6ES7194-4DC00-0AA0 - SIEMENS

ET 200pro Distributed I/O System - Fail-

Safe Modules

___________________

SIMATIC

Distributed I/O fail-safe engineering

ET 200pro Distributed I/O System -

Fail-Safe Modules

Operating Instructions

07/2013

A5E00394073

-03

Preface

Product Overview

Configuration

Address Assignment and

Installation

Wiring

Diagnostics

General Technical

Specifications

Fail-Safe Connection

Modules

Fail-Safe Electronic Modules

Diagnostic Data of Fail-Safe

Modules

Dimension Drawings

Accessories and Order

Numbers

Response Times

Switching of Loads

Siemens AG

Industry Sector

Postfach 48 48

90026 NÜRNBERG

GERMANY

A5E00394073-03

Ⓟ

09/2013 Technical data subject to change

Legal information

Warning notice system

This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent

damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert

symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are

graded according to the degree of danger.

DANGER

indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING

indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION

indicates that minor personal injury can result if proper precautions are not taken.

NOTICE

indicates that property damage can result if proper precautions are not taken.

If more than one degree of danger is present, the warning notice representing the highest degree of danger will

be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to

property damage.

Qualified Personnel

The product/system described in this documentation may be operated only by

personnel qualified

for the specific

task in accordance with the relevant documentation, in particular its warning notices and safety instructions.

Qualified personnel are those who, based on their training and experience, are capable of identifying risks and

avoiding potential hazards when working with these products/systems.

Proper use of Siemens products

Note the following:

WARNING

Siemens products may only be used for the applications described in the catalog and in the relevant technical

documentation. If products and components from other manufacturers are used, these must be recommended

or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and

maintenance are required to ensure that the products operate safely and without any problems. The permissible

ambient conditions must be complied with. The information in the relevant documentation must be observed.

Trademarks

All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication

may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of Liability

We have reviewed the contents of this publication to ensure consistency with the hardware and software

described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the

information in this publication is reviewed regularly and any necessary corrections are included in subsequent

editions.

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 3

Preface

Purpose of this Manual

The information in this manual is a reference source for operations, function descriptions,

and technical specifications of the fail-safe modules of the ET 200pro distributed I/O system.

Basic Knowledge Requirements

This manual is a supplement to the

ET 200pro Distributed I/O System

manual. Working with

this manual requires general knowledge of automation engineering. Knowledge of the

STEP 7

basic software and the ET 200pro distributed I/O system is also required.

Scope of this Manual

Module

Order Number

Release Number

and Higher

CM IO 16xM12 fail-safe connection module for

EM 8/16 F-DI electronic module

6ES7194-4DD00-0AA0 01

CM IO 12xM12 fail-safe connection module for

EM 4/8 F-DI/4 F-DO electronic module

6ES7194-4DC00-0AA0 01

CM F-IO 2×M12 fail-safe connection module for F-

Switch PROFIsafe

6ES7194-4DA00-0AA0 01

EM 8/16 F-DI DC24V PROFIsafe fail-safe digital

electronic module

6ES7148-4FA00-0AB0 01

EM 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe fail-safe

digital electronic module

6ES7148-4FC00-0AB0 01

F-Switch PROFIsafe fail-safe digital electronic

module

6ES7148-4FS00-0AB0 01

What's New

Compared with the previous version, this manual includes the following major

changes/additions:

● F-Switch PROFIsafe digital electronic module

Approvals

See "Standards and Approvals"

In addition, ET 200pro fail-safe modules are certified for use in safety mode up to the

following levels:

● Safety Integrity Level SIL3 in accordance with IEC 61508:2000

● Performance level (PL) e and category 4 in accordance with ISO 13849-1:2006 or EN

ISO 13849-1:2008

CE C ertification

See "Standards and Approvals"

Certification Mark for Australia (C-Tick Mark)

See "Standards and Approvals"

Preface

ET 200pro Distributed I/O System - Fail-Safe Modules

4 Operating Instructions, 07/2013, A5E00394073-03

Standards

See "Standards and Approvals"

Position in the Information Landscape

When working with ET 200pro fail-safe modules and depending on your particular

application, you will need to consult the additional documentation listed below.

References to additional documentation are included in this manual where appropriate.

Documentation

Brief Description of Relevant Contents

ET 200pro Distributed I/O

System

Manual

Describes all generally applicable topics for the ET 200pro hardware (including

configuration, installation, and wiring of ET 200pro)

Safety Engineering in

SIMATIC S7

System

Description

• Provides an overview of the application, configuration, and method of operation of

S7 Distributed Safety and S7 F/FH Systems fail-safe automation systems

• Contains a summary of detailed technical information concerning fail-safe engineering

in S7-300 and S7-400

• Includes monitoring and response time calculations for S7 Distributed Safety and

S7 F/FH Systems fail-safe systems

For integration in the

S7 Distributed Safety fail-safe

system

The following elements are described in the

S7 Distributed Safety Configuring and

Programming

Operating Manual and Online Help:

• Configuration of the F-CPU and the F-I/O

• Programming of the F-CPU in F-FBD or F-LAD

Depending on which F-CPU you are using, you will need the following documentation:

• The

S7-300, CPU 31xC and CPU 31x Operating Instructions: Installation

describes the

assembly and wiring of S7-300 systems.

• The

CPU 31xC and CPU 31x, Technical Data

Manual describes the standard functions

of the CPU 315-2 DP and PN/DP and the CPU 317-2 DP and PN/DP.

• The

Automation System S7-400 Hardware and Installation

Installation Manual

describes the assembly and wiring of S7-400 systems.

• The

Automation System S7-400 CPU Specifications

Reference Manual describes

CPU 416-2.

• Each applicable F-CPU has its own product information bulletin. These product

information bulletins describe only the deviations from the relevant standard CPUs.

STEP 7

manuals • The

Configuring Hardware and Communication Connections with STEP 7 V5.x

Manual

describes the operation of the relevant standard tools of

STEP 7

• The

System Software for S7-300/400 System and Standard Functions

Reference

Manual describes functions for distributed I/O access and diagnostics.

STEP 7

Online Help • Describes how to operate the standard tools of

STEP 7

• Contains information about how to configure and assign parameters for modules and

intelligent slaves with

HW Config

• Contains a description of the FBD and LAD programming languages

PCS 7

manuals • Describe how to operate the

PCS 7

process control system (required when ET 200pro

with fail-safe modules is integrated in a higher-level control system).

The entire SIMATIC S7 documentation is available on CD-ROM.

Preface

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 5

Guide

This manual describes the fail-safe modules of the ET 200pro distributed I/O system. It

consists of instructional sections and reference sections (technical specifications and

appendices).

This manual presents the following basic aspects of fail-safe modules:

● Structure and application

● Configuring

● Addressing, installing, and wiring

● Diagnostic evaluation

● Technical Specifications

● Order numbers

Conventions

In this manual, the terms "safety engineering" and "fail-safe engineering" are used

synonymously. The same applies to the terms "fail-safe" and "F-".

"When

"S7 Distributed Safety"

appears in italics, it refers to the optional packages for the two

"S7 Distributed Safety" fail-safe systems.

Recycling and Disposal

Due to the low levels of pollutants in the fail-safe modules of the ET 200pro, the modules can

be recycled. For proper recycling and disposal of your old module (device), consult a

certified disposal facility for electronic scrap.

Additional Support

If you have further questions about the use of products presented in this manual, contact

your Siemens representative in your local office.

(http://www.siemens.com/automation/partner)

Preface

ET 200pro Distributed I/O System - Fail-Safe Modules

6 Operating Instructions, 07/2013, A5E00394073-03

Training Center

We offer courses to help you get started with the S7 automation system. Contact your

regional training center or the central training center in D 90327 Nuremberg, Federal

Republic of Germany.

Internet: (http://www.sitrain.com)

H/F Competence Center

The H/F Competence Center in Nuremberg offers special workshops on SIMATIC S7 fail-

safe and fault-tolerant automation systems. The H/F Competence Center can also provide

assistance with onsite configuration, commissioning, and troubleshooting.

For questions about workshops, etc., contact: hf-cc@siemens.com

Technical Support

Technical support for all A&D products can be obtained

● Using the Support Request Web form on the Internet

(http://www.siemens.en/automation/support-request)

You can find additional information about our Technical Support on the Internet

(http://www.siemens.en/automation/service)

Preface

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 7

Service & Support on the Internet

In addition to our paper documentation, we offer our complete knowledge base on the

Internet (http://www.siemens.com/automation/service&support).

There, you will find the following information:

● Newsletters providing the latest information on your products

● Relevant documentation for your application, which you can access via the search

function in Service & Support

● A forum where users and experts from all over the world exchange ideas

● Your local Automation & Drives representative

● Information about local service, repair, and replacement parts and much more can be

found under "Services."

Important Note for Maintaining the Operational Safety of Your System

Note

Operators of systems with safety

-related characteristics are subject to special requirements

for operational s

afety. The supplier is also obliged to comply with special product monitoring

measures. For this reason, we publish a special newsletter containing information on product

developments and product properties that are important (or potentially important) for

operation of systems where safety is an issue. By subscribing to the relevant newsletter, you

will ensure that you are always up

-to-date and able to make changes to your system, when

necessary. Please go to the Internet

(

http://my.ad.siemens.de/myAnD/guiThemes2Select.asp?subjectID=2&lang=en

) and register

for the following newsletters:

•

SIMATIC S7-300

•

SIMATIC S7-400

•

Distributed I/O

•

SIMATIC Industrial Software

To receive t

hese newsletters, select the corresponding check boxes.

See also

Standards and Approvals (Page 39)

Preface

ET 200pro Distributed I/O System - Fail-Safe Modules

8 Operating Instructions, 07/2013, A5E00394073-03

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 9

Table of contents

Preface ................................................................................................................................................... 3

1 Product Overview .................................................................................................................................. 11

1.1 ET 200pro Fail-Safe Modules ...................................................................................................... 11

1.2 Application of ET 200pro fail-safe modules ................................................................................. 13

1.3 Guide for Commissioning of ET 200pro with Fail-Safe Modules ................................................. 16

2 Configuration ........................................................................................................................................ 17

2.1 Configuration of ET 200pro with Fail-Safe Modules .................................................................... 17

2.2 Allocation of Modules of an ET 200pro ........................................................................................ 18

2.3 Limitation of Connectable Modules/Maximum Configuration ...................................................... 19

2.4 Configuration and Parameter Assignment ................................................................................... 20

3 Address Assignment and Installation ..................................................................................................... 21

3.1 Address Assignments in the F-CPU ............................................................................................ 21

3.2 Assignment of PROFIsafe Address ............................................................................................. 23

3.3 Installing ....................................................................................................................................... 24

4 Wiring ................................................................................................................................................... 25

4.1 Safe Functional Extra Low Voltage for Fail-Safe Modules .......................................................... 25

4.2 Wiring of Fail-Safe Modules ......................................................................................................... 27

4.3 Inserting and removing fail-safe connection modules and electronic modules ........................... 28

4.4 Requirements for Sensors and Actuators .................................................................................... 29

5 Diagnostics ........................................................................................................................................... 31

5.1 Reactions to Faults ...................................................................................................................... 31

5.2 Error Diagnostics.......................................................................................................................... 34

6 General Technical Specifications .......................................................................................................... 39

6.1 Standards and Approvals ............................................................................................................. 39

6.2 Electromagnetic Compatibility ...................................................................................................... 43

6.3 Transport and storage conditions ................................................................................................ 47

6.4 Mechanical and Climatic Environmental Conditions .................................................................... 47

6.5 Specifications for Dielectric Tests, Protection Class, Degree of Protection, and Rated

Voltage ......................................................................................................................................... 49

7 Fail-Safe Connection Modules .............................................................................................................. 51

7.1 CM IO 16xM12 Fail-Safe Connection Module for EM 8/16 F-DI DC24V PROFIsafe .................. 51

Table of contents

ET 200pro Distributed I/O System - Fail-Safe Modules

10 Operating Instructions, 07/2013, A5E00394073-03

7.2 CM IO 12xM12 Fail-Safe Connection Module for EM 4/8 F-DI/4-DO DC24V/2A

PROFIsafe................................................................................................................................... 53

7.3 CM F-IO 2 × M12 Fail-Safe Connection Module for F-Switch PROFIsafe ................................. 55

8 Fail-Safe Electronic Modules ................................................................................................................. 57

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module ............................................................. 58

8.1.1 Properties of 8/16 F-DI DC24V PROFIsafe Electronic Module .................................................. 58

8.1.2 Terminal Assignment of 8/16 F-DI DC24V PROFIsafe Electronic Module ................................. 59

8.1.3 Block Diagram of 8/16 F-DI DC24V PROFIsafe Electronic Module ........................................... 60

8.1.4 Parameters for the 8/16 F-DI DC24V PROFIsafe Electronic Module ......................................... 61

8.1.5 Wiring of Inputs of 8/16 F-DI DC24V PROFIsafe Electronic Module .......................................... 65

8.1.6 Use Case 1: Safety Mode SIL2/Category 3 ................................................................................ 67

8.1.7 Use Case 2: Safety Mode SIL3/Category 3 ................................................................................ 70

8.1.8 Use Case 3: Safety Mode SIL3/Category 4 ................................................................................ 81

8.1.9 Diagnostic Functions of the 8/16 F-DI DC24V PROFIsafe Electronic Module ........................... 86

8.1.10 Technical Specifications for the 8/16 F-DI DC24V PROFIsafe Electronic Module ..................... 89

8.2 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Digital Electronic Module............................................. 93

8.2.1 Properties of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module ............................ 93

8.2.2 Terminal Assignment of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module .......... 95

8.2.3 Block Diagram for the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module .................... 96

8.2.4 Parameters for the 4/8 F-DI/4 F-DO DC24V/2 A PROFIsafe Electronic Module ........................ 97

8.2.5 Wiring of Inputs of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module ................. 101

8.2.6 Wiring of Outputs of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module ............... 102

8.2.7 Diagnostic Functions of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module ......... 105

8.2.8 Technical Specifications for the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic

Module ....................................................................................................................................... 108

8.3 F-Switch PROFIsafe Digital Electronic Module......................................................................... 113

8.3.1 Properties of the F-Switch PROFIsafe Electronic Module ........................................................ 113

8.3.2 Terminal Assignment of the F-Switch PROFIsafe Electronic Module....................................... 114

8.3.3 Block Diagram of the F-Switch PROFIsafe Electronic Module ................................................. 115

8.3.4 Parameters for the F-Switch PROFIsafe Electronic Module ..................................................... 116

8.3.5 Wiring of Inputs of the F-Switch PROFIsafe Electronic Module ............................................... 120

8.3.6 Use Case 1: Safety Mode of F-Switch PROFIsafe ................................................................... 122

8.3.7 Use Case 2: Safety Mode SIL3/Category 3 .............................................................................. 122

8.3.8 Use Case 3: Safety Mode SIL3/Category 4 .............................................................................. 133

8.3.9 Wiring of Outputs of the F-Switch PROFIsafe Electronic Module............................................. 137

8.3.10 Properties of the F-Switch PROFIsafe Electronic Module ........................................................ 141

8.3.11 Technical Specifications for the F-Switch PROFIsafe Electronic Module ................................ 144

A Diagnostic Data of Fail-Safe Modules ................................................................................................... 149

B Dimension Drawings ............................................................................................................................ 159

C Accessories and Order Numbers.......................................................................................................... 161

C.1 Accessories and Order Numbers .............................................................................................. 161

D Response Times .................................................................................................................................. 163

D.1 Response Times ....................................................................................................................... 163

E Switching of Loads ............................................................................................................................... 167

E.1 Switching of Capacitive Loads .................................................................................................. 167

E.2 Switching of Inductive Loads .................................................................................................... 169

Glossary .............................................................................................................................................. 171

Index ................................................................................................................................................... 181

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 11

Product Overview

Overview

This chapter provides information about the following topics:

● ET 200pro distributed I/O system with fail-safe modules and its place in SIMATIC S7 fail-

safe automation systems

● Components comprising the ET 200pro distributed I/O system with fail-safe modules

● The steps you must perform, ranging from selection of the F-modules to commissioning

of ET 200S on PROFIBUS DP/PROFINET IO

1.1

ET 200pro Fail-Safe Modules

Fail-Safe Automation System

Fail-safe automation systems (F-systems) are used in systems with increased safety

requirements. F-systems are used to control processes that can achieve a safe state

immediately as a result of a shutdown. In other words, F-systems control processes where

an immediate shutdown will not endanger humans or the environment.

