Automation System S7-300 Fail-Safe Signal Modules

s

Contents Preface 1 Product Overview 2 Configuration Options 3 Configuring and Assigning Parameters 4 Addressing and Installing 5 Wiring 6 Fault Reactions and Diagnostics 7 General Technical Specifications 8 Digital Modules 9 Analog Module 10 Safety Protector 11 Appendices Diagnostic Data of Signal Modules 12 Dimension Drawings 13 Accessories and Order Numbers 14 Response Times 15Type Examination Certificate and Declaration of Conformity 16 Glossary 17

SIMATIC

Automation System S7-300 Fail-Safe Signal Modules Manual

Index

Edition 03/2004 A5E00085586-05

Copyright © Siemens AG 2004 All rights reserved The reproduction, transmission or use of this document or its contents is not permitted without express written authority. Offenders will be liable for damages. All rights, including rights created by patent grant or registration of a utility model or design, are reserved. Siemens AG Bereich Automation and Drives Geschaeftsgebiet Industrial Automation Systems Postfach 4848, D- 90327 Nuernberg

Disclaimer of Liability We have checked the contents of this manual for agreement withthe hardware and software described. Since deviations cannot beprecluded entirely, we cannot guarantee full agreement. However,the data in this manual are reviewed regularly and any necessarycorrections included in subsequent editions. Suggestions forimprovement are welcomed. ©Siemens AG 2004 Technical data subject to change.

Siemens Aktiengesellschaft A5E00085586-05

Safety Guidelines

This manual contains notices intended to ensure personal safety, as well as to protect the products and connected equipment against damage. These notices are highlighted by the symbols shown below and graded according to severity by the following texts:

! Danger indicates that death, severe personal injury or substantial property damage will result if proper precautions are not taken.

! Warning indicates that death, severe personal injury or substantial property damage can result if proper precautions are not taken.

! Caution indicates that minor personal injury can result if proper precautions are not taken.

Caution

indicates that property damage can result if proper precautions are not taken.

Notice draws your attention to particularly important information on the product, handling the product, or to a particular part of the documentation.

Qualified Personnel

Only qualified personnel should be allowed to install and work on this equipment. Qualified persons are defined as persons who are authorized to commission, to ground and to tag circuits, equipment, and systems in accordance with established safety practices and standards.

Correct Usage

Note the following:

! Warning This device and its components may only be used for the applications described in the catalog or the technical description, and only in connection with devices or components from other manufacturers which have been approved or recommended by Siemens. This product can only function correctly and safely if it is transported, stored, set up, and installed correctly, and operated and maintained as recommended.

Trademarks

SIMATIC®, SIMATIC HMI® and SIMATIC NET® are registered trademarks of SIEMENS AG.

Third parties using for their own purposes any other names in this document which refer to trademarks might infringe upon the rights of the trademark owners.

Fail-Safe Signal Modules A5E00085586-05 iii

Contents

1 Preface ............................................................................................................................ 1-1

2 Product Overview........................................................................................................... 2-1 2.1 Introduction ....................................................................................................... 2-1 2.2 Using Fail-Safe Signal Modules ....................................................................... 2-2 2.3 Guide to Commissioning Fail-Safe Signal Modules ......................................... 2-5

3 Configuration Options................................................................................................... 3-1 3.1 Introduction ....................................................................................................... 3-1 3.2 Configuration with F-SMs in Standard Mode.................................................... 3-2 3.3 Configuration with F-SMs in Safety Mode ........................................................ 3-3

4 Configuring and Assigning Parameters ...................................................................... 4-1

5 Addressing and Installing ............................................................................................. 5-1 5.1 Introduction ....................................................................................................... 5-1 5.2 Address Assignments in the CPU .................................................................... 5-1 5.3 Addressing the Channels.................................................................................. 5-3 5.4 Assigning PROFIsafe Address ......................................................................... 5-4 5.4.1 Assigning PROFIsafe Address (Starting Address of F-SM) .............................5-5 5.4.2 Assigning PROFIsafe Address (F_destination_address) .................................5-7 5.5 Installing............................................................................................................ 5-9

6 Wiring .............................................................................................................................. 6-1 6.1 Introduction ....................................................................................................... 6-1 6.2 Safe Functional Extra-Low Voltage for Fail-Safe Signal Modules.................... 6-2 6.3 Wiring Fail-Safe Signal Modules ...................................................................... 6-3 6.4 Replacing Fail-Safe Signal Modules................................................................. 6-4 6.5 Sensor and Actuator Requirements for F-SMs in Safety Mode ...................... 6-5

7 Fault Reactions and Diagnostics ................................................................................. 7-1 7.1 Introduction ....................................................................................................... 7-1 7.2 Reactions to Faults in F-SMs ........................................................................... 7-2 7.2.1 Reactions to Faults in Standard Mode .............................................................7-2 7.2.2 Reactions to Faults in Safety Mode..................................................................7-3 7.3 Diagnosis of Faults of F-SMs ........................................................................... 7-6

8 General Technical Specifications................................................................................. 8-1 8.1 Introduction ....................................................................................................... 8-1 8.2 Standards and Approvals ................................................................................. 8-2 8.3 Electromagnetic Compatibility .......................................................................... 8-5 8.4 Transport and Storage Conditions.................................................................... 8-8 8.5 Mechanical and Climatic Environmental Conditions ........................................ 8-9 8.6 Specifications for Nominal Line Voltages, Isolation Tests, Protection

Class, and Degree of Protection..................................................................... 8-11 8.7 Use of Fail-Safe Signal Modules in Zone 2 Potentially Explosive

Atmosphere .................................................................................................... 8-12

Contents

Fail-Safe Signal Modules iv A5E00085586-05

8.7.1 Einsatz der fehlersicheren Signalbaugruppen im explosionsgefährdeten Bereich Zone 2 ...............................................................................................8-12

8.7.2 Use of Fail-Safe Signal Modules in a Zone 2 Hazardous Area......................8-14 8.7.3 Utilisation des modules de signaux de sécurité dans un environnement

à risque d'explosion en zone 2 .......................................................................8-16 8.7.4 Aplicación de módulos de señales de alta disponibilidad en áreas con

peligro de explosión, zona 2...........................................................................8-18 8.7.5 Impiego delle unità di segnale ad elevata sicurezza nell'area a pericolo di

esplosione zona 2...........................................................................................8-20 8.7.6 Gebruik van de foutbestendige signaalmodulen het explosieve gebied

zone 2 .............................................................................................................8-22 8.7.7 Brug af fejlsikre signalkomponenter i det eksplosions-farlige område

zone 2 .............................................................................................................8-24 8.7.8 Virheiltä suojattujen signaalirakenneryhmien käyttö

räjähdysvaarannetuilla alueilla, vyöhyke 2 .....................................................8-26 8.7.9 Användning av felsäkrade signalkomponent-grupper i

explosions-riskområde zon 2..........................................................................8-28 8.7.10 Uso de grupos de componentes de sinais protegidos contra erro

em área exposta ao perigo de explosão, zona 2 ...........................................8-30 8.7.11 Χρήση των ασφαλών σε περίπτωση βλάβης δοµικών συγκροτηµάτων

σηµάτων σε επικίνδυνη για έκρηξη περιοχή, ζώνη 2 .....................................8-32 9 Digital Modules............................................................................................................... 9-1

9.1 Introduction ....................................................................................................... 9-1 9.2 Discrepancy Analysis for Fail-safe Digital Input Modules................................. 9-2 9.3 SM 326; DI 24 DC 24V................................................................................. 9-5 9.3.1 Properties, Front View, Connection Diagram, and Block Diagram ..................9-5 9.3.2 Applications for SM 326; DI 24 DC 24V .....................................................9-10 9.3.3 Application 1: Standard Mode ........................................................................9-11 9.3.4 Application 2: Standard Mode with High Availability ......................................9-13 9.3.5 Application 3: Safety Mode, SIL 2 (AK 4, Category 3) ...................................9-15 9.3.6 Application 4: Safety Mode, SIL 2 (AK 4, Category 3) with High

Availability (only in S7 F/FH Systems)............................................................9-17 9.3.7 Application 5: Safety Mode, SIL 3 (AK 6, Category 4) ...................................9-20 9.3.8 Application 6: Safety Mode, SIL 3 (AK 6, Category 4) with High

Availability (only in S7 F/FH Systems)............................................................9-25 9.3.9 Diagnostic Messages for the SM 326; DI 24 DC 24V ................................9-30 9.3.10 Technical Specifications - SM 326; DI 24 DC 24V.....................................9-33 9.4 SM 326; DI 8 NAMUR ................................................................................. 9-35 9.4.1 Properties, Front View, Connection Diagram, and Block Diagram ................9-35 9.4.2 Special Features when Wiring SM 326; DI 8 NAMUR for

Hazardous Areas ............................................................................................9-38 9.4.3 Applications of SM 326; DI 8 NAMUR:........................................................9-41 9.4.4 Application 1: Standard Mode and Application 3: Safety Mode

SIL 2 (Safety Level AK 4, Category 3)............................................................9-42 9.4.5 Application 2: Standard Mode with High Availability and

Application 4: Safety Mode SIL 2 (Safety Level AK 4, Category 3) with High Availability (only in S7 F/FH Systems)............................................9-43

9.4.6 Application 5: Safety Mode, SIL 3 (AK 6, Category 4) ...................................9-45 9.4.7 Application 6: Safety Mode, SIL 3 (AK 6, Category 4) with

High Availability (only in S7 F/FH Systems) ...................................................9-46 9.4.8 Diagnostic Messages for SM 326; DI 8 NAMUR:........................................9-49 9.4.9 Technical Specifications - SM 326; DI 8 NAMUR .......................................9-52 9.5 SM 326; DO 8 DC 24V/2A PM ................................................................... 9-54 9.5.1 Properties, Front View, Connection Diagram, and Block Diagram ................9-54 9.5.2 Applications of the SM SM 326; DO 8 DC 24V/2A PM ..............................9-57

Contents

Fail-Safe Signal Modules A5E00085586-05 v

9.5.3 Application 1: Safety Mode SIL 2 (Safety Level AK 4, Category 3) and Application 2: Safety Mode SIL 3 (Safety Level AK 6, Category 4) ..............9-58

9.5.4 Diagnostic Messages for SM 326; DO 8 DC 24V / 2A PM .......................9-62 9.5.5 Technical Specifications - SM 326; DO 8 DC 24V / 2A PM ......................9-66 9.6 SM 326; DO 10 DC 24V/2A........................................................................ 9-68 9.6.1 Properties, Front View, Connection Diagram, and Block Diagram ................9-68 9.6.2 Applications for SM 326; DO 10 DC 24V / 2A............................................9-73 9.6.3 Application 1: Standard Mode, Application 3: Safety Mode SIL 2

(Safety Level AK 4, Category 3) and Application 5: Safety Mode SIL 3 (Safety Level AK 6, Category 4) .....................................................................9-74

9.6.4 Application 2: Standard Mode with High Availability and Application 4: Safety Mode SIL 2 (Safety Level AK 4, Category 3) with High Availability and Application 6: Safety Mode SIL 3 (Safety Level AK 6, Category 4) with High Availability (only in S7 F/FH Systems)...........................................9-77

9.6.5 Parallel Connection of Two Outputs for Dark Period Suppression.................9-79 9.6.6 Diagnostic Messages of SM 326; DO 10 DC 24V/2A ................................9-80 9.6.7 Technical Specifications - SM 326; DO 10 DC 24V/2A.............................9-85

10 Analog Module ............................................................................................................. 10-1 10.1 Introduction ..................................................................................................... 10-1 10.2 Analog Value Representation......................................................................... 10-2 10.3 SM 336; AI 6 13 Bit..................................................................................... 10-4 10.3.1 Properties, Front View, Connection Diagram, and Block Diagram ................10-4 10.3.2 Applications for SM 336; AI 6 13 Bit.........................................................10-10 10.3.3 Application 1: Standard Mode ......................................................................10-12 10.3.4 Application 2: Standard Mode with High Availability

(only in S7 F/FH Systems)............................................................................10-15 10.3.5 Application 3: Safety Mode, SIL 2 (AK 4, Category 3) .................................10-20 10.3.6 Application 4: Safety Mode, SIL 2 (AK 4, Category 3) with High

Availability (only in S7 F/FH Systems)..........................................................10-22 10.3.7 Application 5: Safety Mode, SIL 3 (AK 6, Category 4) .................................10-26 10.3.8 Application 6: Safety Mode, SIL 3 (AK 6, Category 4) with

High Availability (only in S7 F/FH Systems) .................................................10-29 10.3.9 Diagnostic Messages for SM 336; AI 6 13 Bit..........................................10-33 10.3.10 Technical Specifications - SM 336; AI 6 13 Bit ........................................10-36

11 Safety Protector ........................................................................................................... 11-1 11.1 Introduction ..................................................................................................... 11-1 11.2 Properties, Front View, and Block Diagram.................................................... 11-2 11.3 Configuration Variants .................................................................................... 11-4 11.4 Technical Specifications ................................................................................. 11-6

12 Diagnostic Data of Signal Modules ............................................................................ 12-1

13 Dimension Drawings.................................................................................................... 13-1

14 Accessories and Order Numbers ............................................................................... 14-1

15 Response Times........................................................................................................... 15-1

16 Type Examination Certificate and Declaration of Conformity................................. 16-1

17 Glossary........................................................................................................................ 17-1

Index ..................................................................................................................................Index-1

Contents

Fail-Safe Signal Modules vi A5E00085586-05

Fail-Safe Signal Modules A5E00085586-05 1-1

1 Preface

Purpose of the Manual The information in this manual is a reference source for operations, function descriptions, and technical specifications of the S7-300 fail-safe signal modules.

Audience You require a general knowledge in the field of automation engineering to be able to understand this manual. In addition, you should be familiar with the STEP 7 basic software, the S7-300 automation system, and the ET 200M distributed I/O device.

Scope of the Manual

Module Order Number Release Version and Higher

Safety protector 6ES7195-7KF00-0XA0 03 Bus module for safety protector 6ES7195-7HG00-0XA0 01 SM 326; DI 24 DC 24V 6ES7326-1BK01-0AB0 01 SM 326; DI 8 NAMUR 6ES7326-1RF00-0AB0

05

SM 326; DO 8 DC 24V /2A PM 6ES7326-2BF40-0AB0 01 SM 326; DO 10 DC 24V /2A 6ES7326-2BF01-0AB0 01 SM 336; AI 6 13 Bit 6ES7336-1HE00-0AB0 04

What's New The following descriptions have been added to this manual:

• New functions of SM 326; DI 24 DC 24V

• New SM 326; DO 8 DC 24V /2A PM

In addition, the names of the fail-safe systems have been changed as follows: "S7-300F" is now "S7 Distributed Safety" and "S7-400F/FH" is now "S7 F/FH Systems".

Preface

Fail-Safe Signal Modules 1-2 A5E00085586-05

Certification The S7-300 complies with the requirements and criteria of IEC 1131, Part 2. The S7-300 has earned CSA, UL, and FM approvals (see Section 8.2 Standards and Approvals).

In addition, the S7-300 fail-safe signal modules are certified for use in safety mode up to:

• Safety class SIL 3 (Safety Integrity Level) in accordance with IEC 61508

• Requirements class (AK) 6 in accordance with DIN V 19250 (DIN V VDE 0801)

• Category 4 in accordance with EN 954-1

CE Labeling See Section 8.2 Standards and Approvals

Certification Mark for Australia (C-Tick Mark) See Section 8.2 Standards and Approvals

Standards See Section 8.2 Standards and Approvals

Position in the Information Landscape When working with fail-safe modules, you will need to refer to the additional documentation below according to your particular application.

References to additional documentation are included in this manual where appropriate.

Documentation Brief Description of Relevant Contents

ET 200M Distributed I/O Device manual

Describes the ET 200M hardware (including design, installation, and wiring of IM 153 with modules from the S7-300 family)

S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual

Describes the configuration, installation, wiring, addressing, and commissioning of S7-300 systems

S7-300, M7-300, ET 200M Automation Systems, I/O Modules with Intrinsically-Safe Signals reference manual

SM 326; DI 8 NAMUR is part of the SIMATIC S7-Ex digital module family. It is to be implemented in accordance with the configuration guidelines of a SIMATIC S7-Ex digital module. This reference manual provides a detailed explanation of the configuration guidelines for a SIMATIC S7-Ex digital module.

S7-300, M7-300, ET 200M Automation Systems, Principles of Intrinsically-Safe Design manual

Describes the basic principles of explosion protection

Preface



Safety Engineering in SIMATIC S7 system description

• Provides an overview of the implementation, configuration, and method of operation of S7 Distributed Safety and S7 F/FH fail-safe automation systems

• Contains a summary of detailed technical information concerning fail-safe engineering in S7-300 and S7-400

• Includes monitoring and response time calculations for S7 Distributed Safety and S7 F/FH fail-safe systems

• The Programmable Controllers S7 F/FH Systems manual describes the tasks that must be performed to commission an S7 F/FH fail-safe system.

For integration in the S7 F/FH fail-safe systems

• The S7-400, M7-400 Programmable Controllers Hardware and Installation manual describes the installation and assembly of S7-400 systems.

• The S7-400H Programmable Controllers, Fault-Tolerant Systems manual describes the CPU 41x-H central modules and the tasks required to set up and commission an S7-400H fault-tolerant system.

• The CFC for SIMATIC S7 manual/online help provides a description of programming with CFC.

The following elements are described in the S7 Distributed Safety, Configuring and Programming manual and online help: • Configuration of the fail-safe CPU and the fail-safe I/O • Programming of the fail-safe CPU in fail-safe FBD or LAD

For integration in the S7 Distributed Safety fail-safe system

Depending on which F-CPU you use, you will need the following documentation: • The CPU Specifications: CPU 31xC and

CPU 31x reference manual describes the standard functions of the CPU 315F-2 DP and the CPU 317F-2 DP.

• The product information for CPU 315F-2 DP describes only the deviations from the standard CPU 315-2 DP.


• The S7-400, CPU Data reference manual described the standard functions of the CPU 416F-2.


• The ET 200S, Interface Module IM151-7 CPU manual describes the 151-7 CPU standard IM.

• The product information for the IM 151-7 F-CPU describes only the deviations from the standard IM 151-7 CPU.

Preface



STEP 7 manuals • The Configuring Hardware and Communication Connections with STEP 7 V5.x manual describes operation of the standard tools of STEP 7.

• The System and Standard Functions reference manual describes functions for distributed I/O access and diagnostics.

