is subjected to greater shocks or vibrations, you must take appropriate
measures to reduce acceleration or amplitudes.
We recommend fitting the HMI device to vibration-absorbent material (on metal shock
absorbers, for example).
3-2
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Planning Application
3.2 Mounting Information
Testing for mechanical ambient conditions
The following table provides information about the type and scope of testing for mechanical
environmental conditions.
Table 3-2
Check of mechanical ambient conditions
The check
includes
Test standard
Remarks
Vibrations
Vibration testing in accordance
with
IEC 60068, Part 2–6 (sine)
Type of vibration:
Transitional rate of the frequency: 1 octave/minute.
10 ≤ f ≤ 58,
constant amplitude 0.075 mm
58 ≤ f ≤ 150,
Constant acceleration 1 g
Vibration duration:
10 frequency cycles per axis in each of the three axes
vertical to each other
Shock
Shock testing in accordance
with IEC 60068, Part 2 – 29
Type of shock: Half-sine
Shock intensity:
Peak value 15 g, duration 11 ms
Direction of impact:
3 shocks in ± direction of axis in each of the three
axes vertical to each other
Climatic ambient conditions
The HMI device may be used under the following climatic ambient conditions:
Table 3-3
Climatic ambient conditions
Ambient conditions
Permitted range
Remarks
Temperature
• Vertical mounting
• Inclined mounting
from 0 to 55° C
See the "Mounting positions and type of
fixation" section
Relative humidity
≤ 95%
from 0 to 55° C
Without condensation, corresponds to a
relative humidity, stress class 2
conforming to IEC 61131, part 2
Air pressure
1030 to 706 hPa
Pollutant concentration
SO2: < 0.5 ppm;
relative humidity < 60 %, no
condensation
Check: 10 ppm; 4 days
H2S: < 0.1 ppm;
relative humidity < 60 %, no
condensation
Check: 1 ppm; 4 days
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
3-3
Planning Application
3.3 Mounting Positions and Type of Fixation
3.3
3.3
Mounting Positions and Type of Fixation
Mounting position
The HMI device is designed for mounting in racks, cabinets, control boards and consoles. In
the following, all of these mounting options are referred to by the general term "cabinet".
The HMI device is self-ventilated and approved for vertical and inclined mounting in
stationary cabinets.
–
Figure 3-1
+
Permitted mounting positions
Mounting position
Deviation from the vertical
①
Inclined
≤ –35°
②
Vertical
0°
③
Inclined
≤ 35°
Caution
Impermissible ambient temperatures
Do not operate the HMI device without auxiliary ventilation if the maximum permissible
ambient temperature is exceeded. The HMI device may otherwise get damaged and its
approvals and warranty will be void!
3-4
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Planning Application
3.4 Preparing for Mounting
Type of fixation
Spring clamps are provided for mounting the device. Hook the clamps into the recesses of
the HMI device. The overall HMI device dimensions are not exceeded by this.
1
2
Figure 3-2
View of a mounting clamp
①
Hooks
②
Recessed head screw
Mounting Depth
The mounting depth for the HMI device depends on the type of cabling to the controller. It
does not match the external dimensions of the device. Plan a sufficient bending radius for
the cable.
Bus connector
Mounting Depth
Without
53 mm
With angled bus connector
Order no.: 6ES7 972-0BB10-0x70
75 mm
With non-angled bus connector
Order no.: 6GK1 500-0EA00
130 mm
Mounting Several HMI Devices
You can seamlessly mount several type PP 17 HMI devices next to each other or
underneath each other in the same switching cabinet. When mounting the HMI devices,
adjust the spring clamps of the various devices into the optional cut-outs so that they do not
hinder one another.
3.4
3.4
Preparing for Mounting
Select the HMI device mounting location
What to observe when selecting the installation location:
• Position the HMI device so that it is not subjected to direct sunlight.
• Position the HMI device to provide an ergonomic position for the operator and select a
suitable mounting height.
• Ensure that the air vents are not covered as a result of the mounting.
• Observe the permissible mounting positions for the HMI device.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
3-5
Planning Application
3.4 Preparing for Mounting
Preparing the mounting cut-out
The degrees of protection are only guaranteed when the following is observed:
• Material thickness at the mounting cut-out: 2 mm to 6 mm
• The deviation from plane for the panel cut-out is ≤ 0.5 mm
This condition must be fulfilled for the mounted HMI device.
• Permissible surface roughness in the area of the seal: ≤ 120 µm (friction coefficient 120)
You can mounted the HMI devices butted side-by-side or stacked. The figure below shows
the required mounting cut-out.
14
14
190–1
226–1
3-6
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Planning Application
3.5 Information on insulation tests, protection classes and degrees of protection
3.5
3.5
Information on insulation tests, protection classes and degrees of
protection
Test Voltages
Insulation strength is demonstrated in the type test with the following test voltages
conforming to IEC 61131-2:
Table 3-4
Test Voltages
Circuits with nominal voltage Ue relative to other
circuits or ground
Test voltage
< 50 V
500 VDC
Protection class
Protection Class I conforming to IEC 60536, i.e. equipotential bonding conductor to profile
rail required!
Protection from foreign objects and water
Degree of protection conforming to
IEC 60529
Description
Front panel
IP65 in mounted state
Rear
IP20
protection against contact with standard test probes There is
no protection against ingress by water.
The degree of protection provided by the front side can only be guaranteed when the
mounting seal lies completely against the mounting cut-out.
Notice
Degree of protection IP65
The degrees of protection are only guaranteed when the following is observed:
• The material strength at the mounting cut-out is at least 2 mm.
• The deviation from the plane of the mounting cut-out in an installed HMI device is
≤ 0.5 mm.
• When mounting standard components, the membrane on the front of the HMI device
should only be cut for the area of the knockout aperture.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
3-7
Planning Application
3.6 Nominal Voltages
3.6
3.6
Nominal Voltages
The following table details the allowed nominal line voltages and associated tolerance rages.
3.7
3.7
Nominal voltage
Tolerance range
+24 VDC
20.4 V to 28.8 V (–15%, +20%)
Prerequisites for fail-safe operation
Achievable Safety Classes (SIL)
The following safety classes can be achieved with the HMI device:
• SIL2/Cat. 3
• SIL3/Cat. 4
Warning
Safety Class SIL3/Cat. 4
Safety class SIL3/cat. 4 can only be achieved with FB "F_PP17I_SIL3". This function
block is provided on the CD which contains these operating instructions.
The following applies when integrating the FB:
• It must be ensured that the FB will be called in the control program.
• The FB parameters must be clearly assigned to the HMI device with SIL3/cat. 4.
Caution
Perform an acceptance procedure before putting the HMI device into operation.
3-8
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Planning Application
3.7 Prerequisites for fail-safe operation
Requirements for the Sensors to be Used (emergency stop buttons)
Warning
General Requirements for Sensors
Our electronics are equipped with such safety engineering features as to leave 85% of the
maximum permissible probability of hazardous faults for sensors and actuators up to you
(this corresponds to the recommended load division in safety engineering between sensing
devices, actuating devices, and electronic switching for input, processing, and output).
Note, therefore, that instrumentation with sensors and actuators entails a considerable
safety responsibility. Consider, too, that sensors and actuators do not generally withstand
proof-test intervals of 10 years (the interval for an external function test according to
IEC 61508) without considerable loss of safety.
The probability of hazardous faults and the rate of occurrence of hazardous faults of a safety
function must comply with an upper limit determined by a safety integrity level (SIL). You will
find a listing of values achieved by the HMI device "Fail-Safe Performance Characteristics"
in the specifications for the HMI device.
To achieve SIL3 (AK6/Category 4), suitably qualified sensors are necessary. The sensors
used must fulfill the standards IEC/EN 60947-5-1 and IEC/EN 60947-5-5
(VDE 0660, section 200).
Warning
The HMI device can only recognize two-channel equivalent sensor signals (break contacts,
two-channel).
Error can be detected using the following configurations:
• When connecting non-equivalent sensor signals.
• With redundant connection of a single-channel sensor
Emergency stop is detected using the following configuration:
• With redundant connection of two single-channel sensors (normally open switches).
Warning
No redundant connection of two single-channel break contacts
Ascertain that under no circumstances are two single-channel break contacts redundantly
connected as sensor signals. If sensor signals are connected redundantly (break
contacts), a fault will only be recognized if one of the sensors is triggered.
Caution
All digital inputs and digital outputs that are not assigned to a fail-safe channel may not be
connected with low-impedance (short-circuited).
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
3-9
Planning Application
3.7 Prerequisites for fail-safe operation
Requirements for the Duration of Sensor Signals
Warning
Minimum duration of sensor signals
In order to guarantee accurate detection of the sensor signal by the HMI, you must ensure
that the sensor signals have a minimum duration of 50 ms. This is ensured by the usage of
push-to-lock emergency stop buttons.
Requirements for Cables
The cables used must meet the following requirements:
• The unique assignment of terminals to sensors must be ensured.
• Cables laid outside of the switching cabinet must be laid separately in accordance with
the relevant standards e.g. in stable pipes or cable ducts. This is intended to prevent
short-circuits and cross-circuits.
• When wiring external emergency stop buttons with the fail-safe channels of the HMI, the
following cable lengths must be maintained:
– Unshielded cables: Max. 1 m
– Shielded cables: Max. 10 m
3-10
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
4
Mounting and Connecting
4.1
4.1
Checklist for fail-safe operation
Mounting and Connecting
The following steps must be taken when mounting and connecting the HMI.
Check list for mounting and connecting
4.2
4.2
Step
Information
Check that the contents of the package are complete and have not been
damaged in transit.
Chapter 4.2
Mounting the required standard components
Chapter 4.3
Wiring the standard components
Chapter 4.4
Mounting the HMI in the prepared mounting cutout
Chapter 4.5
Connecting the equipotential bonding to the HMI
Chapter 4.6.2
Connecting the power supply to the HMI
Chapter 4.6.3
Connecting the controller to the HMI
Chapter 4.6.4
Switching on and testing the HMI
Chapter 4.7
Check
Checking the package contents
Check the package contents for visible signs of transport damage and for completeness.
Notice
Do not install parts damaged during shipment. In the case of damaged parts, contact your
Siemens representative.
Keep the supplied documentation in a safe place. The documentation belongs to the HMI
device and is required for subsequent commissioning.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
4-1
Mounting and Connecting
4.3 Mounting Standard Components
4.3
4.3
Mounting Standard Components
Introduction
Where required, 22.5 mm diameter standard components e.g. key switches and emergency
stop buttons can be built into the HMI. The installation in the lower section of the HMI device
front is prepared by a pre-perforated cut-out with oblong holes.
Mount the standard components before mounting the HMI device itself in the switchgear
cabinet.
Determine mounting position
If you want to mount several standard components, first plan what component should be
mounted in which position.
• Emergency stop button
We recommend mounting a maximum of one emergency stop switch in the HMI. Mount
any planned additional emergency stop buttons in the environment of the HMI in other
positions on your system. In doing so, consider the maximum allowed cable length.
Use one of the oval shaped cut-out openings in the middle row for mounting the
emergency stop button with or without protective collar. These cut-out openings are
constructed so that you can position the emergency stop button further to the right or left
dependent on which of the crescent-shaped die-cast pieces have been broken out.
When planning, please consider that an emergency stop button needs more space on the
front side of the HMI than other standard components.
• Other standard components
All of the other standard components can be mounted in any of the cut-out openings.
4-2
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Mounting and Connecting
4.3 Mounting Standard Components
Example mounting position
The following pictures show the recommended configuration of standard components and
emergency stop buttons:
1
2
Figure 4-1
Rear view
2
Figure 4-2
1
Front view
①
Emergency stop button
②
Standard components
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
4-3
Mounting and Connecting
4.3 Mounting Standard Components
Mounting Standard Components
Proceed as follows:
1
2
3
2
1
3
Figure 4-3
Knockout aperture for standard component
1. Use a sharp knife to cut a slit into the membrane on the front of the HMI device where
you want the oblong hole ①.
2. Cut the membrane along the outer edge ② of the desired breakout aperture so that the
cut-out membrane section only remains attached to the remaining membrane where it
covers the three small webs ③.
Note
The membrane on the front of the HMI device should only be cut for the knockout
aperture in order to maintain an IP65 degree of protection for the front surface after the
mounting of the standard component.
3. Place a screwdriver into the elongated slot ① of the cut-out opening and turn the
screwdriver until the pre-stamped die-cast piece detaches.
4. Remove the detached piece.
5. Position the standard component into the empty cut-out opening.
6. Secure the standard component.
Result
The required control elements are mounted and can be wired.