ET 200pro Distributed I/O System

The ET 200pro distributed I/O system is a DP slave/IO device on PROFIBUS DP/PROFINET

IO that can contain fail-safe modules in addition to ET 200pro standard modules.

You can use copper cables to assemble the PROFIBUS DP/PROFINET IO lines.

Product Overview

1.1 ET 200pro Fail-Safe Modules

ET 200pro Distributed I/O System - Fail-Safe Modules

12 Operating Instructions, 07/2013, A5E00394073-03

Fail-Safe Modules

The primary difference between fail-safe modules and ET 200pro standard modules is that

fail-safe modules have a two-channel internal design. The two integrated processors monitor

each other, automatically test the input and output circuits and set the F-module to a safe

state in the event of a fault. The F-CPU communicates with the fail-safe module using the

PROFIsafe safety-related bus profile.

Fail-safe digital input modules

record the signal states of safety-related sensors and send

corresponding safety message frames to the F-CPU.

Fail-safe digital output modules

are suitable for shutdown operations with short-circuit and

cross-circuit monitoring up to the actuator.

Fail-safe switch

acquires the signal states of safety-related sensors and sends

corresponding safety message frames to the F-CPU and is suitable for connection of

frequency converters, motors, and output modules.

Fail-safe connection modules

are mounted on the fail-safe electronic modules. They are

used to connect sensors and actuators.

Product Overview

1.2 Application of ET 200pro fail-safe modules

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 13

1.2

Application of ET 200pro fail-safe modules

Possible Applications of ET 200pro With Fail-Safe Modules

The use of ET 200pro with fail-safe modules enables conventional safety engineering

designs to be replaced with PROFIBUS DP/PROFINET IO components. This includes

replacement of switching devices for emergency stop, protective door monitors and two-

hand operation.

Use in F-Systems

ET 200pro fail-safe modules can be used:

● In the S7 Distributed Safety F-system with the

S7 Distributed Safety

V 5.1 or higher and

F-Configuration Pack

V 5.4 or higher optional packages

The following manuals are applicable to the use of ET 200pro fail-safe modules in F-

systems:

●

ET 200pro Distributed I/O Device

●

Safety Engineering in SIMATIC S7

●

S7 Distributed Safety, Configuring and Programming

Product Overview

1.2 Application of ET 200pro fail-safe modules

ET 200pro Distributed I/O System - Fail-Safe Modules

14 Operating Instructions, 07/2013, A5E00394073-03

F-System with ET 200pro

The following figure presents an example configuration for an S7 Distributed Safety F-

system including an ET 200pro on PROFIBUS DP/PROFINET IO.

The fail-safe DP master/IO controller exchanges safety-relevant and non-safety-relevant

data, for example, with the fail-safe and standard ET 200pro modules.

Figure 1-1 S7 Distributed Safety Fail-Safe Automation System

Product Overview

1.2 Application of ET 200pro fail-safe modules

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 15

Availability of Fail-Safe Electronic Modules

The following fail-safe electronic modules are available for ET 200pro:

● 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

● 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe digital electronic module; P/M switching (current

sourcing/sinking)

● F-Switch PROFIsafe digital electronic module, (one F-switch per potential group allowed)

Fail-safe connection modules are available for the fail-safe electronic modules. A detailed list

of these modules is included in this manual.

Application Limited to Safety Mode

You can operate standard and fail-safe modules simultaneously in an ET 200pro.

Fail-safe modules can only be used in safety mode. They cannot be operated in standard

mode.

Achievable Safety Classes

Fail-safe modules are equipped with integrated safety functions for safety mode.

The following safety classes can be achieved by assigning applicable parameters to the

safety functions in

STEP 7

with the

S7 Distributed Safety

S7 F/FH Systems

optional

package, combining certain standard and F-modules and arranging the wiring of the sensors

and actuators in a specific way:

Table 1- 1 Achievable Safety Classes in Safety Mode

Safety class in safety mode

According to IEC 61508:2000

According to ISO 13849-1:2006 or EN ISO 13849-

1:2008

SIL2 Cat. 3/PLe

SIL3

Cat. 4/PLe

See also

Configuration of ET 200pro with Fail-Safe Modules (Page 17)

Product Overview

1.3 Guide for Commissioning of ET 200pro with Fail-Safe Modules

ET 200pro Distributed I/O System - Fail-Safe Modules

16 Operating Instructions, 07/2013, A5E00394073-03

1.3

Guide for Commissioning of ET 200pro with Fail-Safe Modules

Introduction

The following table lists all important steps required for commissioning ET 200pro distributed

I/O systems with fail-safe modules as DP slaves/IO devices on

PROFIBUS DP/PROFINET IO.

Sequence of Steps Starting From Selection of F-Modules to Commissioning of ET 200pro

Table 1- 2 Sequence of Steps Starting From Selection of F-Modules to Commissioning of

ET 200pro

Step

Procedure

See ...

1. Select F-modules for ET 200pro

configuration.

Chapter "Configuration Options"

2. Configure and assign parameters for F-

modules in

STEP 7

Chapter "Configuration and Parameter

Assignment" and "Fail-Safe Modules"

3. Set PROFIsafe addresses on F-modules. Chapter "Address Assignment and

Installation"

4. Mount ET 200pro. Chapter "Address Assignment and

Installation"

Wire ET 200pro.

Chapter "Wiring and Assembly"

6. Commission ET 200pro on

PROFIBUS DP/PROFINET IO.

ET 200pro Distributed I/O Device

manual

7. If commissioning was not successful,

perform diagnostics on ET 200pro.

Chapters "Diagnostics" and "Fail-Safe

Modules" and

ET 200pro Distributed I/O

Device

manual

Note

You must configure and assign parameters for the F

-modules in

STEP 7

prior to

commissioning.

Reason:

STEP 7

automatically assigns the PROFIsafe addresses to the F-modules. You

must set these PROFIsafe addresses on each F

-module via a switch before mounting the

module.

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 17

Configuration

2.1

Configuration of ET 200pro with Fail-Safe Modules

Introduction

You can configure ET 200pro distributed I/O systems with standard and fail-safe modules.

This chapter presents an example configuration.

Configuration Example for ET 200pro with Fail-Safe Modules

The figure below presents a configuration example with standard and fail-safe modules

within an ET 200pro.

①

CM IM DP Direct connection module for the interface module

②

IM 154-2 DP HIGH FEATURE (PROFIBUS DP) interface module (6ES7 154-2AA00-0AB0)

IM 154-4 PN HIGH FEATURE (PROFINET IO) interface module (6ES7 154-4AA00-0AB0)

③

Connection modules for the electronic modules

④

Terminating module

⑤

Heavy-gauge threaded joints for cables at the connection module

Figure 2-1 Configuration Example for ET 200pro with Fail-Safe Modules

Configuration

2.2 Allocation of Modules of an ET 200pro

ET 200pro Distributed I/O System - Fail-Safe Modules

18 Operating Instructions, 07/2013, A5E00394073-03

2.2

Allocation of Modules of an ET 200pro

Introduction

This chapter describes the assignment of F-electronic modules to F-connection modules for

ET 200pro.

Assignment of F-Electronic Modules to F-Connection Modules

You can use the following fail-safe electronic modules and connection modules together:

Table 2- 1 Assignment of F-Electronic Modules to F-Connection Modules

F-electronic modules

F-connection modules

8/16 F-DI DC24V PROFIsafe electronic module

(6ES7 148-4FA00-0AB0)

CM IO 16×M12 for 8/16 F-DI electronic module

(6ES7 194-4DD00-0AA0)

4/8 F-DI/4 F-DO DC24V/2A PROFIsafe

electronic module

(6ES7 148-4FC00-0AB0)

CM IO 12×M12 for 4/8 F-DI/4 F-DO electronic

module (6ES7 194-4DC00-0AA0)

F-Switch PROFIsafe electronic module

(6ES7 148-4FS00-0AB0)

CM F-IO 2×M12 for F-Switch PROFIsafe electronic

module (6ES7 194-4DA00-0AA0)

See also

Properties of 8/16 F-DI DC24V PROFIsafe Electronic Module (Page 58)

Properties of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module (Page 93)

Properties of the F-Switch PROFIsafe Electronic Module (Page 113)

Configuration

2.3 Limitation of Connectable Modules/Maximum Configuration

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 19

2.3

Limitation of Connectable Modules/Maximum Configuration

Maximum Number of Modules

PROFIBUS DP: The maximum number of modules in an ET 200pro depends on the

parameter length of the modules. A total of 244 bytes per ET 200pro are possible.

PROFINET IO: A maximum installation width of 1 m must not be exceeded.

Table 2- 2 Parameter Length of F-Modules in Bytes

Fail-Safe Module

Parameter length

8/16 F-DI DC24V PROFIsafe

42 bytes

4/8 F-DI/4 F-DO DC24V/2A PROFIsafe

34 bytes

F-Switch PROFIsafe

26 bytes

Example for PROFIBUS DP

In the following example, modules with a total parameter length of 205 bytes were used in an

ET 200pro. There are also 39 bytes available for installation of additional modules.

Number and

type

modules

1 x

IM154

-2

HIGH

FEATURE

2 x

8/16 F

-DI

2 x

4/8 F

-DI/4

-DO

1 x

-Switch

PROFIsafe

6 modules

Parameter

length

27 bytes

bytes

68 bytes

bytes

205

bytes

ET 200pro: Limitation and Maximum Configuration

For information on the limitations and maximum configuration of the standard ET 200pro,

refer to the

ET 200pro Distributed I/O System

manual.

Configuration

2.4 Configuration and Parameter Assignment

ET 200pro Distributed I/O System - Fail-Safe Modules

20 Operating Instructions, 07/2013, A5E00394073-03

2.4

Configuration and Parameter Assignment

Requirements

The following are required for configuring and assigning parameters for ET 200pro fail-safe

modules:

●

STEP 7

, V 5.3 SP2 or higher; HSP 63 to 68

●

S7 Distributed Safety

, V 5.1 or higher

●

F Configuration Pack

, V 5.5 SP2 or higher

The

F Configuration Pack

V 5.5 SP2 is available for download on the Internet at:

http://www.siemens.com/automation/service&support

Configuring

Fail-safe modules are configured in the same way as ET 200pro standard modules with

STEP 7 HW Config

Assigning Parameters for Electronic Module Properties

To assign parameters to fail-safe electronic module properties, select the module in

STEP 7

HW Config

and select "Edit > Object Properties".

During a download operation, the parameters are transferred from the programming device

(PG) to the F-CPU and stored there. The parameters are then transferred from the F-CPU to

the fail-safe module.

Parameter Description

You will find a description of assignable fail-safe electronic module parameters in this

manual.

PROFIsafe Address and PROFIsafe Address Assignment

You will find a description of the PROFIsafe address and the procedure for assigning the

address in this manual.

See also

Assignment of PROFIsafe Address (Page 23)

Parameters for the 8/16 F-DI DC24V PROFIsafe Electronic Module (Page 61)

Parameters for the 4/8 F-DI/4 F-DO DC24V/2 A PROFIsafe Electronic Module (Page 97)

Parameters for the F-Switch PROFIsafe Electronic Module (Page 116)

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 21

Address Assignment and Installation

3.1

Address Assignments in the F-CPU

Address Assignment

The fail-safe modules occupy the following address ranges in the F-CPU:

● For S7 Distributed Safety: in the process image area

Table 3- 1 Address Assignment in the F-CPU

F-module

Occupied bytes in the F-CPU:

In input range

In output range

8/16 F-DI DC24V PROFIsafe

x + 0 to x + 7

x + 0 to x +3

4/8 F-DI/4 F-DO DC24V/2A PROFIsafe

x + 0 to x +6

x + 0 to x +4

F-Switch PROFIsafe

x + 0 to x + 6

x + 0 to x + 4

x = Module start address

Addresses Occupied by User Data

Of the assigned fail-safe module addresses in the F-CPU, the user data occupy the

following:

Table 3- 2 Addresses Occupied by Input User Data

Bytes in the

F-CPU

Occupied bits in F-CPU per F-module:

8/16 F-DI DC24V PROFIsafe:

x + 0

Channel

or 0 (SIL3)

Channel 6

or 0 (SIL3)

Channel 5

or 0 (SIL3)

Channel 4

or 0 (SIL3)

Channel 3 Channel 2 Channel 1 Channel 0

x +1

Channel

or 0 (SIL3)

Channel

or 0 (SIL3)

Channel

or 0 (SIL3)

Channel

or 0 (SIL3)

Channel 11

Channel 10

Channel 9

Channel 8

4/8 F-DI/4 F-DO DC24V/2A PROFIsafe:

x + 0

Channel

or 0 (SIL3)

Channel 6

or 0 (SIL3)

Channel 5

or 0 (SIL3)

Channel 4

or 0 (SIL3)

Channel 3 Channel 2 Channel 1 Channel 0

F-Switch PROFIsafe:

X + 0

Channel 1

Channel 0

x = Module start address

Address Assignment and Installation

3.1 Address Assignments in the F-CPU

ET 200pro Distributed I/O System - Fail-Safe Modules

22 Operating Instructions, 07/2013, A5E00394073-03

Table 3- 3 Addresses Occupied by Output User Data

Bytes in the

F-CPU

Occupied bits in F-CPU per F-module:

4/8 F-DI/4 F-DO DC24V/2A PROFIsafe:

x + 0

Channel 3

Channel 2

Channel 1

Channel 0

F-Switch PROFIsafe:

X + 0

Channel 2

Channel 1

Channel 0

x = Module start address

WARNING

You can only access addresses occupied by user data. The other addresses occupied by

the F-modules are assigned for functions including safety-related communication between

F-modules and the F-CPU in accordance with PROFIsafe.

In 1oo2 sensor evaluation, only the lower-value channel of the channels combined by the

1oo2 sensor evaluation can be accessed in the safety program.

Additional Information

For detailed information about F-I/O access, refer to the

S7 Distributed Safety, Configuring

and Programming

manual.