STEP 7 online help • Describes how to operate the standard tools in STEP 7 • Contains information about how to configure and assign

parameters to modules and intelligent slaves with HW Config • Contains a description of the FBD and LAD programming

languages PCS 7 manuals • Describes operation of the PCS 7 control system (required if a fail-

safe I/O module is integrated in a higher-level control system)

The entire SIMATIC S7 documentation is available on CD-ROM.

How to Use this Documentation This manual describes the S7-300 fail-safe signal modules. It consists of instructions and reference material (technical specifications and appendices)

and contains the following basic information about fail-safe signal modules:

• Design and use

• Configuring and assigning parameters

• Addressing, mounting, and wiring

• Diagnostic evaluation

• Technical specifications

• Order numbers

Conventions In this manual, the terms "safety engineering" and "fail-safe engineering" are used synonymously. The same applies to the terms "fail-safe" and "F-." "F-SM" means"fail-safe signal module."

"S7 Distributed Safety" and "S7 F Systems" in italics refer to the optional packages for the two fail-safe systems: "S7 Distributed Safety" and "S7 F/FH Systems".

Recycling and Disposal Because the S7-300 contains very little hazardous material, it is recyclable. For proper recycling and disposal of your old device, consult a certified disposal facility for electronic scrap.

Preface


Additional Support If you have any additional questions about the use of products presented in this manual, contact your local Siemens representative:

http://www.siemens.com/automation/partner

Training Center We offer a number of courses to help you get started with the SIMATIC S7 automation system. For more information, contact your regional training center or the main training center in Nuremberg, Germany D-90327. Telephone: +49 (911) 895-3200 Internet: http://www.sitrain.com

H/F Competence Center

The H/F Competence Center in Nuremberg offers special workshops on SIMATIC S7 fail-safe and fault tolerant (high availability) automation systems. The H/F Competence Center can also provide assistance with onsite configuration, commissioning, and troubleshooting.

Telephone: +49 (911) 895-4759 Fax: +49 (911) 895-5193

For questions about workshops, etc.: mailto:[email protected]

http://www.siemens.com/automation/partner

http://www.sitrain.com

Preface


A&D Technical Support

Available worldwide, 24 hours a day:

BeijingP ki

Nuremberg

Johnson City

Worldwide (Nuernberg) Technical Support

24 hours a day, 365 days a year

Phone: +49 (180) 5050-222

Fax: +49 (180) 5050-223

mailto:[email protected]

GMT: +1:00

Europe / Africa (Nuernberg) Authorization Local time: Mon.-Fri. 8:00 to 5:00 PM

Phone: +49 (180) 5050-222

Fax: +49 (180) 5050-223


GMT: +1:00

United States (Johnson City) Technical Support and Authorization Local time: Mon.-Fri. 8:00 to 5:00 PM

Phone: +1 (423) 262 2522

Fax: +1 (423) 262 2289


GMT: -5:00

Asia / Australia (Beijing) Technical Support and Authorization Local time: Mon.-Fri. 8:00 to 5:00 PM

Phone: +86 10 64 75 75 75

Fax: +86 10 64 74 74 74


GMT: +8:00

The languages of the SIMATIC Hotlines and the authorization hotline are generally German and English.

Preface


Service & Support on the Internet In addition to our paper documentation, we also provide all of our technical information on the Internet at: http://www.siemens.com/automation/service&support

Here, you will find the following information:

• Newsletter providing the latest information on your products

• Exactly the right documents for your needs, which you can access by performing an online search in Service & Support

• Forum in which users and experts worldwide exchange ideas

• Your local Automation & Drives contact person, who can be accessed in our Contacts database

• Information about local service, repair, and replacement parts. Much more information can be found under "Services“.

http://www.siemens.com/automation/service&support

Preface



2 Product Overview

2.1 Introduction

Overview This section provides information on the following topics:

• How fail-safe signal modules fit into SIMATIC S7 fail-safe automation systems

• Which fail-safe signal modules are available

• What steps you must take, from selection to commissioning of fail-safe modules

Important Note for Maintaining Operational Safety of Your System

Note Systems with safety-related characteristics are governed by operational safety requirements on the operator's side. The supplier is also obliged to comply with special product monitoring measures. For this reason, a special newsletter is available containing information on product developments and properties that are important (or potentially important) for operating systems where safety is an issue. Accordingly, by subscribing to the appropriate newsletter, you will ensure that you are always up-to-date and able to make changes to your system, when necessary. Please go to Internet at http://my.ad.siemens.de/myAnD/guiThemes2Select.asp?subjectID=2&lang=en

and register for the following newsletters:

• SIMATIC S7-300

• SIMATIC S7-400

• Distributed I/O

• SIMATIC Industrial Software

Select the "Add" check box for each newsletter“.

http://my.ad.siemens.de/myAnD/guiThemes2Select.asp?subjectID=2&lang=en

Product Overview


2.2 Using Fail-Safe Signal Modules

What is a Fail-Safe Automation System? Fail-safe automation systems (F-systems) are used in systems with stricter safety requirements. F-systems are used to control processes with a safe state that can be achieved immediately after shutdown. That is, F-systems control processes in which an immediate shutdown does not endanger humans or the environment.

What Are Fail-Safe Signal Modules? The main distinction between fail-safe signal modules and standard modules in the S7-300 module family is that fail-safe modules have a two-channel internal design. The two integrated processors monitor each other, automatically test the input and output wiring, and place the fail-safe signal module in a safe state in the event of a fault. The F-CPU communicates with the fail-safe signal module by means of the PROFIsafe safety-related bus profile.

What Fail-Safe Signal Modules Are Available? The following fail-safe signal modules (F-SM for short) are available:

• SM 326; DI 24 DC 24V

• SM 326; DI 8 NAMUR

• SM 326; DO 8 DC 24V/2A PM

• SM 326; DO 10 DC 24V/2A

• SM 336; AI 6 13 Bit

Possible Use of Fail-Safe Signal Modules S7-300 fail-safe signal modules can be used in the following systems:

• S7-300 automation systems (centrally in S7-300; distributed in ET 200M)

• S7-400 automation systems (distributed in ET 200M)

Product Overview


F-System with Fail-Safe Signal Modules The following figure shows an example configuration of an S7 Distributed Safety F-system with fail-safe signal modules/submodules in S7-300, ET 200M, and ET 200S.

S7-300 with CPU 315F-2 DP

PROFIBUS DP

ET 200S

Fail-safe Modules

Fail-safe Signal Modules

ET 200M

Fail-safe Signal Modules

Figure 2-1 S7 Distributed Safety Fail-Safe Automation System

Use in Standard Mode With the exception of the SM 326; DO 8 DC 24V/2A PM, you can use all other fail-safe signal modules in standard mode with stricter diagnostic requirements. Fail-safe signal modules in standard mode behave exactly like standard S7-300 I/O modules.

Use in Safety Mode Fail-safe signal modules can be used in safety mode. Safety mode is enabled via STEP 7 in HW Config and an address switch on the back of the fail-safe signal module (see Section 5). When the signal module is in safety mode, the "SAFE" LED illuminates.

Product Overview


Achievable Safety Classes Fail-safe signal modules are equipped with integrated safety functions for use in safety mode. The following safety classes can be achieved in safety mode by assigning appropriate parameters to the safety functions in STEP 7 with the S7 Distributed Safety or S7 F Systems option package and by arranging and wiring the sensors and actuators in a specific manner:

Table 2-1 Achievable Safety Classes in Safety Mode

Safety Class in Safety Mode In Accordance with IEC 61508 In Accordance with

DIN V 19250 In Accordance with EN 954-1

SIL 2 AK 4 Category 3 SIL 3 AK 6 Category 4

Increased Availability in Standard Mode and Safety Mode In standard mode F-SMs can be operated redundantly for increased availability (except for SM 326; DO 8 DC 24V/2A PM). In safety mode, F-SMs can be operated redundantly in S7 FH Systems (except for SM 326; DO 8 DC 24V/ 2A PM).

Depending on the availability requirement, redundant signal modules can be inserted as follows (for an example configuration, refer to Safety Engineering in SIMATIC S7, System Description):

• Separately in two ET 200M distributed I/O devices

• Together in the same ET 200M distributed I/O device

The software requirements for redundant operation of F-SMs are described in chapter 4.

Product Overview


2.3 Guide to Commissioning Fail-Safe Signal Modules

Introduction The following table lists all of the essential steps for commissioning fail-safe signal modules in S7-300 or ET 200M.

Sequence of Steps from Selecting to Commissioning F-SMs

Table 2-3 Sequence of Steps from Selecting to Commissioning F-SMs

Step Procedure See ...

1. Selecting F-SMs for configuration Product catalog; section on special F-SMs (Sections 9 or 10)

2. Setting the operating mode (standard or safety mode) on F-SM, configuring and assigning parameters for F-SM

Sections 4 and 5

3. Installing F-SMs Section 5 4. Wiring F-SMs Section 6 5. Commissioning F-SMs ET 200M Distributed I/O Device

manual and S7-300, CPU 31xC and CPU 31x: Configuration operator's guide

6. If commissioning was not successful, you must perform diagnostics

Section 7 and section on special F-SMs (Sections 9 or 10)

Product Overview



3 Configuration Options

3.1 Introduction


• Local and distributed configuration with F-SMs

• Components that can be used with F-SMs in standard mode

• Components that can be used with F-SMs in safety mode

• Options for combining F-SMs and standard modules in one configuration

Local and Distributed Configuration All fail-safe signal modules can be used in standard and safety mode both as local modules in S7-300 and as distributed modules in ET 200M distributed I/O devices.

Configuration Options


3.2 Configuration with F-SMs in Standard Mode

Configuration Variants in Standard Mode In standard mode, fail-safe signal modules behave in exactly the same way as standard S7-300 I/O modules (standard modules for short). The configuration variants are the same as for S7-300 or ET 200M configurations with standard modules.

Permitted CPUs in S7-300 (Local Configuration) When fail-safe signal modules are operated in standard mode, all CPUs from the S7-300 family can be used in a local configuration.

Permitted IM 153 in ET 200M (Distributed Configuration) When fail-safe signal modules are operated in standard mode, all IM 153-2/-2 FO interface modules of the ET 200M distributed I/O device can be used.

Mixed Operation of F-SMs with Standard Modules in Standard Mode In standard mode, fail-safe signal modules can be operated in combination with standard modules in an S7-300/ET 200M without restrictions.

Additional Information For a detailed description of the configuration variants of S7-300, refer to the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual.

You will find a detailed description of ET 200M configuration in the ET 200M Distributed I/O Device manual.

If you are implementing fail-safe signal modules as redundant I/O in S7 FH systems, consult the S7-400H Automation Systems; Fault-Tolerant Systems manual for more information.



3.3 Configuration with F-SMs in Safety Mode

Configuration Variants in Safety Mode In safety mode, configuration variants with F-SMs are dependent on:

• Configuration (local or distributed)

• Safety class of the configuration

• Availability of the configuration

Permitted CPUs in S7-300 (Local Configuration) When fail-safe signal modules are operated in safety mode, all F-CPUs from the S7-300 family can be used in a local configuration.

Permitted IM 153 in ET 200M (Distributed Configuration) When fail-safe signal modules are operated in safety mode, the IM 153-2/-2 FO interface modules of the ET 200M distributed I/O device can be used.

Options for Combining F-SMs and Standard Modules in Safety Mode

! Warning For applications with safety class AK4/SIL2/Category 3 and below, the same protective measures against accidental contact can be applied as for standard components (see S7-300, Module Specifications reference manual).

Applications with safety class AK6/SIL3/Category 4 require particular measures beyond contact protection to prevent hazardous overvoltages of F-circuits via the power supply and backplane bus, even in the event of a fault. For this reason, the safety protector is available for protection from backplane bus interference for local and distributed F-SM configurations.

For protection from power supply interference, we provide configuration rules for supply devices, standard I/O, and F-I/O for your use (see Section 6.2).



Rules for Using the Safety Protector The safety protector protects the F-SMs from possible overvoltages in the event of a fault.

! Warning The safety protector must be used for AK6/SIL3/Cat. 4 applications:

• Generally, if the F-SMs are used locally in an S7-300

• Generally, if the PROFIBUS DP is set up with copper cable

• If the PROFIBUS DP is set up with fiber optic cable and joint operation of standard SMs and F-SMs is required in one ET 200M.

Configuration Variants According to Availability

Table 3-2 Configuration Variants of F-Systems Contingent on Availability

System Configuration Variant Description Availability

S7 Distributed

Safety

S7 F/FH Systems

• Single-channel I/O Single-channel, fail-safe (one F-CPU and one F-SM)

Standard availability

• Single-channel switched I/O

Single-channel switched, fail-safe (redundant F-CPU, one F-SM; in the event of a fault, system switches to other F-CPU)

Increased availability

S7 FH Systems

• Redundant switched I/O

Multiple channel, fail-safe (F-CPU, PROFIBUS DP, and F-SMs are redundant)

Highest availability

Additional Information The configuration variants according to availability are described using examples in the Safety Engineering in SIMATIC S7 system description.

You can find detailed information about the safety protector in Section 11.

For a detailed description of the configuration variants of S7-300, refer to the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual.

You can find a detailed description of the configuration of ET 200M in the ET 200M Distributed I/O Device manual.

If you are implementing fail-safe signal modules as redundant I/O in S7 FH systems, consult the S7-400H Automation Systems; Fault-Tolerant Systems manual for more information.


4 Configuring and Assigning Parameters

Requirements One of the following optional packages must be installed in order to configure and assign parameters for fail-safe modules in STEP 7.

• S7 Distributed Safety

• S7 F Systems

The following requirements apply to the SM 326; DI 24 DC 24V, starting with order no. 6ES7 326-1BK01-0AB0, and the SM 326; DO 8 DC 24V/2A PM:

• STEP 7 V 5.2 and higher

• F Configuration Pack V 5.3 service pack 2 and higher

The F Configuration Pack can be downloaded on the Internet at http://www.siemens.com/automation/service&support.

Configuration Fail-safe signal modules are configured in the customary way (same as standard modules) with STEP 7 HW Config.

Configuration in RUN (CiR) During standard operation of the SM 326; DI 24 DC 24V (starting with order no. 6ES7 326-1BK01-0AB0), you can make configuration changes while the system is operating (CiR).

Additional Information on CiR Additional information on CiR can be found in:

• STEP 7 online help: "Making system changes during operation using CiR"

• Safety Engineering in SIMATIC S7 system description


Configuring and Assigning Parameters


Higher Availability in Standard Mode and Safety Mode To increase availability, you can operate the fail-safe signal modules redundantly in standard mode (exception: SM 326; DO 8 DC 24V/2A PM).

Requirements:

• STEP 7 V 5.3 and higher, or

• STEP 7 V 5.2 and higher, plus optional software S7 H Systems V 5.2 and higher

In safety mode, F-SMs can be operated redundantly in S7 FH Systems (except for SM 326; DO 8 DC 24V/ 2A PM).

Requirements:

• STEP 7 V 5.3 and higher, or

• STEP 7 V 5.2 and higher, plus optional software S7 H Systems V 5.2 and higher

• S7 F Systems optional software

• F Configuration Pack V 5.3 Service Pack 1 and higher

• For SM 326; DI 24 DC 24V, starting with order no. 6ES7 326-1BK01-0AB0: F Configuration Pack V 5.3 Service Pack 2 and higher

F Configuration Packs can be downloaded on the Internet at: http://www.siemens.com/automation/service&support.

For higher availability of modules, parameters are assigned in the "Redundancy" tab in the object properties of the modules.

Assigning Module Property Parameters To assign parameters for fail-safe signal modules, select the module in STEP 7 HW Config and select the Edit > Object Properties menu command.

Parameters are downloaded from the programming device to the F-CPU, where they are stored and then transferred to the fail-safe signal module.

Note

SFC 56 "WR_DPARM" (changing module parameters via the user program) is not permissible for fail-safe signal modules.

Where to Find Parameter Descriptions For a description of available parameter settings for fail-safe modules, refer to Sections 9 and 10.

PROFIsafe Address and PROFIsafe Address Assignment For a description of the PROFIsafe address and the procedure for assigning addresses, refer to Section 5.



5 Addressing and Installing

5.1 Introduction


• Address assignments of F-SMs in the CPU

• Addressing channels of F-SMs

• Assigning the PROFIsafe address for F-SMs

• Installing F-SMs

5.2 Address Assignments in the CPU

Address Assignment in Standard and Safety Modes The fail-safe signal modules occupy the following address ranges in the CPU

• In standard mode: in the entire I/O range (inside and outside the process image)

• In safety mode:

- For S7 Distributed Safety: in the process image range

- For S7 F/FH systems: in the entire I/O range (inside and outside the process image)

Table 5-1 Address Assignment in Standard and Safety Modes

Occupied Bytes in the CPU: Module In Input Range In Output Range

SM 326; DI 24 DC 24V x + 0 to x + 9 x + 0 to x + 3 SM 326; DI 8 NAMUR x + 0 to x + 5 x + 0 to x + 3 SM 326; DO 8 DC 24V/2A PM x + 0 to x + 4 x + 0 to x + 4 SM 326; DO 10 DC 24V/2A x + 0 to x + 5 x + 0 to x + 7 SM 336; AI 6 13 Bit x + 0 to x + 15 x + 0 to x + 3

x = Module starting address

Addressing and Installing


Addresses Occupied by Useful Data Of the assigned addresses in standard and safety modes of the F-SMs, useful data occupy the following addresses in the CPU.

Table 5-2 Address Assignment by Useful Data

Occupied Bits in CPU per Module: Bytes in CPU 7 6 5 4 3 2 1 0

SM 326; DI 24 DC 24V: x + 0 Channel

7 Channel

6 Channel

5 Channel

4 Channel

3 Channel

2 Channel

1 Channel

0 x + 1 Channel

15 Channel

14 Channel

13 Channel

12 Channel

11 Channel

10 Channel

9 Channel

8 x + 2 Channel

23 Channel

22 Channel

21 Channel

20 Channel

19 Channel

18 Channel

17 Channel

16

SM 326; DI 8 NAMUR: x + 0 Channel

7 Channel

6 Channel

5 Channel

4 Channel

3 Channel

2 Channel

1 Channel

0

SM 326; DO 8 DC 24V/2A PM: x + 0 Channel

7 Channel

6 Channel

5 Channel

4 Channel

3 Channel

2 Channel

1 Channel

0

SM 326; DO 10 DC 24V/2A: x + 0 Channel

7 Channel

6 Channel

5 Channel

4 Channel

3 Channel

2 Channel

1 Channel

0 x + 1 - - - - - - Channel

9 Channel

8

SM 336; AI 6 13 Bit: x + 0, x + 1 Channel 0 x + 2, x + 3 Channel 1 x + 4, x + 5 Channel 2 x + 6, x + 7 Channel 3 x + 8, x + 9 Channel 4

x + 10, x + 11 Channel 5 x = Module starting address

! Warning In the standard user program as well as the safety program, you can access only the addresses occupied by useful data.The other address ranges occupied by the F-SMs are assigned for functions including safety-related communication between the F-SMs and F-CPU in accordance with PROFIsafe.