See also
Front-sided Control Elements and Displays (Page 5-1)
4-4
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Mounting and Connecting
4.4 Wiring a Standard Component
4.4
4.4
Wiring a Standard Component
Introduction
4.2
4.1
3.2
3.1
2.2
2.1
1.2
1.1
07
08
09
10
11
12
13
14
07
08
09 4.2
10 4.1
11 3.2
12 3.1
13 2.2
14 2.1
1.2
1.1
DI
DO
FAILSAFE
Figure 4-4
Labels on the digital inputs and outputs (section)
There are 16 digital inputs (DI) and 16 digital outputs (DO) on the rear of the HMI device.
The bottom two digital inputs (DI1.1 and DI1.2) and digital outputs (DO1.1 and DO1.2) form
fail-safe channel 1 and are pre-set for the fail-safe wiring of an emergency stop button.
The next three input pairs and output pairs can be used optionally:
• as fail-safe channels 2 to 4 for fail-safe wiring (DI2.1 to DI4.2 and DO2.1 to 4.2) of a
further three emergency stop buttons
or
• for non-fail-safe wiring of six standard components (DI14 to DI09 and DO14 to DO09)
The number of required emergency stop keys must match the number set in HW Config of
the STEP 7 project ("Emergency Stop" parameter of the object properties of the slots hosting
"PP17_S Inputs / Outputs"). The default value for this parameter is "4", i.e. four emergency
stop keys are used and no non-fail-safe standard components.
The upper eight pairs of digital inputs (DI08 to DI01) and digital outputs (DO08 to DO01) are
used for the wiring of standard components in standard mode.
Caution
Fail-safe Mode
The HMI device can only recognize two-channel equivalent sensor signals.
The design of the emergency stop keys used must conform to the selected safety category.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
4-5
Mounting and Connecting
4.4 Wiring a Standard Component
Rules for Wiring
1
①
Reverse polarity protection
• Only use the supplied coded terminal blocks to perform the wiring.
• Wire the fail-safe channels gapless from bottom to top.
Example: Connecting two emergency stop buttons
– Connect emergency stop button 1 to the F channel 1 (DI1.1, DI1.2 and DO1.1, DO1.2)
– Connect emergency stop button 2 to the F channel 2 (DI2.1, DI2.2 and DO2.1, DO2.2)
– Wiring of an emergency stop button to the fail-safe channel 3 without assignment of
fail-safe channels 1 and 2 is not allowed.
Warning
All digital inputs and digital outputs that are not assigned to a fail-safe channel may
not be connected with low-impedance (short-circuited).
4-6
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Mounting and Connecting
4.4 Wiring a Standard Component
Fail-safe Wiring of Emergency Stop Buttons
Proceed as follows:
1. Connect emergency stop key 1 to the F channel 1 (digital inputs DI1.1 and DI1.2, digital
outputs DO1.1 and DO1.2)
33,352),VDIH
',
'2
(PHUJHQF\
VWRSEXWWRQ
2. If you wish to use another emergency stop key, wire it to the F channel 2 (digital inputs
DI2.1 and DI2.2, digital outputs DO2.1 and DO2.2)
3. Wire further emergency stop keys to the subsequent F channels gaplessly from bottom to
top.
4. Perform a function test after wiring an emergency stop button.
See also
Front-sided Control Elements and Displays (Page 5-1)
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
4-7
Mounting and Connecting
4.5 Mounting the HMI device
4.5
4.5
Mounting the HMI device
Requirement
When mounting an HMI device you will need eight anchor clamps from the accessories. The
mounting seal must be available on the HMI device. If the mounting seal is damaged, order a
replacement seal. The mounting seal is part of the associated service pack.
Mounting the HMI device
Notice
Always mount the HMI device according to the instructions in this manual.
Proceed as follows:
1. Check that the mounting seal is fitted on the HMI device.
Do not install the mounting seal turned inside out. This may cause leaks in the mounting
cut-out.
2. Working from the front, insert the device into the mounting cut-out.
3. Place two anchor clamps each above, below and to the sides of the HMI device in the
cavities provided.
If you wish to mount several devices butted gaplessly, ensure that the mounting clamps
do not hinder one another. Use alternative recesses for the mounting clamps if
necessary.
Figure 4-5
Installing the mounting clamp on the HMI device
4. Fasten each mounting clamp by tightening its Phillips screws. The permitted torque is
0.15 Nm.
4-8
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Mounting and Connecting
4.6 Connecting the HMI device
Notice
Check the fit of the mounting seal on the front. The mounting seal must not protrude from
the HMI device.
If it does, dismount the HMI device and repeat steps 1 to 4.
See also
Accessories (Page 1-3)
4.6
4.6
Connecting the HMI device
Requirement
Additionally installed standard components have been connected to the HMI device.
The HMI device must be mounted according to the specifications of these operating
instructions.
Connection sequence
Connect the HMI device in the following sequence:
1. Equipotential bonding
2. Power supply
Perform a power-up test to ensure the correct polarity of the power supply.
3. PLC
Notice
Connection sequence
Always follow the correct sequence for connecting the HMI device. Failure to do so may
result in damage to the HMI device.
Connecting the Cables
When connecting the cables, ensure that you do not bend any of the contact pins.
Secure the connectors with screws.
Always use shielded data cable.
Always use standard cables.
For further information, refer to the SIMATIC HMI Catalog ST 80.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
4-9
Mounting and Connecting
4.6 Connecting the HMI device
See also
Safety Instructions (Page 2-1)
4.6.1
Ports
Position of the ports
The following figure below shows the interfaces of the HMI device:
1
2
3
Figure 4-6
①
Interfaces of the HMI device
Connection for power supply and enable input
②
RS 485 interface (IF 1B)
③
Chassis ground terminal
See also
Connecting the equipotential bonding circuit (Page 4-10)
Connecting the power supply (Page 4-13)
Connecting the PLC (Page 4-15)
4.6.2
Connecting the equipotential bonding circuit
Potential differences
Differences in potential between spatially separated system parts can lead to high equalizing
currents over the data cables and therefore to the destruction of their interfaces. This
situation may arise if the cable shielding is terminated at both ends and grounded at different
system parts.
Potential differences may develop when a system is connected to different mains.
4-10
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Mounting and Connecting
4.6 Connecting the HMI device
General requirements of equipotential bonding
Potential differences must be reduced by means of equipotential bonding in order to ensure
trouble-free operation of the relevant components of the electronic system. The following
must therefore be observed when installing the equipotential bonding circuit:
• The effectiveness of equipotential bonding increases as the impedance of the
equipotential bonding conductor decreases or as its cross-section increases.
• If two system parts are connected to each other via shielded data lines with shielding
connected to the grounding/protective conductor on both sides, the impedance of the
additionally installed equipotential bonding cables may not exceed 10% of the shielding
impedance.
• The cross-section of a selected equipotential bonding conductor must be capable of
handling the maximum equalizing current. The best results for equipotential bonding
between two cabinets were achieved with a minimum conductor cross-section of 16 mm2.
• Use equipotential bonding conductors made of copper or galvanized steel. Establish a
large-surface contact between the equipotential bonding conductors and the
grounding/protective conductor and protect these from corrosion.
• Terminate the shielding of the data cable on the HMI device flush and near the
equipotential busbar using suitable cable clamps.
• Route the equipotential bonding conductor and data cables in parallel with minimum
clearance between these. See the connection diagram.
Notice
Grounding conductor
Cable shielding is not suitable for equipotential bonding. Always use the prescribed
equipotential bonding conductors. The minimum cross-section of a conductor used for
equipotential bonding is 16 mm². When you install PROFIBUS DP networks, always use
cables with a sufficient crosssection since otherwise the interface modules may be
damaged or destroyed.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
4-11
Mounting and Connecting
4.6 Connecting the HMI device
Connection diagram
1
2
3
3
5
8
Figure 4-7
7
6
4
Installing the equipotential circuit
①
Chassis ground terminal on the HMI device (example)
②
Equipotential bonding conductor cross-section: 4 mm2
③
Cabinet
④
Parallel routing of the equipotential bonding conductor and data cable
⑤
Equipotential bonding conductor cross-section: min. 16 mm2
⑥
Cable clip
⑦
Voltage bus
⑧
Grounding connection
See also
Electromagnetic compatibility (Page 2-4)
Ports (Page 4-10)
4-12
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Mounting and Connecting
4.6 Connecting the HMI device
4.6.3
Connecting the power supply
Connection diagram
The following figure shows the connection of the HMI device to the power supply.
Figure 4-8
Connecting the power supply
Note when connecting
The power terminal block is included in the assembly kit and is designed for conductors with
a maximum cross-section of 1.5 mm2.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
4-13
Mounting and Connecting
4.6 Connecting the HMI device
Connecting the terminal block
Notice
Damage
Pressure on the screwdriver may damage the HMI device socket if the terminal block is
plugged in when you tighten the screws.
Always remove the terminal block to connect the wires.
1
2
Figure 4-9
①
3
Connecting the terminal block
DISABLE (enable input)
②
GND
③
+24 VDC
Connect the power supply cables to the terminal block as shown in the figure above. Ensure
that the cables are not crossed. Refer to the label showing the pin-out on the rear of the HMI
device.
Reverse polarity protection
The HMI device is equipped with a polarity reversal protection circuit.
Connecting the power supply
Caution
Ensure safe electrical insulation of the power supply. Always use power supply modules that
conform to IEC 364-4-41 or HD 384.04.41 (VDE 0100, Part 410).
Only use power supplies that fulfill the standards SELV (Safety Extra Low Voltage) and
PELV (Protective Extra Low Voltage)!
The power supply must always be within the specified range to prevent malfunctions on the
HMI device.
Equipotential bonding
Therefore, wire the 24 V output of the power supply to the equipotential circuit.
See also
Ports (Page 4-10)
4-14
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Mounting and Connecting
4.6 Connecting the HMI device
4.6.4
Connecting the PLC
Connection diagram
The following figure shows the connection of the HMI device to the PLC.
SIMATIC S 7
RS 485
Figure 4-10
Connecting the PLC
Notice
Always use the approved cables to connect a SIMATIC S7 PLC.
Standard cables are available for the connection. You will find additional notes on this
subject in the SIMATIC HMI Catalog ST 80 or in the SIMATIC NET Catalog IK PI.
Configuring the interface
A configuration module for configuring the interface to the controller is located on the back of
the HMI device.
See also
Configuring the PROFIBUS DP Interface (Page 6-14)
Ports (Page 4-10)
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
4-15
Mounting and Connecting
4.7 Switching on and testing the HMI device
4.7
4.7
Switching on and testing the HMI device
Prerequisites for Fail-safe Operation
Caution
When using fail-safe mode, always check the following settings in HW Config of the
SIMATIC Manager before commissioning:
• The number of connected emergency stop buttons must match the configuration of the
HMI device in HW Config.
• The modules "Emergency Stop SIL2" or "Emergency Stop SIL3" must be configured
according to the required safety class.
Activate the host before switching on, otherwise a fault will occur in SIL3/cat. 4.
Procedure
Proceed as follows:
1. Connect the terminal block to the HMI device.
2. Switch on the power supply.
When the power is switched on, the "POWER" LED lights on the front of the HMI device.
The following message appears on the display of the configuration module during startup:
PP17 V2.xx
START
In this message "2.xx" stands for the fail-safe version of the HMI device.
If the HMI device does not start, it is possible the wires on the terminal block have been
crossed. Check the connected wires and change the connections if necessary.
Ready for Operation
The following criteria indicates that the HMI device is ready for operation:
• The "POWER" LED on the front of the HMI device is lit, the "ERROR" LED is not.
• The following message is shown on the display of the configuration module:
PP17 V2.xx
READY
Afterwards, perform a lamp test.
4-16
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Mounting and Connecting
4.7 Switching on and testing the HMI device
Switching Off the HMI Device
Options for switching off the HMI device:
• Switch off the power supply.
• Disconnect the terminal block from the HMI device.
The system goes to a safe state in fail-safe mode.
See also
Front-sided Control Elements and Displays (Page 5-1)
Carry out lamp test (Page 8-3)
Configuring the PROFIBUS DP Interface (Page 6-14)
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
4-17
Mounting and Connecting
4.7 Switching on and testing the HMI device
4-18
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
5
Control Elements and Displays
5.1
5.1
Front-sided Control Elements and Displays
Front of the HMI device
1
2
①
Keys with integrated LEDs
②
Mounting position for standard components
③
"Power" LED and "Error" LED
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
3
5-1
Control Elements and Displays
5.1 Front-sided Control Elements and Displays
Keys with integrated LEDs
There are 16 short-stroke keys on the front of the HMI device. The individual keys can be
configured as keys or switches.