Address Assignment and Installation

3.2 Assignment of PROFIsafe Address

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 23

3.2

Assignment of PROFIsafe Address

PROFIsafe Address

Each fail-safe module has its own PROFIsafe address in addition to the

PROFIBUS/Industrial Ethernet address. Before installing fail-safe modules, you must set the

PROFIsafe address of the F-module on each F-module.

PROFIsafe Address Assignment

The PROFIsafe addresses (F_source_address, F_destination_address) are automatically

assigned when the fail-safe modules are configured in

STEP 7

The F_destination_address is shown in binary format in the "DIP switch setting" parameter in

the object properties for the fail-safe modules in

HW Config

. You must obtain this PROFIsafe

address from the parameter assignment dialog box and set it on the fail-safe modules using

an address switch.

You can change the configured F_destination_address in

HW Config

. To prevent addressing

errors, however, we recommend that you use the automatically assigned

F_destination_address.

Address Switch for Setting the PROFIsafe Address

An address switch (10-pin DIP switch) is located on the electronic module. You set the

PROFIsafe address (F_destination_address) of the F-module at this address switch.

Note

Fail

-safe modules in ET 200pro can only be used in safety mode.

Address Assignment and Installation

3.3 Installing

ET 200pro Distributed I/O System - Fail-Safe Modules

24 Operating Instructions, 07/2013, A5E00394073-03

Setting the Address Switch

Make sure that the address switch is set properly

before installing

the F-module.

PROFIsafe addresses 1 through 1022 are permitted. The figure below illustrates an example

of the switch setting for an address.

Figure 3-1 Example for Setting the Address Switch (DIP Switch)

Note

An address switch of the smallest possible dimensions is installed for reasons of space

saving. This makes it sensitive to pressure and objects with sharp edges. Always use

suitable tool to operate the address switch.

Diverse tools suitable for activating the address switch are available on the market, for

example, the Grayhill DIPSTICK. A ballpoint pen may be employed if used carefully. It is

imperative to avoid any burri

ng which would prevent the switch from reaching its home

position. Therefore, DO NOT use screwdrivers or knives to operate the address switch.

Rules for Address Assignment

WARNING

Observe the following rules when assigning the address:

• Make sure that the address switch setting of the F-I/O matches the PROFIsafe

destination address in

STEP 7 HW Config

(Parameter "F_Destination_Address").

3.3

Installing

Installing Fail-Safe Modules

Fail-safe electronic modules and connection modules are part of the ET 200pro range of

modules. They are installed in the same way as standard modules in an ET 200pro.

For more information about module installation, refer to the

ET 200pro Distributed I/O Device

manual.

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 25

Wiring

WARNING

In order to prevent danger to humans or the environment, you must not under any

circumstances override safety functions or implement measures that cause safety functions

to be bypassed or result in the bypassing of safety functions. The manufacturer is not liable

for the consequences of such manipulations or for damage resulting from a failure to heed

this warning.

Overview

This chapter presents the specific characteristics involved in wiring fail-safe modules.

Generally applicable information about wiring both ET 200pro with fail-safe modules and

ET 200pro with standard modules can be found in the

ET 200pro Distributed I/O Device

manual.

4.1

Safe Functional Extra Low Voltage for Fail-Safe Modules

Safe Functional Extra Low Voltage

WARNING

Fail-safe modules must be operated with safe functional extra low voltage (SELV, PELV).

This means that only a maximum voltage Um can ever be applied to these modules, even in

the event of a fault. The following applies to all fail-safe modules:

< 60.0 V

You can find additional information about safe functional extra low voltage, for example, in

the data sheets for the applicable power supplies.

All components of the system that are capable of supplying electrical energy in any form

must meet this requirement.

Each additional power circuit (24 V DC) installed in the system must be operated with safe

functional extra low voltage (SELV, PELV). Refer to the relevant data sheets or contact the

manufacturer for information.

Wiring

4.1 Safe Functional Extra Low Voltage for Fail-Safe Modules

ET 200pro Distributed I/O System - Fail-Safe Modules

26 Operating Instructions, 07/2013, A5E00394073-03

Note, too, that sensors and actuators with an external power supply can be connected to F-

modules. In this context, bear in mind the supply voltage from safe functional extra low

voltage. The process signal of a 24 V DC digital module must not exceed a fault voltage Um,

even in the event of a fault.

WARNING

All voltage sources, for example, internal 24 V DC load voltage supplies, external 24 V DC

load voltage supplies and 5 V DC bus voltage, must be electrically connected externally.

This prevents voltage additions in the individual voltage sources that would cause the fault

voltage Um to be exceeded, even in the event of potential differences.

Make sure that the cable cross section is sufficient for the electrical connection, in

accordance with the ET 200pro configuration guidelines (see

ET 200pro Distributed I/O

Device

manual).

Power Supply Requirements for Compliance With the NAMUR Recommendation

Note

To comply with NAMUR recommendation NE

21, IEC 61131-2 and EN 298, only power

packs or power supplies (230

V AC --> 24 V DC) with a power loss ride-through of at least

20 ms

can be used. The latest information about PS components can be accessed on the

Internet at:

ttps://mall.ad.siemens.com

These requirements also apply to power packs or power supplies not produced in ET

200pro

or S7

-300/400 designs.

Wiring

4.2 Wiring of Fail-Safe Modules

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 27

4.2

Wiring of Fail-Safe Modules

Same Wiring Procedure as ET 200pro

Fail-safe electronic modules and connection modules are part of the ET 200pro range of

modules. They are wired in the same way as standard modules in an ET 200pro.

For more information about wiring modules, refer to the

ET 200pro Distributed I/O Device

manual.

WARNING

When assigning the F-DI module signals, remember that signals should only be routed

within a cable or a non-metallic sheathed cable if:

• A short circuit in the signals does not conceal a serious safety risk.

• Signals are supplied by different sensor supplies of this F-DI module.

Applicable Mounting Rails

Only racks for ET 200pro can be used for installing ET 200pro with fail-safe modules (see

ET 200pro Distributed I/O Device

manual).

Terminal Assignment of Connection Modules

The terminal assignment of the connection modules depends on which electronic module is

inserted.

See also

Block Diagram of 8/16 F-DI DC24V PROFIsafe Electronic Module (Page 60)

Use Case 1: Safety Mode SIL2/Category 3 (Page 67)

Use Case 2: Safety Mode SIL3/Category 3 (Page 70)

Use Case 3: Safety Mode SIL3/Category 4 (Page 81)

Wiring of Inputs of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module (Page 101)

Wiring of Outputs of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module

(Page 102)

Block Diagram of the F-Switch PROFIsafe Electronic Module (Page 115)

Use Case 1: Safety Mode of F-Switch PROFIsafe (Page 122)

Use Case 2: Safety Mode SIL3/Category 3 (Page 122)

Use Case 3: Safety Mode SIL3/Category 4 (Page 133)

Wiring

4.3 Inserting and removing fail-safe connection modules and electronic modules

ET 200pro Distributed I/O System - Fail-Safe Modules

28 Operating Instructions, 07/2013, A5E00394073-03

4.3

Inserting and removing fail-safe connection modules and electronic

modules

Inserting and Removing Modules

Fail-safe modules in ET 200pro are inserted and removed in the same way as all standard

modules in an ET 200pro.

Inserting and Removing Modules During Operation

F-modules can be removed and inserted during operation in exactly the same way as

standard modules in ET 200pro.

Follow the instructions in the

"Maintenance and Service"

chapter in the

ET 200pro

Distributed I/O Device

manual.

Note

Note that replacing fail

-safe modules in ET 200pro during operation will generate a

communication error in the F

-CPU.

You must acknowledge the communication error in your safety program (for information

about F

-system behavior after communication errors, fail-safe value output and user

acknowledgment, ref

er to the

S7 Distributed Safety, Configuring and Programming

manual).

If the communication error is not acknowledged, the user data of the F

-DO modules will

remain passivated (outputs at "0").

Remember to Set the PROFIsafe Address

When an F-module is replaced, make sure that the address switch (DIP switch) setting on

the electronic module is the same.

See also

Assignment of PROFIsafe Address (Page 23)

Wiring

4.4 Requirements for Sensors and Actuators

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 29

4.4

Requirements for Sensors and Actuators

General Requirements for Sensors and Actuators

Note the following important information for the safety-related use of sensors and actuators:

WARNING

Note that instrumentation with sensors and actuators bears a considerable

safety

responsibility

. Note that sensors and actuators generally do not withstand a proof-test

interval of 10 years according to the IEC 61508:2000 standard without considerable safety

degradation.

The probability of dangerous faults and the rate of occurrence of dangerous faults of a

safety function must adhere to an SIL-based upper limit. You will find a list of values

achieved by F-modules under "Fail-Safe Performance Characteristics" in the technical

specifications for the F-modules.

To achieve SIL3 (Category 4), suitably qualified sensors and actuators are necessary.

Requirements for the Duration of Sensor Signals

WARNING

Note the following requirements for sensor signals:

• In order to guarantee accurate detection of sensor signals by the F-DI/F-DO module

inputs, you must ensure that the sensor signals exhibit a certain minimum duration.

• In order for pulses to be detected with certainty, the time between two signal changes

(pulse duration) must be greater than the PROFIsafe monitoring time.

Reliable Detection by the F-DI/F-DO Module Inputs

The following table lists the minimum duration of the sensor signals for the F-DI module. The

minimum duration depends on the parameter settings for the short-circuit test and the input

delay in

STEP 7

Table 4- 1 Minimum Duration of Sensor Signals for Proper Detection by an F-DI Module

Electronic module

Short-circuit test parameter

Assigned input delay

0.5 ms

3 ms

15 ms

8/16 F-DI

Disabled

10 ms

13 ms

25 ms

Enabled

10 ms

18 ms

56 ms

4/8 F-DI/4 F-DO

Disabled

11 ms

13 ms

25 ms

Enabled

11 ms

20 ms

57 ms

Wiring

4.4 Requirements for Sensors and Actuators

ET 200pro Distributed I/O System - Fail-Safe Modules

30 Operating Instructions, 07/2013, A5E00394073-03

Electronic module

Short-circuit test parameter

Assigned input delay

0.5 ms

3 ms

15 ms

F-Switch

PROFIsafe

Disabled

14 ms

Enabled

27 ms

Reliable Detection By the Safety Program in the F-CPU

For information about the times for proper detection of sensor signals in the safety program,

refer to

"Fail-Safe Modules"

in the

Safety Engineering in SIMATIC S7

system description.

Additional Requirements for Sensors

General rule: A single-channel sensor is sufficient to achieve SIL2/Category 3. However, the

sensors must be connected using two channels in order to achieve SIL3/Category 4.

However, to achieve SIL2/Category 3 with a single-channel sensor, the sensor itself must be

SIL2/Category 3-capable, otherwise the sensors must be connected using two channels in

order to achieve this safety level.

Additional Requirements for Actuators

Fail-safe output modules test the outputs at regular intervals. For this purpose, the F-module

briefly switches off enabled outputs. The test pulses have the following duration:

● Dark period < 1 ms

Fast-acting actuators can drop out briefly during the test. If your process does not tolerate

this, you must use actuators with a sufficient lag (> 1 ms).

WARNING

If the actuators are operated at voltages greater than 24 V DC (for example, 230 V DC) or if

the actuators switch higher voltages, safe isolation must be ensured between the outputs of

a fail-safe output module and the components conducting the higher voltage (in accordance

with EN 50178).

This is generally the case for relays and contactors. Particular attention must be paid to this

requirement for semiconductor switching devices.

See also

Assignment of PROFIsafe Address (Page 23)

Technical Specifications for the 8/16 F-DI DC24V PROFIsafe Electronic Module (Page 89)

Technical Specifications for the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module

(Page 108)

Technical Specifications for the F-Switch PROFIsafe Electronic Module (Page 144)

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 31

Diagnostics

5.1

Reactions to Faults

Safe State (Safety Concept)

The basic principle behind the safety concept is the existence of a safe state for all process

variables.

Note

For digital F

-modules, this safe state is the value "0". This applies to both sensors and

actuators.

Reactions to Faults and F-System Startup

The safety function requires the use of fail-safe values (safe state) instead of process data

(

passivation of the fail-safe module

) in the following situations:

● When the F-system starts up

● In the event of errors during safety-related communication between the F-CPU and F-

module via the PROFIsafe safety protocol (communication error)

● In the event of F-I/O or channel faults (e.g., wire break, short circuit, discrepancy error)

Detected faults are written to the diagnostic buffer of the F-CPU and communicated to the

safety program in the F-CPU.

F-modules cannot store faults retentively. When the system is powered down and then

restarted, any faults still existing are detected again during startup. However, you have the

option of saving faults in your safety program.

WARNING

For channels that you have set to "disabled" in

STEP 7

, no diagnostic response or error

handling is triggered when a channel fault occurs, not even when such a channel is

affected indirectly by a channel group ("Channel enabled/disabled" parameter).

Diagnostics

5.1 Reactions to Faults

ET 200pro Distributed I/O System - Fail-Safe Modules

32 Operating Instructions, 07/2013, A5E00394073-03

Fail-Safe Value Output for Fail-Safe Modules

In the case of F-DI modules

, if channels are passivated, the F-system provides fail-safe

values for the safety program instead of the process data pending at the fail-safe inputs:

● For F-DI modules, this is always the fail-safe value (0).

In the case of F-DO modules

, if channels are passivated, the F-system transfers fail-safe

values (0) to the fail-safe outputs instead of the output values provided by the safety

program. The output channels are set to the zero current and zero voltage state. This also

applies when the F-CPU switches to STOP mode. It is not possible to assign fail-safe values.

Depending on which F-system you are using and the type of fault that occurred (F-I/O fault,

channel fault or communication error), fail-safe values are used either for the relevant

channel only or for all channels of the relevant fail-safe module.

S7 Distributed Safety

F-systems up to V 5.3, when a channel fault occurs the entire F-

module is passivated (in

S7 Distributed Safety

V 5.4 and higher, the entire module or,

alternatively, selected channel(s) are passivated).

Reintegration of a Fail-Safe Module

Switchover from fail-safe values to process data (reintegration of an F-module) occurs

automatically or, alternatively, after user acknowledgment in the safety program. If channel

faults occur, it may be necessary to remove and reinsert the F-module. A detailed listing of

faults requiring removal and insertion of the F-module can be found in

● the "Diagnostic Messages of 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module,

Causes of Faults and Corrective Actions" tables for

"8/16 F-DI DC24V PROFIsafe"

"4/8

F-DI/4 F-DO DC24V/2A PROFIsafe"

● the "Diagnostic Messages of F-Switch PROFIsafe Electronic Module, Causes of Faults

and Corrective Actions" tables for

"F-Switch PROFIsafe"

After reintegration:

● In the case of a fail-safe DI module, the process data pending at the fail-safe inputs are

provided to the safety program

● In the case of a fail-safe DO module, the output values provided in the safety program are

again transferred to the fail-safe outputs

Diagnostics

5.1 Reactions to Faults

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 33

Additional Information About Passivation and Reintegration

For additional information about passivation and reintegration of F-I/O, refer to the

S7 Distributed Safety, Configuring and Programming

manual.

Behavior of the F-DI Module When a Communication Error Occurs

The F-DI module responds differently to a communication error than to other faults or errors.