In 1oo2 evaluation of sensors in module safety mode, only the less significant channel of the channels that are grouped as a result of the 1oo2 sensor evaluation can be accessed in the safety program.



5.3 Addressing the Channels

Addresses of Fail-Safe Signal Modules Channels of fail-safe signal modules are addressed the same way as S7-300 standard I/O modules.

e. g. A 16.2

output byte address bit address (0 to 7)

The byte address conforms to the module starting address that you set in the object properties for the module using STEP 7 HW Config. The bit address results from the position of the channel on the module. Eight channels are always consecutively assigned to one byte address.

Permissible Address Range in Standard Mode Permissible address range for byte address:

• S7 Distributed Safety and S7 F/FH systems: in entire I/O range (inside and outside the process image) according to which CPU is used For SM 326; DI 24 DC 24V (Order No. 6ES7326-1BK00-0AB0), SM 326; DI 8 Namur, SM 326 DO 10 DC 24V/2A, and SM 336; AI 6 13 Bit, the following also applies: 8 to 8184 in increments of 8

Permissible Address Range in Safety Mode Permissible address range for byte address:

• S7 Distributed Safety: in range of process image according to which F-CPU is used For SM 326; DI 24 DC 24V (Order No. 6ES7326-1BK00-0AB0), SM 326; DI 8 Namur, SM 326 DO 10 DC 24V/2A, and SM 336; AI 6 13 Bit, the following also applies: 8 to 8184 increments of 8

• S7 F/FH systems: in entire I/O range (inside and outside the process image) according to which CPU is used For SM 326; DI 24 DC 24V (Order No. 6ES7326-1BK00-0AB0), SM 326; DI 8 Namur, SM 326 DO 10 DC 24V/2A, and SM 336; AI 6 13 Bit, the following also applies: 8 to 8184 in increments of 8



Access to Channels of F-SMs in Standard Mode Channels of F-SMs are accessed the same way as for S7-300 standard I/O modules.

Access to Channels of F-SMs in Safety Program In S7 Distributed Safety, you access the channels of the F-I/O via the process image in the F-CPU, while in S7 F/FH systems, access is via F driver blocks.

Additional Information Address assignment of individual channels can be found in the module description in Sections 9 and 10.

Detailed information on F-I/O access can be found in the S7 Distributed Safety, Configuring and Programming manual or the S7 F/FH Automation Systems manual.

5.4 Assigning PROFIsafe Address

PROFIsafe Address Every fail-safe signal module has its own PROFIsafe address. For safety mode, you must configure the PROFIsafe address in STEP 7 HW Config and set it on the module using a switch.

Overview: Assigning PROFIsafe Address Depending on the module, two methods are used to assign the PROFIsafe address of the F-SMs in safety mode. These two addressing methods are described in the following sections.

Table 5-3 Overview: Assigning PROFIsafe Address

Module Assigning PROFIsafe Address (Starting Address of F-SM)

Assigning PROFIsafe Address (F_destination_address)

SM 326; DI 24 DC 24V 6ES7326-1BK00-0AB0

x -

SM 326; DI 24 DC 24V 6ES7326-1BK01-0AB0

- x

SM 326; DI 8 NAMUR x -

SM 326; DO 8 DC 24V/2A PM - x SM 326; DO 10 DC 24V/2A x - SM 336; AI 6 13 Bit x -



5.4.1 Assigning PROFIsafe Address (Starting Address of F-SM)

Introduction In order to use SM 326; DI 24 DC 24V (Order No. 6ES7326-1BK00-0AB0), SM 326; DI 8 Namur, SM 326 DO 10 DC 24V/2A and SM 336; AI 6 13 Bit in safety mode, you must:

1. Set the module starting address

2. Set safety mode

3. Set the PROFIsafe address (=module starting address/8) on the address switch of the module before installing the fail-safe signal module.

Setting Module Starting Address The module starting address is set the same as for S7-300 standard I/O modules in the object properties for the module in STEP 7 HW Config (for permissible address range, see Section 5.3).

Setting Safety Mode Set "Safety mode" in the object properties for the module in HW Config.

Address switch An address switch (10-pin DIP switch) is located on the back of the fail-safe signal modules. The address switch is used to specify:

• Whether the module is set to safety mode or standard mode

• In safety mode: the PROFIsafe address = starting address/8 of F-SM

The F-SMs are supplied with “standard mode“ setting (all switches set in the up position; alternatively, you can set all switches in the down position for safety mode; see Figure 5-2).



Setting the Address Switch Prior to installation, verify that the address switch setting is correct.

Standard mode: Safety mode:

All possible combinations not corresponding to standard mode. Here, by way of example, address 4096: or

8

ON

163264128

246

512

2048

4096

1024 816326412

824

651

2

2048

4096

1024

ON

Figure 5-2 Example of Setting the Address Switch (DIP Switch)

Rules for Address Assignment

! Warning • Make sure that the address switch setting on the F-SM matches the module

starting address in HW Config.

• In order for the module starting address to be unique on the PROFIBUS DP, a fail-safe signal module may only be addressed by one CPU.

Exception: switched I/O in S7 FH systems (one signal module is always addressed with the same address by one of two F-CPUs, i.e., the current DP bus master)

• The address switch setting of the F-SMs, i.e., its PROFIsafe destination address, must be unique from all others on the network* and station ** (systemwide). A maximum of 1,022 PROFIsafe destination addresses can be assigned in one system. That is, a maximum of 1,022 F-modules can be addressed using PROFIsafe.

• F-CPUs in S7 FH systems must address the same fail-safe signal modules in the case of switched I/O.

* A network consists of one or more subnets. Address setting is unique across PROFIBUS subnet boundaries

** Address setting is unique for one station in HW Config (e.g., one S7-300 station or even one I-slave)

Incorrect Address Reference

If the address reference is incorrect, e.g., a different address is set than the address in HW Config, a parameter assignment error occurs. The module does not go into safety mode.



5.4.2 Assigning PROFIsafe Address (F_destination_address)

Introduction In order to use the SM 326; DI 24 DC 24V (starting with order no. 6ES7326-1BK01-0AB0) and the SM 326; DO 8 DC 24V/2A PM in safety mode, the following steps must be performed:

1. For the SM 326; DI 24 DC 24V, set the operating mode to "safety mode."

2. Set the PROFIsafe address =F_destination_address on the address switch of the module before installing the fail-safe signal module

In contrast to the addressing method described in Section 5.4.1, there is no correlation between the module starting address and the PROFIsafe address for the modules indicated above. The module starting address is set the same way as for standard I/O modules of S7-300, i.e., in the object properties for the module in HW Config of STEP 7 .

Setting Safety Mode For SM 326; DI 24 DC 24V (starting with Order No. 6ES7326-1BK01-0AB0), set "safety mode" in the object properties in HW Config.

The SM 326; DO 8 DC 24V/2A PM can only be set to safety mode. Therefore, the operating mode is permanently set to "safety mode."

PROFIsafe Address Assignment The PROFIsafe addresses (F_source_address, F_destination_address) are automatically assigned for the two F-SMs indicated above when they are configured in STEP 7. The F_destination_address is shown in binary format in the "DIP switch setting" parameter in the object properties for the F-SMs in HW Config.

You can change the configured F_destination_address in HW Config. To prevent addressing errors, however, we recommend using the automatically assigned F_destination_address.

Address switch An address switch (10-pin DIP switch) is located on the back of the fail-safe signal modules. The address switch is used to specify:

• Whether the module is set to safety mode or standard mode

• In safety mode: the PROFIsafe address = F_destination_address

The F-SMs are supplied with “standard mode“ setting (all switches set in the up position; alternatively, you can set all switches in the down position for safety mode; see Figure 5-3).



Setting the Address Switch Prior to installation of the F-SM, verify that the address switch setting is correct.

Standard mode: Safety Mode:

PROFIsafe addresses from 1 to 1022 are permitted. Here, by way of example, address 1018(binary presentation of the F_destination_Address): or

ON ON 4 5 6 7 8 9 10 3 2 1 4 5 6 7 8 9 10 3 2 1

Figure 5-3 Example of Setting the Address Switch (DIP Switch)

Rules for Address Assignment

! Warning • Make sure that the address switch setting on the F-SM matches the "DIP

switch position" in HW Config.

• In order for the module starting address to be unique on the PROFIBUS DP, a fail-safe signal module may only be addressed by one CPU.

Exception: switched I/O in S7 FH systems (one signal module is always addressed with the same address by one of two F-CPUs, i.e., the current DP bus master)

• The address switch setting of the F-SMs, i.e., its PROFIsafe destination address, must be unique from all others on the network* and station ** (systemwide). A maximum of 1,022 PROFIsafe destination addresses can be assigned in one system. That is, a maximum of 1,022 F-modules can be addressed using PROFIsafe.

• F-CPUs in S7 FH systems must address the same fail-safe signal modules in the case of switched I/O.

* A network consists of one or more subnets. Address setting is unique across PROFIBUS subnet boundaries

** Address setting is unique for one station in HW Config (e.g., one S7-300 station or even one I-slave)

Incorrect Address Reference If the address reference is incorrect, e.g., a different address is set than the address in HW Config, a parameter assignment error occurs. The module does not go into safety mode.



5.5 Installing

Installing Fail-Safe Signal Modules The fail-safe signal modules are part of the S7-300 family of signal modules and are suitable for use as local modules in S7-300 and as distributed I/O modules in the ET 200M.

The fail-safe signal modules are installed the same way as all other S7-300 signal modules in an S7-300 or ET 200M.

Therefore, you should read the detailed information regarding installation in the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual or the Distributed I/O Device ET 200M manual.

Redundant Configuration of ET 200M

Note If you use the ET 200M in a redundant configuration, it must be in a cabinet with sufficient damping to ensure that the limit values for radio interference are adhered to (see Section 8.3).




6 Wiring

6.1 Introduction

! Warning In order to prevent hazardous threats to persons or the environment, you must not under any circumstances override safety functions or implement measures that cause safety functions to be bypassed or that result in the bypassing of safety functions. The manufacturer is not liable for the consequences of such manipulations or for damages that result from failure to heed this warning.


• Operation of F-SMs with safe functional extra-low voltage

• Special aspects to consider when wiring F-SMs

• Important information for replacing F-SMs

Additional Information For wiring information that applies to both fail-safe signal modules and standard signal modules, refer to the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual.

Wiring


6.2 Safe Functional Extra-Low Voltage for Fail-Safe Signal Modules

Safe Functional Extra-Low Voltage

! Warning Fail-safe signal modules must be operated with safe functional extra-low voltage. This means that fail-safe modules may only be exposed to a voltage of Um, even in the event of a fault. The following applies to all fail-safe signal modules:

Um < 60.0 V

More information about safe functional extra-low voltage can be found, for example, in the specification sheets of the power supplies to be used.

All components of the system that can supply electrical energy in any form must satisfy this condition.

Every additional circuit (24V DC) that is used in the system must have a safe functional extra-low voltage. Refer to the relevant data specification sheets or contact the manufacturer for information.

Note also that sensors and actuators with an external power supply can be connected to I/O modules Here, pay attention to the supply voltage from safe functional extra-low voltage. The process signal of a 24 V digital module must not exceed a fault voltage of Um , even in the event of a fault.

! Warning All voltage sources, e.g., 24V DC internal load voltage supplies, 24V DC external load voltage supplies, and 5V DC bus voltage must be galvanically interconnected so as to prevent voltage accumulation from occurring in the individual voltage sources, thus causing fault voltage Um to be exceeded, even when there is a difference in potential. Make sure that the wire cross-section for the galvanic connection is sufficient according to the S7-300 configuration guidelines (see S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual).

In standard and safety modes, fail-safe signal modules can be supplied with all standard components from one or more shared power supply units.

Wiring


Power Supply Requirements in Compliance with NAMUR Recommendations

Note For compliance with NAMUR Recommendation NE 21, IEC 61131-2, and EN 298, use only power packs/power supply units (230V AC --> 24V DC) with a power loss ride-through of at least 20 ms. To accomplish this, the following SV components are available, e.g.: S7-400:

• 6ES7 407-0KA01-0AA0 for 10 A • 6ES7 407-0KR00-0AA0 for 10 A, S7-300:

• 6ES7 307-1BA00-0AA0 for 2 A • 6ES7 307-1EA00-0AA0 for 5 A • 6ES7 307-1KA00-0AA0 for 10 A These requirements also apply to power packs/power supply units that are not made using S7-300/400 mounting technology.

6.3 Wiring Fail-Safe Signal Modules

same wiring as for standard signal modules Fail-safe signal modules are a component of the S7-300 module family. They are wired in the same way as all standard signal modules in an S7-300 or an ET 200M.

You can therefore refer to the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual for information on wiring signal modules.

In Sections 9 and 10 you will find additional information you will need to know when wiring special F-SMs, as well as connection diagrams for various use cases with F-SMs.

! Warning Note that when signals of fail-safe digital input modules are assigned, signals should only be routed within a cable or a nonmetallic sheathed cable if: • A short circuit in the signals does not conceal a serious safety risk • Signals are supplied by different sensor supplies of this F-DI module

Front Panel Connector Design You will use a 40-pin front panel connector to wire fail-safe signal modules. There are two types of 40-pin front panel connector available: a spring-type connector and a screw-type connector (refer to Section 14 for order numbers).

Consult the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual for information about how to wire a 40-pin front panel connector.

Wiring


6.4 Replacing Fail-Safe Signal Modules

Inserting and Removing F-SMs in Standard Mode Fail-safe signal modules can be inserted and removed just like all standard signal modules in S7-300 and ET 200M.

If you configure the ET 200M with active bus modules , you can insert and remove the F-SMs while the ET 200M is in operation.

Inserting and Removing F-SMs in Safety Mode Fail-safe signal modules can be inserted and removed just like all standard signal modules in S7-300 and ET 200M.

If you configure the ET 200M with active bus modules, you can insert and remove the F-SMs during operation. If you are using an safety protector, you must use a special bus module to couple the safety protector with the active backplane bus (refer to Section 14 for the order number).

Irrespective of whether or not active bus modules are used, a module replacement in safety mode results in an error in safety-related communication (communication error) between the F-CPU and the replaced F-SM.

For additional information on the consequences of communication errors, refer to the S7 Distributed Safety, Configuring and Programming manual or Programmable Controllers S7 F/FH Systems manual.

! Warning The safety protector may not be inserted or removed during operation! (Insertion or removal would cause the ET 200M to fail.)

Note Address Setting for Module Replacement in Safety Mode When replacing a module, make sure that the address switch (DIP switch) on the backside of the F-SM has the same setting!

Additional Information Section 11.3 describes a configuration with an safety protector on the active backplane bus. The S7-300 Automation System, Configuration manual explains how to replace modules within an S7-300.

The ET 200M Distributed I/O Device manual explains how to replace modules within an ET 200M and describes the "module replacement during operation" function.

Wiring


6.5 Sensor and Actuator Requirements for F-SMs in Safety Mode

General Requirements for Sensors and Actuators Note the following important information for fail-safe use of sensors and actuators:

! Warning We cannot control the use of sensors and actuators. We have equipped our electronics from a safety engineering perspective such that we can leave 85% of the residual error probability for the sensors and actuators up to you. (This corresponds to the recommended load distribution between sensor devices, actuator devices, and electronic circuits for input, processing, and output in safety engineering).

Note, therefore, that instrumentation with sensors and actuators entails a considerable safety responsibility. Consider also that sensors and actuators generally do not endure a proof test interval of 10 years with IEC 61508 without a considerable safety degradation.

The probability of hazardous faults and the rate of occurrence of hazardous faults of a safety function must comply with an upper limit determined by a safety integrity level (SIL). You will find the values achieved by the F-SMs under "Safety Parameters" in the technical specifications for F-SMs, in Sections 9 and 10.

Sensors and actuators with relevant qualifications are required to achieve SIL 3 (AK 6, Category 4).

Additional Sensor Requirements In general, a single-channel sensor is sufficient to achieve AK4/SIL2/Cat.3, whereas sensors must be connected with two channels to achieve AK6/SIL3/Cat.4. However, to achieve AK4/SIL2/Cat.3 with a single-channel sensor, the sensor itself must have AK4/SIL2/Cat.3 capability, otherwise, this safety level can only be achieved with a two-channel sensor connection.

Additional Requirement for Sensors and NAMUR Sensors

! Warning When faults are detected in fail-safe input modules, a value of "0" is passed to the F-CPU. You must therefore ensure that the sensors are implemented such that a safe response from the safety program is achieved when a "0" state occurs

Example: In its safety program, an emergency OFF sensor must cause the respective actuator to switch off with "0" state (emergency OFF button pressed).

In order for pulses to be detected with certainty, the time between two signal changes (pulse duration) must be greater than the PROFIsafe monitoring time.

Wiring


Requirement for Duration of Sensor Signals for SM 326; DI 24 DC 24V

! Warning To guarantee proper acquisition of sensor signals by the SM 326; DI 24 DC 24V, you must ensure that the sensor signals exhibit a certain minimum duration.

Safe Acquisition by SM 326; DI 24 X DC 24V

The minimum sensor signal duration for proper acquisition by the SM 326; DI 24 DC 24V is dependent on the parameter assignment for the short-circuit test in STEP 7 (see Section 9.3).

Table 6-1 Minimum Duration of Sensor Signals for Proper Signal Acquisition by SM 326; DI 24 X DC 24V

Short-Circuit Test Parameter Minimum Duration of Sensor Signals

disabled to be determined enabled to be determined

Safe Acquisition by Safety Program in the F-CPU

For information on the times for proper acquisition of sensor signals in the safety program, refer to Section 9 of the Safety Engineering in SIMATIC S7 system description.

Additional Requirements for Actuators Fail-safe output modules test the outputs at regular intervals. To do so, the module briefly switches off activated outputs and briefly switches on any outputs that are switched off. These test pulses have the following duration:

• Dark period < 1 ms

• Bright period < 1 ms

Fast-responding actuators can briefly drop out or be activated during this test. If your process does not tolerate this, you must use actuators with a sufficient lag (> 1 ms).

! Warning If the actuators are operated at voltages higher than 24V DC (for example, 230 VDC) or if the actuators clear higher voltages, safe isolation must be ensured between the outputs of a fail-safe output module and the components carrying a higher voltage (in accordance with EN 50178).

This is generally the case for relays and contactors. Particular attention must be paid to this aspect for semiconductor switching devices.