• Button function: The corresponding bit in the PLC is set as long as the key is pressed.
• Switch function: Pressing a key sets the corresponding bit in the PLC, a second press of
the key sets it back.
Colored surface LEDs are integrated in each key. They can be used to indicate bit states of
the connection PLC.
Red, green and yellow can be configured for the LEDs. The LEDs can flash and light
continuously.
The keys and LEDs are numbered as follows:
8
1
16
9
Figure 5-1
Numbering of the keys and LEDs
LED "POWER"
The "POWER" LED lights as long as the HMI device is supplied with power.
"ERROR" LED
The LED "ERROR" indicates if the HMI device is in test mode or if an error has occurred.
"ERROR" LED Displays
Cause
Remedy
LED flashes (normal mode)
A PROFIsafe fault has occurred. Diagnose and rectify the fault.
LED lights (normal mode)
A PROFIBUS fault has
occurred.
Diagnose and rectify the fault.
LED blinks (lamp test)
A lamp test is currently being
carried out.
End the lamp test by releasing
the key assigned to the function
or by resetting the two LED bits
from the PLC.
LED lights (hardware test mode) A hardware test is being
performed.
5-2
Stop the hardware test using the
menu of the configuration
module or reboot the HMI
device.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Control Elements and Displays
5.2 Backside HMI Components, LEDs and Ports
Additional Standard Components
Knockout apertures are provided in the lower section of the HMI device for mounting
additional standard components. A maximum of 12 additional components can be mounted
and connected to the digital inputs outputs on the back of the HMI device.
A maximum of four emergency stop keys can be operated in fail-safe mode.
Labeling strips
Labels can be applied to the keys and additionally mounted components.
See also
Labeling of Keys or Standard Components (Page 5-6)
Mounting Standard Components (Page 4-2)
Wiring a Standard Component (Page 4-5)
Carry out lamp test (Page 8-3)
5.2
5.2
Backside HMI Components, LEDs and Ports
Back of the HMI Device
1
2
3
1
4
①
Ports
②
Configuration module
③
Knockout apertures for mounting standard components
④
Labeling strips
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
5-3
Control Elements and Displays
5.2 Backside HMI Components, LEDs and Ports
Configuration Module
1
①
2
3
Display
②
Cursor keys and function keys
③
Memory module
You can perform the following tasks with the configuration module:
• Configure the HMI-device interface to the PLC
• Perform a hardware test
A menu guides you through both tasks.
All parameters for the interface to the PLC are saved in the memory module of the HMI
device. The memory module can be removed and used in another HMI device. Therefore it
is not necessary to reconfigure the interface when exchanging the HMI electronics or the
entire HMI device.
Note
A memory module for a PP17-I standard device may not be used for a fail-safe
PP 17-I PROFIsafe.
5-4
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Control Elements and Displays
5.2 Backside HMI Components, LEDs and Ports
Digital Inputs and Outputs
Additionally mounted standard components can be wired via the digital inputs and outputs.
Unconnected digital inputs are automatically set to 0.
STANDARD
DI
4.2
4.1
3.2
3.1
2.2
2.1
1.2
1.1
DO
01
02
03
04
05
06
07
08
09
10
11
12
13
14
01
02
03
04
05
06
07
08
09 4.2
10 4.1
11 3.2
12 3.1
13 2.2
14 2.1
1.2
1.1
DI
DO
1
2
3
FAILSAFE
①
Digital inputs DI01 to DI08, digital outputs DO01 to DO08
②
Configurable:
• Standard digital inputs DI09 to DI14, standard digital outputs DO09 to DO14
or
• F channels 2 to 4: DI2.1 to DI4.2 and DO2.1 to DO4.2
③
F channel 1: DI1.1 and DI1.2, DO1.1 and DO1.2
Each F channel uses two digital inputs and two digital outputs. You set the number of
F channels used in STEP 7.
The labels of the digital inputs and outputs are color-coded:
• Grey background: Assignment for standard mode
• Yellow background: Assignment for fail-safe mode
Power Supply and Enable Input
On the left side of the HMI device's rear panel there are interfaces for connecting the power
supply and enable input. Enable input makes it possible to disable the standard digital inputs
of the HMI device.
Note
Enable input does not affect the digital inputs of fail-safe channels
The enable input does not affect the digital inputs assigned with fail-safe channels. Fail-safe
inputs are not locked when the HMI device is locked by an enable input. Emergency stop
signals are always forwarded to the PLC.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
5-5
Control Elements and Displays
5.3 Labeling of Keys or Standard Components
See also
Design of the HMI Device (Page 1-2)
Testing Hardware (Page 8-1)
Configuring the PROFIBUS DP Interface (Page 6-14)
Wiring a Standard Component (Page 4-5)
Configuring the HMI device in STEP 7 (Page 6-6)
5.3
5.3
Labeling of Keys or Standard Components
Labeling of Keys or Standard Components
You can label keys or standard components in relation to specific projects. Use labeling
strips to do so.
The HMI comes with a sheet of removable labeling strips.
Additional sets of labeling strips can be ordered under order number 6AV3 671-8CB00.
1
①
Labeling strips, example for the labeling of standard components
The labeling strips can be inserted before or after you install the HMI device.
Note
Shorten or divide labeling strips if the standard components have been mounted in such a
way as to prevent the lower part of a labeling strip from being pressed in.
5-6
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Control Elements and Displays
5.3 Labeling of Keys or Standard Components
Printing Labeling Strips
s
The labeling strips have the following dimensions:
s
5
A Word template is available for the labeling strips on the documentation CD or in the
Internet at the following address:
"http://www.siemens.com/automation/support"
Observe the information in this file.
Printable foil or paper can be used as labeling strips. The permitted thickness of the labeling
strip is 0.15 mm.
Procedure
Proceed as follows:
1. Edit and then print the template.
You can also print blank templates and label them manually.
Notice
Do not write on the keyboard to label the function keys.
2. Cut out labeling strips
Clip the corners of the labeling strips to make it easier to insert them into the guides.
3. Remove any old labeling strips.
4. Slide the labeling strips into the guide.
Note
Wait for the printed labeling strips to dry before you insert them.
5. Slide the labeling strips into the guide up to the end stop.
The labeling strip will protrude approximately 1 cm out of the guide. The template
dimensions are calculated so that the labeling is correctly placed under the key fields. An
interlock is not required for the labeling strips.
See also
Front-sided Control Elements and Displays (Page 5-1)
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
5-7
Control Elements and Displays
5.3 Labeling of Keys or Standard Components
5-8
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
6
Configuring the HMI device
6.1
6.1
Checklist for fail-safe operation
Configuration
The configuration steps in STEP 7 and on the HMI device must be carried out before the
HMI device can be used.
Requirements
• The HMI is mounted and connected
• The FB "F_PP17I_SIL3" is installed in STEP 7
Check list for configuration
Step
Where?
Information
If the HMI device is not shown in
the HW Config hardware catalog:
Menu command in HW Config of
SIMATIC Manager: "Tools > Install
GSD file..."
Chapter 6.2
Configuring the module
"PP17_S inputs / outputs"
SIMATIC Manager HW Config, object
properties of module "PP17_S inputs /
outputs", tabs "Configure" and
"Address / ID"
Chapter 6.3
Chapter 6.4
Configuration for modules
"Emergency Stop SIL2" or
"Emergency Stop SIL3"
SIMATIC Manager HW Config, object
properties of module "Emergency stop
SIL2" or "Emergency stop SIL3" tabs
"Address / ID" and "PROFIsafe"
Chapter 6.3
Chapter 6.4
If "Emergency stop SIL3" is
configured:
FB "F_PP17I_SIL3" integrate in
safety program and wire up
Safety program S7 Distributed Safety
Chapter 6.5
Configure PROFIBUS-DP
interface
Configuration module on the backside
of the HMI device
Chapter 6.6
Testing Hardware
Configuration module on the backside
of the HMI device
Chapter 8.2
Integrate GSD file from CD in
STEP 7
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Check
6-1
Configuring the HMI device
6.2 Integrating the GSD File in STEP 7
Further Information
You will find further information regarding the configuration of fail-safe I/Os in STEP 7 in the
manual "S7 Distributed Safety Configuring and Programming" and in the system manual
"Safety Engineering in SIMATIC S7".
6.2
6.2
Integrating the GSD File in STEP 7
Principle
If the HMI device is not listed in the hardware catalog of HW Config, you need to integrate
the valid GSD (device database) files for the HMI device in the STEP 7 database. The GSD
files are available on the documentation CD or in the Internet at the following address:
"http://www.siemens.com/automation/support"
Integrating a GSD File
Proceed as follows:
1. Select the menu command "Options > Install GSD Files..." in the "HW Config" of the
SIMATIC Manager.
2. Use the "Browse" function to open the drive where the GSD file is located (if you are
using the CD, the CD drive of your PC).
The GSD files in the selected folder are displayed.
3. Select the desired GSD file and click on "Install".
The desired GSD file is then integrated into the STEP 7 database.
Result
The HMI device is now shown in the hardware catalog of HW Config and can be inserted
into a project.
See also
Configuring the HMI device in STEP 7 (Page 6-6)
6-2
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Configuring the HMI device
6.3 Communication between the HMI Device and the PLC
6.3
6.3
Communication between the HMI Device and the PLC
Introduction
You configure the communication between the HMI device and PLC in the HW Config of the
STEP 7 project.
You configure the parameters in the object properties of the following modules:
• "PP 17-I PROFIsafe inputs / outputs"
• "Emergency Stop SIL2" or "Emergency Stop SIL3"
Object Properties of the Module "PP 17-I PROFIsafe inputs / outputs"
• Tab "Configure":
Parameter
Meaning
Number of emergency stops
Number of fail-safe wired emergency stop
buttons (1 to 4)
Pulse stretching n*20 ms
Short touch of the key increases the specified
value by 20 ms.
Lamp test
The lamp test is carried out by pressing the
defined key
Function key 1
Function mode of respective key as button or
switch
...
Function key 16
Function digital input 1
...
Function mode of respective digital input in
standard mode: As button or switch
Function digital input 14
Mode LED 1
...
Mode LED 16
Configurable mode of respective LED:
• Flashing green
• Yellow
• Flashing red
• Flashing yellow
Flashing green is the default setting.
The LED reacts according to the configured
mode when both bits for the LED have the value
"1" in the process image.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
6-3
Configuring the HMI device
6.3 Communication between the HMI Device and the PLC
• Tab "Address / ID":
Parameter
Meaning
Input > Address > Start of Address Area
Start of address range in which the standard digital
inputs of the HMI are mapped.
Predefined: 512
If you wish to call the signals of the standard digital
inputs via a process image, enter an address range
< 512.
Input > Process Image
Process image to which the address range belongs
You can only select a process image if the address
range is < 512.
Output > Address > Start of Address Area
Start of address range in which the standard digital
outputs of the HMI device are mapped.
Predefined: 512
If you wish to call the signals of the standard digital
outputs via a process image, enter an address range
< 512.
Output > Process Image
Process image to which the address range belongs
You can only select a process image if the address
range is < 512.
Object Properties of Module "Emergency Stop SIL2" or "Emergency Stop SIL3"
• Tab "Address / ID":
Parameter
Meaning
Output > Address > Start of Address Area
Start of address range in which the standard digital
outputs of the fail-safe channels are mapped.
Predefined: 520
If you wish to call the signals of the fail-safe channels
via a process image, enter an address range < 512.
Output > Process Image
Process image of the address area
You can only select a process image if the address
range is < 512.
Input > Address > Start of Address Area
Start of address range in which the standard digital
inputs for the fail-safe channels are mapped.
Predefined: 520
If you wish to call the signals of the digital inputs for failsafe channels via a process image, enter an address
range < 512.
Input > Process Image
Process image to which the address range belongs
You can only select a process image if the address
range is < 512.
6-4
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Configuring the HMI device
6.3 Communication between the HMI Device and the PLC
• Tab "PROFIsafe":
Parameter
Meaning
F_Check_SeqNo
Inclusion of the sequence numbers in the
consistency check (CRC) of the fail-safe user
data frame
F_SIL
Safety class of the fail-safe HMI device
• With "Emergency Stop SIL2": SIL2
(corresponds to category 3)
• With "Emergency Stop SIL3": SIL3
(corresponds to category 4)
These parameters cannot be changed.
These parameters cannot be changed.
F_CRC_Length
Length of the CRC signature.