If a communication error occurs, the current process data remain set at the inputs of the F-DI

module; the channels are not passivated. The current process data are sent to the F-CPU

and are passivated there.

See also

Properties of 8/16 F-DI DC24V PROFIsafe Electronic Module (Page 58)

Diagnostic Functions of the 8/16 F-DI DC24V PROFIsafe Electronic Module (Page 86)

Properties of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module (Page 93)

Diagnostic Functions of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module

(Page 105)

Properties of the F-Switch PROFIsafe Electronic Module (Page 113)

Properties of the F-Switch PROFIsafe Electronic Module (Page 141)

Diagnostics

5.2 Error Diagnostics

ET 200pro Distributed I/O System - Fail-Safe Modules

34 Operating Instructions, 07/2013, A5E00394073-03

5.2

Error Diagnostics

Purpose of Diagnostics

Diagnostics are used to determine whether fail-safe modules are detecting signals without

errors. Diagnostic information is assigned either to one channel or to the entire F-module.

Diagnostic Functions Are Not Safety-Critical

None of the diagnostic functions (displays and messages) are safety-critical. Consequently,

they are not implemented as safety-related features, i.e., they are not tested internally.

Diagnostic Options for Fail-Safe Modules in ET 200pro

The following diagnostic options are available for fail-safe modules:

● LED display on the module front panel

● Diagnostic functions of F-modules

Non-Assignable Diagnostic Functions

Fail-safe electronic modules provide non-assignable diagnostic functions. This means that

diagnostics are always enabled and are automatically made available by the F-module in

STEP 7

and forwarded to the F-CPU in the event of an error.

Assignable Diagnostic Functions

You can assign (enable) certain diagnostic functions as parameters in

STEP 7

● Short-circuit monitoring for the F-DI module

● Wire break detection for the F-DO module

● Short-circuit monitoring for the F-Switch PROFIsafe

WARNING

Diagnostic functions should be enabled or disabled in accordance with the application.

Diagnostics Using LED Display

Every fail-safe connection module indicates faults via its channel LED and SF LED (group

fault LED).

The channel LED and SF LED turn red as soon as a diagnostic function is triggered by the

F-module. The LEDs go out once all faults have been eliminated.

The SF LED flashes until you acknowledge passivation following a module fault.

Diagnostics

5.2 Error Diagnostics

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 35

Slave Diagnostics

Slave diagnostics comply with IEC 61784-1 Ed3 CP 3/1. The fail-safe electronic modules

support slave diagnostics in exactly the same way as standard ET 200pro modules.

For information about the universal structure of the slave diagnostics for ET 200pro and the

fail-safe modules, refer to the

200pro Distributed I/O Device

manual. A supplementary

description of channel-specific diagnostics for fail-safe modules appears below.

Channel-Specific Diagnostics

As with ET 200pro, there are three bytes available for each channel-specific diagnosis

starting at byte 19. A maximum of 10 channel-specific diagnostic messages are possible per

distributed I/O device. Channel-specific diagnostics for fail-safe modules are structured as

follows:

Figure 5-1 Structure of Channel-Specific Diagnostics

Diagnostics

5.2 Error Diagnostics

ET 200pro Distributed I/O System - Fail-Safe Modules

36 Operating Instructions, 07/2013, A5E00394073-03

Note

Channel

-specific diagnostics are always updated as far as the current diagnostic function in

the diagnostic frame. Subsequent, older diagnostic functions are not deleted.

Remedy: Evaluate the v

alid current length of the diagnostic frame in

STEP 7

using the

RET_VAL parameter of SFC

13.

Possible Fault Types of Fail-Safe Modules

The following table lists the fault types of channel-specific diagnostics. You can obtain

detailed diagnostic information via

HW Diagnostics

STEP 7

Table 5- 1 Fault Types of Channel-Specific Diagnostics

Fault type

Diagnostic function in

STEP 7

F-module

Special meaning for F-modules

00001B 1D Short circuit All Short circuit to L+ on the unconnected sensor wire

Short circuit to L+ sensor supply

Ground short circuit or defective sensor supply

Internal fault in the read circuit/test circuit

4/8 F-DI/4 F-DO P output driver defective

Short circuit of output to L+ or output driver

M output driver defective

Short circuit of output to M or output driver

F-Switch Output driver overcurrent

P output driver defective

Short circuit of output to L+ or output driver

Short circuit of output to M or output driver

00100B

Overload

4/8 F-DI/4 F-DO

Output driver overcurrent

00101

Overtemperature

All

00110B

Open circuit

4/8 F-DI/4 F-DO

Wire break

01001B 9D Fault All RAM error

EPROM error

Processor failure (expected DIP switch value/actual

DIP switch value)

Internal fault in the read circuit/test circuit

10000B 16D Parameter assignment

error

All Parameter assignment error

10001B 17D Sensor voltage or load

voltage is missing

All

Module-internal supply voltage

4/8 F-DI/4 F-DO,

F-Switch

Load voltage is defective or not connected

Diagnostics

5.2 Error Diagnostics

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 37

Fault type

Diagnostic function in

STEP 7

F-module

Special meaning for F-modules

10011B 19D Communication error All Cyclic redundancy check (CRC) error in data

message frame

Monitoring time for data message frame exceeded

11001B 25D Safety-related shutdown

All

Discrepancy error

4/8 F-DI/4 F-DO,

F-Switch

Switching frequency too high

Behavior of F-Modules When a Module Failure Occurs

In the event of a fatal internal fault in the F-module resulting in failure of the

F-module, the following occurs:

● The connection to the backplane bus is interrupted and the fail-safe inputs and outputs

are passivated.

● Diagnostics are not issued by the F-module and the standard "Module Fault" diagnostics

message is issued.

● The SF LED of the relevant F-module illuminates.

Specific Information About Diagnostic Functions

All module-specific diagnostic functions, possible causes, and corrective actions are

described in

"8/16 F-DI DC24V PROFIsafe"

"4/8 F-DI/4 F-DO DC24V/2A PROFIsafe"

"F-

Switch PROFIsafe"

The status and diagnostic functions indicated by LEDs on the front panel of each F-module

are also presented in these sections.

Reading Out Diagnostic Functions

You can have the cause of a fault displayed in the module diagnostics in

STEP 7

(see

STEP 7 online help

You can read out diagnostic functions (slave diagnostics) by means of SFC 13 in the

standard user program (see

System and Standard Functions

reference manual).

See also

Diagnostic Functions of the 8/16 F-DI DC24V PROFIsafe Electronic Module (Page 86)

Diagnostic Functions of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module

(Page 105)

Properties of the F-Switch PROFIsafe Electronic Module (Page 141)

Diagnostics

5.2 Error Diagnostics

ET 200pro Distributed I/O System - Fail-Safe Modules

38 Operating Instructions, 07/2013, A5E00394073-03

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 39

General Technical Specifications

Overview

This chapter presents the following information about fail-safe modules:

● Information about the most important standards and approvals

● Information about the general technical specifications

General Technical Specifications

The general technical specifications include the standards and test values met by the fail-

safe modules when used in an ET 200pro as well as the criteria used to test the fail-safe

modules. The transport and storage requirements for the fail-safe modules and the

prescribed environmental conditions are also included.

6.1

Standards and Approvals

CE Certification

The ET 200pro fail-safe modules meet the requirements and protection targets of the

following EC Directives and comply with the harmonized European Standards (EN) for

programmable logic controllers published in the Official Journal of the European

Communities:

● 2006/42/EC "Machinery Directive"

● 73/23/EEC ”Electrical Equipment for Use within Fixed Voltage Ranges” (Low-Voltage

Directive)

● 89/336/EEC ”Electromagnetic Compatibility” (EMC Directive)

The EC declarations of conformity are kept available for the responsible authorities at:

Siemens Aktiengesellschaft

Bereich Automatisierungstechnik

A&D AS RD ST Type Test

Postfach 1963

D-92209 Amberg, Germany

General Technical Specifications

6.1 Standards and Approvals

ET 200pro Distributed I/O System - Fail-Safe Modules

40 Operating Instructions, 07/2013, A5E00394073-03

UL/CSA Approval

Underwriters Laboratories Inc., in accordance with

● UL 508 (Industrial Control Equipment)

● CSA C22.2 No. 142 (Process Control Equipment)

Note

The nameplate of the specific module indicates the currently valid approvals.

Certification Mark for Australia

The fail-safe modules of the ET 200pro satisfy the requirements of AS/NZS 2064 (Class A).

IEC 61131

The fail-safe modules of the ET 200pro satisfy the requirements and criteria of IEC 61131-2

(Programmable Controllers - Part 2: Equipment Requirements and Tests).

PROFIBUS/Industrial Ethernet Standard

The ET 200pro distributed I/O device is based on the IEC 61784-1 standard.

General Technical Specifications

6.1 Standards and Approvals

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 41

Marine approval

Submitted to the following classification organizations

ABS (American Bureau of Shipping)

BV (Bureau Veritas)

DNV (Det Norske Veritas)

GL (Germanischer Lloyd)

LRS (Lloyds Register of Shipping)

Class NK (Nippon Kaiji Kyokai)

Use in Industrial Environment

SIMATIC products are designed for use in industrial environments.

Area of Application

Requirement for

Emitted Interference

Interference Immunity

Industry

EN 61000-6-4

EN 61000-6-2

Use in Residential Areas

If you are using the ET 200pro in residential areas, you must ensure compliance with limit

class B for emission of radio interference in accordance with EN 61000-6-4.

Suitable measures for achieving a limit class B radio interference level are:

● Installation of the ET 200pro in grounded control cabinets/control boxes

● Use of filters in supply lines

General Technical Specifications

6.1 Standards and Approvals

ET 200pro Distributed I/O System - Fail-Safe Modules

42 Operating Instructions, 07/2013, A5E00394073-03

TÜV Certificate and Standards

Fail-safe modules are certified to the following standards. Refer to the report accompanying

the TÜV certificate for the current version/edition of the standard.

Standard/Directive

Designation

Standards/Directives for Functional Safety

IEC 61508:2000

prEN 50159-1 and 2

Standards/Directives for Process Engineering

VDI/VDE 2180-1 to 5

NE 31

ISA S 84.01

Standards/Directives Machine Safety

IEC 62061

98/37/EC

EN 60204-1

Standards/Directives for Burner Management

Systems

DIN VDE 0116, Clause 8.7

prEN 50156-1

EN 230, Clause 7.3

EN 298, Clauses. 7.3, 8, 9, and 10

DIN V ENV 1954 (stop to position)

Additional Standards/Guidelines

DIN VDE 0110-1

DIN VDE 0160

93/68/EEC

92/31/EEC and 93/68/EEC

DIN EN 55011 (stop to position)

EN 50081-2 (stop to position)

EN 61000-6-2

DIN EN 61131-2

The current TÜV certificate report is available for downloading on the Internet at

https://support.automation.siemens.com under "Product Support".

Requesting TÜV Certificate

You can request copies of the TÜV certificate and the accompanying report at the following

address:

Siemens Aktiengesellschaft

Bereich Automatisierungstechnik

A&D AS RD ST Type Test

Postfach 1963

D-92209 Amberg, Germany

General Technical Specifications

6.2 Electromagnetic Compatibility

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 43

6.2

Electromagnetic Compatibility

Introduction

This chapter presents information about the interference immunity of fail-safe modules and

information about RFI suppression.

Definition of EMC

Electromagnetic compatibility is the ability of an electrical device to function satisfactorily in

its electromagnetic environment without interfering with that environment.

The fail-safe modules meet the requirements of the European Union's EMC law, for

example. This requires that the

ET 200pro Distributed I/O System

meets the specifications

and directives concerning electrical installation.

Pulse-Shaped Interference

The following table shows the electromagnetic compatibility of the fail-safe modules relative

to pulse-shaped interference.

Pulse-shaped interference

Tested with

Degree of severity

Electrostatic discharge in

accordance with IEC 61000-4-2

(DIN VDE 0843 Part 2)

8 kV

6 kV

3 (air discharge)

3 (contact discharge)

Burst pulses (rapid transient

interference) in accordance with

IEC 61000-4-4

(DIN VDE 0843 Part 4)

2 kV (supply line)

2 kV (signal line)

Surge in accordance with IEC 61000-4-5 (DIN VDE 0839 Part 10)

Degrees of severity 2 and 3 require an external protective circuit (see

section further down).

Asymmetrical connection

Symmetrical connection

1 kV (supply line)

1 kV (signal line/data line)

2 kV (supply line)

0.5 kV (supply line)

0.5 kV (signal line/data line)

1 kV (supply line)

1 kV (signal line/data line)

General Technical Specifications

6.2 Electromagnetic Compatibility

ET 200pro Distributed I/O System - Fail-Safe Modules

44 Operating Instructions, 07/2013, A5E00394073-03

Protecting the ET 200pro With Fail-Safe Modules Against Overvoltages

If your equipment makes protection against overvoltage necessary, we recommend that you

use an external protective circuit (surge filter) between the load voltage supply and the load

voltage input of the terminal modules to ensure surge immunity for the ET 200pro with fail-

safe modules.

Note

Lightning protection measures always require a case

-by-case examination of the entire

system. Virtually complete protection against overvoltages, however, can only be achieved if

the entire building surrounding the system has been designed for protection against

overvoltages. In particular, this involves structural measures in the

building design phase.

Therefore, for detailed information regarding protection against overvoltages, we recommend

that you contact your Siemens representative or a company specializing in lightning

protection.

The following figure illustrates an example configuration with ET 200pro F-modules and

standard modules.

You can also use fewer power supplies. However, you must ensure that the total current of

the modules fed from one power supply does not exceed the permissible limits.

For additional information about surge protection for standard modules, see the

ET 200pro

Distributed I/O System

Manual.

General Technical Specifications

6.2 Electromagnetic Compatibility

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 45

Figure 6-1 Example Configuration with F Modules and Standard Modules of ET200pro

Note

Note for Installation in Accordance with EN928

You must disable the "Load voltage failure diagnostics" for the head

-end of the ET 200pro-F.

General Technical Specifications

6.2 Electromagnetic Compatibility

ET 200pro Distributed I/O System - Fail-Safe Modules

46 Operating Instructions, 07/2013, A5E00394073-03

Sinusoidal Interference

HF radiation:

Tested in accordance with IEC 61000-4-3, "Radiated Electromagnetic Field Requirements"

● Standard test:

– from 80 MHz through 1 GHz, tested at 10 V/m and 20 V/m; 80 % AM (1 kHz)

– from 1.4 GHz through 2.7 GHz, tested at 10 V/m; 80 % AM (1 kHz)

● GSM/ISM/UMTS field interferences of different frequencies (Standard: EN 298: 2004,

IEC 61326-3-1 (draft))

HF interference on signal and data lines:

Tested in accordance with IEC 61000-4-6, "Testing and measurement techniques –

Immunity to conducted disturbances induced by radio-frequency fields"

● Standard test:

– RF band, asymmetrical, amplitude modulated:

From 0.15 MHz through 80 MHz, tested at 10 V and 20 V rms; 80 % AM (1 kHz)

● ISM interferences of different frequencies (Standard: EN 298: 2004, IEC 61326-3-1

(draft))

Emission of Radio Interference

Interference transmission of electromagnetic fields in accordance with EN 61000-6-4: Limit

class A, group 1 (measured at a distance of 10 m).