Wiring


Avoiding Dark Periods in Safety Mode

! Warning If you are using actuators that respond too quickly exclusively during "dark period" test signal injection (i.e., < 1 ms), you can still use the internal test coordination by parallel-switching two opposite outputs (with a series diode) at a time. This parallel switching suppresses the dark periods (see "Parallel Switching of Two Outputs for Dark Period Suppression" in Section 9.6.4).

Technical Specifications for Sensors and Actuators You should also refer to Sections 9 and 10 for technical specifications for selecting sensors and actuators.

Wiring


7-1

7 Fault Reactions and Diagnostics

7.1 Introduction


• Reactions to faults in F-SMs in standard mode

• Reactions to faults in F-SMs in safety mode

• Diagnostics for F-SMs in the event of a fault

Fault Reactions and Diagnostics

7-2

7.2 Reactions to Faults in F-SMs

7.2.1 Reactions to Faults in Standard Mode

Reactions to Faults In standard mode, the fail-safe signal modules react to faults the same way as standard modules in S7-300 or ET 200M. When a fault or interrupt event occurs, either the CPU goes into STOP mode or the user program can react to the fault by means of an error OB or interrupt OB (see S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual).

Substitute Values Substitute values are assignable values that the fail-safe modules supply to the process, for example, when the following occur:

• CPU goes into STOP mode (or the CP goes into STOP mode, if a CP is the DP master)

• IM 153-2/-2 FO (ET 200M) goes into STOP mode

• PROFIBUS DP is disconnected

Substitute Value Output for Output Modules In safety mode, it is possible to apply substitute values "0", "1", or "Keep last value" in the case of fail-safe digital output modules. The substitute value is assigned in the object properties of the F-SM in HW Config (see Section 9).


7-3

7.2.2 Reactions to Faults in Safety Mode

Safe State (Safety Concept) The basic principle behind the safety concept is the existence of a safe state for all process variables. For digital signal modules, the safe state is, for example, the value "0". This applies to both sensors and actuators.

Reactions to Faults and Startup of F-System The safety function requires that fail-safe values (safe state) be used for a signal module instead of process values (passivation of fail-safe signal modules) in the following cases:

• When the F-system is started up

• In the case of errors during safety-related communication between the F-CPU and F-SM via the PROFIsafe safety protocol (communication error).

• In the case of F-I/O or channel faults (e.g., wire break, short circuit, discrepancy error)

Identified faults are entered in the diagnostic buffers of the F-SM and the CPU, and communicated to the safety program in the F-CPU.

! Warning For reaction to channel faults, remember during parameter assignment to enable group diagnostics on a channel-by-channel basis in the object properties dialog of the F-SM in HW Config for the following F-SMs (see Sections 9 and 10): • SM 326; DI 8 NAMUR • SM 326; DO 10 DC 24V/2A • SM 336; AI 6 13 Bit


7-4

Fail-safe value Output for Fail-Safe Signal Modules For fail-safe input modules, if passivation occurs, the F-system provides fail-safe values for the safety program instead of the process values pending at the fail-safe inputs:

• In S7 Distributed Safety F-systems: The fail-safe value is always (0) for fail-safe digital input and analog input modules.

• In S7 F/FH F-systems: The fail-safe value is always (0) for fail-safe digital input modules. The fail-safe value can be assigned in the safety program (in the fail-safe driver block) for fail-safe analog input modules.

For fail-safe output modules, if passivation occurs, the F-system transfers fail-safe values (0) to the fail-safe outputs instead of the output values provided by the safety program. The output channels go to the zero current and zero voltage state. This also applies when the F-CPU goes into STOP mode. It is not necessary to assign parameters for fail-safe values.

Depending on which F-system is used and the type of fault that occurred (F-I/O, channel, or communication error), fail-safe values are used either for the affected channel only or for all channels of the fail-safe signal module involved.

Reintegration of a Fail-Safe Signal Module Switchover from fail-safe values to process values (reintegration of an F-SM) occurs either automatically or only after user acknowledgement in the safety program. After reintegration, the following occurs:

• For a fail-safe input module, the process values pending at the fail-safe inputs are provided for the safety program

• For a fail-safe output module, the output values provided in the safety program are again transferred to the fail-safe outputs

Additional Information on Passivation and Reintegration For additional information on passivation and reintegration of F-I/O, refer to the S7 Distributed Safety, Configuring and Programming manual or S7 F/FH Automation Systems manual.


7-5

Disabling Group Diagnostics? The "Group diagnostics" parameter is used to enable and disable transfer of channel-specific diagnostic messages (e.g., wire break, short circuit) for the module to the CPU. For availability reasons, you should disable the group diagnostics on nonutilized input or output channels of the following F-SMs:


• SM 326; DO 10 DC 24V/2A

• SM 336; AI 6 13 Bit

! Warning In safety mode, group diagnostics must be enabled on all connected channels of fail-safe input and output modules. Verify that group diagnostics has been disabled only on nonutilized input and output channels.

For SM 326; DI 24 DC 24V and SM 326; DO 8 DC 24V/2A PM, the following applies:

If you disable a channel in STEP 7 HW Config, the group diagnostic for this channel is simultaneously disabled.


7-6

7.3 Diagnosis of Faults of F-SMs

Definition Diagnostics can be used to determine whether faults occurred during signal acquisition by the fail-safe signal modules. Diagnostic information is assigned either to a channel or to the module as a whole.

Diagnostic Functions Are Not Critical with Respect to Safety None of the diagnostic functions (displays and messages) are critical with respect to safety, and, thus, these functions are not implemented with fail-safe characteristics. That is, the diagnostic functions are not tested internally.

Diagnostic Options for Fail-Safe Signal Modules The following diagnostic options are available for fail-safe signal modules:

• LED display on front panel of module

• Diagnostic messages of fail-safe signal modules

Assignable and Nonassignable Diagnostic Messages For diagnostic evaluation, there is a distinction between assignable and nonassignable diagnostic messages.

! Warning Diagnostic functions must be enabled or disabled in coordination with the application.


7-7

Diagnostics by LED Display Diagnostic messages always result in illumination of the SF LED (group fault LED). The SF LED illuminates as soon as a diagnostic message is triggered by the F-SM. It is extinguished when all faults have been eliminated.

Limitation for the Following F-SMs:


• SM 326; DO 10 DC 24V/2A

• SM 336; AI 6 13 Bit

In the case of assignable diagnostic messages (for example, wire break or short circuit), the SF LED only illuminates if you enabled the diagnostics when assigning parameters ("Group diagnostics" parameter in the object properties of the F-SM in HW Config) (see Sections 9 and 10).

Diagnostic LEDs of F-SMs

Table 7-1 Diagnostic LEDs of F-SMs

Safety Mode Standard mode LED Channel or

Module Fault Module

Defective Channel or Module

Fault Module

Defective

SF (red) On On On On SAFE (green)

On Off Off Off

Diagnostic Interrupt When a fault is detected (for example, a short circuit), the fail-safe signal modules trigger a diagnostic interrupt, provided a diagnostic interrupt is enabled. The F-CPU interrupts execution of the user program (standard or safety) or the lower priority classes and executes the diagnostic interrupt block (OB82).

Assigning the Diagnostic Interrupt Enable The diagnostic interrupt is disabled by default. You can assign the diagnostic interrupt enable it in the object properties dialog for the F-SM in HW Config (see Sections 9 and 10).

Special Information on Diagnostic Messages All module-specific diagnostic messages and their possible causes and corrective measures are described in Sections 9 and 10.

Information is also included on which diagnostic messages have to be assigned and which are displayed on a channel-specific basis.


7-8

Reading Out Diagnostic Messages The cause of a fault can be read out with STEP 7 in the following ways:

• From the diagnostic buffer of the CPU or the diagnostic buffer of the module (STEP 7 function "Diagnose Hardware").

• In the standard user program with SFC 59 (see Section 12 and the System and Standard Functions reference manual).


8 General Technical Specifications

8.1 Introduction

Overview This section contains the following information on the fail-safe signal modules:

• Most important standards and approvals

• General technical specifications

This information applies to all standard products of the SIMATIC S7-300 and S7-400.

What are General Technical Specifications? The general technical specifications include the standards that were adhered to and the test values that were satisfied by the fail-safe signal modules when used in an S7-300/ET 200M, or the test criteria that were used when testing the signal modules.

General Technical Specifications


8.2 Standards and Approvals

CE Certification

Siemens products satisfy the requirements and safety objectives of the following European Community directives and comply with the harmonized European standards (EN) for programmable logic controllers published in the Gazette of the European Community: • 89/336/EWG ”Electromagnetic Compatibility” (EMC Guideline) • 73/23/EEC ”Electrical Equipment Designed for Use within Certain Voltage

Limits” (low voltage directive)

The EC declarations of conformity are kept available for the relevant authorities at:

Siemens Aktiengesellschaft Bereich Automatisierungstechnik A&D AS RD4 Postfach 1963 D-92209 Amberg

UL approval

Underwriters Laboratories Inc., in accordance with • UL 508 (Industrial Control Equipment) • CSA C22.2 No. 142 (Process Control Equipment) • UL 1604 (Hazardous Location) • CSA-213 (Hazardous Location) APPROVED for use in Class I, Division 2, Group A, B, C, D Tx; Class I, Zone 2, Group IIC Tx

Note

The nameplate of the module indicates the currently valid approvals.

FM approval

Factory Mutual Research (FM) in accordance with Approval Standard Class Number 3611, 3600, 3810 APPROVED for use in Class I, Division 2, Group A, B, C, D Tx; Class I, Zone 2, Group IIC Tx

! Warning

There is a risk of personal injury or property damage. In areas exposed to explosion hazard, personal injury or property damage can occur if plug-in connections are disconnected during operation. Before disconnecting plug-in connections in areas exposed to explosion hazard, always deenergize the distributed I/O.



In accordance with EN 50021 (Electrical Apparatus for Potentially Explosive Atmospheres; Type of Protection "n“)

II (3) G EEx nA II T3 to T6 (except for SM 326; DI 8 NAMUR)

II 3 (2) G EEx nA [ib] IIC T4 (SM 326; DI 8 NAMUR only) For SM 326; DI 8 NAMUR: 94/9/EC “Equipment and Protective Systems Intended for Use in Potentially Explosive Atmospheres" (Explosion Protection Guideline):

II (2) G [EEx ib] IIC This approval applies to explosive gas mixtures of Group IIC (see S7-300, M7-300, ET 200M Automation Systems, Principles of Intrinsically-Safe Design manual). The safety-related limit values can be obtained from the certificate of conformity (see Section 16).

Note

Modules with II (2) G [EEx ib] IIC approval are considered to be associated items of equipment and must therefore be installed outside the potentially explosive area. Intrinsically-safe electrical equipment items for Zones 1 and 2 may be connected.

Overview of UL and FM Approvals The table below provides an overview of the fail-safe signal modules including detailed information on approvals and fields of application.

Approval for:

Component UL 508 CSA C 22.2 No. 142UL 1604 CSA–213

FM 3611, 3600, 3810 CI. I Div. 2 CI. I Zone 2

ATEX 2671 X Guideline 94/9/EG

ATEX EN 50021: 1999

SM 326; DI 24 24 VDC Yes

Yes No II (3) G EEx nA II T3 to T6 available

SM 326; DI 8 NAMUR Yes

Yes II (2) G [EEx ib] IIC

available

II 3 (2) G EEx nA [ib] IIC T4 available

SM 326; DO 8 24 VDC/2 A PM

Yes Yes No Yes

SM 326; DO 10 24 VDC/2 A

Yes

Yes No II (3) G EEx nA II T3 to T6 available

SM 336; AI 6 13 Bit Yes Yes No II (3) G EEx nA II T3 to T6 available



Marking for Australia

The fail-safe signal modules satisfy the requirements of AS/NZS 2064 (Class A).

IEC 61131 The fail-safe signal modules satisfy the requirements and criteria of IEC 61131-2 (Programmable Controllers - Part 2: Equipment Requirements and Tests).

Field of Application SIMATIC products are designed for use in industrial environments.

Requirement Relating to Field of Application Emitted Interference Immunity to Interference

Industry EN 50081-2 :1993 EN 50082-2 :1995

TÜV Certificate and Standards The fail-safe signal modules are certified for the following standards. Refer to the report accompanying the TÜV certificate for the current version/edition of the standard. Functional Safety Standards

Machine Safety Standards

Other Standards

DIN V 19250 98/37/EC DIN VDE 0110-1 DIN V VDE 0801 EN 60204-1 73/23/EEC DIN V VDE 0801/A1 EN 954-1 93/68/EEC IEC 61508-1 to 7 Combustion Engineering

Standards EN 55011

EN 50159-1 and 2 DIN VDE 0116, Clause 8.7 EN 50081-2 Process Engineering Standards

prEN 50156-1 EN 50082-2

EN 230, Clause 7.3 EN 61131-2 DIN V 19251 VDI/VDE 2180-1, 2, 3 and 5 EN 298 Nos. 7.3, 8, 9, and

10

NE 31 DIN V ENV 1954 ISA S 84.01

Requesting TÜV Certificate You can request copies of the TÜV certificate and the accompanying report at the following address:

Siemens Aktiengesellschaft Bereich Automatisierungstechnik A&D AS RD ST Postfach 1963 D-92209 Amberg



8.3 Electromagnetic Compatibility

Introduction This section presents information on the interference immunity of fail-safe signal modules and information on radio interference suppression.

The fail-safe signal modules satisfy the requirements of the EMC legislation for the internal European market.

Definition of EMC Electromagnetic compatibility is the ability of an electrical device to function in its electromagnetic environment in a satisfactory manner without affecting this environment.

Pulse-Shaped Interference The table below shows the electromagnetic compatibility of the fail-safe signal modules with respect to pulse-shaped interferences. As a prerequisite, the S7-300/M7-300/ET 200M system must comply with the specifications and guidelines for electrical installation.

Pulse-Shaped Interference Tested With Degree of Severity

Electrostatic discharge in accordance with IEC 61000-4-2 (DIN VDE 0843 Part 2)

8 kV

6 kV

3 (air discharge)

3 (contact discharge)

Burst pulse (rapid transient interference) in accordance with IEC 61000-4-4 (DIN VDE 0843 Part 4)

2 kV (supply line)

2 kV (signal line)

3

4

Surge in accordance with IEC 61000-4-5 (DIN VDE 0839 Part 10) No external surge filter required (see S7-300 Automation System, Hardware and Installation:CPU 31xC and CPU 31x installation manual, Section “Lightning and Surge Voltage Protection”)*

Asymmetrical connection 1 kV (supply line)

1 kV (signal line/ data line)

2*

Symmetrical connection 0.5 kV (supply line)

0.5 kV (signal line/ data line)

* An external surge filter is required for severity level 3. The test value is then 2 kV for

unsymmetrical connections and 1 kV for symmetrical connections.



Overvoltage Protection for S7-300/ET 200M with Fail-Safe Signal Modules If your system has to achieve a greater level of protection than severity level 2, we recommend use of an external surge filter to ensure surge resistance in S7-300/ET 200M with fail-safe signal modules.

The exact type designation can be obtained in the S7-300 Automation System, Hardware and Installation:CPU 31xC and CPU 31x installation manual, Section “Lightning and Surge Voltage Protection”).

Note Lightning protection measures always require a case-by-case examination of the entire system. Nearly complete protection from overvoltages, however, can only be achieved if the entire building surroundings have been designed for overvoltage protection. In particular, this involves structural measures in the building design phase.

Therefore, for detailed information regarding overvoltage protection, we recommend that you contact your Siemens representative or a company specializing in lightning protection.

Sinusoidal Interferences HF radiation of the device in accordance with IEC 61000-4-3:

• Electromagnetic HF field, amplitude-modulated

From 80 MHz to 1000 MHz; 10 V/m; 80% AM (1 kHz)

• Electromagnetic HF field, pulse-modulated

900 ± 5 MHz; 10 V/m; 50% ESD; 200 Hz repetition frequency

• GSM/ISM field interferences of different frequencies (EN 298: 1998):

System Frequency Test Level Modulation

GSM 890-915 MHz 20 V/m Pulse modulation 200Hz

GSM 1710-1785 MHz 20 V/m Pulse modulation 200Hz

ISM 6,765-6,795 MHz 20 V/m AM, 80% 1 kHz ISM 13,553-13,567 MHz 20 V/m AM, 80% 1 kHz ISM 26,957-27,283 MHz 20 V/m AM, 80% 1 kHz ISM 40.66-40.70 MHz 20 V/m AM, 80% 1 kHz ISM 433.05-434.79 MHz 20 V/m AM, 80% 1 kHz ISM 3,370-3,410 MHz 20 V/m AM, 80% 1 kHz ISM 13,533-13,533 MHz 20 V/m AM, 80% 1 kHz ISM 13,567-13,587 MHz 20 V/m AM, 80% 1 kHz ISM 83,996-84,004 MHz 20 V/m AM, 80% 1 kHz ISM 167,992-168,008 MHz 20 V/m AM, 80% 1 kHz ISM 886,000-906,000 MHz 20 V/m AM, 80% 1 kHz



• HF interference on signal and data lines, etc., in accordance with IEC 61000-4-6, high frequency, unsymmetrical, and amplitude modulated

From 0.15 MHz to 80 MHz; 10 V root-mean-square value, unmodulated; 80% AM (1 kHz); 150 Ω Source impedance

Emission of Radio Interferences Emitted interference of electromagnetic fields in accordance with EN 55011: Limit class A, Group 1.

Between 20 MHz and 230 MHz < 30 dB (µV/m)Q Between 230 MHz and 1000 MHz; < 37 dB (µV/m)Q Measured at 30 m distance

Emitted interference over network AC power supply in accordance with EN 55011: Limit class A, Group 1.

Between 0.15 MHz and 0.5 MHz; < 79 dB (µV)Q, < 66 dB (µV)M Between 0.5 MHz and 5 MHz < 73 dB (µV)Q, < 60 dB (µV)M Between 5 MHz and 30 MHz < 73 dB (µV)Q, < 60 dB (µV)M

Redundant Configuration of ET 200M

Note If you use the ET 200M in a redundant configuration, it must be in a cabinet with sufficient damping to ensure that the limit values for radio interferences are adhered to.

Expanding the Field of Application

If you use the fail-safe signal modules in residential areas, you must ensure limit class B (EN 55011) for emission of radio interferences.

Measures to achieve the limit class B radio interference level include:

• Installation in grounded control cabinets/switchboxes

• Use of filters in power supply lines



8.4 Transport and Storage Conditions

Conditions for Fail-Safe Signal Modules Fail-safe signal modules exceed the requirements for transport and storage conditions specified in IEC 61131, Part 2. The information below applies to fail-safe signal modules that are transported and stored in their original packaging.