These parameters cannot be changed.
F_Par_Version
Selected PROFIsafe mode.
F_Source_Add
PROFIsafe address used to uniquely identify the
source. The address is assigned automatically.
These parameters cannot be changed.
The "F_Source_Add" parameter can have a value
between 1 and 65534.
F_Dest_Add
PROFIsafe address used to uniquely identify the
destination. The address is assigned
automatically.
The "F_Dest_Add" parameter can have a value
between 1 and 1022. You can change the value
for "F_Dest_Add".
The value set for F_Dest_Add must be entered
on the HMI device as a PROFIsafe address.
F_WD_Time
Watchdog time in the fail-safe DP standard slave
A valid current safety message frame must come
from the F CPU within the monitoring time period.
Otherwise, the fail-safe DP standard slave goes
to the safe state.
The "F_WD_Time" parameter can be set in 1 ms
increments.. The monitoring time should be
between 150 ms and 1000 ms.
Use the Excel table "s7cotia.xls" to calculate the
monitoring time which corresponds to the
availability of the system.
The Excel file "s7cotia.xls" is part of the optional
package S7 Distributed Safety. You can find the
current version of this table on the Internet at the
following address:
"http://www.siemens.com/automation/support",
article ID 19138505
You can find the parameters needed to calculate
the monitoring time under "General
Specifications".
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
6-5
Configuring the HMI device
6.4 Configuring the HMI device in STEP 7
Notice
If an error occurs, the monitoring time is included in the ensured reaction time.
Further Information about Configuring F I/Os in STEP 7
You will find further information regarding the configuration of fail-safe I/Os in STEP 7 in the
manual "S7 Distributed Safety Configuring and Programming" and in the system manual
"Safety Engineering in SIMATIC S7".
See also
Configuring the PROFIBUS DP Interface (Page 6-14)
Configuring the HMI device in STEP 7 (Page 6-6)
General Specifications (Page 9-1)
6.4
6.4
Configuring the HMI device in STEP 7
Introduction
To enable communication between the PLC and the HMI device, you need to configure the
HMI device in "HW Config" of the SIMATIC Manager.
Requirement
• The HMI device has been inserted into the STEP 7 project.
If the HMI device is not listed in the hardware catalog of HW Config, you need to integrate
the valid GSD (device database) files for the HMI device in the STEP 7 database.
• The "Emergency Stop SIL2" or "Emergency Stop SIL3" module is inserted.
• The "PP 17-I PROFIsafe in / outputs" module is inserted.
Note
The HMI must always include module "PP 17-I PROFIsafe in / outputs" in HW Config.
6-6
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Configuring the HMI device
6.4 Configuring the HMI device in STEP 7
Configure slot for "PP 17-I PROFIsafe inputs / outputs"
Caution
Ensure that the number of connected emergency stop buttons matches the configuration of
the HMI device in STEP 7.
1. In the context menu for "PP 17-I PROFISAFE inputs / outputs" select the "Object
properties" entry.
The "Properties DP Slave" dialog window opens.
2. In the "Configure" tab, open the folder "Station parameters > device specific
parameters".
3. Enter the number of emergency stop buttons used.
4. Enter a value for the pulse stretching.
5. If necessary, select a different key for the lamp test.
6. Define the the individual keys and digital inputs for standard mode either as buttons or
switches.
7. Set the mode for each LED.
8. Switch to the "Address / ID" tab.
The start value for both address ranges are predefined with the value "512" for both the
"Input" and "Output" groups. The signals for the standard digital inputs and outputs of the
HMI device are mapped in the given address ranges.
9. Check the predefined start values of the address ranges.
10. If necessary, change the address range. If you wish to call the signals of the digital
inputs or digital outputs via a process image, enter an address range < 512.
11. Only if the address range < 512: Select another process image for the start of the
address range if necessary.
12. Save your settings with "OK".
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
6-7
Configuring the HMI device
6.4 Configuring the HMI device in STEP 7
Configure PROFIsafe parameters for slot "Emergency Stop SIL2" or "Emergency Stop SIL3"
1. In the context menu for "Emergency Stop SIL2" or "Emergency Stop SIL3" select the
"Object properties" entry.
The "Properties DP Slave" dialog window opens.
In the "Address / ID" tab, the start address ranges for the "Inputs" and "Outputs" groups
are both predefined with the value "520". The signals for the standard digital inputs and
outputs of the fail-safe channels are mapped in the given address ranges.
2. Check the predefined start values of the address ranges.
3. If necessary, change the address range. If you wish to call the signals of the digital inputs
or digital outputs via a process image, enter an address range < 512.
4. Switch to the "PROFIsafe" tab.
5. Check the parameters shown.
6. If you want to change a parameter, select it and click on the "Change Value" button.
A selection dialog is displayed listing the possible parameter values.
7. Select the desired value and close the dialog with "OK".
8. Change other parameters if you wish and then save your settings with "OK".
Result
The HMI device will now respond in operation according to the new configuration. The states
of the digital inputs and outputs of the HMI device are stored in the specified address area of
the PLC.
Further Information about Configuring F I/O in STEP 7
Further information about configuring F I/O in STEP 7 is available in the manual,
"S7 Distributed Safety Configuring and Programming".
See also
Front-sided Control Elements and Displays (Page 5-1)
Integrating the GSD File in STEP 7 (Page 6-2)
Overview (Page 6-9)
Assignment of PLC Bits in the Process Images (Page 9-9)
Digital Inputs and Outputs (Page 9-8)
Communication between the HMI Device and the PLC (Page 6-3)
6-8
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Configuring the HMI device
6.5 Configure FB "F_PP17I_SIL3"
6.5
6.5
6.5.1
Configure FB "F_PP17I_SIL3"
Overview
SIL3/Cat. 4
Should safety class SIL3/cat. 4 be required, the FB "F_PP17I_SIL3" must be called in the
safety program. This FB is supplied on a CD together with the documentation for the HMI
device.
You can also find the FB on the Internet at the following address:
"http://www.siemens.com/automation/support"
Configuring in STEP 7
&+B&17
$''5B,1387
)%
ಯ)B33,B6,/ರ
$&.B5(,
$&.B67$7
$''5B287387
(5525
$&.B5(4
5(,17
4%$'
(B6723
',6&7,0(
(B6723
(B6723
(B6723
The following must be observed when integrating the FB "F_PP17I_SIL3" into the control
program:
• The FB must be configured so that it is uniquely associated to the HMI device with
SIL3/cat. 4.
• The inputs and outputs of the FB are not automatically defined with valid values and must
be manually wired as part of the configuration.
Please take special care that the values for the parameters "ADDR_INPUT" and
"ADDR_OUTPUT" match the values that are configured in HW Confiig for the input and
output ranges of the process image.
Note
In SIL3/ Cat. 4 access to the start range of the process image is not allowed.
Detailed information about configuring the HMI device as a fail-safe DP standard slave is
available in the manual, "Distributed Safety - Configuration and Programming".
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
6-9
Configuring the HMI device
6.5 Configure FB "F_PP17I_SIL3"
Determining the Version of FB "F_PP17I_SIL3" in STEP 7
Proceed as follows:
1. Open the "LAD/STL/FBD" editor in STEP 7.
2. Navigate in the left pane to "Libraries > F_FB_PP17I_SIL3 > F_FB_PP17I".
3. In the shortcut menu for the "FB 170" entry, select the "Object Properties" command.
4. Select the "General Part 2" tab.
5. The version of the FB "F_PP17I_SIL3" is shown in the field "Version (Header)"
6.5.2
FB170 "F_PP17I_SIL3"
Validity
This description applies to version 2.3 of the FB "F_PP17I_SIL3".
Purpose
The FB "F_PP17I_SIL3" is required in order to achieve safety class SIL3/cat. 4 with
PP 17-I PROFIsafe.
The FB "F_PP17I_SIL3" fulfills the following tasks:
• You can use the FB SIL3/cat. 4 to determine which emergency stop button has been
pressed.
In order to do so, you query the state of outputs E_STOP1 to E_STOP4 of the FB.
• The FB produces a test pattern which assists in the investigation of errors during
discrepancy evaluation.
The test pattern is transferred to the HMI device from the FB via the configured output
byte. The HMI device then returns this test pattern back to the FB's configured input byte.
If the HMI device returns a faulty test pattern, discrepancy evaluation is started. After an
assignable time interval (the so called discrepancy time) has elapsed, a check is
performed to determine whether or not the discrepancy still exists. If so, then a
discrepancy error exists. This will be reported to the ERROR output.
• After passivation of the HMI device, the FB executes the reintegration following user
acknowledgement.
Fail-safe I/O DB
An F-I/O DB is automatically generated for each F-I/O when the program is compiled by
HW Config. The F-I/O DB contains variables that the user has to evaluate in the safety
program.
Detailed information regarding the accessing F-I/Os and working with F-I/O DBs can be
found in the "SIMATIC S7-Distributed Safety Configuration and Programming" manual in the
"F-I/O access" chapter.
6-10
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Configuring the HMI device
6.5 Configure FB "F_PP17I_SIL3"
Mode of operation
The FB "F_PP17I_SIL3" creates a test pattern. This test pattern is output to the
PP 17-I PROFIsafe and then read back. If a faulty test pattern is read back, a discrepancy
error is determined following the expiration of the discrepancy time.
If an emergency stop button is pressed, the following procedure is initiated:
• The fail-safe channels associated with the pressed emergency stop button are excluded
from the test.
• The associated output E_STOPn will be set to "0".
• The remaining fail-safe channels will continue to be queried and tested.
In case of error the following procedure is initiated:
• All emergency stop outputs E_STOP1 to E_STOP4 will be set to "0" (passivated).
• The error output ERROR will be set to "1".
• In the event of communications errors, the input data will be set to "0".
• Errors will be stored so that an acknowledgement request can take place after the fault is
eliminated.
Transient behavior
Notice
The startup behavior of the FB "F_PP17I_SIL3" has changed as of version 2.3 and is not
compatible with version 2.1. A user acknowledgement is no longer necessary following
startup.
Behavior at reintegration and startup is now identical.
The FB "F_PP17I_SIL3" outputs all possible test patterns at startup (floating "0" at all bit
positions).
The following options are available for evaluating the test pattern:
• If the test pattern is read back without errors, the outputs E_STOP1 to E_STOP4 are
output.
• If the test pattern is read back with errors, a startup error is recognized. The error output
ERROR will be set to "1". Cause for the startup error can be a PP 17-I PROFIsafe which
is turned off, for example.
Malfunction
In the following cases, the output ERROR will be set to "1":
• A value has been configured for input CH_CNT outside of the range 1 to 4.
• A discrepancy error has occurred.
• QBAD = 1 has been signalized from the F-I/O DB.
• A startup error has occurred.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
6-11
Configuring the HMI device
6.5 Configure FB "F_PP17I_SIL3"
Note
Set the watchdog interrupt to no longer than 200 ms. Otherwise, the FB will recognize a
startup error.
Inputs
Parameters
Data type
Description
CH_CNT
INT
Number of emergency stop buttons used
Range: 1 to 4
If you configure a value outside of the range, the parameter
ERROR will be set to "1".
You have to supply the parameter CH_CNT with a constant
value. A change during operation or the use of a variable (bit
memory, for example) is not permitted.
ADDR_INPUT
WORD
Start address of the inputs in process image
The value must match the value configured in HW Config.
In each case, only lower value byte of the given input word
will be evaluated.
ACK_REI
BOOL
Acknowledge switch (input, memory bit, or higher-level user
interface) for acknowledgement after passivation.
ACK_STAT
BOOL
Configure bit 2.2 of the F-I/O DB for this input (ACK_REQ).
ACK-REQ = 1 signalizes that a user acknowledgement is
required for the reintegration of the affected F-I/O.
The F system sets ACK_REQ = 1 as soon as the error has
been corrected and a user acknowledgement is possible.
After successful acknowledgement, ACK_REQ is reset to 0
by F system.
QBAD
BOOL
Configure bit 2.1 of the F-I/O DB for this input (QBAD).
QBAD indicates if an F-I/O passivation has occurred.
DISCTIME
TIME
Discrepancy time for error
The discrepancy time has to be longer than three times the
cyclic interrupt time.
If the discrepancy time is less than three times the cyclic
interrupt time, the availability of the plant is reduced
because a sporadic discrepancy error may occur.
6-12
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Configuring the HMI device
6.5 Configure FB "F_PP17I_SIL3"
Outputs
Parameters
Data type
Description
ADDR_OUTPUT
WORD
Start address of the outputs in process image
The value must match the value configured in HW Config.