Frequency

Emitted Interference

Between 30 MHz and 230 MHz

< 40 dB (µV/m)Q

Between 230 MHz and 1,000 MHz

< 47 dB (µV/m)Q

Interference transmission via supply AC input in accordance with EN 61000-6-4: Limit

class A, group 1.

Frequency

Emitted Interference

Between 0.15 MHz and 0.5 MHz

< 79 dB (µV)Q, < 66 dB (µV)M

Between 0.5 MHz and 5 MHz

< 73 dB (µV)Q, < 60 dB (µV)M

Between 5 MHz and 30 MHz

< 73 dB (µV)Q, < 60 dB (µV)M

General Technical Specifications

6.3 Transport and storage conditions

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 47

6.3

Transport and storage conditions

Requirements for Fail-Safe Modules

Fail-safe modules surpass the requirements for transport and storage conditions defined in

IEC 61131, Part 2. The following specifications apply to fail-safe modules that are

transported and stored in the original packaging.

Type of condition

Permissible range

Free fall

≤ 1 m

Temperature

From -25°C to +70°C

Temperature change

20 K/h

Air pressure From 1080 hPa to 660 hPa

(corresponds to an altitude of -1000 m to 3500 m)

Relative humidity

From 5% to 95%, without condensation

6.4

Mechanical and Climatic Environmental Conditions

Climatic environmental conditions

The following climatic environmental conditions are applicable:

Environmental Conditions

Areas of Application

Comments

Temperature

From -25 °C to 55 °C

All mounting positions

Temperature change

10 K/h

Relative humidity

From 5% to a maximum of 100%

With condensation

Air pressure From 1080 hPa to 795 hPa Corresponds to an altitude of -1000 m

to 2000 m

Pollutant concentration SO2: < 0.5 ppm;

Relative humidity < 60%, no

condensation

H2S: < 0.1 ppm;

Relative humidity < 60%, no

condensation

Test:

10 ppm; 4 days

1 ppm; 4 days

General Technical Specifications

6.4 Mechanical and Climatic Environmental Conditions

ET 200pro Distributed I/O System - Fail-Safe Modules

48 Operating Instructions, 07/2013, A5E00394073-03

Mechanical Environmental Conditions

The requirements for mechanical environmental conditions are presented in the following

table in the form of sinusoidal vibrations.

Frequency range

Constant

Intermittent

5 ≤ f ≤ 8 Hz

0.35 mm amplitude

0.75 mm amplitude

8 ≤ f ≤ 150 Hz

5 g constant acceleration

10 g constant acceleration

Testing for Mechanical Environmental Conditions

The following table provides information on the type and scope of tests for mechanical

environmental conditions.

Condition

Test Standard

Terminal and Electronic Modules

Vibrations Vibration test in

accordance with

IEC 60068-2-6

Type of vibration: Frequency sweeps with a sweep rate of 1

octave/minute.

5 Hz ≤ f ≤ 8 Hz, constant amplitude of 0.75 mm

8 Hz ≤ f ≤ 150 Hz, constant acceleration of 10 g

Duration of vibration: 10 frequency sweeps per axis in each of the

3 perpendicular axes

Shock Shock, tested in

accordance with

IEC 60068-2-27

Type of shock: half sine

Force of shock: 30 g peak value, 18 ms duration

Direction of shock: 3 shocks each in +/- direction in each of the

3 perpendicular axes

Repetitive shock Shock, tested in

accordance with

IEC 60068-29

Type of shock: half sine

Force of shock: 25 g peak value, 6 ms duration

Direction of shock: 1000 shocks each in +/- direction in each of the three

perpendicular axes

Reduction of Vibrations

If fail-safe modules are subjected to greater shocks or vibrations, you must take appropriate

measures to reduce acceleration and amplitude.

We recommend that you mount the ET 200pro on damping material (e.g., on a rubber-metal

vibration damper).

General Technical Specifications

6.5 Specifications for Dielectric Tests, Protection Class, Degree of Protection, and Rated Voltage

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 49

6.5

Specifications for Dielectric Tests, Protection Class, Degree of

Protection, and Rated Voltage

Test Voltage

Dielectric strength is proven during the type test with the following test voltage in accordance

with IEC 61131-2:

Circuits with rated voltage Ue to other circuits

or to ground

Test voltage

≤ 50V

500 V DC

≤ 150V

2,500 V DC

≤ 250V

4,000 V DC

Pollution Degree/Overvoltage Category in Accordance With IEC 61131

● Pollution degree 2

● Overvoltage category

– At Ur = 24 V DC: II

Degree of Protection IP65

Degree of protection in accordance with IEC 529

● Protection against the ingress of dust and full protection against physical contact

● Water projected by a nozzle against the enclosure from any direction shall have no

harmful effect.

General Technical Specifications

6.5 Specifications for Dielectric Tests, Protection Class, Degree of Protection, and Rated Voltage

ET 200pro Distributed I/O System - Fail-Safe Modules

50 Operating Instructions, 07/2013, A5E00394073-03

Degrees of Protection IP66 and IP67

Degree of protection in accordance with IEC 529

● Protection against the ingress of dust and full protection against physical contact

● IP66: Water from heavy seas or water projected in powerful jets shall not enter the

enclosure in harmful quantities.

● IP67: Protection against water when enclosure is immersed at specified pressures over a

specified time period (water must not enter the enclosure in any harmful amount)

Rated Voltage for Operation

The ET 200pro distributed I/O device operates at the following rated voltage and

corresponding tolerance.

Rated voltage

Tolerance range

24 V DC

20.4 V DC to 28.8 V DC

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 51

Fail-Safe Connection Modules

7.1

CM IO 16xM12 Fail-Safe Connection Module for EM 8/16 F-DI

DC24V PROFIsafe

Order Number

6ES7 194-4DD00-0AA0

Properties

The CM IO 16 x M12 connection module has the following properties:

● Can be plugged in and screwed to the electronic module

● 16 M12 circular socket connectors

● 16 labels and one module label

Terminal assignment

The terminal assignment depends on which electronic module is being used.

View

Terminal

Designation

1. M12 circular socket connector

2. M12 circular socket connector

3. M12 circular socket connector

4. M12 circular socket connector

5. M12 circular socket connector

6. M12 circular socket connector

7. M12 circular socket connector

8. M12 circular socket connector

9. M12 circular socket connector

X10

10. M12 circular socket connector

X11

11. M12 circular socket connector

X12

12. M12 circular socket connector

X13

13. M12 circular socket connector

X14

14. M12 circular socket connector

X15

15. M12 circular socket connector

X16 16. M12 circular socket connector

Fail-Safe Connection Modules

7.1 CM IO 16xM12 Fail-Safe Connection Module for EM 8/16 F-DI DC24V PROFIsafe

ET 200pro Distributed I/O System - Fail-Safe Modules

52 Operating Instructions, 07/2013, A5E00394073-03

Block Diagram

The following figure presents the block diagram of the CM IO 16 x M12 connection module.

Figure 7-1 Block Diagram of CM IO 16xM12 Connection Module

Technical specifications

Dimensions and Weight

Dimensions W x H x D (mm)

90 x 130 x 39

Weight

505 g

See also

Properties of 8/16 F-DI DC24V PROFIsafe Electronic Module (Page 58)

Block Diagram of 8/16 F-DI DC24V PROFIsafe Electronic Module (Page 60)

Fail-Safe Connection Modules

7.2 CM IO 12xM12 Fail-Safe Connection Module for EM 4/8 F-DI/4-DO DC24V/2A PROFIsafe

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 53

7.2

CM IO 12xM12 Fail-Safe Connection Module for EM 4/8 F-DI/4-DO

DC24V/2A PROFIsafe

Order Number

6ES7 194-4DC00-0AA0

Properties

The CM IO 12 x M12 connection module has the following properties:

● Can be plugged in and screwed to the electronic module

● 12 M12 circular socket connectors

● 12 labels and one module label

Terminal assignment

The terminal assignment depends on which electronic module is being used.

View

Terminal

Designation

1. M12 circular socket connector

2. M12 circular socket connector

3. M12 circular socket connector

4. M12 circular socket connector

5. M12 circular socket connector

6. M12 circular socket connector

7. M12 circular socket connector

8. M12 circular socket connector

9. M12 circular socket connector

X10

10. M12 circular socket connector

X11

11. M12 circular socket connector

X12 12. M12 circular socket connector

Fail-Safe Connection Modules

7.2 CM IO 12xM12 Fail-Safe Connection Module for EM 4/8 F-DI/4-DO DC24V/2A PROFIsafe

ET 200pro Distributed I/O System - Fail-Safe Modules

54 Operating Instructions, 07/2013, A5E00394073-03

Block Diagram

The following figure presents the block diagram of the CM IO 12 x M12 connection module.

Figure 7-2 Block Diagram of CM IO 12xM12 Connection Module

Technical specifications

Dimensions and Weight

Dimensions W x H x D (mm)

90 x 130 x 39

Weight

18.70 oz

See also

Properties of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module (Page 93)

Block Diagram for the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module (Page 96)

Fail-Safe Connection Modules

7.3 CM F-IO 2 × M12 Fail-Safe Connection Module for F-Switch PROFIsafe

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 55

7.3

CM F-IO 2 × M12 Fail-Safe Connection Module for F-Switch

PROFIsafe

Order Number

6ES7 194-4DA00-0AA0

Properties

The CM F-IO 2xM12 connection module has the following properties:

● Can be plugged in and screwed to the electronic module

● 2 M12 circular socket connectors

● 2 labels and one module label

Terminal Assignment

The terminal assignment is shown in the following table.

View

Terminal

Designation

X1 1. M12 circular socket

connector

X2 2. M12 circular socket

connector

Fail-Safe Connection Modules

7.3 CM F-IO 2 × M12 Fail-Safe Connection Module for F-Switch PROFIsafe

ET 200pro Distributed I/O System - Fail-Safe Modules

56 Operating Instructions, 07/2013, A5E00394073-03

Block Diagram

The following figure presents the block diagram of the CM F-IO 2xM12 connection module.

Figure 7-3 Block Diagram of CM F-IO 2xM12 Connection Module

Technical Specifications

Dimensions and Weight

Dimensions W x H x D in [mm]

45 x 130 x 40

Weight

310 g

See also

Properties of the F-Switch PROFIsafe Electronic Module (Page 113)

Block Diagram of the F-Switch PROFIsafe Electronic Module (Page 115)

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 57

Fail-Safe Electronic Modules

Overview

Fail-safe digital modules are available for connecting digital sensors or encoders and

actuators or loads to ET 200pro. This chapter provides the following information for each fail-

safe module:

● Properties and specific characteristics

● Front view, terminal assignment for connection modules and block diagram

● Wiring diagram and assignable parameters

● Diagnostic functions, including corrective actions

● Technical specifications

WARNING

The fail-safe performance characteristics in the technical specifications are applicable to

a proof-test interval of 10 years and a mean time to repair of 100 hours.

Description of Applicable Electronic Modules and Connection Modules

The applicable standard electronic modules and standard connection modules are described

in the

ET 200pro Distributed I/O Device

manual.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

58 Operating Instructions, 07/2013, A5E00394073-03

8.1

8/16 F-DI DC24V PROFIsafe Digital Electronic Module

8.1.1

Properties of 8/16 F-DI DC24V PROFIsafe Electronic Module

Order Number

6ES7 148-4FA00-0AB0

Properties

The F-Switch electronic module has the following properties:

● 16 inputs (SIL2/Category 3) or 8 inputs (SIL3/Category 3 or Category 4)

● 24 V DC rated input voltage

● Suitable for switches and 3- or 4-wire proximity switches (BEROs)

● Four short-circuit-proof sensor supplies for each of the four inputs

● External sensor supply possible

● Group fault display (SF; red LED)

● Fault LED for each sensor supply (Vs1F to Vs4F) is mapped to VsF LED and the

associated channels

● Status and fault LEDs for each input (two-color green/red LED)

● Identification data (

see ET 200pro Distributed I/O System Standard Manual

)

● Assignable diagnostics

● Can only be operated in safety mode

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 59

8.1.2

Terminal Assignment of 8/16 F-DI DC24V PROFIsafe Electronic Module

Terminal Assignment on CM IO 16×M12 Connection Module

The following table presents the terminal assignment of the 8/16 F-DI DC24V PROFIsafe

electronic module on the CM IO 16×M12 connection module.

Sockets X1 to X4 and X9 to X12 are assigned twice. This enables you to implement a 1oo2

evaluation with one connecting cable, e.g., channels 0 and 4 at connector X1.

The functional ground (FG) is located on the shield.

Table 8- 1 Terminal Assignment on the CM IO 16xM12 Connection Module for 8/16 F-DI DC24V PROFIsafe

Circular connector view

Terminal

Assignment of X1 to X16

1 Connectors X1 to X4: 24 V sensor supply 1 (Vs1)2

Connectors X5 to X8: 24 V sensor supply 2 (Vs2)2

Connectors X9 to X12: 24 V sensor supply 3 (Vs3)2

Connectors X13 to X16: 24 V sensor supply 4 (Vs4)

Input signal:

Connector X1: Channel 43

Connector X2: Channel 53

Connector X3: Channel 63

Connector X4: Channel 73

Connector X5: Not assigned

Connector X6: Not assigned

Connector X7: Not assigned

Connector X8: Not assigned

Connector X9: Channel 123

Connector X10: Channel 133

Connector X11: Channel 143

Connector X12: Channel 153

Connector X13: Not

assigned

Connector X14: Not

assigned

Connector X15: Not

assigned

Connector X16: Not

assigned

Sensor supply ground (1M)

4 Input signal:

Connector X1: Channel 0

Connector X2: Channel 1

Connector X3: Channel 2

Connector X4: Channel 3

Connector X5: Channel 4

Connector X6: Channel 5

Connector X7: Channel 6

Connector X8: Channel 7

Connector X9: Channel 8

Connector X10: Channel 9

Connector X11: Channel 10

Connector X12: Channel 11

Connector X13: Channel 12

Connector X14: Channel 13

Connector X15: Channel 14

Connector X16: Channel 15

5 Connectors X1 to X4: 24 V sensor supply 2 (Vs2)3

Connectors X5 to X8: Not assigned

Connectors X9 to X12: 24 V sensor supply 4 (Vs4)3

Connectors X13 to X16: Not assigned

1 3-, 4- or 5-core copper cable

2 Made available by the ET 200pro for the connected sensor

Relevant only in the case of 1oo2 evaluation via a connecting cable

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

60 Operating Instructions, 07/2013, A5E00394073-03

8.1.3

Block Diagram of 8/16 F-DI DC24V PROFIsafe Electronic Module

Block Diagram

Figure 8-1 Block Diagram of 8/16 F-DI DC24V PROFIsafe Electronic Module

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 61

8.1.4

Parameters for the 8/16 F-DI DC24V PROFIsafe Electronic Module

Parameters in

STEP 7

The following table presents the parameters that can be assigned to the 8/16 F-DI DC24V

PROFIsafe electronic module.