Type of Condition Permitted Range

Free fall ≤ 1 m Temperature - 40 °C to + 70 °C Air pressure 1080 hPA to 660 hPa

(corresponds to an altitude of -1000 m to 3500 m)

Relative humidity 5% to 95%, without condensation



8.5 Mechanical and Climatic Environmental Conditions

Conditions of Use The fail-safe signal modules are intended for weatherproof, stationary use. The conditions of use exceed the requirements of IEC 61131-2.

The fail-safe signal modules satisfy the conditions of application of class 3C3 in accordance with DIN EN 60721 3-3 (locations with high traffic intensity and in the immediate vicinity of industrial plants with chemical emissions).

Restrictions A fail-safe signal module must not be used without additional measures where the following conditions apply:

• Locations with a high level of ionizing radiation

• Locations with severe operating conditions; for example, due to

- Dust

- Corrosive vapors or gases

• Systems that require special monitoring, such as:

- Electrical systems in particularly hazardous spaces

An example of an additional measure for use of a fail-safe signal module is cabinet installation of the ET 200M/S7-300 with fail-safe signal modules.

Mechanical Environmental Conditions The following table presents the mechanical environmental conditions for fail-safe signal modules, expressed as sinusoidal vibrations.

Frequency Range (Hz) Continuous Intermittent

10 ≤ f ≤ 58 0.0375 mm amplitude 0.075 mm amplitude 58 ≤ f ≤ 150 0.5 g constant acceleration 1 g constant acceleration

Reduction of Vibration If the fail-safe signal modules are exposed to greater shocks or vibration, you must take suitable measures to reduce the acceleration and amplitude.

We recommend installation on dampening material (such as rubber-metal vibration dampers).



Testing for Mechanical Environmental Conditions The following table provides information about the type and scope of testing for mechanical environmental conditions.

Condition Test Standard Comments

Vibration Vibration test in accordance with IEC 68 Part 2-6 (sine)

Vibration method: frequency sweeps with a rate of change velocity of 1 octave per minute. 10 Hz ≤ f ≤ 58 Hz, constant amplitude 0.075 mm 58 Hz ≤ f ≤ 150 Hz, constant acceleration 1 g Vibration duration: 10 frequency sweeps per axis in each of three perpendicular axes

Shock pulse Shock pulse test in accordance with IEC 68 Part 2-27

Shock method: half sine Shock intensity: 15 g peak value, 11 ms duration Shock direction: 3 shocks each in +/- direction in each of three perpendicular axes

Climatic Environmental Conditions The fail-safe signal modules may be used under the following climatic environmental conditions:

Environmental Requirements

Range of Application Comments

Temperature: Horizontal installation: Vertical installation

0 to 60 °C 0 to 40 °C

-

Relative humidity 5% to 95%, No condensation; corresponds to relative humidity (RH) stress level 2 in accordance with IEC 1131-2

Air pressure 1080 hPa to 795 hPa Corresponds to an altitude of -1000 m to 2000 m

Pollutant concentration SO2: < 0.5 ppm; relative humidity < 60%, no condensation H2S: < 0.1 ppm; relative humidity < 60%, no condensation

Test: 10 ppm; 4 days 1 ppm; 4 days



8.6 Specifications for Nominal Line Voltages, Isolation Tests, Protection Class, and Degree of Protection

Nominal Line Voltages for Operation The fail-safe signal modules work with a nominal line voltage of 24 VDC. The tolerance range is 20.4 VDC to 28.8 VDC.

We recommend use of the Siemens "SITOP power" line of power supplies for supplying voltage.

Test Voltages Isolation stability is proven in routine testing with the following test voltages in accordance with IEC 1131 Part 2:

Circuits with Nominal Line Voltage Ue against Other Circuits and against the Ground

Test Voltage

0 V < Ue ≤ 50 V 500 VDC

Protection Class Protection class I in accordance with IEC 60536 (VDE 0106, Part 1), i.e., ground terminal required on DIN rail!

Foreign Body and Water Protection Degree of protection IP 20 in accordance with EN 60529, i.e., protection from contact with standard test probes

Additional: Protected from foreign bodies with diameters over 12.5 mm.

No special protection from water.



8.7 Use of Fail-Safe Signal Modules in Zone 2 Potentially Explosive Atmosphere

8.7.1 Einsatz der fehlersicheren Signalbaugruppen im explosionsgefährdeten Bereich Zone 2

Zone 2 Explosionsgefährdete Bereiche werden in Zonen eingeteilt. Die Zonen werden nach der Wahrscheinlichkeit des Vorhandenseins einer explosionsfähigen Atmosphäre unterschieden.

Zone Explosionsgefahr Example 2 explosive Gasatmosphäre tritt nur

selten und kurzzeitig auf Bereiche um Flanschverbindungen mit Flach-dichtungen bei Rohrleitungen in geschlossenen Räumen

sicherer Bereich No außerhalb der Zone 2 Standardanwendungen von dezentraler Peripherie

Nachfolgend finden Sie wichtige Hinweise für die Installation der fehlersicheren Signalbaugruppen im explosionsgefährdeten Bereich.

Fertigungsort Siemens AG, Bereich A&D Werner-von-Siemens-Straße 50 92224 Amberg Germany

Zulassung für S7-300 Fehlersichere Signalbaugruppen

II 3 G EEx nA II T3 .. T6 nach EN 50021 : 1999

Prüfnummer: KEMA 02ATEX1096 X

Note Baugruppen mit der Zulassung II 3 G EEx nA II T3 .. T6 dürfen nur in Automatisierungssystemen SIMATIC S7-300 / ET 200M der Gerätekategorie 3 eingesetzt werden.



Instandhaltung Für eine Reparatur muss die betroffene Komponente an den Fertigungsort geschickt werden. Nur dort darf die Reparatur durchgeführt werden.

Besondere Bedingungen Die fehlersicheren Signalbaugruppen müssen in einen Schaltschrank oder ein metallisches Gehäuse eingebaut werden. Diese müssen mindestens die Schutzart IP 54 (nach EN 60529) gewährleisten. Dabei sind die Umgebungsbedingungen zu berücksichtigen, in denen das Gerät installiert wird. Für das Gehäuse muss eine Herstellererklärung für Zone 2 vorliegen (gemäß EN 50021).

Wenn am Kabel bzw. an der Kabeleinführung dieses Gehäuses unter Betriebs-bedingungen eine Temperatur > 70 °C erreicht wird oder wenn unter Betriebs-bedingungen die Temperatur an der Aderverzweigung > 80 °C sein kann, müssen die Temperatureigenschaften der Kabel mit den tatsächlich gemessenen Temperaturen übereinstimmen.

Die eingesetzten Kabeleinführungen müssen der geforderten IP-Schutzart und dem Abschnitt 7.2 (gemäß EN 50021) entsprechen.

Alle Geräte, einschließlich Schalter etc., die an den Ein- und Ausgängen von fehlersicheren Signalbaugruppen angeschlossen werden, müssen für den Explosionsschutz Typ EEx nA oder EEx nC genehmigt sein.

Es müssen Maßnahmen getroffen werden, dass die Nennspannung durch Transienten um nicht mehr als 40 % überschritten werden kann.

Umgebungstemperaturbereich: 0° C bis 60° C

Innerhalb des Gehäuses ist an einem nach dem Öffnen gut sichtbaren Platz ein Schild mit folgender Warnung anzubringen:

! Warning Das Gehäuse darf nur kurze Zeit geöffnet werden, z. B. für visuelle Diagnose. Betätigen Sie dabei keine Schalter, ziehen oder stecken keine Baugruppen und trennen keine elektrischen Leitungen (Steckverbindungen). Diese Warnung kann unberücksichtigt bleiben, wenn bekannt ist, dass keine explosionsgefährdete Atmosphäre herrscht.

Liste der zugelassenen Baugruppen Die Liste mit den zugelassenen Baugruppen finden Sie im Internet: http://www4.ad.siemens.de/WW/view/de/

unter der Beitrags-ID 13702947.

http://www4.ad.siemens.de/WW/view/de/13702947



8.7.2 Use of Fail-Safe Signal Modules in a Zone 2 Hazardous Area

Zone 2 Hazardous areas are divided up into zones. The zones are distinguished according to the probability of the existence of an explosive atmosphere.

Zone Explosion Hazard Example 2 Explosive gas atmosphere occurs

only seldom and for a short time Areas around flange joints with flat gaskets in pipes in enclosed spaces

Safe area No Outside zone 2 Standard distributed I/O applications

Below you will find important information on the installation of fail-safe signal modules in a hazardous area.

Production Location Siemens AG, Bereich A&D Werner-von-Siemens-Straße 50 92224 Amberg Germany

Certification for S7-300 Fail-Safe Signal Modules

II 3 G EEx nA II T3 to T6 to EN 50021 : 1999

Test number: KEMA 02ATEX1096 X

Note

Modules with II 3 G EEx nA II T3 to T6 certification can only be used in SIMATIC S7-300/ET 200M automation systems belonging to equipment category 3.



Maintenance If repair is necessary, the affected component must be sent to the production location. Repairs can only be carried out there.

Special Conditions The fail-safe signal modules must be installed in a switch cabinet or a metal housing. These must comply with the IP 54 degree of protection at a minimum. The environmental conditions under which the equipment is installed must be taken into account. There must be a manufacturer's declaration for zone 2 available for the housing (in accordance with EN 50021).

If a temperature of > 70 °C is reached in the cable or at the cable entry of this housing under operating conditions, or if a temperature of > 80 °C can be reached at the junction of the conductors under operating conditions, the temperature-related properties of the cables must correspond to the temperatures actually measured.

The cable entries used must comply with the required IP degree of protection and Section 7.2 (in accordance with EN 50021).

All devices (including switches, etc.) that are connected to the inputs and outputs of fail-safe signal modules must be approved for EEx nA or EEx nC explosion protection.

Steps must be taken to ensure that the rated voltage through transients cannot be exceeded by more than 40%.

Ambient temperature range: 0° C to 60° C

A sign containing the following warning must be put up inside the housing in an easily visible position when the housing is opened:

! Warning The housing can only be opened for a short time (e.g., for visual diagnostics). If you do this, do not operate any switches, remove or install any modules, or disconnect any electrical cables (plug-in connections). You can disregard this warning if you know that the atmosphere is not hazardous (i.e., there is no risk of explosion).

List of Approved Modules You will find the list of approved modules under the ID 13702947 on the Internet:

http://www4.ad.siemens.de/WW/view/en/

http://www4.ad.siemens.de/WW/view/en/13702947



8.7.3 Utilisation des modules de signaux de sécurité dans un environnement à risque d'explosion en zone 2

Zone 2 Les environnements à risque d'explosion sont répartis en zones. Les zones se distinguent par la probabilité de présence d'une atmosphère explosive.

Zone Risque d'explosion Exemple 2 Formation rare et brève d'une

atmosphère gazeuse explosive Environnement de raccords à joints plats dans le cas de conduites dans des locaux fermés

Zone sûre Non A l'extérieur de la zone 2 Utilisation standard de périphérie décentralisée

Vous trouverez ci-après des remarques importantes pour l'installation des modules de signaux de sécurité dans un environnement à risque d'explosion.

Lieu de production Siemens AG, Bereich A&D Werner-von-Siemens-Straße 50 92224 Amberg Germany

Homologation pour modules de signalisation S7-300 à sécurité intrinsèque

II 3 G EEx nA II T3 .. T6 selon EN 50021 : 1999

Numéro de contrôle : KEMA 02ATEX1096 X

Note Les modules homologués II 3 G EEx nA II T3 .. T6 ne peuvent être utilisés que dans des automates SIMATIC S7-300 / ET 200M de catégorie 3.



Entretien Si une réparation est nécessaire, la composante concernée doit être expédiée au lieu de production. La réparation ne doit être effectuée qu'en ce lieu.

Conditions particulières Les modules de signalisation et autres modules à sécurité intrinsèque doivent être logés dans une armoire de commande ou un boîtier métallique. Ceux-ci doivent assurer au moins l'indice de protection IP 54. Il faut alors tenir compte des conditions d'environnement dans lesquelles l'appareil est installé. Le boîtier doit faire l’objet d’une déclaration de conformité du fabricant pour la zone 2 (selon EN 50021).

Si dans les conditions d’exploitation, une température > 70 °C est atteinte au niveau du câble ou de l’entrée du câble dans ce boîtier, ou bien si la température au niveau de la dérivation des conducteurs peut être > 80 °C, les capacités de résistance thermique des câbles doivent corespondre aux températures effectivement mesurées.

Les entrées de câbles utilisées doivent avoir le niveau de protection IP exigé et être conformes au paragraphe 7.2 (selon EN 50021).

Tous les appareillages (y compris les interrupteurs, etc.) raccordés aux entrées et sorties de modules de signaux à sécurité intrinsèque doivent être homologués pour la protection antidéflagrante type EEx nA ou EEx nC.

Il faut prendre des mesures pour que la tension nominale ne puisse pas être dépassée de plus de 40% sous l’influence de transitoires.

Plage de température ambiante : 0° C à 60° C

A l’intérieur du boîtier, il faut placer, à un endroit bien visible après ouverture, une plaquette comportant l’avertissement suivant :

! Avertissement Ouvir le boîtier le moins longtemps possible, par exemple pour effectuer un diagnostic visuel. Ce faisant, n’actionnez aucun commutateur, ne déconnectez aucun module et ne débranchez pas de câbles électriques (connexions). Le respect de cet avertissement n’est pas impératif s’il est certain que l’environnement ne présente pas de risque d’explosion.

Liste des modules homologués Vous trouverez sur Internet la liste des modules homologués :

http://www4.ad.siemens.de/WW/view/fr/

référence ID 13702947.

http://www4.ad.siemens.de/WW/view/fr/13702947



8.7.4 Aplicación de módulos de señales de alta disponibilidad en áreas con peligro de explosión, zona 2

Zona 2 Las áreas con peligro de explosión se clasifican en zonas. Las zonas se diferencian según la probabilidad de la existencia de una atmósfera capaz de sufrir una explosión.

Zona Peligro de explosión Ejemplo 2 La atmósfera explosiva de gas

sólo se presenta rara vez y muy brevemente

Áreas alrededor de uniones abridadas con juntas planas en tuberías en locales cerrados

Área segura No fuera de la zona 2 Aplicaciones estándar de la periferia descentralizada

A continuación encontrará importantes informaciones para la instalación de los módulos de señales de alta disponibilidad en áreas con peligro de explosión.

Lugar de fabricación Siemens AG, Bereich A&D Werner-von-Siemens-Straße 50 92224 Amberg Germany

Homologación para módulos de señalización de seguridad S7-300

II 3 G EEx nA II T3 .. T6 efter EN 50021 : 1999

Número de comprobación: KEMA 02ATEX1096 X

Nota Los módulos con la homologación II 3 G EEx nA II T3 .. T6 pueden utilizarse únicamente en los autómatas programables SIMATIC S7-300 / ET 200M de la categoría de equipo 3.



Mantenimiento Para una reparación se ha de remitir el componente afectado al lugar de fabricación. Sólo allí se puede realizar la reparación.

Condiciones especiales Los módulos de señalización de seguridad/módulos deben ir montados en un armario de distribución o una caja metálica. Éstos deben garantizar como mínimo el grado de protección IP 54. Para ello se han de tener en cuenta las condiciones ambientales, en las cuales se instala el equipo. La caja deberá contar con una declaración del fabricante para la zona 2 (conforme a EN 50021).

Si durante la operación se alcanzara una temperatura > 70° C en el cable o la entrada de cables de esta caja o bien una temperatura > 80° C en la bifurcación de hilos, deberán adaptarse las propiedades térmicas de los cables a las temperaturas medidas efectivamente.

Las entradas de cable utilizadas deben cumplir el grado de protección IP exigido y lo expuesto en el apartado 7.2 (conforme a EN 50021).

Todos los dispositivos –inclusive interruptores, etc.– conectados a las entradas y salidas de módulos de señales de alta disponibilidad deben estar homologados para la protección contra explosiones del tipo EEx nA o EEx nC.

Es necesario adoptar las medidas necesarias para evitar que la tensión nominal pueda rebasar en más del 40 % debido a efectos transitorios.

Margen de temperatura ambiente: 0° C hasta 60° C

Dentro de la caja deberá colocarse en un lugar perfectamente visible tras su apertura un rótulo con la siguiente advertencia:

! Precaución Abrir la caja sólo brevemente, p.ej. para el diagnóstico visual. Durante este tiempo Ud. no deberá activar ningún interruptor, desenchufar o enchufar módulos ni separar conductores eléctricos (conexiones enchufables). Esta advertencia puede ignorarse si Ud. sabe que en la atmósfera existente no hay peligro de explosión.

Lista de los módulos homologados En la internet hallará Ud. una lista con los módulos homologados:

http://www4.ad.siemens.de/WW/view/es/

bajo el ID de asignación 13702947.

http://www4.ad.siemens.de/WW/view/es/13702947



8.7.5 Impiego delle unità di segnale ad elevata sicurezza nell'area a pericolo di esplosione zona 2

Zona 2 Le aree a pericolo di esplosione vengono suddivise in zone. Le zone vengono distinte secondo la probabilità della presenza di un'atmosfera esplosiva.

Zona Pericolo di esplosione Esempio 2 L'atmosfera esplosiva si presente

solo raramente e brevemente Aree intorno a collegamenti a flange con guarnizioni piatte nelle condotte in ambienti chiusi

Area sicura No Al di fuori della zona 2 Applicazioni standard di periferia decentrata

Qui di seguito sono riportate delle avvertenze importanti per l'installazione delle unità di segnale ad elevata sicurezza nell'area a pericolo di esplosione.

Luogo di produzione Siemens AG, Bereich A&D Werner-von-Siemens-Straße 50 92224 Amberg Germany

Omologazione per le unità di segnale S7-300 ad elevata sicurezza

II 3 G EEx nA II T3 .. T6 secondo EN 50021 : 1999

Numero di controllo: KEMA 02ATEX1096 X

Avvertenza Le unità con l'autorizzazione II 3 G EEx nA II T3 .. T6 possono essere impiegate solo nei sistemi di controllori programmabili SIMATIC S7-300 / ET 200M della categoria di apparecchiature 3.



Manutenzione Per una riparazione, il componente interessato deve essere inviato al luogo di produzione. La riparazione può essere effettuata solo lì.

Condizioni particolari Le unità di segnale/moduli ad elevata sicurezza devono essere montati in un armadio elettrico o in un contenitore metallico. Questi devono assicurare almeno il tipo di protezione IP 54. In questo caso bisogna tenere conto delle condizioni ambientali nelle quali l'apparecchiatura viene installata. Per il contenitore deve essere presente una dichiarazione del costruttore per la zona 2 (secondo EN 50021).