In each case, only lower value byte of the given output word
will be evaluated.
ERROR
BOOL
In the following cases, the output ERROR will be set to "1":
• A value has been configured for input CH_CNT outside
of the range 1 to 4.
• A discrepancy error has occurred.
• QBAD has been signalized from the F-/I/O DB.
• A startup error has occurred.
ACK_REQ
BOOL
ACK_REQ = "1" indicates that the error that lead to
passivation has been rectified and can therefore be reacknowledged.
ACK_REQ = 1 signalizes that acknowledgement via user
acknowledgement on input ACK is required. The F
application module sets ACK_REQ = 1 as soon as the HMI
device has been reintegrated. After successful
acknowledgement, the F application module resets
ACK_REQ to 0.
REINT
BOOL
Configure bit 0.2 of the F-I/O DB for this input (ACK_REI).
In order to reintegrate the F-I/O after an error has been
eradicated, a user acknowledgement with positive edge to
the variable ACK_REI of the F-I/O DB is required.
E_STOP1
BOOL
Displays the status of the emergency stop channels.
E_STOP2
0 = Emergency stop depressed or error
E_STOP3
1 = Emergency stop not depressed
E_STOP4
The values can be reused for example in process
visualization or in the application program.
See also
Error Elimination and Reintegration (Page 7-9)
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
6-13
Configuring the HMI device
6.6 Configuring the PROFIBUS DP Interface
6.6
6.6
Configuring the PROFIBUS DP Interface
Introduction
You can configure the PROFIBUS-DP interface using the configuration module on the back
of the HMI device. The configured parameters are stored in the memory module of the HMI
device.
A menu guides you through the configuration.
Configuration in the Factory State
The HMI device is configured as follows in the factory state:
Parameter
Meaning
Default setting
DP-ADR
PROFIBUS address
3
F_ADR
PROFIsafe address
0
BAUDRATE
Bus speed
1.5 Mbaud
Note
The HMI device cannot be used in fail-safe mode with this setting because no valid
PROFIsafe address is set.
Requirement for the Configuration
The configuration module on the back of the HMI device is accessible.
The HMI device is connected to the power supply and PLC.
You know the values for the following parameters in HW Config of the STEP 7 project:
• PROFIBUS address
• PROFIsafe address (only required for fail-safe operation)
• Baud rate of the bus speed
Note
Ensure that you configure the HMI-device values to match the values defined in
HW Config of the STEP 7 project.
Procedure - Setting Parameters
1. When the HMI device starts up, press the keys
module.
ESC
+
OK
on the configuration
The configuration mode is activated. The display shows the menu command "DEFAULT
YES/NO".
2. Select "NO" with the
6-14
and
keys and confirm your selection with
OK
.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Configuring the HMI device
6.6 Configuring the PROFIBUS DP Interface
3. In menu "DP-ADR" use the
and
keys to set the same PROFIBUS address as is
configured in HW Config of the STEP 7 project for the HMI device and confirm with
OK
.
If you want to configure multidigit addresses, use the
and
keys to swap between the
digits.
4. In menu "F-ADR" set the same PROFIsafe address as is configured for the "EmergencyStop" slot in HW Config of the STEP 7 project.
5. In menu "BAUDRATE" set the same speed as is configured for PROFIBUS in HW Config
of the STEP 7 project.
6. Exit configuration mode with
ESC
.
The specified parameters are now saved. The HMI device resumes normal operation.
Procedure - Resetting to Factory State
1. When the HMI device starts up, press the keys
ESC
+
OK
on the configuration
module.
The configuration mode is activated. The display shows the menu command "DEFAULT
YES/NO".
2. Select "YES" with the
and
3. Exit configuration mode with
keys and confirm your selection with
ESC
OK
.
.
All parameters have now been reset to the factory state. The HMI device resumes normal
operation.
Result
The specified parameters are stored in the memory module of the configuration module.
See also
Connecting the PLC (Page 4-15)
Backside HMI Components, LEDs and Ports (Page 5-3)
Communication between the HMI Device and the PLC (Page 6-3)
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
6-15
Configuring the HMI device
6.6 Configuring the PROFIBUS DP Interface
6-16
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Fail-safe Mode
7.1
7.1
7
Overview
Fail-safe Mode
You can use the HMI device in standard mode and fail-safe mode simultaneously.
In fail-safe mode the HMI device recognizes signal states from suitable emergency-stop
buttons and sends corresponding safety telegrams to the F-CPU where the safety program
runs. The F-CPU and HMI device communicate with each other via the safety oriented
PROFIsafe protocol.
Note
Activate the host before switching on, otherwise a fault will occur under SIL3/cat. 4.
Safety Functions
During fail-safe operation, safety mechanisms are activated in both HMI device and F-CPU
which recognize faults and react to them.
In the following cases, the safety mechanisms will cause the system to be placed in safe
mode:
• An emergency stop button has been depressed
• A fault has occurred
Reactions to Pressed Emergency Stop Buttons
If an emergency stop button is pressed, the system will be placed in safe mode and stopped.
In the control program, you can establish which emergency stop button was pressed. After
the danger has been eliminated, the operator resets the emergency stop and the system
restarts.
Responses to Faults in the System
In the event of a fault, the system is placed in safe mode and the HMI device rendered
passive. Substitution values will be set up on all fail-safe digital inputs instead of process
values. Analyze and eliminate the current fault with the help of the various diagnostic tools.
Afterwards, the HMI requires reintegrating. The process values are now restored to the
digital inputs for F channels.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
7-1
Fail-safe Mode
7.2 Query the State of the Emergency Stop Buttons
Reactions to Errors in the HMI Device
If an internal fault in the HMI device is recognized (for example an internal overvoltage in
SIL2/ cat. 3) the following reactions occur:
• All four emergency stop buttons will be activated.
• The PROFIsafe CRC will be corrupted.
• Communication will be broken.
• The HMI device will be rendered passive.
See also
Prerequisites for fail-safe operation (Page 3-8)
Query the State of the Emergency Stop Buttons (Page 7-2)
Error Diagnostics (Page 7-6)
Error Elimination and Reintegration (Page 7-9)
7.2
7.2
Query the State of the Emergency Stop Buttons
Dependent on safety class
The method for determining which emergency stop button has been pressed depends on the
safety class (SIL2/cat. 3 or SIL3/cat. 4).
Safety class SIL2/cat. 3
If you want to determine which emergency stop button was pressed under safety class
SIL2/cat. 3, address the first four bits in the process image given for the inputs of slot
emergency-stop SIL2.
The following table shows the configuration of the bits to the emergency stop buttons.
Bit no.
3
2
1
0
Emergency stop
button no.
4
3
2
1
DI4.1, DI4.2,
DO4.1, DO4.2
DI3.1, DI3.2,
DO3.1, DO3.2
DI2.1, DI2.2,
DO2.1, DO2.2
DI1.1, DI1.2,
DO1.1, DO1.2
Wired to
Each bit can be assigned the following values:
0 = Emergency stop button pressed or fault
1 = Emergency stop not pressed
Example:
Binary pattern for "Emergency stop button 3 pressed": 1011
Alternatively you can read the binary pattern of the input range from FB 215 "F_ESTOP1".
You will find further information regarding this FB in "S7 Distributed Safety Configuring and
Programming".
7-2
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Fail-safe Mode
7.3 Passivation of the HMI device
Safety class SIL3/cat. 4
Should safety class SIL3/cat. 4 be required for the HMI device, the FB "F_PP17I_SIL3" must
be called in the safety program.
If you want to determine which emergency stop button was pressed under safety class
SIL3/cat. 4, query the state of the outputs "E_STOP1" to "E_STOP4" of the FB.
The following values can occur on the outputs:
0 = Emergency stop button pressed or fault
1 = Emergency stop button not pressed
Note
After resetting a pressed emergency stop button, the associated output "E_STOPn" of the
FB will be reset to "1" after a brief time delay. The time delay equals the value set for the
parameter "DISCTIME" of the FB.
See also
Error Diagnostics (Page 7-6)
Overview (Page 7-1)
FB170 "F_PP17I_SIL3" (Page 6-10)
7.3
7.3
Passivation of the HMI device
Reaction to Error in the Fail-safe System
As soon as the HMI device recognizes a fault in fail-safe mode, it switches all digital inputs
for fail-safe channels to safe mode, i.e. the fail-safe channels of this HMI device are
rendered passive. The HMI device reports the detected error to CPU via the slave
diagnostics. In event of a passivation, substitution values (0) will be set up for the safety
program on the fail-safe digital inputs instead of the current process values.
Passivation
The HMI device is passivated in the following situations:
• When the HMI device is started (startup).
• Configuration errors (errors in the PROFIsafe configuration, e.g. F_WD_TIME too short).
• When errors occur in the fail-safe communication between the F CPU and the HMI device
via the PROFIsafe safety protocol (communication error).
• Hardware errors (e.g. wire breakage, short circuit, discrepancy errors, internal errors of
the HMI device).
• When an emergency stop SIL3 is configured without integration of the
FB "F_PP17I_SIL3".
• When there are parameter assignment errors for the FB "F_PP17I_SIL3", parameter
CH_CNT outside of the valid value range, for example.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
7-3
Fail-safe Mode
7.3 Passivation of the HMI device
Note
When the HMI device is rendered passive, all fail-safe digital inputs are always assigned
the substitute value (0).
Determining Passivation
If you want to determine if the HMI device is passive or not, address the "PASS_OUT"
variable of the F I/O DB. The variable can be assigned the following values:
0 = HMI device not passive
1 = HMI device passive
Reintegration of a Fail-safe HMI Device
After passivation of the HMI device, the fault must be diagnosed and rectified. Afterwards,
the HMI device can be reintegrated.
Further Information on Passivation
You will find further information regarding the passivation of F I/Os and F-I/O DBs in the
"S7 Distributed Safety Configuring and Programming" manual.
See also
Error Diagnostics (Page 7-6)
7-4
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Fail-safe Mode
7.4 Troubleshooting Check List
7.4
7.4
Troubleshooting Check List
Narrowing down faults
The following check list will support you in quickly narrowing down faults.
State of the
Error LED
Further error patterns
Possible cause
Remedy
Dependant on system
message, more detailed
information under
"System messages"
Carry out the remedies as described in System
Messages.
Operational phase: Start
Off
HMI fails to integrate after
startup.
A system message is
displayed on the
configuration module of the
HMI device.
Operational phase: Fail-safe mode, lamp test not activated
Blinks
-
STEP 7 module diagnosis
of numerous simultaneous
"faults" with channel
numbers of all channels
with a configured
emergency stop button.
Lit
STEP 7 module diagnosis
reports "communication
error"
STEP 7 module diagnosis
reports "configuration error"
A PROFIsafe fault has
occurred.
Interrogate the "DIAG" variable of the F-I/O DB.
SIL3 is set up and the
HMI device receives an
invalid test pattern (e.g.
because the FB
"F_PP17I_SIL3" is
missing).
Check that FB "F_PP17I_SIL3" is correctly
integrated and configured in the safety
program.
Numerous hardware
errors have occurred.
If the cause of the fault cannot be located,
check the HMI device.
A PROFIBUS fault has
occurred.
Parameters of the
PROFIBUS DP interface
do not match the
parameters defined in
HW Config.
Carry out the remedies as described in the
"S7 Distributed Safety Configuring and
Programming" manual.
If there is no error in the configuration, check
the wiring between the HMI device and all
connected emergency stop buttons.
A communication error that affects the HMI
device alone suggests a fault in the HMI device.
In this case, look for an error in the HMI device
first.
Check the parameters defined in the
configuration module.
A PROFIBUS fault has
occurred.
Check that the PROFIsafe parameters are
defined as follows:
Incorrect settings for the
PROFIsafe parameters in
HW Config
F_Check_SeqNo = No check
F_CRC_Length = Byte CRC
F_Dest_Add = PROFIsafe address set on HMI
device
F_WD_Time = Minimum 2 x cycle time of the
monitoring program and > call time of the safety
program in time interrupt
You will find details regarding the configuration
settings under "Communication between the
HMI and the PLC"
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
7-5
Fail-safe Mode
7.5 Error Diagnostics
State of the
Error LED
Further error patterns
Possible cause
Remedy
Lit
STEP 7 Module diagnosis
reports "error" in channel
no. 0 to 3
A PROFIBUS fault has
occurred.
Check the wiring between the HMI device and
the emergency stop button on the displayed
channel.
No defined
state
7.5
A hardware fault has
occurred
If the cause of the fault cannot be located,
check the HMI device.