Table 8- 2 Parameters for the 8/16 F-DI DC24V PROFIsafe Electronic Module

Parameters

Range

Default

Type of

parameter

Range of

effectiven

ess

F-parameters:

F_destination_address

1 to 1022

Assigned by

STEP 7

Static

Module

F-monitoring time

10 to 10000 ms

150 ms

Static

Module

Module Parameters:

Input delay

0.5; 3; 15 ms

3 ms

Static

Module

Short-circuit test

Cyclic/Disable

Cyclic

Static

Module

Behavior after channel

faults*

Passivate the entire

module/Passivate the

channel

Passivate the entire

module

Static Module

Channel n, n+4 Enabled/disabled Enabled Static Channel

group

Evaluation of the

sensors

1oo2 evaluation/

1oo1 evaluation

1oo2 evaluation Static Channel

group

Type of sensor

interconnection

1-channel;

2-channel equivalent;

2-channel

nonequivalent

2-channel equivalent Static Channel

group

Behavior at

discrepancy

Provide last valid value;

Provide value 0

Provide last valid value Static Channel

group

Discrepancy time 10 to 30000 ms 10 ms Static Channel

group

Reintegration after

discrepancy error

Test of 0-signal not

required/Test of 0-

signal required

Test of 0-signal not

required

Static Channel

group

* This setting is only relevant when the S7 Distributed Safety V 5.4 or higher optional package is

installed.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

62 Operating Instructions, 07/2013, A5E00394073-03

Short-Circuit Test Parameter

The cyclic short-circuit test is enabled and disabled using the short-circuit test parameter.

The short-circuit test is only useful for simple switches that do not have their own power

supply. If the short-circuit test has been enabled, the internal sensor supplies must be used

(see also

"Use Cases of the 8/16 F-DI DC24V PROFIsafe Electronic Module"

Behavior at Discrepancy Parameter

As the "behavior at discrepancy" you assign the value that is made available to the safety

program in the F-CPU while there is a discrepancy between the two input channels involved,

i.e., during the discrepancy time. You assign the behavior at discrepancy as follows:

● "Provide last valid value", or

● "Provide value 0"

Requirements

You have assigned the following:

● Evaluation of the sensors: "1oo2 evaluation"

"Provide last valid value"

The last valid value (old value) before discrepancy occurs is made available to the safety

program in the F-CPU as soon as a discrepancy is detected between the two relevant input

channel signals. This value is supplied until the discrepancy disappears or until the

discrepancy time expires and a discrepancy error is detected. The sensor-actuator response

time is extended by an amount equal to this time.

As a result, the discrepancy time of sensors connected via two channels must be set for fast

reactions to short response times. It makes no sense, for example, for a time-critical

shutdown to be triggered by sensors connected via two channels with a discrepancy time of

500 ms. In the worst case, the sensor-actuator response time is extended by an amount

approximately equal to the discrepancy time.

● For this reason, position the sensors in the process in such a way as to

minimize

discrepancy

● Then select the

shortest possible

discrepancy time that includes a sufficient cushion

against false tripping of discrepancy errors.

"Provide value 0"

The value "0" is made available to the safety program in the F-CPU as soon as a

discrepancy is detected between the signals of the two relevant input channels.

If you specified "Provide value 0", the sensor-actuator response time will not be affected by

the discrepancy time.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 63

Discrepancy Time Parameter

Here, you can specify the discrepancy time for each channel pair. The entered value is

rounded to a multiple of 10 ms.

Requirements

You have assigned the following:

● Evaluation of the sensors: "1oo2 evaluation" and

● Type of sensor interconnection: "2-channel equivalent" or "2-channel nonequivalent"

Discrepancy Analysis and Discrepancy Time

If you are using one two-channel sensor, one nonequivalent sensor or two single-channel

sensors that are measuring the same physical process variable, the sensors will respond

with a time delay due to the limited accuracy of their arrangement.

The discrepancy analysis for equivalence/nonequivalence is used with fail-safe inputs to

detect faults based on the timing of two signals with the same functionality. Discrepancy

analysis is initiated when different levels (when testing for nonequivalence: same voltage

levels) are detected at two associated input signals. A test is conducted to determine

whether the difference in levels (when testing for nonequivalence: the consistency) has

disappeared within a programmable period known as the discrepancy time. If not, a

discrepancy error exists.

In most cases, the discrepancy time starts but does not elapse completely, since the signal

differences disappear after a short time.

Select a discrepancy time of sufficient length so that in case of no error, the difference

between the two signals (when checking for nonequivalence: the consistency) has definitely

disappeared before the discrepancy time expires.

Behavior While Discrepancy Time is Running

While the assigned discrepancy time is running internally on the module, either the

last valid

value

"0"

is made available to the safety program in the F-CPU by the relevant input

channels, depending on the parameter assignment for the behavior at discrepancy.

Behavior After Discrepancy Time Elapses

If the input signals are not equivalent following expiration of the specified discrepancy time

(when checking for nonequivalence: no inequality), for example due to wire break at a

sensor line, the system detects a discrepancy error and generates a "discrepancy"

diagnostic message in the diagnostic buffer of the F-I/O module to identify the faulty

channels.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

64 Operating Instructions, 07/2013, A5E00394073-03

Reintegration After Discrepancy Error Parameter

This parameter is used to specify when a discrepancy error is regarded as eliminated and,

thus, when the relevant input channels can be reintegrated. The following can be assigned:

● "Test of 0-signal required" or

● "Test of 0-signal not required"

Requirements

You have assigned the following:

● Evaluation of the sensors: "1oo2 evaluation"

"Test of 0-signal required"

If you assigned "Test of 0-signal required", a discrepancy error is regarded as eliminated

once a 0-signal is present again at both of the relevant input channels.

If you are using nonequivalent sensors, i.e., the "Type of sensor interconnection" is set to "2-

channel nonequivalent", a 0-signal must be present again at the channel supplying the

wanted signal.

For information about which F-module channels supply the wanted signals, refer to the

manual for the F-module you are using.

"Test of 0-signal not required"

If you assigned "Test of 0-signal not required", a discrepancy error is regarded as eliminated

once the discrepancy at the two relevant input channels disappears.

F-modules in SIMATIC S7 for which the "Reintegration after discrepancy error" parameter is

not available also exhibit this behavior.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 65

8.1.5

Wiring of Inputs of 8/16 F-DI DC24V PROFIsafe Electronic Module

Note

The following sections on wiring options and specific

STEP 7

parameters (use cases) apply

to the 8/16 F

-DI and the inputs of the 4/8 F-DI/4 F-DO.

Use Case Selection

The following figure provides information to help you select the use case that corresponds to

your fail-safe requirements. The following sections provide instructions on wiring the F-

module and identify the parameters you must assign in

STEP 7

for each use case.

Figure 8-2 Use Case Selection

WARNING

The achievable Safety Integrity Level is determined by the sensor quality and the length of

the proof-test interval according to the IEC 61508:2000 standard. If the sensor quality does

not meet Safety Integrity Level requirements, always use the sensor in redundant operation

and connect it via two channels.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

66 Operating Instructions, 07/2013, A5E00394073-03

Conditions for Achieving SIL/Category

The conditions for achieving the respective safety requirements are presented in the

following table.

Table 8- 3 F-DI Modules: Conditions for Achieving SIL/Category

Use case

Sensors

Evaluation of

the sensors

Sensor supply

Achievable

SIL/Category

1 1-channel 1oo1 Internal, with short-

circuit test

2 / 3

Internal, without short-

circuit test

External

2.1 1-channel 1oo2 Internal, with short-

circuit test

3 / 3

Internal, without short-

circuit test

External

2.2 2-channel

equivalent

1oo2 Internal, without short-

circuit test

External

2.3 2-channel

nonequivalent

1oo2 Internal, without short-

circuit test

External

3.1 2-channel

equivalent

1oo2 Internal, with short-

circuit test

3 / 4

3.2 2-channel

nonequivalent

Note

You

can operate the various inputs of an F-DI module simultaneously in SIL2/Category 3

and

SIL3/Category 3 or 4. You only have to connect the inputs and assign parameters as

shown in the following sections.

Sensor Requirements

Please note the information in

"Requirements for Sensors and Actuators"

when using

sensors for safety-related applications.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 67

8.1.6

Use Case 1: Safety Mode SIL2/Category 3

Sensor Supply

The sensors can be powered internally or externally.

Table 8- 4 Use Case 1: Assignment of Sensor Supply to Input Channels

8/16 F-DI DC24V PROFIsafe

4/8 F-DI/4 F-DO DC24V/2A PROFIsafe

Input channels DI 0 to DI 3: Sensor supply Vs1

Input channels DI 4 to DI 7: Sensor supply Vs2

Input channels DI 8 to DI 11: Sensor supply Vs3

Input channels DI 12 to DI 15: Sensor supply Vs4

Input channels DI 0 to DI 3: Sensor supply Vs1

Input channels DI 4 to DI 7: Sensor supply Vs2

Wiring Diagram for Use Case 1 – Connecting One Sensor Via One Channel

One sensor is connected via one channel for each process signal (1oo1 evaluation).

The wiring is carried out at the appropriate connection module.

The figures below illustrate an example wiring diagram for channel groups 1 and 2.

Figure 8-3 Wiring Diagram for F-DI Modules - One Sensor Connected Via One Channel, Internal

Sensor Supply

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

68 Operating Instructions, 07/2013, A5E00394073-03

Figure 8-4 Wiring Diagram for F-DI Modules - One Sensor Connected Via One Channel, External

Sensor Supply

Assignable Parameters for Use Case 1

Set the "Evaluation of the sensors" parameter to "1oo1 evaluation" for the respective input.

You can enable or disable the "Short-circuit test" parameter. However, you must disable the

short-circuit test as soon as at least one fail-safe digital input is

externally

supplied.

Otherwise, the "Short circuit" diagnostic is reported.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 69

Specific Characteristics for Fault Detection (Use Case 1)

The following table summarizes fault detection according to the sensor supply and the

parameter assignment for the short-circuit test:

Table 8- 5 F-DI Modules: Fault Detection (Use Case 1)

Example of fault

Fault detection in case of ...

Internal sensor supply

and short-circuit test

enabled

Internal sensor supply

and short-circuit test

disabled

External sensor

supply

Short circuit of DI 0 with DI 1

Short circuit of DI 0 with DI 4

Yes*

P-short circuit of DI 0

Yes

M-short circuit of DI 0

Yes*

Discrepancy error

P-short circuit of Vs1

Yes

M-short circuit of Vs1, or Vs2

defective

Yes Yes Yes

Short circuit of Vs1 with Vs2

Yes

Fault in read/test circuit

Yes

Supply voltage fault

Yes

*: Fault is detected only in case of signal corruption. That is, the signal read differs from the sensor

signal. If there is no signal corruption relative to the sensor signal, fault detection is not possible and

is not required from a safety standpoint.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

70 Operating Instructions, 07/2013, A5E00394073-03

8.1.7

Use Case 2: Safety Mode SIL3/Category 3

Assigning Inputs to Each Other

The F-DI modules have 2, 8, or 16 fail-safe inputs (SIL2). A pair of these inputs can be used

as one input (SIL3). The following assignments apply in this case:

Table 8- 6 Use Case 2: Assignment of Input Channels to Each Other

8/16 F-DI DC24V PROFIsafe

4/8 F-DI/4 F-DO DC24V/2A PROFIsafe

Input channels DI 0 and DI 4

Input channels DI 1 and DI 5

Input channels DI 2 and DI 6

Input channels DI 3 and DI 7

Input channels DI 8 and DI 12

Input channels DI 9 and DI 13

Input channels DI 10 and DI 14

Input channels DI 11 and DI 15

Input channels DI 0 and DI 4

Input channels DI 1 and DI 5

Input channels DI 2 and DI 6

Input channels DI 3 and DI 7

Sensor Supply

The sensor supply can be provided internally or externally.

Table 8- 7 Use Case 2: Assignment of Sensor Supply to Inputs

8/16 F-DI DC24V PROFIsafe

4/8 F-DI/4 F-DO DC24V/2A PROFIsafe

Input channels DI 0 to DI 3: Sensor supply Vs1

Input channels DI 4 to DI 7: Sensor supply Vs2

Input channels DI 8 to DI 11: Sensor supply Vs3

Input channels DI 12 to DI 15: Sensor

supply Vs4

Input channels DI 0 to DI 3: Sensor supply Vs1

Input channels DI 4 to DI 7: Sensor supply Vs2

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 71

Wiring Diagram for Use Case 2.1 – Connecting One Sensor Via One Channel to Two Inputs

One sensor is connected via one channel to two inputs of the F-module for each process

signal (1oo2 evaluation).

Note

If the voltage is supplied to the sensor from the F

-DI module, you must use the internal

sensor supply Vs1.

Connection to Vs2 is not possible.

The wiring is carried out at the appropriate connection module.

The figures below illustrate an example wiring diagram for channel groups 1 and 2.

Figure 8-5 Wiring Diagram for F-DI Modules - One Sensor Connected Via One Channel to Two

Inputs, Internal Sensor Supply

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

72 Operating Instructions, 07/2013, A5E00394073-03

Figure 8-6 Wiring Diagram for F-DI Modules - One Sensor Connected Via One Channel to Two

Inputs, External Sensor Supply

WARNING

In order to achieve SIL3/Category 3 with this wiring, you must install a suitably qualified

sensor, for example, in accordance with IEC 60947.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 73

Assignable Parameters for Use Case 2.1

Set the "Evaluation of the sensors" parameter to "1oo2 evaluation" and the "Type of sensor

interconnection" parameter to "1-channel" for the relevant input. The discrepancy time is

permanently preset to 10 ms and cannot be changed.

You can enable or disable the "Short-circuit test" parameter. However, you must disable the

short-circuit test as soon as at least one fail-safe digital input is

externally

supplied.

Otherwise, the "Short circuit" diagnostic is reported.

Specific Characteristics for Fault Detection (Use Case 2.1)

The following table summarizes fault detection according to the sensor supply and the

parameter assignment for the short-circuit test:

Table 8- 8 8/16 F-DI DC24V PROFIsafe Electronic Module: Fault Detection (Use Case 2.1)

Example of fault

Fault detection in case of ...

Internal sensor supply

and short-circuit test

enabled

Internal sensor supply

and short-circuit test

disabled

External sensor

supply

Short circuit of DI 0 with DI 1

Short circuit of DI 0 with DI 5

P-short circuit of DI 0

Yes

M-short circuit of DI 0

Yes*

Discrepancy error

Yes

P-short circuit of Vs1

Yes

M-short circuit of Vs1, or Vs2

defective

Yes Yes Yes

Short circuit of Vs1 with Vs2

Yes

Fault in read/test circuit

Yes

Supply voltage fault

Yes

Fault is detected only in case of signal corruption. That is, the signal read differs from the sensor

signal (discrepancy error). If there is no signal corruption relative to the sensor signal, fault detection

is not possible and is not required from a safety standpoint.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

74 Operating Instructions, 07/2013, A5E00394073-03

Wiring Diagram for Use Case 2.2 – Connecting One Two-Channel Sensor Via Two Channels

One two-channel sensor is connected via two channels to two inputs of the F-module for

each process signal (1oo2 evaluation).

The wiring is carried out at the appropriate connection module.

The figures below illustrate an example wiring diagram for channel groups 1 and 2.