Se nei cavi o nel loro punto di ingresso in questo contenitore viene raggiunta in condizioni di esercizio una temperatura > 70 °C o se in condizioni di esercizio la temperatura nella derivazione dei fili può essere > 80 °C, le caratteristiche di temperatura dei cavi devono essere conformi alla temperatura effettivamente misurata.

Gli ingressi dei cavi usati devono essere conformi al tipo di protezione richiesto e alla sezione 7.2 (secondo EN 50021).

Tutte le apparecchiature, inclusi interruttori, ecc. che vengono collegati agli ingressi/uscite di unità di segnale ad elevata sicurezza, devono essere stati omologati per la protezione da esplosione tipo EEx nA o EEx nC.

Devono essere prese delle misure per evitare che la tensione nominale possa essere superata per più del 40% da parte di transienti.

Campo termico ambientale: da 0° C a 60° C

All’interno del contenitore va apportata, in un luogo ben visibile dopo l’apertura, una targhetta con il seguente avvertimento:

! Attenzione Il contenitore può rimanere aperto solo per breve tempo, ad esempio per una diagnostica a vista. In tal caso non azionare alcun interruttore, non disinnestare o innestare unità e non staccare connessioni elettriche (connettori). Non è necessario tenere conto di questo avvertimento se è noto che non c’è un’atmosfera a rischio di esplosione.

Elenco delle unità abilitate La lista con le unità omologate si trova in Internet al sito:

http://www4.ad.siemens.de/WW/view/it/

all’ID di voce 13702947.

http://www4.ad.siemens.de/WW/view/it/13702947



8.7.6 Gebruik van de foutbestendige signaalmodulen het explosieve gebied zone 2

Zone 2

Explosieve gebieden worden ingedeeld in zones. Bij de zones wordt onderscheiden volgens de waarschijnlijkheid van de aanwezigheid van een explosieve atmosfeer.

Zone Explosiegevaar Voorbeeld 2 Een explosieve gasatmosfeer

treedt maar zelden op en voor korte duur

Gebieden rond flensverbindingen met pakkingen bij buisleidingen in gesloten vertrekken

Veilig gebied neen Buiten de zone 2 Standaardtoepassingen van decentrale periferie

Hierna vindt u belangrijke aanwijzingen voor de installatie van de foutbestendige signaalmodulen in een explosief gebied.

Productieplaats Siemens AG, Bereich A&D Werner-von-Siemens-Strasse 50 92224 Amberg Germany

Vergunning voor de tegen fouten beveiligde signaalmodulen S7-300

II 3 G EEx nA II T3 .. T6 conform EN 50021 : 1999

Keuringsnummer: KEMA 02ATEX1096 X

Opmerking Modulen met de vergunning II 3 G EEx nA II T3 .. T6 mogen slechts worden gebruikt in automatiseringssystemen SIMATIC S7-300 / ET 200M van de apparaatcategorie 3.



Instandhouding De te herstellen component moet voor reparatie naar de plaats van vervaardiging worden gestuurd. Alleen daar mag de reparatie worden uitgevoerd.

Speciale voorwaarden De tegen fouten beveiligde signaalmodulen/module moeten worden ingebouwd in een schakelkast of in een behuizing van metaal. Deze moeten minstens de veiligheidsgraad IP 54 waarborgen. Hierbij dient rekening te worden gehouden met de omgevingsvoorwaarden waarin het apparaat wordt geïnstalleerd. Voor de behuizing dient een verklaring van de fabrikant voor zone 2 te worden ingediend (volgens EN 50021).

Als aan de kabel of aan de kabelinvoering van deze behuizing onder bedrijfsomstandigheden een temperatuur wordt bereikt > 70 °C of als onder bedrijfsomstandigheden de temperatuur aan de adervertakking > 80 °C kan zijn, moeten de temperatuureigenschappen van de kabel overeenstemmen met de werkelijk gemeten temperaturen.

De aangebrachte kabelinvoeringen moeten de vereiste IP-veiligheidsgraad hebben en in overeenstemming zijn met alinea 7.2 (volgens EN 50021).

Alle apparaten, schakelaars enz. inbegrepen, die worden aangesloten op de in- en uitgangen van tegen fouten beveiligde signaalmodulen, moeten zijn goedgekeurd voor de explosiebeveiliging type EEx nA of EEx nC.

Er dienen maatregelen te worden getroffen, zodat de nominale spanning door transiënten met niet meer dan 40 % kan worden overschreden.

Omgevingstemperatuurbereik: 0° C tot 60° C

Binnen de behuizing dient op een na het openen goed zichtbare plaats een bord te worden aangebracht met de volgende waarschuwing:

! Waarschuwing De behuizing mag slechts voor korte tijd worden geopend, bijv. voor een visuele diagnose. Bedien hierbij geen schakelaar, trek of steek geen modulen en ontkoppel geen elektrische leidingen (steekverbindingen). Deze waarschuwing kan buiten beschouwing blijven, indien bekend is dat er geen explosieve atmosfeer heerst.

Lijst van de toegelaten modulen De lijst met de toegelaten modulen vindt u in het internet:


onder de bijdrage-ID 13702947.




8.7.7 Brug af fejlsikre signalkomponenter i det eksplosions-farlige område zone 2

Zone 2 Eksplosionsfarlige områder inddeles i zoner. Zonerne adskiller sig indbyrdes efter hvor sandsynligt det er, at der er en eksplosiv atmosfære.

Zone Eksplosionsfare Eksempel 2 Eksplosiv gasatmosfære optræder

kun sjældent og varer kort Områder rundt om flangeforbindelser med flade pakninger ved rørledninger i lukkede rum

Sikkert område Nej Uden for zone 2 Standardanvendelser decentral periferi

I det følgende findes vigtige henvisninger vedr. installation af de fejlsikre signalkomponenter i det eksplosionsfarlige område.

Produktionssted Siemens AG, Bereich A&D Werner-von-Siemens-Straße 50 92224 Amberg Germany

Tilladelse for S7-300 fejlsikre signalkomponenter

II 3 G EEx nA II T3 .. T6 efter EN 50021 : 1999

Kontrolnummer: KEMA 02ATEX1096 X

Bemærk Komponenter med godkendelsen II 3 G EEx nA II T3 .. T6 må kun monteres i automatiseringssystemer SIMATIC S7-300 / ET 200M - udstyrskategori 3.



Vedligeholdelse Skal den pågældende komponent repareres, bedes De sende den til produktionsstedet. Reparation må kun udføres der.

Særlige betingelser De fejlsikre signalkomponenter/moduler skal monteres i et kontaktskab eller et metalbelagt kabinet. Disse skal mindst kunne sikre beskyttelsesklasse IP 54. I denne forbindelse skal der tages højde for de omgivelsestemperaturer, i hvilke udstyret er installeret. Der skal være udarbejdet en erklæring fra fabrikanten for kabinettet for zone 2 (iht. EN 50021).

Hvis kablet eller kabelindføringen på dette hus når op på en temperatur på > 70 °C under driftsbetingelser eller hvis temperaturen på åreforegreningen kan være > 80 °C under driftsbetingelser, skal kablernes temperaturegenskaber stemme overens med de temperaturer, der rent faktisk måles.

De benyttede kabelindføringer skal være i overensstemmelse med den krævede IP-beskyttelsestype og afsnittet 7.2 (iht. EN 50021).

Alle apparater, inkl. kontakter osv., der forbindes med ind- og udgangene til fejlsikre signalkomponenter, skal være godkendt til eksplosionsbeskyttelse af type EEx nA eller EEx nC.

Der skal træffes foranstaltninger, der sørger for, at den nominelle spænding via transienter ikke kan overskrides mere end 40 %.

Omgivelsestemperaturområde:0° C til 60° C

I kabinettet skal der anbringes et skilt, der skal kunne ses, når kabinettet åbnes. Dette skilt skal have følgende advarsel:

! Advarsel Kabinettet må kun åbnes i kort tid, f.eks. til visuel diagnose. Tryk i denne forbindelse ikke på kontakter, træk eller isæt ikke komponenter og afbryd ikke elektriske ledninger (stikforbindelser). Denne advarsel skal der ikke tages højde for, hvis man ved, at der ikke er nogen eksplosionsfarlig atmosfære.

Liste over godkendte komponenter Listen med de godkendte komponenter findes på internettet:


under bidrags-ID 13702947.




8.7.8 Virheiltä suojattujen signaalirakenneryhmien käyttö räjähdysvaarannetuilla alueilla, vyöhyke 2

Vyöhyke 2 Räjähdysvaarannetut alueet jaetaan vyöhykkeisiin. Vyöhykkeet erotellaan räjähdyskelpoisen ilmakehän olemassa olon todennäköisyyden mukaan.

Vyöhyke Räjähdysvaara Esimerkki 2 Räjähtävä kaasuilmakehä

ilmaantuu vain harvoin ja lyhytaikaisesti

Alueet putkistojen lattatiivisteillä varustuilla laippaliitoksilla suljetuissa tiloissa

turvallinen alue ei vyöhykkeen 2 ulkopuolella hajautetun ulkopiirin vakiosovellukset

Seuraavasta löydätte tärkeitä ohjeita virheiltä suojattujen signaalirakenneryhmien asennukseen räjähdysvaarannetuilla alueilla.

Valmistuspaikka Siemens AG, Bereich A&D Werner-von-Siemens-Straße 50 92224 Amberg Germany

Hyväksyntä S7-300 virhevarmoja signaalirakenneryhmiä varten

II 3 G EEx nA II T3 .. T6 EN 50021 mukaan: 1999

Tarkastusnumero: KEMA 02ATEX1096 X

Ohje Rakenneryhmät hyväksynnän II 3 G EEx nA II T3 .. T6 kanssa saadaan käyttää ainoastaan laitekategorian 3 automatisointijärjestelmissä SIMATIC S7-300/ ET 200M.



Kunnossapito Korjausta varten täytyy kyseinen komponentti lähettää valmistuspaikkaan. Korjaus voidaan suorittaa ainoastaan siellä.

Erityiset vaatimukset Virhevarmat signaalirakenneryhmät/moduulit täytyy asentaa kytkentäkaappiin tai metalliseen koteloon.. Näiden täytyy olla vähintään kotelointiluokan IP 54 mukaisia. Tällöin on huomioitava ympäristöolosuhteet, johon laite asennetaan. Kotelolle täytyy olla valmistajaselvitys vyöhykettä 2 varten (EN 50021 mukaan).

Kun johdolla tai tämän kotelon johdon sisäänviennillä saavutetaan > 70 °C lämpötila tai kun käyttöolosuhteissa lämpötila voi piuhajaotuksella olla > 80 °C, täytyy johdon lämpötilaominaisuuksien vastata todellisesti mitattuja lämpötiloja.

Käytettyjen johtojen sisäänohjauksien täytyy olla vaaditun IP-kotelointiluokan ja kohdan 7.2 (EN 50021 mukaan) mukaisia.

Kaikkien laitteiden, kytkimet jne. mukaan lukien, jotka liitetään virheiltä suojattujen signaalirakenneryhmien tuloille ja lähdöille, täytyy olla hyväksyttyjä tyypin EEx nA tai EEx nC räjähdyssuojausta varten.

Toimenpiteet täytyy suorittaa, ettei nimellisjännite voi transienttien kautta ylittyä enemmän kuin 40 %.

Ympäristölämpötila-alue: 0° C ... 60° C

Kotelon sisälle, avauksen jälkeen näkyvälle paikalle, on kiinnitettävä kilpi, jossa on seuraava varoitus:

! Varoitus Kotelo saadaan avata ainoastaan lyhyeksi ajaksi, esim. visuaalista diagnoosia varten. Älä tällöin käytä mitään kytkimiä, vedä tai liitä mitään rakenneryhmiä, äläkä erota mitään sähköjohtoja (pistoliittimiä). Tätä varoitusta ei tarvitse huomioida, kun on tiedossa, että minkäänlaista räjähdysvaarannettua ilmakehää ei ole olemassa.

Hyväksyttyjen rakenneryhmien lista Lista hyväksiytyistä rakennesarjoista löytyy internetistä osoitteesta:


käyttäjätunnuksella 13702947.




8.7.9 Användning av felsäkrade signalkomponent-grupper i explosions-riskområde zon 2

Zon 2 Explosionsriskområden delas in i zoner. Zonerna delas in enligt sannolikheten att en atmosfär med explosionsfara föreligger.

Zon Explosionsfara Exempel 2 Explosiv gasatmosfär uppstår

endast sällan eller kortvarigt Områden kring flänsförbindelser med packningar vid rörledningar i slutna utrymmen

Säkert område Nej Utanför zon 2 Standardanvändning av decentral periferi

Nedan följer viktiga anvisningar om installationen av de felsäkrade signalkomponentgruppern i ett explosionsriskområde.

Tillverkningsort Siemens AG, Bereich A&D Werner-von-Siemens-Straße 50 92224 Amberg Germany

Godkännande för S7-300 felsäkrade signalenheter

II 3 G EEx nA II T3 .. T6 enligt EN 50021 : 1999

Kontrollnummer: KEMA 02ATEX1096 X

Anvisning

Komponentgrupper med godkännande II 3 G EEx nA II T3 .. T6 får endast användas i automatiseringssystemen SIMATIC S7-300 / ET°200M från apparatgrupp 3.



Underhåll Vid reparation måste den aktuella komponenten insändas till tillverkaren. Reparationer får endast genomföras där.

Särskilda villkor De felsäkrade signalenheterna/modulerna måste monteras i ett kopplingsskåp eller metallhus. Dessa måste minst vara av skyddsklass IP 54. Därvid ska omgivningsvillkoren där enheten installeras beaktas. För kåpan måste en tillverkardeklaration för zon 2 föreligga (enligt EN 50021).

Om en temperatur på > 70°C uppnås vid husets kabel resp kabelinföring under driftvillkor eller om temperaturen vid trådförgreningen kan vara > 80°C under driftvillkor, måste kabelns temperaturegenskaper överensstämma med den verkligen uppmätta temperaturen.

De använda kabelinföringarna måste uppfylla kraven i det krävda IP-skyddsutförandet och i avsnitt 7.2 (enligt EN 50021).

Alla apparater, inklusive brytare osv, som ansluts till felsäkrade signalenheters in- och utgångar, måste vara godkända för explosionsskydd av typ EEx nA eller EEx nC.

Åtgärder måste vidtas så, att märkspänningen ej kan överskridas med mer än 40°% genom transienter.

Omgivningstemperatur: 0° C till 60° C

När huset öppnats ska en skylt med följande varning monteras på ett tydligt synligt ställe huset:

! Varning Huset får endast öppnas under kort tid, t ex för visuell diagnos. Använd därvid inga brytare, lossa eller anslut inga enheter och frånskilj inga elektriska ledningar (insticksanslutningar). Ingen hänsyn måste tas till denna varning om det är säkert att det inte råder någon explosionsfarlig atmosfär.

Lista över godkända komponentgrupper Lista över godkända enheter återfinns i Internet:


under bidrags-ID 13702947.




8.7.10 Uso de grupos de componentes de sinais protegidos contra erro em área exposta ao perigo de explosão, zona 2

Zona 2 As áreas expostas ao perigo de explosão são divididas em zonas. As zonas são diferenciadas de acordo com a probabilidade da existência de uma atmosfera explosiva.

Zona Perigo de explosão Exemplo 2 Só raramente e por um breve

período de tempo surgem atmosferas explosivas

Áreas em torno de ligações flangeadas com vedações chatas em tubulações em recintos fechados

Área segura não fora da zona 2 Aplicações descentralizadas de periferia

descentralizada

A seguir, o Sr. encontrará avisos importantes para a instalação dos grupos de componentes de sinais protegidos contra erro em área exposta ao perigo de explosão.

Local de produção Siemens AG, Bereich A&D Werner-von-Siemens-Straße 50 92224 Amberg Germany

Licença para os Grupos de Sinal sem Defeitos S7-300

II 3 G EEx nA II T3 .. T6 seg. EN 50021 : 1999

Número de ensaio: KEMA 02ATEX1096 X

Aviso

Componentes com a licença II 3 G EEx nA II T3 .. T6 só podem ser aplicados em sistemas de automação SIMATIC S7-300 / ET 200M da categoria de aparelho 3.



Reparo Os componentes em questão devem ser remetidos para o local de produção a fim de que seja realizado o reparo. Apenas lá deve ser efetuado o reparo.

Condições especiais Os grupos de sinal/módulos sem defeito devem ser montados dentro de um armário do quadro de comandos ou de uma caixa metálica. Estes devem garantir no mínimo o tipo de proteção IP 54. Durante este trabalho deverão ser levados em consideração as condições locais, nas quais o aparelho será instalado. Para a caixa deverá ser apresentada uma declaração do fabricante para a zona 2 (de acordo com EN 50021).

Caso no cabo ou na entrada do cabo desta carcaça sob as condições operacionais seja atingida uma temperatura de > 70 °C, ou caso sob condições operacionais a temperatura na ramificação do fio poderá atingir > 80 °C, as caraterísticas de temperatura deverão corresponder às temperaturas realmente medidas.

As entradas de cabo utilizadas devem corresponder ao tipo exigido de proteção IP e à seção 7.2 (de acordo com o EN 50021).

Todos os aparelhos, inclusive as chaves, etc., que estejam conectadas em entradas e saídas de módulos de sinais protegidos contra erro, devem possuir a licença para a proteção de explosão do tipo EEx nA ou EEx nC.

Precisam ser tomadas medidas para que a tensão nominal através de transitórios não possa ser ultrapassada em mais que 40 %.

Área de temperatura ambiente: 0° C até 60° C

No âmbito da carcaça deve ser colocada, após a abertura, em um ponto bem visível uma placa com a seguinte advertência:

! Advertência A carcaça deve ser aberta apenas por um breve período de tempo, por ex. para diagnóstico visual. Não acione nenhum interruptor, não retire ou conecte nenhum módulo e não separe nenhum fio elétrico (ligações de tomada). Esta advertência poderá ser ignorada caso se saiba que não há nenhuma atmosfera sujeita ao perigo de explosão.

Lista dos componentes autorizados A lista com os módulos autorizados encontram-se na Internet:


sob o número de ID 13702947.




8.7.11 Χρήση των ασφαλών σε περίπτωση βλάβης δοµικών συγκροτηµάτων σηµάτων σε επικίνδυνη για έκρηξη περιοχή, ζώνη 2

Ζώνη 2 Οι επικίνδυνες για έκρηξη περιοχές χωρίζονται σε ζώνες. Οι ζώνες διαφέρουν σύµφωνα µε την πιθανότητα ύπαρξης ενός ικανού για έκρηξη περιβάλλοντος.