STEP 7 Module diagnosis
The HMI device has failed Exchange the HMI device.
reports "Module interrupted" due to a serious internal
or "Module missing"
fault.
7.5
Error Diagnostics
Definition
Diagnostics enable you to determine if the signals are being correctly registered in the
fail-safe HMI device.
Diagnostic functions
Diagnostic functions (displays and messages) are not critical to safety and therefore are not
designed to be safety-related functions. That is, they are not tested internally.
Diagnostic Options for the Fail-Safe HMI Device
The following diagnostic options are available for fail-safe HMI device:
• LED "ERROR" on front side of the HMI device
For correct evaluation of LED "ERROR" ensure that the lamp test is not active, as the
LED "ERROR" also blinks during lamp testing.
State of the LED "ERROR"
Type of error
Off
No errors have occurred
Blinks
PROFIsafe errors
Lit
PROFIBUS errors
• Diagnostic Functions of the HMI Device
Slave diagnosis according to PROFIBUS standard IEC 61784-1:2002 Ed1 CP 3/1.
• Error messages on the configuration module on the back of the HMI device.
The error messages are described in detail in the appendix.
7-6
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Fail-safe Mode
7.5 Error Diagnostics
Diagnostic Function the HMI Device
The fail-safe HMI device includes a non-configurable diagnostic function. The diagnostics
are always activated and are automatically made available by the HMI in STEP 7 and
passed on to the CPU in the event of a fault.
The diagnostic function passes the following diagnostics information to the CPU:
• Communication fault
Communication between the HMI as DP-slave and the CPU as DP Master has been
interrupted (e.g. due to wrong PROFIBUS address or PROFIsafe address).
• HW fault
External wiring or internal hardware fault, data corruption or procedure error.
• Configuration error
Error in the PROFIsafe configuration
Reading Out Diagnostic Functions
You can display the cause of the error in the module diagnostics in STEP 7 (see online help
for STEP 7).
• Diagnostic information regarding communications errors and configuration errors are
always assigned to channel "0".
• Diagnostic information regarding hardware errors are assigned to the fail-safe channels
of the HMI device as follows:
Display in STEP 7 (Module diagnosis)
Fail-safe channel on HMI device
Channel 0
fail-safe channel 1 (DI1.1, DI1.2, DO1.1, DO1.2)
Channel 1
fail-safe channel 2 (DI2.1, DI2.2, DO2.1, DO2.2)
Channel 2
Fail-safe channel 3 (DI3.1, DI3.2, DO3.1, DO3.2)
Channel 3
Fail-safe channel 4 (DI4.1, DI4.2, DO4.1, DO4.2)
You can read out diagnostic functions (slave diagnostics) by means of SFC 13 in the
standard user program (see System and Standard Functions reference manual).
Diagnosis of PROFIsafe errors
When diagnosing PROFIsafe errors, address the "DIAG" variable of the F-I/O DB. You will
find further information regarding F-I/O DBs in "S7 Distributed Safety Configuring and
Programming".
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
7-7
Fail-safe Mode
7.5 Error Diagnostics
Behavior of the HMI device in the event of a serious internal fault
The HMI device reacts as follows when a serious internal error in the HMI device causes the
HMI device to fail:
• The connection to PROFIBUS DP will be interrupted and the fail-safe channels will be
rendered passive.
• No diagnosis will be transmitted from the HMI device. In STEP 7 in module diagnosis, the
standard diagnosis "Module interrupted" or "Module missing" will be reported.
See also
Error Elimination and Reintegration (Page 7-9)
7-8
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Fail-safe Mode
7.6 Error Elimination and Reintegration
7.6
7.6
Error Elimination and Reintegration
End passivation
When you have eliminated an error that lead to a passivation of the HMI device, you have to
reintegrate the HMI device.
Error Elimination and Reintegration
Error elimination and reintegration of the HMI device should be undertaken dependent on the
type of error recognized:
Error
Error elimination
Reintegration
Communication fault
Set the same PROFIBUS address and
PROFIsafe address in the HMI device as
is configured in the HW Config.
The reintegration occurs after
user acknowledgement in the
safety program.
Check the PROFIBUS wiring and
eliminate the risk of increased EMC
radiation.
Switch the HMI device off and on again.
HW fault
Configuration error
Check the wiring between the HMI
device and all connected actuating
devices (emergency stop buttons).
The reintegration occurs after
user acknowledgement in the
safety program.
Switch the HMI device off and on again.
If the error persists, exchange the
HMI device.
Check the settings of the PROFIsafe
parameter settings in "HW Config" of the
SIMATIC Manager.
The reintegration occurs after
user acknowledgement in the
safety program.
Switch the HMI device off and on again.
After reintegration, the pending process values at the HMI's fail-safe inputs are provided
again for the safety program.
You will find further information regarding the reintegration of F I/Os and the creation of user
acknowledgements in the "S7 Distributed Safety Configuring and Programming" manual.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
7-9
Fail-safe Mode
7.6 Error Elimination and Reintegration
7-10
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Maintenance and servicing
8.1
8.1
8
Maintenance and Servicing
Scope of maintenance
The HMI device is designed for maintenance-free operation. You should still clean the key
membrane regularly, however.
Preparation
Caution
Faulty operation
Always switch off the HMI device before cleaning it. This will ensure that you do not trigger
unintended functions when you touch the keys.
Use a cloth dampened with a cleaning agent to clean the equipment. Only use water with a
little liquid soap or a screen cleaning foam.
Procedure
Never spray the cleaning agent directly onto the HMI device. Apply it to a cloth. Never use
aggressive solvents or scouring powder.
Caution
Do not clean the HMI device with compressed air or steam jet blowers.
8.2
8.2
Testing Hardware
Introduction
You can test the hardware's functionality using the configuration module on the back of the
HMI device. A menu guides you through the test.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
8-1
Maintenance and servicing
8.2 Testing Hardware
Key Functions of the Configuration Module
The keys of the configuration module have the following functions during the hardware tests:
Key
ESC
Function
+
If you press this key combination during the startup of the HMI device, the hardware
test is activated.
Scroll to previous menu item.
Scroll to next menu item.
OK
The test selected in the menu of the hardware test is now performed.
Possible test results:
OK: No error occurred
ERROR: The tested function unit is defective.
Functions of the Hardware Test
The hardware test provides the following test functions:
Function
Display on the HMI device
Description
RAM TEST
RAM OK
RAM operability test
EPROM TEST
CHECK SUM
xxxx
Display the valid checksum for
the respective firmware
DISPL TEST
Code of the pressed key
As long as this function is
active, the code of the pressed
key will be displayed on the
configuration module. Press
<ESC> + <OK> to deactivate
the function.
KEYB. TEST
LED of pressed key on HMI
device lights up yellow.
EEPROM TEST
EEPROM OK
ASPC2 TEST
ASPC2 OK
DIGIO TEST
DI = xxxx
DO = xxxx
Xxxx = State of the digital inputs
and outputs in hexadecimal
format
KEY TEST
xx
State of the enable input
KEYB. ID
xxxx
Key ID:
PP17-I: 2010
EXT. MODUL
ID of the add-on module
xxxx xxxx
xxxx xxxx
End of the hardware test
TEST END
Requirements for the Hardware Test
The configuration module on the back of the HMI device is accessible.
The HMI device is connected to the power supply and PLC.
8-2
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Maintenance and servicing
8.3 Carry out lamp test
Performing the Hardware Test
1. On the configuration module, press the keys
ESC
+
when starting the HMI device.
The hardware test is activated. The display shows the following message:
Any key to enter display mode
2. Press any key on the configuration module to open the hardware test menu.
3. Select the desired test function with the
and
keys and start the function with
OK
.
4. Perform other test functions if necessary.
5. End the hardware test with the TEST END command or by switching off the HMI device.
See also
Front-sided Control Elements and Displays (Page 5-1)
Backside HMI Components, LEDs and Ports (Page 5-3)
Carry out lamp test (Page 8-3)
8.3
8.3
Carry out lamp test
Introduction
The lamp test checks the operability of all keys and LEDs on the HMI device. Carry out a
lamp test on commissioning and at regular intervals during normal operation.
The function key for the lamp test can be configured in the HW Config of the STEP 7 project.
In the factory state, key 1 (upper right) is assigned this function.
The HMI device's functions are restricted during the test as follows to prevent unwanted
signals being sent to the PLC:
• The standard digital inputs are disabled. No signal transitions are reported to the PLC.
• The most recent state of all keys continues to be reported to the PLC until the device
returns to normal operation. The last key press to be reported to the PLC will be the
pressing of the function key assigned to the lamp test.
Note
The fail-safe channels are not disabled during the lamp test. The emergency stop buttons
remain operable.
Requirement
The HMI device is switched on.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
8-3
Maintenance and servicing
8.4 Spare Parts and Repairs
Procedure
Proceed as follows:
1. Hold the key down that has been defined for the lamp test.
The lamp test will be carried out.
– The "ERROR" LED flashes.
– The LEDs integrated in the keys of the HMI device light up.
– All standard digital outputs of the HMI device will be set to 1.
2. End the lamp test by releasing the key that has been defined for the lamp test.
The HMI device resumes normal operation.
Alternative procedure
The lamp test can also be started from the PLC by setting both LED bits that are assigned to
the lamp test function by means of a suitable program. The state "both bits set" corresponds
to the depressed key on the HMI device.
The lamp test can be stopped by re-setting both bits. This corresponds to releasing the key
on the HMI device.
See also
Configuring the HMI device in STEP 7 (Page 6-6)
8.4
8.4
Spare Parts and Repairs
Repairs
Do not repair the HMI device yourself.
In case of repair, the HMI device must be shipped to the Return Center in Fürth. The HMI
device may only be repaired at the manufacturer's site.
The address is:
A&D Return Center
Siemensstr. 2
90766 Fürth, Germany
If you use several HMI devices of the same type, we recommend building up a system
interruption stock.
Note
The replacement parts package for HMI device PP17 Standard may not be used for the
PP 17-I PROFIsafe.
8-4
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Maintenance and servicing
8.4 Spare Parts and Repairs
Service Pack
A service pack can be ordered for servicing purposes. It contains the following spare parts:
• Mounting seal
• Mounting clamps
• Terminal block for connecting the power supply (3x block)
• Coded and non-interchangeable terminal blocks for connecting the digital inputs and
outputs (16x block each)
The service pack can be ordered from your Siemens representative.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
8-5
Maintenance and servicing
8.4 Spare Parts and Repairs
8-6
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
9
Technical Data
9.1
9.1
Dimensional Drawings
Dimension drawing
240
188
204
53
4
224
Figure 9-1
9.2
9.2
Overall dimensions of the HMI device
General Specifications
HMI device
Outer dimensions W x H x D
240 mm x 204 mm x 53 mm
Weight without packing
Approx. 1.13 kg
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
9-1
Technical Data
9.2 General Specifications
Power Supply
Nominal voltage
+24 VDC
Range, permissible
20.4 V to 28.8 V (-15%, +20%)
Current consumption
• Typical
• Power on current surge I2t
•
•
Fuse, internal
Electronic
0.4 A
150 x 10 -3 A2s
Fail-safe Mode
Warning
The safety characteristics in the Technical Data apply for a proof-test interval of 10 years
and a mean repair time of 8 hours.