Figure 8-7 Wiring Diagram for F-DI Modules - One Two-Channel Sensor Connected, Internal

Sensor Supply

Figure 8-8 Wiring Diagram for F-DI Modules - One Two-Channel Sensor Connected Via Two

Channels, External Sensor Supply

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 75

Wiring Diagram for Use Case 2.2 – Connecting Two One-Channel Sensors Via Two Channels

Two single-channel sensors are connected via two channels to two inputs of the F-module

for each process signal (1oo2 evaluation). The sensors can also be supplied via an external

sensor supply.

The figure below illustrates an example wiring diagram for channel groups 1 and 2.

Figure 8-9 Wiring Diagram for F-DI Modules - Two One-Channel Sensors Connected Via Two

Channels, Internal Sensor Supply

WARNING

In order to achieve SIL3/Category 3 with this wiring, you must install a suitably qualified

sensor, for example, in accordance with IEC 60947.

Assignable Parameters for Use Case 2.2

Set the "Evaluation of the sensors" parameter to "1oo2 evaluation" and the "Type of sensor

interconnection" parameter to "2-channel equivalent" for the relevant input. Disable the

"Short-circuit test" parameter.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

76 Operating Instructions, 07/2013, A5E00394073-03

Specific Characteristics for Fault Detection (Use Case 2.2)

The following table presents fault detection according to the sensor supply and the

parameter assignment for the short-circuit test:

Table 8- 9 F-DI Modules: Fault Detection (Use Case 2.2)

Example of fault

Fault detection in case of ...

Internal sensor supply and

short-circuit test disabled

External sensor supply

Short circuit of DI 0 with DI 1

Yes*

Short circuit of DI 0 with DI 4

Short circuit of DI 0 with DI 5

Yes*

P-short circuit of DI 0

Yes*

M-short circuit of DI 0

Yes*

Discrepancy error

Yes

P-short circuit of Vs1

M-short circuit of Vs1, or Vs2 defective

Yes

Short circuit of Vs1 with Vs2

Fault in read/test circuit

Yes

Supply voltage fault

Yes

Fault is detected only in case of signal corruption. That is, the signal read differs from the sensor

signal (discrepancy error). If there is no signal corruption relative to the sensor signal, fault detection

is not possible and is not required from a safety standpoint.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 77

Wiring Diagram for Use Case 2.3 – Connecting One Nonequivalent Sensor Via Two Channels

Nonequivalently

One nonequivalent sensor is connected nonequivalently via two channels to two inputs of

the F-module for each process signal (1oo2 evaluation).

The left channels on the F-module (DI 0 to DI 2, DI 0 to DI 3, or DI 8 to DI 11) supply the

wanted signals. If no faults are detected, these signals will be available in the I/O area for

inputs in the F-CPU.

Note

If the voltage is supplied to the sensor from the F

-DI module, you must use the internal

sensor supply Vs1 (or Vs3).

Connection to Vs2 (or Vs4) is not possible.

The wiring is carried out at the appropriate connection module.

The figures below illustrate an example wiring diagram for channel groups 1 and 2.

Figure 8-10 Wiring Diagram for F-DI Modules - One Nonequivalent Sensor Connected

Nonequivalently Via Two Channels, Internal Sensor Supply

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

78 Operating Instructions, 07/2013, A5E00394073-03

Figure 8-11 Wiring Diagram for F-DI Modules - One Nonequivalent Sensor Connected

Nonequivalently Via Two Channels, External Sensor Supply

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 79

Wiring Diagram for Use Case 2.3 – Connecting Two One-Channel Sensors Nonequivalently Via Two

Channels

Two one-channel sensors are connected nonequivalently via two channels to two inputs of

the F-I/O module for each process signal (1oo2 evaluation).

The left channels on the F-module (DI 0 to DI 2, DI 0 to DI 3, or DI 8 to DI 11) supply the

wanted signals. If no faults are detected, these signals will be available in the I/O area for

inputs in the F-CPU.

The sensors can also be supplied via an external sensor supply.

The figure below illustrates an example wiring diagram for channel groups 1 and 2.

Figure 8-12 Wiring Diagram for F-DI Modules - Two One-Channel Sensors Connected

Nonequivalently Via Two Channels, Internal Sensor Supply

WARNING

In order to achieve SIL3/Category 3 with this wiring, you must install a suitably qualified

sensor, for example, in accordance with IEC 60947.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

80 Operating Instructions, 07/2013, A5E00394073-03

Assignable Parameters for Use Case 2.3

Set the "Evaluation of the sensors" parameter to "1oo2 evaluation" and the "Type of sensor

interconnection" parameter to "2-channel nonequivalent" for the relevant input. Disable the

"Short-circuit test" parameter.

Specific Characteristics for Fault Detection (Use Case 2.3)

The following table summarizes fault detection according to the sensor supply and the

parameter assignment for the short-circuit test:

Table 8- 10 F-DI Modules: Fault Detection (Use Case 2.3)

Example of fault

Fault detection in case of ...

Internal sensor supply and

short-circuit test disabled

External sensor supply

Short circuit of DI 0 with DI 1

Yes*

Short circuit of DI 0 with DI 4

Yes

Short circuit of DI 0 with DI 5

Yes*

P-short circuit of DI 0

Yes*

M-short circuit of DI 0

Yes*

Discrepancy error

Yes

P-short circuit of Vs1

M-short circuit of Vs1, or Vs2 defective

Yes

Short circuit of Vs1 with Vs2

Fault in read/test circuit

Yes

Supply voltage fault

Yes

Fault is detected only in case of signal corruption. That is, the signal read differs from the sensor

signal (discrepancy error). If there is no signal corruption relative to the sensor signal, fault detection

is not possible and is not required from a safety standpoint.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 81

8.1.8

Use Case 3: Safety Mode SIL3/Category 4

Assigning Inputs to Each Other

The F-DI modules have 2, 8, or 16 fail-safe inputs (SIL2). A pair of these inputs can be used

as one input (SIL3). The following assignments apply in this case:

Table 8- 11 Use Case 3: Assignment of Input Channels to Each Other

8/16 F-DI DC24V PROFIsafe

4/8 F-DI/4 F-DO DC24V/2A PROFIsafe

Input channel DI 0 and DI 4

Input channel DI 1 and DI 5

Input channel DI 2 and DI 6

Input channel DI 3 and DI 7

Input channel DI 8 and DI 12

Input channel DI 9 and DI 13

Input channel DI 10 and DI 14

Input channel DI 11 and DI 15

Input channel DI 0 and DI 4

Input channel DI 1 and DI 5

Input channel DI 2 and DI 6

Input channel DI 3 and DI 7

Sensor supply

The sensor must be supplied internally.

Table 8- 12 Use Case 2: Assignment of Sensor Supply to Inputs

8/16 F-DI DC24V PROFIsafe

4/8 F-DI/4 F-DO DC24V/2A PROFIsafe

Input channels DI 0 to DI 3: Sensor supply Vs1

Input channels DI 4 to DI 7: Sensor supply Vs2

Input channels DI 8 to DI 11: Sensor supply Vs3

Input channels DI 12 to DI 15: Sensor

supply Vs4

Input channels DI 0 to DI 3: Sensor supply Vs1

Input channels DI 4 to DI 7: Sensor supply Vs2

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

82 Operating Instructions, 07/2013, A5E00394073-03

Wiring Diagram for Use Case 3.1 – Connecting One Two-Channel Sensor Via Two Channels

One two-channel sensor is connected via two channels to two inputs of the F-module for

each process signal (1oo2 evaluation).

The wiring is carried out at the appropriate connection module.

The figure below illustrates an example wiring diagram for channel groups 1 and 2.

Figure 8-13 Wiring Diagram for F-DI Modules - One Two-Channel Sensor Connected Via Two

Channels, Internal Sensor Supply

Alternatively, two one-channel sensors can be connected via two channels (see Figure

"Wiring Diagram for F-DI Modules - Two One-Channel Sensors Connected Via Two

Channels, Internal Sensor Supply"

). In this case, the same process variable is measured

with mechanically separated sensors.

WARNING

In order to achieve SIL3/Category 4 with this wiring, you must install a suitably qualified

sensor, for example, in accordance with IEC 60947.

Assignable Parameters for Use Case 3.1

Set the "Evaluation of the sensors" parameter to "1oo2 evaluation" and the "Type of sensor

interconnection" parameter to "2-channel equivalent" for the relevant input. Enable the

"Short-circuit test" parameter.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 83

Wiring Diagram for Use Case 3.2 – Connecting One Nonequivalent Sensor Via Two Channels

Nonequivalently

Eight process signals can be connected to an 8/16 F-DI DC24V PROFIsafe electronic

module, 4 process signals to a 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe electronic module,

and 2 process signals to an F-Switch PROFIsafe. One sensor is connected nonequivalently

via two channels to two inputs of the F-module for each process signal (1oo2 evaluation).

The left channels on the F-module (DI 0 to DI 3 or DI 8 to DI 11) supply the wanted signals. If

no faults are detected, these signals will be available in the I/O area for inputs in the F-CPU.

Note

You must use internal senso

r supply Vs1 (or Vs3) to supply voltage to the sensor.

Connection to Vs2 (or Vs4) is not possible.

The wiring is carried out at the appropriate connection module.

The figure below illustrates an example wiring diagram for channel groups 1 and 2.

Figure 8-14 Wiring Diagram for F-DI Modules - One Nonequivalent Sensor Connected

Nonequivalently Via Two Channels, Internal Sensor Supply

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

84 Operating Instructions, 07/2013, A5E00394073-03

Alternatively, two one-channel sensors can be connected nonequivalently via two channels

(see Figure

"Wiring Diagram for F-DI Modules - Two One-Channel Sensors Connected

Nonequivalently Via Two Channels, Internal Sensor Supply"

). In this case, the same process

variable is measured with mechanically separated sensors.

WARNING

In order to achieve SIL3/Category 4 with this wiring, you must install a suitably qualified

sensor, for example, in accordance with IEC 60947.

Assignable Parameters for Use Case 3.2

Set the "Evaluation of the sensors" parameter to "1oo2 evaluation" and the "Type of sensor

interconnection" parameter to "2-channel nonequivalent" for the relevant input. Enable the

"Short-circuit test" parameter.

Specific Characteristics for Fault Detection (Use Cases 3.1 and 3.2)

The following table presents fault detection according to the sensor supply and the

parameter assignment for the short-circuit test:

Table 8- 13 F-DI Modules: Fault Detection (Use Cases 3.1 and 3.2)

Example of fault

Fault detection with internal sensor supply and enabled

short-circuit test for ...

Sensor 2-channel equivalent

Sensor 2-channel

nonequivalent

Short circuit of DI 0 with DI 1 Yes

Yes

Short circuit of DI 0 with DI 4

Yes*

Yes

Short circuit of DI 0 with DI 5

Yes*

P-short circuit of DI 0

Yes

M-short circuit of DI 0

Yes*

Discrepancy error

Yes

P-short circuit of Vs1

Yes

M-short circuit of Vs1, or Vs2 defective

Yes

Short circuit of Vs1 with Vs2

Yes

Fault in read/test circuit

Yes

Supply voltage fault

Yes

Fault is detected only in case of signal corruption. That is, the signal read differs from the sensor

signal (discrepancy error). If there is no signal corruption relative to the sensor signal, fault detection

is not possible and is not required from a safety standpoint.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 85

Requirements for Machine Protection Applications With Category 4

The following requirements apply to machine protection applications with Category 4:

● State-of-the-art wiring must be used between the sensors and the automation system or

between the automation system and the actuators to prevent short circuits.

● All short circuits listed in the above table are detected. Detection of a short circuit is

sufficient in this case, because two faults must exist for the short circuit to occur (both of

the short-circuited signal cables exhibit an insulation fault). Thus, a multiple short-circuit

analysis is not required.

Processes for detection of all short circuits are also permissible if individual short circuits are

not detected, provided:

● The short circuits do not cause corruption of read signals compared to the sensor signals

● The short circuits cause corruption of read signals compared to the sensor signals, but in

the direction that ensures safety.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

86 Operating Instructions, 07/2013, A5E00394073-03

8.1.9

Diagnostic Functions of the 8/16 F-DI DC24V PROFIsafe Electronic Module

Behavior in Case of Supply Voltage Failure

Failure of sensor supplies Vs1 to Vs4 is indicated by the SF LED, the VsF LED, and the

LEDs of the relevant channel group on the F-module. This information is also provided on

the module (diagnostic entry). The relevant channel groups or channels (in the case of

channel-level passivation) of the module are passivated.

Diagnostic Functions

The following table presents an overview of the diagnostic functions of the 8/16 F-DI DC24V

PROFIsafe electronic module. The diagnostic functions are assigned either to one channel

or to the entire module.

Table 8- 14 Diagnostic Functions of the 8/16 F-DI DC24V PROFIsafe Electronic Module

Diagnostic Function*

Fault

Number

LED

Signaled in

Use Case

Range of

Effectiveness

of Diagnostic

Assignabl

Short circuit

1, 2, 3

Channel

Yes

Overtemperature

1, 2, 3

Module

Fault

1, 2, 3

Module

Parameter assignment error

10H

1, 2, 3

Module

Sensor voltage or load voltage

is missing

11H VsF

VsF

1, 2, 3 Module No

Communication error

13H

1, 2, 3

Module

Safety-related shutdown

2.3

Channel

*: Specifically for F-modules; display in

STEP 7

, see the "Channel-Specific Diagnostics, Fault Types

of Fail-Safe Modules" table

Note

If you have enabled the short-circuit test

for the F-DI module in

STEP 7

and are using only

one of the two internal sensor supplies of the module (Vs1 or Vs2, or Vs3 or Vs4), a channel

-short circuit is detected for each of the four channels whose sensor supply is not used.

Four "short

-circuit" diagnostic functions are generated in the diagnostic buffer of the F-

module.

Specific Characteristics for Fault Detection

Detection of some faults (such as short circuits or discrepancy errors) is dependent on the

use case, wiring, and parameter assignment of the short-circuit test. For this reason, tables

on fault detection are presented for the use cases in

"Use Case 1: Safety Mode

SIL2/Category 3" to "Use Case 3: Safety Mode SIL3/Category 4"

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 87

Causes of Faults and Corrective Actions

The following table presents the possible causes of faults and corrective actions for the

individual diagnostic messages of the 8/16 F-DI DC24V PROFIsafe electronic module.

Table 8- 15 Diagnostic Messages of the 8/16 F-DI DC24V PROFIsafe Electronic Module, Causes of

Faults and Corrective Actions

Diagnostic

Message

Fault

Detection

Possible Causes

Corrective Actions

Short circuit

Always

Internal fault

Replace module

Cyclically

during

short-

circuit test

Short circuit at the

sensor

Cross circuit at the

sensor

Eliminate short circuit/cross circuit on

sensor

Overtemperature Always Shutdown due to

violation of temperature

limit values in the

module case.

Check ambient temperature.

Check whether permissible output current

of the sensor power supply is exceeded

for the ambient temperature.

Once the fault has been eliminated, the

module must be removed and inserted, or

the power switched off and on.

Fault Always Internal module fault has

occurred

Replace module

Parameter

assignment error

Always Inserted module does

not match configuration

Correct the configuration (compare actual

and preset configuration).

PROFIsafe address set

incorrectly on the F-

module

Check whether the PROFIsafe address on

the module matches the configuration in

STEP 7 HW Config

Sensor voltage or

load voltage is

missing

Always No supply voltage or

supply voltage is too low

Check module for proper contact.