Ζώνη Κίνδυνος έκρηξης Παράδειγµα 2 Εκρηκτικό περιβάλλον αερίου

παρουσιάζεται µόνο σπάνια και γιασύντοµο χρονικό διάστηµα

Περιοχές γύρω από φλαντζωτές συνδέσεις µε τσιµούχες σε σωληνώσεις σε κλειστούς χώρους

Ασφαλής περιοχή όχι Εκτός της ζώνης 2 Τυπικές εφαρµογές αποκεντρωµένης περιφέρειας

Στη συνέχεια θα βρείτε σηµαντικές υποδείξεις για την εγκατάσταση των ασφαλών σε περίπτωση βλάβης δοµικών συγκροτηµάτων σηµάτων σε επικίνδυνη για έκρηξη περιοχή.

Τόπος κατασκευής Siemens AG, Bereich A&D Werner-von-Siemens-Straße 50 92224 Amberg Germany

Άδεια για τα ασφαλή σε περίπτωση βλάβης δοµικά συγκροτήµατα σηµάτων S7-300

II 3 G EEx nA II T3 .. T6 σύµφωνα µε το πρότυπο EN 50021 : 1999

Αριθµός ελέγχου: KEMA 02ATEX1096 X

Υπόδειξη

Τα δοµικά συγκροτήµατα µε την άδεια II 3 G EEx nA II T3 .. T6 επιτρέπεται να τοποθετηθούν µόνο σε συστήµατα αυτοµατισµού SIMATIC S7-300 / ET 200M της κατηγορίας συσκευής 3.



Συντήρηση Για µια επισκευή πρέπει να σταλθεί το αντίστοιχο εξάρτηµα στον τόπο κατασκευής. Μόνο εκεί επιτρέπεται να γίνει η επισκευή.

Ιδιαίτερες προϋποθέσεις Τα ασφαλή σε περίπτωση βλάβης δοµικά συγκροτήµατα σηµάτων/δοµοστοιχεία πρέπει να ενσωµατωθούν σε ένα ερµάριο ζεύξης ή σε ένα µεταλλικό περίβληµα. Αυτά πρέπει να εξασφαλίζουν το λιγότερο το βαθµό προστασίας IP 54. Σε αυτήν την περίπτωση πρέπει να ληφθούν υπόψη οι περιβαλλοντικές συνθήκες, στις οποίες θα εγκατασταθεί η συσκευή. Για το περίβληµα πρέπει να προβλέπεται δήλωση του κατασκευαστή για τη ζώνη 2 (σύµφωνα µε το πρότυπο EN 50021).

Εάν στο καλώδιο ή στην είσοδο του καλωδίου αυτού του περιβλήµατος κάτω από συνθήκες λειτουργίας η θερµοκρασία ξεπεράσει τους 70 °C ή όταν κάτω από συνθήκες λειτουργίας η θερµοκρασία στη διακλάδωση του σύρµατος µπορεί να είναι µεγαλύτερη από 80 °C, πρέπει οι θερµοκρασιακές ιδιότητες των καλωδίων να ταυτίζονται µε τις πραγµατικά µετρηµένες θερµοκρασίες.

Οι χρησιµοποιούµενες εισόδοι καλωδίων πρέπει να συµµορφώνονται µε το βαθµό προστασίας IP 54 στην ενότητα 7.2 (σύµφωνα µε το πρότυπο EN 50021).

Όλες οι συσκευές, συµπεριλαµβανοµένων διακοπτών κ.α., που συνδέονται στις εισόδους και εξόδους δοµικών συγκροτηµάτων ασφαλών σηµάτων, πρέπει να φέρουν εγκριµένη προστασία κατά έκρηξης τύπου EEx nA ή EEx nC.

Πρέπει να ληφθούν µέτρα, να µην µπορεί να γίνει υπέρβαση της ονοµαστικής τάσης µέσω αιφνίδιας µεταβολής της τάσης πάνω από 40 %.

Περιοχή θερµοκρασίας περιβάλλοντος: 0° C έως 60° C

Πρέπει να τοποθετηθεί µέσα στο περίβληµα σε ευδιάκριτο σηµείο µετά το άνοιγµα µία πινακίδα µε την ακόλουθη προειδοποίηση:

! Προειδοποίηση Το περίβληµα επιτρέπεται να ανοίγει µόνο για µικρό χρονικό διάστηµα, π.χ. για τη διενέργεια οπτικής διάγνωσης. Μην κάνετε χρήση διακοπτών, µην τραβάτε ή εµβυσµατώνετε δοµικά συγκροτήµατα και µη διαχωρίζετε ηλεκτροφόρους αγωγούς (εµβσυµατώσιµες συνδέσεις). Η προειδοποίηση αυτή δε χρειάζεται να ληφθεί υπ’ όψιν, εάν είναι γνωστό ότι δεν υφίσταται ατµόσφαιρα παρουσιάζουσα κίνδυνο έκρηξης.

Κατάλογος των εγκεκριµένων δοµικών συγκροτηµάτων Η λίστα µε τα εγκριµένα δοµικά συγκροτήµατα υπάρχει στο διαδίκτυο:


µε τον κωδικό συνδροµής 13702947.





9 Digital Modules

9.1 Introduction

Overview Four fail-safe digital modules from the S7-300 module range are available for connecting digital sensors and/or actuators.

This chapter contains the following information on each fail-safe digital module:

• Features

• Module view and block diagram

• Applications with connection diagrams and parameter assignments

• Diagnostic messages with remedies


Digital Modules


9.2 Discrepancy Analysis for Fail-safe Digital Input Modules

Discrepancy Analyses There are two types of discrepancy analyses for fail-safe input modules:

• for 1oo2 evaluation in a digital input module

• for redundant modules

Discrepancy Analysis for 1oo2 Evaluation in a Digital Input Module The discrepancy analysis is carried out in the safety mode between the two input signals of the 1oo2 evaluation in the fails-safe input module.

If the input signals do not match after the assigned discrepancy time has elapsed (due to a broken wire in a sensor cable, for example), the input signal to the F-CPU is set to “0.“ In addition, the diagnostic message “discrepancy error“ is generated with information about the faulty channel in the diagnostic buffer of the module.

Note

The input signals from the process are considered to be correct process values within the discrepancy time even if the two readings of the redundant input signals are different.

While the discrepancy time is running inside the module, the following value is sent to the F-CPU:

• for SM 326; DI 8 NAMUR: the last, valid value (old value) of the affected input channel

• for SM 326; DI 24 DC 24V: parameters can be assigned for the last valid value (old value) of the affected input channel or the value "0" (parameters "discrepancy behavior")

If, for example, a filling operation is being controlled with the sensor signal, the filling will be stopped by the first of the two discrepancy signals after reading the "0" signal if the value is "0". If the second signal is never read as "0", an error is detected following the expiration of the discrepancy time. Select the last valid value for this example.

Digital Modules


"Provide last valid value" The last valid value (old value) before discrepancy occurs is made available in the safety program in F-CPU as soon as a discrepancy is determined between the signals of the affected input channels. This value remains available until the discrepancy disappears or until the discrepancy time expires and a discrepancy error is detected. The sensor-actuator response time is extended according to the this time.

This means the discrepancy time of a 2-channel sensor for fast reactions has to be adjusted to short response times.

Thus, for example, it makes no sense for a time-critical deactivation to be triggered by 2-channel sensors with a discrepancy time of 500 ms. In the worst case, the sensor-actuator response time is extended by an amount approximately equal to the discrepancy time:

• For this reason, position the sensor in the process in such a way to minimize discrepancy.

• Then select the shortest possible discrepancy time that also has sufficient back-up against false tripping of discrepancy errors.

"Provide 0 value" The value "0" is immediately made available to the safety program in the F-CPU as soon as a discrepancy is detected between the signals of the two affected input channels.

If you assigned the parameter "Provide 0 value“, the sensor-actuator response time will not be affected by the discrepancy time.

Digital Modules


Discrepancy Analysis in Redundant Digital Input Modules (only in F Systems S7 F/FH Systems)

The fail-safe driver blocks of the optional software S7 F Systems perform the discrepancy analysis in F systems S7 F/FH system between both input signals of the redundant input modules.

For the redundant digital input modules, both input signals are interconnected by the OR fail-safe driver blocks so that the output signal of the driver block is set to “1“ in the event of a discrepancy between the two input signals .

Since the signals of both modules can be considered safe, you can trust the value "1" of the signal module and forward this signal to the driver output without taking any safety risks. This way, the desired availability of the system is achieved.

In the event of discrepancy errors, diagnostic information is additionally issued at the outputs DIAG_1/2 on the fail-safe module driver (see the Programmable Controllers S7 F/FH Systems manual).

If the input signals do not correspond (discrepancy error) following the expiration of the configured discrepancy time, corresponding diagnostic information is output on the fail-safe module driver at the outputs DIAG_1/2 (see the Programmable Controllers S7 F/FH Systems manual).

Parameter Assignment You assign parameters for the discrepancy time and the discrepancy behavior in HW Config, in the object properties catalog of the fail-safe signal module (Parameters see chapter 9.3 and 9.4).

Digital Modules


9.3 SM 326; DI 24 DC 24V

9.3.1 Properties, Front View, Connection Diagram, and Block Diagram

Order Number 6ES7 326-1BK01-0AB0

Features The SM 326; DI 24 DC 24V has the following features:

• 24 inputs, isolated in groups of 12

• 24V DC rated input voltage

• Suitable for switches and 2-/3-/4-wire proximity switches (BEROs)

• 4 short circuit-proof sensor supplies for 6 channels in each case, isolated in groups of 2

• External sensor supply possible

• Group error display (SF)

• Safety mode display (SAFE)

• Status indicator for each channel (green LED)

• Reconfiguration in Run (CiR) – possible in standard mode

• Assignable diagnostics

• Diagnostic alarm with assignable parameters

• Usable in standard and safety modes

• Configure 1oo1 and 1oo2 for each channel

• simplified PROFIsafe address assignment

! Warning The fail-safe performance characteristics in the technical specifications are valid for a proof-test interval of 10 years a planned outage time of 100 hours.

Digital Modules


Address Assignment The following figure shows the allocation of channels to addresses.

Addressing of the inputs in the user program

x = module start address

012345

670123

456701

234567

I x.0Ix.1I x.2I x.3Ix.4I x.5

I x.6I x.7

I x+1.0I x+1.1I x+1.2I x+1.3

I x+1.4 I x+1.5 I x+1.6 I x+1.7 I x+2.0 I x+2.1

I x+2.2 I x+2.3 I x+2.4 I x+2.5 I x+2.6 I x+2.7

Figure 9-1 Address assignment for SM 326; DI 24 DC 24V

Configuration in RUN (CiR) During standard operation of the SM 326; DI 24 DC 24V (starting with order no. 6ES7 326-1BK01-0AB0), you can make configuration changes while the plant is operating (CiR).

Additional Information on CiR For further information on CiR refer to:

• the STEP 7 Online Help: "System Modification in RUN Mode via CiR"

• in the Safety Engineering in SIMATIC S7 system description

Digital Modules


Front View

Common errorindicator – red

Safety modeindicator – green

4Vs

Status indicator -green (per channel)

Channel number

Use of front connector(behind the front door): forconnecting the inputs andpower supply

SF

SAFEVs012

345

Vs

6Vs

70123

Vs

456701

234567

Sensor supplyindicator – green(for 6 channels)

Figure 9-2 Front view SM 326; DI 24 DC 24V

Digital Modules


Channel Numbers The inputs are identified uniquely by means of the channel numbers and the channel-specific diagnostic messages are assigned. For a module you can configure a 1oo1 and 1oo2 evaluation of the sensor (example see table 9-2) in a channel or channel pair granular.

012345

670123

Channelnumber:

456701

234567

121314151617

181920212223

1oo1 1oo2012345

012345

6789

1011

6789

1011

012345

6789

1011

Left Right

1oo1 1oo2

Figure 9-3 Channel numbers for SM 326; DI 24 DC 24V

Table 9-2 SM 326; DI 24 24V : Example of a channel configuration

Left Channels

Right Channels

Evaluation of sensors

Description

0 12 1oo2 Channel pair configured for 1oo2, channel 0 exists as E x.0 in the I/O area for inputs in the F-CPU


2 14 1oo1 Single channels configured for 1oo1, channels 2 and 14 exist as E x.2 and E x+1.6 in the I/O area for inputs in the F-CPU

3 15 1oo1 Single channels configured for 1oo1, channels 3 and 15 exist as E x.3 and E x+1.7 in the I/O area for inputs in the F-CPU


Digital Modules


Connection and Block Diagram The following figure shows the terminal assignment and block diagram of the SM 326; DI 24 DC 24V.

Over-voltageprotection

Sensorsupply

Test

Status

Address switch

Logic and bus interface

MSF

MSAFE

M

M

5 4

1 2

6

8 7

9 10

12

14

11

13

15 16 17

24 V 1M

1Vs

1L+

2524

2122

26

2827

2930

32

34

31

33

353637

24 V 2M

3Vs

4Vs 2Vs

2L+

L+

* The representation of the normally open contacts corresponds to the printing on the module. However, the typical encoder contacts used are normally closed contacts (to keep process variables in a safe state)

* *

Figure 9-4 Terminal assignment and block diagram of the SM 326; DI 24 DC 24V and internal sensor

supply

External Sensor Supply The following figure shows how the sensors can be supplied via an external sensor supply (for example, via another module: L+). All 6 channels of a channel group (0 to 5; 6 to 11; 12 to 17 or 18 to 23) must be supplied via the same external sensor supply.

Digital input module

2L+

2M

DI

M

L+Vs

Figure 9-5 External sensor supply for the SM 326; DI 24 DC 24V

Digital Modules


Note

Note that the following faults cannot be detected during an external sensor supply:

• Short circuit to L+ on the unswitched sensor line (contact open)

• Cross circuit between the channels of a channel group

• Cross circuit between the channels in different channel groups

9.3.2 Applications for SM 326; DI 24 DC 24V

Selecting the Application The following figure helps you to select an application according to the requirements for high availability and availability. On the following pages you can find out how to wire the module for each application and which parameters you must set with STEP 7 using the S7 Distributed Safety or F Systems optional package.

Yes

Safety mode

Safety mode?

SIL 2(AK 4, Cat. 3)

SIL3(AK 6, Cat. 4)Required

safety level?

Standard mode

No

Yes

No No

Standard mode, fault tolerance

SIL 2Safety mode

SIL 2 SIL 3Safety mode

SIL 3

Yes Module redundant? Module redundant?

Yes

No

Standard mode

Module redundant?

Applications 1 to 6

2 1 6 543see see

Chap. 9.3.3 see seeseesee

Safety mode, fault tolerance


Chap. 9.3.4 Chap. 9.3.5 Chap. 9.3.6 Chap. 9.3.7 Chap. 9.3.8

Figure 9-6 Selecting the application - SM 326; DI 24 DC 24V

Digital Modules


! Warning The achievable safety class is dependent on the quality of the sensor and the magnitude of the proof-test interval in accordance with IEC 61508. If the quality of the sensor is lower than the quality stipulated in the required safety class, the sensors must be applied redundantly with a two-channel connection.

Note

You can configure a 1oo1 and 1oo2 evaluation of the sensor for a module (example see table 9-2).

9.3.3 Application 1: Standard Mode

Below you can find the wiring diagram and the parameter assignment of SM 326; DI 24 DC 24V for the

• Application 1: Standard Mode

For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-9 and 9-10.

Wiring Diagram for Application 1 – Connecting a Sensor to One Channel A sensor is connected via a single channel for each process signal. The sensors can also be supplied via an external sensor supply.

1L+

1M

DI

Vs

Digital inputmodule

Figure 9-7 Wiring diagram for the SM 326; DI 24 DC 24V; for application 1 – Connecting

a sensor to one channel

Digital Modules


Assignable Parameters for Application 1

Table 9-3 Parameters SM 326; DI 24 DC 24V for application 1

Parameter Value Range in Standard Mode Type Effective in "Parameter" tab Operating mode Standard Mode Static Module Module Parameters: Diagnostic Interrupt Activated/deactivated Static Module Module Parameters for a Supply Group: Sensor Supply via Module

Activated/deactivated Static Supply group

Short-circuit test Activated/deactivated (only if "Sensor Supply via Module" is activated)

Static Supply group

For Single Channels or Channel Pairs: Activated Activated/deactivated Static Channel Time-of-day stamp Time stamp Activated/deactivated Static Module Edge evaluation incoming

Falling edge 1 -> 0/ rising edge 0 -> 1(only if "time stamp" is activated)

Static Module

Digital Modules


9.3.4 Application 2: Standard Mode with High Availability

Below you can find the wiring diagrams and the parameter assignment of SM 326; DI 24 DC 24V for

• Application 2: standard mode with high availability


Wiring Diagram for Application 2 – Connecting a Sensor to One Channel One sensor is connected via a single channel to the two digital modules for each process signal. The sensors must be supplied via an external sensor supply.

1L+

1M

DI

1L+

1M

DIM

L+

Digital inputmodule

Digital inputmodule

Vs

Vs


a sensor to one channel

Digital Modules


Wiring Diagram for Application 2 – Connecting Two Redundant Sensors to One Channel

Two redundant sensors are connected via one channel to the two digital modules for each process signal. The sensors can also be supplied via an external sensor supply.

Digital inputmodule

1L+

1M

DI

Vs

Digital inputmodule

1L+

1M

DI

Vs

Acquires the same processvariable with mechanicallyseparated sensors

Figure 9-9 Wiring diagram for SM 326; DI 24 DC 24V; for application 2 – Connecting two

redundant sensors to one channel



Parameter Value Range in Standard Mode Type Effective in "Parameter" tab Operating mode Standard Mode Static Module Module Parameters: Diagnostic Interrupt Activated/deactivated Static Module Module Parameters for a Supply Group: Sensor Supply via Module

• deactivated (with single-channel sensor)

• activated/deactivated (with redundant sensor)

Static Supply group


Static Supply group

For Single Channels or Channel Pairs: Activated Activated/deactivated Static Channel Time-of-day stamp Time stamp Activated/deactivated Static Module Edge evaluation incoming


Static Module

Digital Modules


Parameter Value Range in Standard Mode Type Effective in

"Redundancy" Tab Redundancy Two Modules Static Module Redundant module (Selection of an existing additional

module of the same type) Static Redundant

module pair Discrepancy Time 10 to 30000 ms Static Redundant

module pair Reaction after discrepancy

• Connect "AND" signals • Connect "OR" signals • Use last valid value

Static Redundant module pair

* For a redundant configuration in the standard mode, there are two digital values which you have to evaluate in the standard user program.