Maximum achievable safety class
according to IEC 61508
SIL3 (with FB "F_PP17I_SIL3")
according to prEN 954
Cat. 4 (with FB "F_PP17I_SIL3")
Safety characteristics
high demand / continuous mode (PFH: probability of a
dangerous failure per hour)
≤ 1.5e-8
Internal test time
< 1 Minute
Maximum request rate
Pressing of an emergency stop button once every 100
minutes
Maximum acknowledgement time for the F-I/O
• for SIL2/Cat. 3
• for SIL3/Cat. 4
•
•
140 ms
160 ms
Minimum acknowledgement time for the F-I/O
• for SIL2/Cat. 3 and SIL3/Cat. 4
•
44 ms
Response times of the fail-safe channels
• for SIL2/Cat. 3
• for SIL3/Cat. 4
•
•
37 to 72 ms
40 to 72 ms
9-2
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Technical Data
9.3 Specifications for the Digital Inputs and Outputs
9.3
9.3
Specifications for the Digital Inputs and Outputs
Digital inputs 24 V
Power supply
• Nominal value
• Permitted range
• Value for t < 0.5 s
•
•
•
Connectable
Keys, switches
Number of digital inputs
• Can only be used for standard mode
• Can only be used for fail-safe operation
• Can be optionally used
•
•
•
Electrically isolated from internal logic
No
Input voltage
• Nominal value
• For signal "0"
• For signal "1"
•
•
•
Input current for signal "1"
typically 5 mA for 24 V
+24 VDC
+20.4 to +28.8 V
35 V
8
1x2
Standard mode: 6
fail-safe mode: 3 x 2
+24 VDC
0... +5 V
15 to 30 V
Delay time for digital inputs
0.3 ms
Connection of mechanical switches
possible
Bounce time
≤ 10 ms
Maximum cable length
• For unshielded cables
• For shielded cables
•
•
1m
>1m
Maximum cable length for external emergency stop keys
• For unshielded cables
• For shielded cables
•
•
Max. 1 m
Max. 10 m
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
9-3
Technical Data
9.3 Specifications for the Digital Inputs and Outputs
Digital outputs 24 V
Number of digital outputs
14
Groups of digital outputs
• Digital output DO1 to DO4
• Digital outputs DO5 to DO8
• Digital outputs DO9 to DO12
• Digital output DO13 to DO14
•
•
•
•
Electrical isolation
No
Short-circuit protection
Yes
Permitted loads
•
•
Max. inductive energy
200 mWs
Output voltage
• For signal "0"
• For signal "1"
•
•
max. 2 V (no load)
Min. supply voltage -3 V
Output current
• For signal "0"
• For signal "1"
•
•
Max. 1 mA
Cumulative current for all outputs 300 mA
Operating frequency for
• Ohm
• Lamps
•
•
Max. 100 Hz
Max. 8 Hz
Maximum cable length
• for unshielded cables
• for shielded cables
•
•
1m
>1m
Group 1
Group 2
Group 3
Group 4
resistive
Lamps
Enable output
Electrical isolation for internal logic
No
Input voltage
• Nominal value
• for enabled input
• for disabled input
•
•
•
Input voltage when input disabled
typically 2 mA for 24 V
9-4
24 VDC
0... 5 V
15...30 V
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Technical Data
9.4 Response Times
9.4
9.4
Response Times
Introduction
The reaction times of the fail-safe modules enter into the calculation of the reaction time of
the F-system.
'30DVWHU
&38
'3
LQWHUIDFH
'3F\FOH
)%
'36ODYH
33,352),VDIH
Figure 9-2
(PHUJHQF\VWRSEXWWRQ
(PHUJHQF\VWRSEXWWRQ
(PHUJHQF\VWRSEXWWRQ
(PHUJHQF\VWRSEXWWRQ
(PHUJHQF\VWRSEXWWRQ
(PHUJHQF\VWRSEXWWRQ
(PHUJHQF\VWRSEXWWRQ
(PHUJHQF\VWRSEXWWRQ
Response times between DP Master and PP 17-I PROFIsafe
Information Regarding the Calculation of Response Times
Notes regarding the response times of DP Master can be found in the manual of the DP
Master used.
The optional package "S7 Distributed Safety" contains an Excel file "s7cotia.xls" for
calculating maximum response times. You can find the current version of this table on the
Internet at the following address:
"http://www.siemens.com/automation/support", article ID 19138505
You will find further information regarding the calculation of response times for fail-safe
systems in the manual "Safety Engineering in SIMATIC S7".
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
9-5
Technical Data
9.4 Response Times
Response Times for Fail-safe Channels
The response time is the time between a signal change at the digital input and safe loading
of the safety message frame to PROFIBUS.
Response Times of HMI Devices
The alarm view functionality is based on the type of HMI device used.
The actual response time is lies somewhere between a minimum and maximum response
time. When planning a system, the longest response time must always be anticipated.
See also
General Specifications (Page 9-1)
9-6
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Technical Data
9.5 Description of Ports
9.5
9.5.1
9.5
Description of Ports
Power supply
Plug connector, 3-pin
1
2
3
Figure 9-3
Power supply pin assignment
PIN
9.5.2
Assignment
1
+24 VDC
2
GND 24 V
3
DISABLE (enable input)
RS 485 (IF 1B)
Sub-d socket, 9-pin, with screw lock
5
1
9
Figure 9-4
PIN
1
6
RS 485 interface pin assignment
Assignment
n.c.
2
n.c.
3
Data channel B (+)
4
n.c.
5
GND 5 V, floating potential
6
+5 VDC, floating potential
7
n.c.
8
Data channel A (–)
9
n.c.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
9-7
Technical Data
9.5 Description of Ports
9.5.3
Digital Inputs and Outputs
1
1
16
16
Figure 9-5
Assignment of digital inputs (left) and digital outputs (right).
Digital inputs
PIN
9-8
Assignment standard mode
Assignment fail-safe mode
1
DI01: Digital input 1
–
2
DI02: Digital input 2
–
3
DI03: Digital input 3
–
4
DI04: Digital input 4
–
5
DI05: Digital input 5
–
6
DI06: Digital input 6
–
7
DI07: Digital input 7
–
8
DI08: Digital input 8
–
9
DI09: Digital input 9
DI4.2: Fail-safe channel 4, digital input 2
10
DI10: Digital input 10
DI4.1: Fail-safe channel 4, digital input 1
11
DI11: Digital input 11
DI3.2: Fail-safe channel 3, digital input 2
12
DI12: Digital input 12
DI3.1: Fail-safe channel 3, digital input 1
13
DI13: Digital input 13
DI2.2: Fail-safe channel 2, digital input 2
14
DI14: Digital input 14
DI2.1: Fail-safe channel 2, digital input 1
15
–
DI1.2: Fail-safe channel 1, digital input 2
16
–
DI1.1: Fail-safe channel 1, digital input 1
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Technical Data
9.6 Assignment of PLC Bits in the Process Images
Digital outputs
PIN
Assignment standard mode
Assignment fail-safe mode
1
DO01: Digital output 1
–
2
DO02: Digital output 2
–
3
DO03: Digital output 3
–
4
DO04: Digital output 4
–
5
DO05: Digital output 5
–
6
DO06: Digital output 6
–
7
DO07: Digital output 7
–
8
DO08: Digital output 8
–
9
DO09: Digital output 9
DO4.2: Fail-safe channel 4, sensor supply 2
10
DO10: Digital output 10
DO4.1: Fail-safe channel 4, sensor supply 1
11
DO11: Digital output 11
DO3.2: Fail-safe channel 3, sensor supply 2
12
DO12: Digital output 12
DO3.1: Fail-safe channel 3, sensor supply 1
13
DO13: Digital output 13
DO2.2: Fail-safe channel 2, sensor supply 2
14
DO14: Digital output 14
DO2.1: Fail-safe channel 2, sensor supply 1
15
–
DO1.2: Fail-safe channel 1, sensor supply 2
16
–
DO1.1: Fail-safe channel 1, sensor supply 1
See also
Configuring the HMI device in STEP 7 (Page 6-6)
9.6
9.6
Assignment of PLC Bits in the Process Images
Process image for the standard digital inputs and outputs
The states of HMI device digital inputs and outputs that are used in standard mode are
saved independently from the states of the fail-safe channels in their own process images.
Input Range in the PLC
The keys and digital inputs of the HMI device are mapped to the bits in the input range of the
PLC as follows:
Byte
Bit assignment
Bit 7
Bit 0
Byte n
Key 8
...
...
...
...
...
...
Key 1
Byte n+1
Key 16
...
...
...
...
...
...
Key 9
Byte n+2
DI08:
...
...
...
...
...
...
DI01
Byte n+3
-
-
DI14
...
...
...
...
DI09
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
9-9
Technical Data
9.6 Assignment of PLC Bits in the Process Images
Output Range of the PLC
The LEDs are assigned to the bits in the output range of the PLC as follows:
Byte
Bit assignment
Bit 7
Bit 0
Byte n
LED 8
...
...
...
...
...
...
LED 1
Byte n+1
LED 8
...
...
...
...
...
...
LED 1
Byte n+2
LED 16
...
...
...
...
...
...
LED 9
Byte n+3
LED 16
...
...
...
...
...
...
LED 9
The following lighting mode of the two LEDs results assigning the corresponding bits to the
LEDs of a key:
Table 9-1
Example assignment for LED 1
Bit States
Bit 0 in byte n
1
0
1
0
Bit 0 in byte n+1
0
1
1
0
Result
red
green
configurable 1)
Off
1
This state can be set in HW Config:
• Flashing green (default)
• Yellow
• Flashing yellow
• Flashing red
The digital outputs are mapped to the bits in the output range of the PLC as follows:
Byte
Bit assignment
Bit 7
Bit 0
Byte n+4
DO08
...
...
...
...
...
...
DO01
Byte n+5
DO08
Byte n+6
-
...
...
...
...
...
...
DO01
-
DO14
...
...
...
...
DO09
Byte n+7
-
-
DO14
...
...
...
...
DO09
The following flash frequencies result from assigning the corresponding bits to an output:
Table 9-2
Example assignment for DO01
Bit States
9-10
Bit 0 in byte n+4
1
0
1
0
Bit 0 in byte n+5
0
1
1
0
Result
On
0.5 Hz
2 Hz
Off
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Technical Data
9.6 Assignment of PLC Bits in the Process Images
Digital inputs and digital outputs for fail-safe channels
The number of fail-safe channels is configurable. Depending on this, a number of digital
inputs and digital outputs will no longer be available for standard mode.
Note
The above mentioned process image is not used for digital inputs and digital outputs that are
reserved with a fail-safe channel.
The fail-safe channels use their own process images.
You will find further information regarding process images for fail-safe channels in the
"S7 Distributed Safety Configuring and Programming" manual.
See also
Configuring the HMI device in STEP 7 (Page 6-6)
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
9-11
Technical Data
9.6 Assignment of PLC Bits in the Process Images
9-12
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
A
A
Appendix
A.1
A.1
ESD Directives
What does ESD mean?
All electronic modules are equipped with highly integrated modules or components. Based
on their design, these electronic components are highly sensitive to overvoltage and thus to
discharge of static electricity. These electronic components are therefore specially identified
as ESD.
Abbreviation
The following abbreviations are commonly used for electrostatic sensitive devices:
• ESD – Electrostatic Sensitive Devices
• ESD – Electrostatic Sensitive Device as common international designation
Labeling
ESD modules are labeled with the following symbol:
Figure A-1
ESD label
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
A-1
Appendix
A.1 ESD Directives
Electrostatic charge
Caution
Electrostatic charge
ESDs may be destroyed by voltages well below the perception threshold of persons
Voltages of this kind develop when a component or an assembly is touched by a person who
is not grounded against static electricity. Usually, it is unlikely that damage to an ESD as a
result of overvoltage is detected immediately but may become apparent only after a longer
period of operation.
Prevent electrostatic charge of your body before you touch the ESD!
Anyone who is not connected to the electrical potential of their surroundings is subjected to
electrostatic charge.
9ROWDJH
The figure indicates the maximum electrostatic charge anyone is subjected to when
contacting the materials shown. These values correspond with specifications to IEC 801-2.
>[email protected]
>@
5HODWLYHKXPLGLW\
Figure A-2
A-2
Electrostatic voltages with which a person can be charged.
①
Synthetic materials
②
Wool
③
Antistatic materials such as wood or concrete
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Appendix
A.2 System Alarms
Protective measures against discharge of static electricity
Caution
Grounding measures
When working with electrostatic sensitive devices, make sure that the person, the workplace
and the packaging are properly grounded. This helps to avoid electrostatic charge.
As a rule, only touch the ESD if this is unavoidable. Example: for maintenance. When you
touch modules, make sure that you do not touch the pins on the modules or the PCB tracks.
This prevents any discharge of static electricity to sensitive component and thus avoids
damage.
Discharge electrostatic electricity from your body if you are performing measurements on an
ESD. To do so, touch a grounded metallic object.
Always use grounded measuring instruments.
A.2
A.2
System Alarms
"ERROR" LED Displays
The LED "ERROR" indicates if the HMI device is in test mode or if an error has occurred.
"ERROR" LED Displays
Cause
LED flashes (normal mode)
A PROFIsafe fault has occurred. Diagnose and rectify the fault.
LED lights (normal mode)
A PROFIBUS fault has
occurred.
Diagnose and rectify the fault.
LED blinks (lamp test)
A lamp test is currently being
carried out.
End the lamp test by releasing
the key assigned to the function
or by resetting the two LED bits
from the PLC.
LED lights (hardware test mode) A hardware test is being
performed.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Remedy
Stop the hardware test using the
menu of the configuration
module or reboot the HMI
device.
A-3
Appendix
A.2 System Alarms
Messages on the Configuration Module
The following error messages are shown on the display of the configuration module at the
back of the HMI device:
Alarm
Cause
Error message in hardware test mode
A defect in the HMI device's electronics Return the device for repair.
has been detected.