Once the fault has been eliminated, the

module must be removed and inserted, or

the power switched off and on.

Voltage dip due to short

circuit

Eliminate short circuit/cross circuit.

Communication

error

Always Error in communication

between the F-CPU and

module, e.g., due to

defective

PROFIBUS/Industrial

Ethernet connection or

higher than permissible

electromagnetic

interferences.

Check the PROFIBUS/Industrial Ethernet

connection.

Eliminate the interferences.

PROFIsafe monitoring

time set too low

Set a higher value for the "F-monitoring

time" parameter for the module in

STEP 7

HW Config

Configuration of the F-

module does not match

the fail-safe program

Recompile the safety program; then reload

the configuration and safety program to

the F-CPU

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

88 Operating Instructions, 07/2013, A5E00394073-03

Diagnostic

Message

Fault

Detection

Possible Causes

Corrective Actions

Safety-related

shutdown

Always Faulty process signal

Defective sensor

Check process signal. Replace sensor if

necessary.

Short circuit between

unconnected sensor

cable and the sensor

supply cable

Eliminate short circuit

Wire break in connected

sensor cable or sensor

supply cable

Eliminate broken wire

Assigned discrepancy

time is too short

Check the assigned discrepancy time.

Once the error is eliminated, the F-module

must be reintegrated in the safety

program.

For more information on passivation and reintegration of F-I/O, refer to

"Diagnostics"

and the

S7 Distributed Safety Configuring and Programming

Programmable Controllers S7 F/FH

manuals.

Generally Applicable Information on Diagnostics

For information on diagnostics pertaining to all fail-safe modules (e.g., readout of diagnostic

functions; passivation of channels), refer to

"Diagnostics"

in this manual as well as the

S7 Distributed Safety Configuring and Programming

Programmable Controllers S7 F/FH

manuals.

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 89

8.1.10

Technical Specifications for the 8/16 F-DI DC24V PROFIsafe Electronic Module

Overview

Technical Specifications

Dimensions and Weight

Dimensions W x H x D (mm)

90 x 175 x 65.2 (including rack)

Weight

Approx. 270 g

Module-Specific Specifications

Number of inputs

• 1-channel Max. 16

• 2-channel Max. 8

Assigned address area

• I/O area for inputs 8 bytes

• I/O area for outputs 4 bytes

Cable length

• Unshielded Max. 30 m

• Shielded Max. 30 m

Maximum achievable safety class

1-channel

2-channel

• According to IEC 61508:2000 SIL2 SIL3

• According to ISO 13849-1:2006 or

EN ISO 13849-1:2008

Category 3 Category 4

Fail-safe performance characteristics

SIL2

SIL3

• Low demand mode (average probability of

failure on demand)

< 1.00E-03 < 1.00E-05

• High demand/continuous mode (probability of

a dangerous failure per hour)

< 1.00E-08 < 1.00E-09

Voltages, Currents, Potentials

Rated supply voltage L+

24 V DC

• Permissible range 20.4 V to 28.8 V

• Power loss ride-through of L+ None

• Power loss ride-through of internal P5 5 ms

• Reverse polarity protection Yes

Number of simultaneously controllable inputs

• All mounting positions

– Up to 40°C

– Up to 55°C

16 (for 28.8 V)

16 (for 24.7 V) or 8 (for 28.8 V)

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

90 Operating Instructions, 07/2013, A5E00394073-03

Technical Specifications

Electrical isolation

• Between channels and backplane bus Yes

• Between channels and power supply No

• Between channels No

• Between channels/power supply and shield Yes

Permissible potential difference between

• Shield and ET 200pro bus connection 75 V DC/60 V AC

• Shield and I/O (DIs) 75 V DC/60 V AC

• ET 200pro bus connection and I/O (DIs) 75 V DC/60 V AC

Insulation tested during type test with

• Shield and ET 200pro bus connection 350 V AC/1 min

• Shield and I/O (DIs) 350 V AC/1 min

• ET 200pro bus connection and I/O (DIs) 350 V AC/1 min

Current consumption

• From backplane bus Typ. 20 mA

• From load voltage L+ (without sensor) Typ. 120 mA

Power loss of module

Typ. 4.5 W

Status, Interrupts, Diagnostics

Status displays

• Inputs Two-color red/green LED per channel

• Sensor supply LED VsF and display via channel LEDs of

channel groups

Diagnostic functions

Interrupts

• Diagnostic interrupt Channel LED red

• Group fault display Red LED (SF)

• Diagnostic information can be read out Possible

• I&M functionality * See "ET 200pro Distributed I/O" Manual

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 91

Technical Specifications

Sensor Supply Outputs

Number of outputs

Output voltage

• Loaded Min. L+ (-1.5 V)

Output current

• Rated value 200 mA

• Permissible range 0 mA to 200 mA

Permissible aggregate current of outputs

800 mA

Short-circuit protection

Yes, electronic

• Operating value 0.7 A to 2.1 A

Data for Selecting a Sensor **

Input voltage

• Rated value 24 V DC

• At signal "1" 15 V to 30 V

• At signal "0" -30 V to 5 V

Input current

• At signal "1" Typ. 3.7 mA

Input delay

Assignable (for all inputs together)

• At "0" after "1" Typ. 0.5 ms (0.3 ms to 0.7 ms)

Typ. 3 ms

(2.6 ms to 3.4 ms)

Typ. 15 ms

(13 ms to 17 ms)

• At "1" after "0" Typ. 0.5 ms (0.3 ms to 0.7 ms)

Typ. 3 ms

(2.6 ms to 3.4 ms)

Typ. 15 ms

(13 ms to 17 ms)

Input characteristic

In accordance with IEC 61131-2, Type 1

Connection of 2-wire BERO

Not possible

• Permissible quiescent current Max. 0.6 mA

Fail-Safe Electronic Modules

8.1 8/16 F-DI DC24V PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

92 Operating Instructions, 07/2013, A5E00394073-03

Technical Specifications

Time, Frequency

Internal preprocessing times

See

"Response Times"

Acknowledgment time in safety mode

• Short-circuit test enabled

With input delay of 0.5 ms:

With input delay of 3 ms:

With input delay of 15 ms:

Min. 4 ms / max. 7 ms

Min. 4 ms / max. 12 ms

Min. 4 ms / max. 9 ms

• Short-circuit test disabled Min. 4 ms / max. 6 ms

Minimum sensor signal duration See

"Minimum Duration of Sensor Signals for

Proper Detection by F-DI Module"

table in

"Wiring"

Protection against Overvoltage

Protection of supply voltage L+ from surge in

accordance with IEC 61000-4-5 with external

protection elements only

• Symmetrical (L+ to M) + 1 kV; 1.2/50 μs

• Asymmetrical (L+ to PE, M to PE) + 2 kV; 1.2/50 μs

Protection of inputs and outputs from surge in

accordance with IEC 61000-4-5 with external

protection elements only

Not required since cable length is < 30 m

Protection of supply voltage 1L+ from

overvoltages

Internal fuse tripped

*: Identification sets are described in the "ET200 pro Distributed I/O System" manual.

**: For requirements for sensors and actuators, see "

Requirements for Sensors and Actuators

Fail-Safe Electronic Modules

8.2 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 93

8.2

4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Digital Electronic Module

8.2.1

Properties of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module

Order Number

6ES7 148-4FC00-0AB0

Properties

The 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe electronic module has the following properties:

● Inputs

– 8 inputs (SIL2/Category 3) or four inputs (SIL3/Category 3 or Category 4)

– 24 V DC rated input voltage

– Suitable for switches and 3- or 4-wire proximity switches (BEROs)

– Two short-circuit-proof sensor supplies for each of the four inputs

– External sensor supply possible

● Outputs

– Four outputs, P/M switching (current sourcing/sinking)

– 2 A output current

– 24 V DC rated load voltage

– Suitable for solenoid valves, DC contactors and indicator lights

● Group fault display (SF; red LED)

● Fault LED for each sensor supply (Vs1F to Vs2F) is mapped to VsF LED and the

associated channels.

● Status and fault LEDs for each input/output (two-color green/red LED)

● Identification data (

see ET 200pro Distributed I/O System Standard Manual

)

● Assignable diagnostics

● Safety class SIL3 achievable

● Can only be operated in safety mode

Fail-Safe Electronic Modules

8.2 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

94 Operating Instructions, 07/2013, A5E00394073-03

Switching of Grounded Loads

If the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe electronic module switches loads that have a

connection between the chassis and ground (e.g., to improve the EMC properties)

and

if the

chassis and ground are connected in the power supply, a "short circuit" will be detected.

From the perspective of the F-module, the M-switch (current sinking) is bridged by the

chassis-ground connection (refer to the following figure for an example for a 4/8 F-DI/4 F-DO

DC24V/2A PROFIsafe electronic module).

Remedy:

The resistance (R) between the chassis and ground on the load side must be greater than

100 kΩ.

Figure 8-15 Switching Grounded Loads (Resistance Between Chassis and Ground)

Fail-Safe Electronic Modules

8.2 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 95

8.2.2

Terminal Assignment of the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic

Module

Terminal Assignment on CM IO 12×M12 Connection Module

The following table presents the terminal assignment of the 4/8 F-DI/4 F-DO DC24V/2A

PROFIsafe electronic module on the CM IO 12×M12 connection module.

Sockets X1 to X4 are assigned twice. This enables you to implement a 1oo2 evaluation with

one connecting cable, e.g., channels 0 and 4 at connector X1.

Table 8- 16 Terminal Assignment on the CM IO 12xM12 Connection Module for 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe

Circular connector view

Terminal

Assignment of X1 to X12

Digital inputs

Digital outputs

1 Connectors X1 to X4: 24 V sensor supply 1 (Vs1)

Connectors X5 to X8: 24 V sensor supply 2 (Vs2)

Connectors X9 to X12: Not assigned

Input signal:

Connector X1: Input channel

Connector X2: Input channel

Connector X3: Input channel

Connector X4: Input channel

Connector X5: Not assigned

Connector X6: Not assigned

Connector X7: Not assigned

Connector X8: Not assigned

Connector X9: Not assigned

Connector X10: Not assigned

Connector X11: Not assigned

Connector X12: Not assigned

3 Connectors X1 to X8: Sensor supply ground (1M)

Connector X9: Output channel M0

Connector X10: Output channel M1

Connector X11: Output channel M2

Connector X12: Output channel M3

Input signal:

Connector X1: Input channel 0

Connector X2: Input channel 1

Connector X3: Input channel 2

Connector X4: Input channel 3

Connector X5: Input channel 4

Connector X6: Input channel 5

Connector X7: Input channel 6

Connector X8: Input channel 7

Connector X9: Output channel P0

Connector X10: Output channel

Connector X11: Output channel

Connector X12: Output channel

5 Connectors X1 to X4: 24 V sensor supply 2 (Vs2)

Connectors X5 to X8: Not assigned

Connectors X9 to X12: Functional ground (FG)

1 3-, 4- or 5-core copper cable

Only relevant for 1oo2 evaluation via a connecting cable

Fail-Safe Electronic Modules

8.2 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

96 Operating Instructions, 07/2013, A5E00394073-03

8.2.3

Block Diagram for the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic

Module

Block Diagram

Figure 8-16 Block Diagram for the 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Electronic Module

Fail-Safe Electronic Modules

8.2 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 97

8.2.4

Parameters for the 4/8 F-DI/4 F-DO DC24V/2 A PROFIsafe Electronic Module

Parameters in

STEP 7

The following table shows the parameters that can be set for the F-DI/F-DO module (see

also

"Configuration and Parameter Assignment"

Table 8- 17 Parameters of the F-DI/DO Module

Parameters

Range

Default

Type of

parameter

Range of

effectiveness

F-parameters:

F_destination_address

1 to 1022

Assigned by

STEP 7

Static

Module

F-monitoring time

10 to 10000 ms

150 ms

Static

Module

Module Parameters:

Behavior after channel

faults*

Passivate the entire

module/Passivate the

channel

Passivate the entire

module

Static Module

Module Parameter Inputs:

Input delay

0.5; 3; 15 ms

3 ms

Static

Module

Short-circuit test

Cyclic/Disable

Cyclic

Static

Module

Channel n, n+4 Enabled/disabled Enabled Static Channel

group

Evaluation of the

sensors

1oo2 evaluation/

1oo1 evaluation

1oo2 evaluation Static Channel

group

Type of sensor

interconnection

1-channel;

2-channel equivalent;

2-channel

nonequivalent

2-channel equivalent Static Channel

group

Behavior at

discrepancy

Provide last valid

value; Provide value

Provide last valid

value

Static Channel

group

Discrepancy time 10 to 30000 ms 10 ms Static Channel

group

Reintegration after

discrepancy error

Test of 0-signal not

required/Test of 0-

signal required

Test of 0-signal not

required

Static Channel

group

Module Parameter Outputs:

DO channel n

Enabled/disabled

Enabled

Static

Channel

Readback time

1 to 400 ms

1 ms

Static

Channel

Diagnostics: Wire

break

Enabled/disabled Disabled Static Channel

* This setting is only relevant when the

S7 Distributed Safety

V 5.4 or higher optional package is

installed.

Fail-Safe Electronic Modules

8.2 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

98 Operating Instructions, 07/2013, A5E00394073-03

Short-Circuit Test Parameter

The cyclic short-circuit test is enabled and disabled using the short-circuit test parameter.

The short-circuit test is only useful for simple switches that do not have their own power

supply. If the short-circuit test has been enabled, the internal sensor supplies must be used

(see also

"Use Cases of the 8/16 F-DI DC24V PROFIsafe Electronic Module"

Behavior at Discrepancy Parameter

As the "behavior at discrepancy" you assign the value that is made available to the safety

program in the F-CPU while there is a discrepancy between the two input channels involved,

i.e., during the discrepancy time. You assign the behavior at discrepancy as follows:

● "Provide last valid value", or

● "Provide value 0"

Requirements

You have assigned the following:

● Evaluation of the sensors: "1oo2 evaluation"

"Provide last valid value"

The last valid value (old value) before discrepancy occurs is made available to the safety

program in the F-CPU as soon as a discrepancy is detected between the two relevant input

channel signals. This value is supplied until the discrepancy disappears or until the

discrepancy time expires and a discrepancy error is detected. The sensor-actuator response

time is extended by an amount equal to this time.

As a result, the discrepancy time of sensors connected via two channels must be set for fast

reactions to short response times. It makes no sense, for example, for a time-critical

shutdown to be triggered by sensors connected via two channels with a discrepancy time of

500 ms. In the worst case, the sensor-actuator response time is extended by an amount

approximately equal to the discrepancy time.

● For this reason, position the sensors in the process in such a way as to

minimize

discrepancy

● Then select the

shortest possible

discrepancy time that includes a sufficient cushion

against false tripping of discrepancy errors.

"Provide value 0"

The value "0" is made available to the safety program in the F-CPU as soon as a

discrepancy is detected between the signals of the two relevant input channels.

If you specified "Provide value 0", the sensor-actuator response time is not affected by the

discrepancy time.

Fail-Safe Electronic Modules

8.2 4/8 F-DI/4 F-DO DC24V/2A PROFIsafe Digital Electronic Module

ET 200pro Distributed I/O System - Fail-Safe Modules

Operating Instructions, 07/2013, A5E00394073-03 99