EEPROM ERR
The memory module is defect or not
available.
Install a memory module.
The memory module contains invalid
data.
Check that the correct memory module
has been used.
EEPROM INV
Remedy
Replace the current memory module, if
necessary.
Configure the interface on the HMI
device again.
Connection to the PLC cannot be
established because
• a bus cable is defect or
• the interface configuration is
incorrect.
Check all cables and plugs.
PP START
There is a connection fault.
Check the network configuration and
the configuration of the interface on the
HMI device.
DIAG-ERROR
There is a short circuit in one of the
digital outputs.
Check the wiring of the digital outputs.
NO PLC
A-4
Check the configuration of the interface
on the HMI device.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
B
B
Abbreviations
CPU
Central Processing Unit
CSV
Comma Separated Values
CTS
Clear To Send
DC
Direct Current
DCD
Data Carrier Detect
DIL
Dual-in-Line (electronic chip housing design)
DP
Distributed I/O
DSN
Data Source Name
DSR
Data Set Ready
DTR
Data Terminal Ready
EMC
Electromagnetic Compatibility
EN
European standard
ES
Engineering System
ESD
Electrostatic Discharge, the components and modules endangered by
such
ESD
Electrostatic Sensitive Device
F-CPU
Fail-safe Central Processing Unit
GND
Ground
HF
High Frequency
HMI
Human Machine Interface
IEC
International Electronic Commission
IF
Interface
Cat.
Category according to prEN 954-01 (fail-safe mode)
LED
Light Emitting Diode
MMC
Multi-Media Card
MOS
Metal Oxide Semiconductor
MPI
Multipoint Interface (SIMATIC S7)
MS
Microsoft
MTBF
Mean Time Between Failures
n. c.
Not connected
OP
Operator Panel
PC
Personal Computer
PG
Programming device
PLC
Programmable Logic Controller
PPI
Point to Point Interface (SIMATIC S7)
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
B-1
Abbreviations
A.2 System Alarms
B-2
RAM
Random Access Memory
RTS
Request To Send
RxD
Receive Data
SELV
Safety Extra Low Voltage
SIL
Safety Integrity Level (safety class)
SP
Service pack
STN
Super Twisted Nematic
Sub-D
Subminiature D (plug)
TAB
Tabulator
TCP/IP
Transmission Control Protocol/Internet Protocol
TFT
Thin Film Transistor
TxD
Transmit Data
UL
Underwriter’s Laboratory
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Glossary
1oo2 evaluation
Type of sensor evaluation - In 1oo2 evaluation, the two input channels are used by a single
sensor with branching or two sensors. The input signals are compared internally for
equivalence or non-equivalence.
AG
PLC of the SIMATIC S5 series such as the AG S5-115U, for example
AS
PLC of the SIMATIC S7 series such as a SIMATIC S7-300
Configuration module
Module on the back of the HMI device. The configuration module is used to configure the
HMI device's interface to the controller and to conduct the hardware test.
EMC
Electromagnetic compatibility is the ability of electrical equipment to function properly in its
electromagnetic environment without influencing this environment.
Encoder evaluation
There are two types of sensor evaluation:
• 1oo1 Evaluation: Sensor signal is read once
• 1oo2 Evaluation: The sensor signal is read twice by the same F I/O and compared
internally.
Failsafe
Capability of a technical system to remain in a safe state or switch to another safe state
immediately after certain failures occur.
Fail-safe communication
Communication used to exchange fail-safe data.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Glossary-1
Glossary
Fail-safe DP standard slave
Standard slaves operated on PROFIBUS with the DP protocol and the PROFIsafe bus
profile. They respond according to the standard IEC 61784-1:2002 Ed1 CP 3/1 and the
PROFIsafe bus profile. A device database file (*.GSD file) is used to configure fail-safe DP
standard slaves.
Failsafe function block (F-FB)
F block refers to all fail-safe blocks:
• Those created by the user in the programming languages F-FBD/F-LAD, F-CALL and
F-DB (S7 Distributed Safety)
• Those selected from a library by the user
• Those automatically completed in the safety program
Fail-safe Mode
See Safety mode.
Fail-safe system, F system
Fail-safe systems are used to control processes in which immediate shutdown results in a
safe system status. This means that an immediate shutdown does not result in danger to
people or the environment. F systems are used in plants requiring higher levels of safety.
Notation
System consisting of characters, symbols and rules. In particular used to define the write
format of a programming language in data processing.
Passivation
If the F I/O detects a fault/error, it switches the affected channel or all its channels to the safe
state. In other words, channels of this F I/O are passivated. The F I/O reports the detected
error to CPU via the slave diagnostics. With an F I/O with inputs, passivation is performed by
the the F system by making available substitute values (0) to the safety program instead of
the process values queued at the fail-safe inputs. With an F I/O with outputs, passivation is
performed by the the F system by sending substitute values (0) to the fail-safe outputs
instead of the output values provided by from the safety program.
Plant
General term referring to machines, processing centers, systems, plants and processes
which are operated and monitored on an HMI device.
PLC
General term for devices and systems with which the HMI device communicates, e.g.
SIMATIC S7.
Glossary-2
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Glossary
PROFIsafe
Fail-safe bus profile of PROFIBUS DP/PA for communication between the safety program
and the F I/O in an F system.
PROFIsafe address
Every F I/O has a PROFIsafe address. This address is used to receive safety frames from
the F CPU or send safety frames to the F CPU.
Proof-test interval
The proof-test interval is the time period after which a component must be put into fail-safe
state. That is, it is replaced by an unused component or it is proven to be completely faultfree.
Reintegration
Once a fault/error has been eliminated, the F I/O must be reintegrated (depassivated).
Reintegration (switching from substitute values to process data) takes place either
automatically or following user acknowledgment.
For an F I/O module with inputs, the process data queued at the failsafe inputs are made
available again to the safety program after reintegration. For an F I/O module with outputs,
the output values for fail-safe outputs are sent again by the system to the fail-safe outputs.
Safe state
State of a unit in which safety is assured. In other words, the risk is acceptably low because
it has been established that safety-related malfunctions do not occur or because of the
safety measures taken to prevent possible safety-related malfunctions.
The basic principle of the safety concept in a fail-safe system is the existence of a safe state
for all process variables.
Safety class
Safety level in accordance with IEC 61508 and prEN 50129. The higher the safety integrity
level, the more comprehensive are the measures to avoid systematic errors and control
systematic errors and random hardware failures.
Safety function
Safety function is a mechanism integrated in fail-safe I/Os and CPUs, enabling them to be
used in fail-safe systems. In accordance with IEC 61508: a safety function is implemented by
a safety system to ensure that the system is kept in a safe state or brought into a safe state
in the event of a particular fault. (user safety function)
Safety mode
Operating mode of the HMI device in which fail-safe communication can be performed via
safety frames.
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Glossary-3
Glossary
Standard mode
Operating mode of an HMI device in which only standard communication is possible and
fail-safe communication cannot be performed via safety frames.
STEP 7
Programming software SIMATIC S7, SIMATIC C7 and SIMATIC WinAC PLCs.
Glossary-4
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Index
A
Accessories
Accessory kit, 1-3
Accessory kit, 1-3
Ambient temperature
Impermissible, 3-4
Approvals, 2-2
C
Cable lengths, 3-10, 9-3
calculation
Response time, 9-5
Casing, 9-1
Check list
Application Planning, 3-1
Configuration, 6-1
Mounting and Connecting, 4-1
Troubleshooting, 7-5
Cleaning agents, 8-1
Climatic
Storage conditions, 2-7
Transport conditions, 2-7
Communication fault, 7-7
Conductor cross-section, 4-13
Configuration error, 7-7
connecting
Connection sequence, 4-9
Equipotential bonding, 4-11
HMI device, 4-9
PLC, 4-15
Connecting the PLC
Connection diagram, 4-15
Connecting the terminal block, 4-14
Connection diagram
Connecting the equipotential bonding circuit, 412
Connecting the PLC, 4-15
Connecting the power supply, 4-13
Connection sequence, 4-9
Connections
F_PP17I_SIL3, 6-12, 6-13
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
CPU 315F-2, 1-5
CPU 317F-2, 1-5
CPU 416F-2, 1-5
D
Diagnostic functions, 7-6
Reading out, 7-7
Diagnostics, 7-7
Definition, 7-6
Digital inputs, 9-3
Digital outputs, 9-4
E
EC declaration of conformity, 2-2
Electrostatic charge, A-2
Emergency stop button
Fail-safe wiring, 4-7
Emergency stop button
Mounting position, 4-3
Pressed, 7-2
Query state, 7-2
Enable output, 9-4
Equipotential bonding
connecting, 4-11
Connection diagram, 4-12
Installing, 4-12
Requirements, 4-11
Equipotential bonding cable, 4-11
Error alarms, A-3
Error reaction
of the HMI device, 7-3
F
F_PP17I_SIL3, 6-10
Fail-safe Mode
Technical Data, 9-2
Fault, 7-7
FB 170, 6-10
Index-1
Index
H
High frequency radiation, 2-1
HMI device
connecting, 4-9
EMC-compliant mounting, 2-4
Error reaction, 7-3
mounting, 4-8
Mounting, 3-5
Mounting position, 3-4
Ports, 4-10
Switching off, 4-17
Switching on, 4-16
Testing, 4-16
HW fault, 7-7
I
Inputs
F_PP17I_SIL3, 6-12
Installation location, 3-5
Instructions
General, 2-3
Safety, 2-1
Working on the cabinet, 2-1
Interference
Pulse-shaped, 2-4
Sinusoidal, 2-5
Internal error
Reaction to, 7-7
K
Keys
Labeling, 5-6
L
Labeling
Approvals, 2-2
EC declaration of conformity, 2-2
Keys or standard components, 5-6
Labeling strips, 1-3, 5-7
Lamp test, 8-3
M
Maintenance, 8-1, 8-5
Malfunction
F_PP17I_SIL3, 6-11
Mechanical
Storage conditions, 2-7
Index-2
Transport conditions, 2-7
Mode of operation
F_PP17I_SIL3, 6-11
Module diagnostics, 7-7
Mounting
EMC-compliant, 2-4
HMI device, 3-5, 4-8
Standard component, 4-4
Mounting clamp, 3-5
Mounting cut-out, 3-6
Dimensions, 3-6
Preparing, 3-6
Mounting position, 4-3
HMI device, 3-4
O
Offices, iv
Outputs
F_PP17I_SIL3, 6-13
P
Passivation, 7-3
Pin assignment
Power supply, 9-7
PLC, 1-5
Ports, 4-10
Potential differences, 4-10
Power supply, 9-2
Conductor cross-section, 4-13
connecting, 4-14
Connecting the terminal block, 4-14
Connection diagram, 4-13
Reverse polarity protection, 4-14
PROFIBUS DP, 1-5
PROFIsafe, 1-5
Protocol, 1-5
R
Radiation
High frequency, 2-1
Reading out
of the diagnostic functions, 7-7
Ready for operation, 4-16
Registered Trademarks, iv
Representatives, iv
Response time, 9-5
Reverse polarity protection, 4-14
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Index
S
Safety instructions
High frequency radiation, 2-1
Working on the cabinet, 2-1
Scope of maintenance, 8-1
Service
On the Internet, v
Service pack, 8-5
SFC 13, 7-7
Slave diagnostics
Reading out, 7-7
Standard component
Labeling, 5-6
Mounting, 4-4
Mounting position, 4-3
Starting
of the HMI device, 7-3
State
The emergency stop button, 7-2
Storage conditions, 2-7
Support
On the Internet, v
Switch off
HMI device, 4-17
Switching on
HMI device, 4-16
System Alarms, A-3
T
Technical Data
Cable lengths, 9-3
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
Casing, 9-1
Digital inputs 24 V, 9-3
Digital outputs 24 V, 9-4
Enable output, 9-4
Fail-safe Mode, 9-2
Power supply, 9-2, 9-7
Response time, 9-5
Testing
HMI device, 4-16
Training Center, iv
Transient behavior
F_PP17I_SIL3, 6-11
Transport conditions, 2-7
Troubleshooting
Check list, 7-5
Type of fixation, 3-5
U
Upkeep, 8-1
Use
Conditions, 3-1
In industry, 2-3
In residential areas, 2-3
With additional measures, 3-2
W
Wiring
Emergency stop button, 4-7
Working on the cabinet, 2-1
Index-3
Index
Index-4
PP 17-I PROFIsafe
Operating Instructions, 05/2006, A5E00430188-02
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
advertisement
© 2021