9.3.5 Application 3: Safety Mode, SIL 2 (AK 4, Category 3)

Below you can find the wiring diagram and the parameter assignment of the SM 326; DI 24 DC 24V; digital module for:

• Application 3: safety mode, SIL 2 (AK 4, Category 3)


Wiring Diagram for Application 3 – Connecting a One-channel Sensor to One Channel

One sensor is connected via one channel (1oo1 evaluation) for each process signal. The sensors can also be supplied via an external sensor supply.


1L+

1M

DI

Vs

Figure 9-10 Wiring diagram for SM 326; DI 24 DC 24V; for application 3 – Connecting one

sensor to one channel

! Warning A suitable sensor is required to attain SIL 2 wiring (safety level AK 4, category 3) with this interface module.

Digital Modules




Parameter Value Range in Safety Mode Type Effective in "Parameter" tab Operating mode Safety Mode Static Module F-Parameter: F-monitoring time 10 to 10000 ms Static Module Module Parameters: Diagnostic Interrupt Activated/deactivated Static Module Module Parameters for a Supply Group: Sensor Supply via Module



Static Supply group

For Single Channels or Channel Pairs: Activated Activated/deactivated Static Channel Evaluation of sensors

1oo1 Evaluation Static Channel/channel pair

Time-of-day stamp Time stamp Activated/deactivated Static Module Edge evaluation incoming


Static Module

Digital Modules


9.3.6 Application 4: Safety Mode, SIL 2 (AK 4, Category 3) with High Availability (only in S7 F/FH Systems)

Below you can find the wiring diagrams and the parameter assignment of SM 326; DI 24 DC 24V; digital module for:

• Application 4: safety mode, SIL 2 (AK 4, Category 3) with fault tolerance


Wiring Diagram for Application 4 – Connecting One Sensor to One Channel One sensor is connected via a single channel (1oo1 evaluation) to the two digital modules for each process signal. The sensors must be supplied via an external sensor supply.

1L+

1M

DI

1L+

1M

DIM

L+



Vs

Vs

Figure 9-11 Wiring diagram for SM 326; DI 24 DC 24V; for application 4 – Connecting one

sensor to one channel


Digital Modules


Wiring Diagram for Application 4 – Connecting Two Redundant Sensors to One Channel

Two redundant sensors are connected via one channel (1oo1 evaluation) to two digital modules for each process signal. The sensors can also be supplied via an external sensor supply.

Digital inputmodule

1L+

1M

DI

Vs

Digital inputmodule

1L+

1M

DI

Vs


Figure 9-12 - Wiring diagram for the SM 326; DI 24 DC 24V; for application 4 –

Connecting two redundant sensors to one channel


Digital Modules







Static Supply group

For Single Channels or Channel Pairs: Activated Activated/deactivated Static Channel Evaluation of sensors

1oo1 Evaluation Static Channel

Time-of-day stamp Time stamp Activated/deactivated Static Module Edge evaluation incoming


Static Module




module pair

Digital Modules



Below you can find the wiring diagrams and the parameter assignment of the SM 326; DI 24 DC 24V; digital module for:



Internal Sensor Supply If a Sensor Is Connected to the Module

Note Generally, if you connect one sensor to two inputs of a module and you use the internal sensor supply of the module, you have to use the sensor supply of the left half of the module 1Vs (Pin 4) or 2VS (Pin 11) .

Wiring Diagram for Application 5 – Connecting One Sensor to One Channel A sensor is connected via one channel to two opposite inputs in the digital module (1oo2 evaluation) for each process signal. The sensors can also be supplied via an external sensor supply.

1L+

1M

DI

DI

Vs

right: Channels 0...11 left: Channels 0...11



one sensor to one channel


Digital Modules


Wiring Diagram for Application 5 – Connecting a Non-equivalent Sensor to Two Non-equivalent Channels

A non-equivalent sensor is connected via 2 antivalent channels to two opposite inputs in the digital module (1oo2 evaluation) for each process signal. The sensors can also be supplied via an external sensor supply. The left channels on the module supply the user signals. This means, if no errors are detected, these signals will be available in the I/O area for inputs in the F-CPU.

left: Channels 0...11


1L+

1M

DI

DI

Vs

right: Channels 0...11

Figure 9-14 Wiring diagram for SM 326; DI 24 DC 24V; for application 5 – Connecting a

non-equivalent sensor to two non-equivalent channels


Digital Modules


Wiring Diagram for Application 5 – Connecting Two One-channel Sensors to Two Non-equivalent Channels

For each process signal, two one-channel sensors are connected to two opposite inputs in the digital module (1oo2 evaluation) via two non-equivalent channels. The sensors can also be supplied via an external sensor supply. The left channels on the module supply the user signals. This means, if no errors are detected, these signals will be available in the I/O area for inputs in the F-CPU.

Digital inputmodule

1L+

1M

DI

Vs

DI

Vsright: channel 0...11left: channel 0...11*

* The left channels supply the user signals



one-channel sensors to two non-equivalent channels


Digital Modules


Wiring Diagram for Application 5 – Connecting a Two-channel Sensor to Two Channels

A two-channel sensor is connected via two channels to two opposite inputs in the digital module (1oo2 evaluation) for each process signal. The sensors can also be supplied via an external sensor supply.


1L+

1M

DI

Vs

DI

Vsright: channel 0...11 left: channel 0...11

Sensor contacts are connected mechanically

Figure 9-16 Wiring diagram for SM 326; DI 24 DC 24V; for application 5 – Connecting a

two-channel sensor to two channels


Wiring Diagram for Application 5 – Connecting Two One-channel Sensors to Two Channels

Two one-channel sensors are connected via two channels to two opposite inputs in the digital module (1oo2 evaluation) for each process signal. The sensors can also be supplied via an external sensor supply.

Digital inputmodule

1L+

1M

DI

Vs

DI

Vsright: channel 0...11left: channel 0...11



one-channel sensors to two channels


Digital Modules



Table 9-7 SM 326 DI 24 parameter; DI 24 DC 24V of application 5




Static Supply group

For Single Channels or Channel Pairs: Activated Activated/deactivated Static Channel Pair Evaluation of sensors

1oo2 evaluation Static Channel Pair

Type of Sensor Circuit

• 2-chann. equiv. (for figures 9-16, 9-17)

• 2-chann. non-equiv. (for figures 9-14, 9-15)

• 1-chann. (for figure 9-13)

Static Channel Pair

Discrepancy Behavior

(only for 2-chann.) • provide last valid value. • "Provide 0 value"

Static Channel Pair

Discrepancy Time 10 to 30000 ms (2-Chann. only) Static Channel Pair Time-of-day stamp Time stamp Activated/deactivated Static Module Edge evaluation incoming


Static Module

Digital Modules



Below you can find the wiring diagrams and the parameter assignment of the SM 326; DI 24 DC 24V; digital module for:



Internal Sensor Supply If a Sensor Is Connected to the Module

Note Generally, if you connect one sensor to two inputs of a module and you use the internal sensor supply of the module, you have to use the sensor supply of the left half of the module 1Vs (Pin 4) or 2VS (Pin 11) .

Wiring Diagram for Application 6 – Connecting Two Redundant, One-channel Sensors to One Channel

Two redundant, one-channel sensors are required for each process signal. One sensor is connected via a single channel to two opposite inputs in the digital module (1oo2 evaluation) for each module. The sensors can also be supplied via an external sensor supply.

left: channel 0...11

Digital inputmodule

1L+

1M

DI

DI

Vs

Digital inputmodule

1L+

1M

DI

DI

Vs

right: channel 0...11

right: channel 0...11left: channel 0...11



two redundant, one-channel sensors to one channel


Digital Modules


Wiring Diagram for Application 6 – Connecting Two Redundant, Non-equivalent Sensors to Two Non-equivalent Channels

Two redundant, non-equivalent sensors are required for each process signal. One non-equivalent sensor is connected to two opposite inputs in the digital module (1oo2 evaluation) for each module. The sensors can also be supplied via an external sensor supply. The left channels on the module supply the user signals. This means, if no errors are detected, these signals will be available in the I/O area for inputs in the F-CPU.

right: channel 0...11left: channel 0...11*

right: channel 0...11

left: channel 0...11*

Digital inputmodule

1L+

1M

DI

DI

Vs

Digital inputmodule

1L+

1M

DI

DI

Vs

* The left channels supply the user signals** alternatively, you can connect two single-channel sensors (see figure 9-15)

**

**



two redundant, non-equivalent sensors to two non-equivalent channels


Digital Modules


Wiring Diagram for Application 6 – Connecting a Two-channel Sensor to Two Channels

A two-channel sensor is connected via 2 channels to the two digital modules (1oo2 evaluation) for each process signal. The sensors must be supplied via an external sensor supply.

*right: channel 0...11 left: channel 0...11

right: channel 0...11 left: channel 0...11


1L+

1M

DI

DI


1L+

1M

DI

DI

M

L+

M

L+

* Sensor contacts are connected mechanically; alternatively you can connect two single-channel sensors (see figure 9-17)

Figure 9-20 Wiring diagram for SM 326; DI 24 DC 24V; for application 6 – Connecting a two-channel sensor to two channels


Digital Modules


Wiring Diagram for Application 6 – Connecting Two Two-channel, Redundant Sensors to Two Channels

Two two-channel, redundant sensors are required for each process signal. One sensor is connected via 2 channels to two opposite inputs in the digital module (1oo2 evaluation) for each module. The sensors can also be supplied via an external sensor supply.

Digital inputmodule

1L+

1M

DI

Vs

DI

Vs

Digital outputmodule

1L+

1M

DI

Vs

DI

Vs



* Sensor contacts are mechanically connected; alternatively, you can connect two single-channel sensors (see figure 9-17)

*

*



two-channel redundant sensors to two channels


Digital Modules







Static Supply group

For Single Channels or Channel Pairs: Activated Activated/deactivated Static Channel Pair Evaluation of sensors 1oo2 evaluation Static Channel Pair Type of Sensor Circuit

• 2-chann. equiv. (for figures 9-20, 9-21)

• 2-chann. non-equiv. (for figure 9-19)

• 1-chann. (for figure 9-18)

Static Channel Pair

Discrepancy Behavior

(only for 2-chann.) • provide last valid value. • "Provide 0 value"

Static Channel Pair

Discrepancy Time 10 to 30000 ms (2-Chann. only) Static Channel Pair Time-of-day stamp Time stamp Activated/deactivated Static Module Edge evaluation incoming


Static Module




module pair

Digital Modules


9.3.9 Diagnostic Messages for the SM 326; DI 24 DC 24V

Possible Diagnostic Messages The following table gives you an overview of the diagnostic messages of the SM 326; DI 24 DC 24V.

Diagnostic messages are assigned either to one channel or to the entire module. Some diagnostic messages occur only in particular use cases.

Table 9-9 SM 326 DI 24; DI 24 DC 24V

Diagnostic message Relevant Application

Effective Range of Diagnostic

Configu-rable

Short circuit or sensor supply defective

Short circuit to L+ on the unswitched sensor line (contact open)

Short circuit to ground or sensor supply defective

Short circuit to sensor supply line on unswitched sensor line (contact open)

Short circuit or wire break on unswitched sensor line (contact open)

1, 2, 3, 4, 5, 6

Discrepancy error (1oo2 evaluation)

5, 6

Channel

Yes

Missing external auxiliary supply Module not assigned parameters Wrong parameters on module Communication error Module-internal supply voltage failed Time monitoring responded (watchdog) EPROM fault RAM fault Processor failure Parameter assignment error (with consecutive number)

1, 2, 3, 4, 5, 6

Module

Internal error in the read circuit/test circuit 1, 2, 3, 4, 5, 6 Channel Error in the cyclic redundancy check (CRC) Monitoring time for data message frame exceeded

3, 4, 5, 6

Module

Message frame error during non fail-safe communication

1,2 Module

No

Digital Modules


Short Circuit to M and L+ The internal short-circuit tests are carried out as follows:

• Short circuit to chassis ground is always tested, regardless of the configuration.

• Short circuit to L+ is only tested when sensor supply via module or internal supply and short-circuit test are configured in HW Config.

Causes of Errors and Remedies You can find the possible causes for faults and the corresponding remedies for the individual diagnostic messages of the SM ; DI DC 24V; with diagnostic interrupt in the subsequent tables.

Table 9-10 Diagnostic messages and their remedies for the SM 326; DI 24 DC 24V

Diagnostic message Possible Causes Remedies

Internal short circuit or sensor supply defective

Internal fault of the sensor supply Replace module



Eliminate short circuit

Short circuit of the input to M Eliminate short circuit Short circuit to ground or sensor supply defective Internal fault of the sensor supply Replace module

Short circuit on the unconnected sensor line (contact open) to the sensor supply line

Short circuit between the unswitched sensor line (contact open) and the sensor supply line


Short circuit to M of the unconnected sensor line

Eliminate short circuit Short circuit or wire break on unswitched sensor line (contact open) Interruption in the wire between the

module and the sensor Reestablish the connection

Faulty process signal Defective sensor

Check process signal, replace sensor if necessary



Wire break on the switched sensor line (contact closed) or on the sensor supply line

Eliminate broken wire

Discrepancy error 1oo2 evaluation

Assigned discrepancy time too short Check the assigned discrepancy time

Missing external auxiliary supply

Supply voltage L+ for module missing Feed in supply L+

Module not assigned parameters

No parameters transferred to the module

Reassign module parameters

Wrong parameters on module

Incorrect parameters transferred to the module


Digital Modules


Diagnostic message Possible Causes Remedies

Communication problem between the CPU and the module due, for example to a defective PROFIBUS connection or to impermissibly high electromagnetic interference

Check the PROFIBUS connection Eliminate the interference

Monitoring time for safety frame exceeded

Check the parameterization of the monitoring time

Test value error (CRC) due, for example, to impermissibly high electromagnetic interference

Eliminate the interference

Communication error

CPU has gone into STOP Read out diagnostic buffer Module-internal supply voltage failed

Internal fault of the L+ supply voltage Replace module

Overload due to diagnostic request (SFCs)

Reduce the number of diagnostic requests

Impermissibly high electromagnetic interference


Time monitoring responded (watchdog)

Module Defect Replace module Impermissibly high electromagnetic interference

Eliminate the interference and switch the supply voltage off/on

EPROM fault RAM fault


Eliminate the interference Processor failure

Module Defect Replace module Parameter assignment error (with consecutive number)

Error in dynamic parameter assignment

Check the parameter assignment in the user program If necessary, contact SIMATIC Customer Support

Internal error in the read circuit/test circuit

Module Defect Replace module

Error in the cyclic redundancy check (CRC)

Test value error during communication between the CPU and the module due, for example, to impermissibly high electromagnetic interference or due to watchdog monitoring errors


Configured monitoring time exceeded Check the parameterization of the monitoring time

Monitoring time for data message frame exceeded

Power-up of fail-safe signal module - Message frame error during non fail-safe communication

Enter the watchdog and/or the test value in the data frame

Check the data frame for the "0" entry for the watchdog and test value

Digital Modules


Procedure Following a Wire Break Message for Multiple Channels on a Module Side

1. In the event of a simultaneous wire break message for multiple channels on a module side, check the common ground connection for this module side.

2. If necessary, repair the wire break at the common ground connection.

3. To reintegrate the module, switch the module power supply off and then on again.

9.3.10 Technical Specifications - SM 326; DI 24 DC 24V

Dimensions and Weight Dimensions W H D (mm) 80 125 120 Weight Approx. 442 g Module-Specific Data Reconfiguration in Run (CiR) – possible

Yes

• Behavior of non-configured inputs during CiR

Deliver the last valid process value before the parameter assignment

Number of inputs • 1-channel • 2-channel

24 12

Assigned address area • In I/O for input • In I/O for input

10 Byte 4 Byte

Length of cable • Unshielded • Shielded

100 m, maximum 200 m, maximum

Maximum achievable safety class in safety mode • In Accordance with

IEC 61508 • In Accordance with

DIN V 19250 • In Accordance with

EN 954-1

SIL 3 AK 6 Category 4

Fail-safe performance characteristics • Low demand mode

(average probability of failure on demand)

• High demand/continuous mode (probability of a dangerous failure per hour)

SIL 2 SIL 3 to be determined to be determined to be determined to be determined

Voltages, Currents, Potentials Rated supply voltage of the electronic components and sensors 1L+, 2L+ • Reverse polarity protection • Voltage failure bridging

(does not apply to sensor supply outputs)

24V DC Yes 5 ms

Number of simultaneously controllable inputs • Horizontal installation

Up to 40 °C Up to 60 °C

• Vertical installation Up to 40 °C

24 24 (with 24 V) 18 (with 28.8 V) 24

Electrical isolation • Between channels and

backplane bus • Between the channels

In groups of

Yes 12

Permissible potential differences between the different circuits

75 V DC 60 V AC

Isolation tested with: DC500V/AC350V for 1 min or DC600V for 1s

Current consumption • From backplane bus

max. 100 mA

• From the load voltage 1L+/ 2L+ (without load)

max. 450 mA

Power loss of module type 10 W Status, Interrupts, Diagnostics

Status display

Green LED per channel

Interrupts • Diagnostic Interrupt

Assignable

Diagnostic functions • Group error display • Fail-safe mode display • Diagnostic information can

be displayed

Assignable Red LED (SF) Green LED (SAFE) Possible

Digital Modules


Sensor Supply Outputs Number of outputs 4 Electrical isolation between channels and backplane bus • In groups of

Yes 2

Output voltage • Loaded

Minimum L+ (-1.5 V)

Output current • Rated value • Permitted Range

400 mA, typical 0 to 400 mA

Additional redundant supply Permissible Short-circuit protection Yes, electronically Specifications for Sensor Selection Input voltage • Rated value • At signal ”1” • At signal "0"

24V DC 11 to 30 V - 30 to 5 V

Input current • At signal ”1”

10 mA, typical

Input characteristic In accordance with IEC 1131, Type 2

Connection of 2-wire proximity switch • Permissible quiescent

current

Possible if "With short-circuit Test" parameter is set to "no" Max. 2 mA

Time, Frequency Internal preprocessing time (without input delay) for • Standard Mode • Safety mode SIL 2 (safety

level AK 4, category 3) • Safety mode SIL 3 (safety

level AK 6, category 4)

Max. to be determined to be determined to be determined

Input delay • From ”0” to ”1” • From "1" to "0"

2,1 to 3,4 ms 2,1 to 3,4 ms

Acknowledgment Time • In safety mode with 1oo1

sensor evaluation • In safety mode with 1oo2

sensor evaluation

to be determined to be determined

Minimum sensor signal duration

see table 6.1


9.4 SM 326; DI 8 NAMUR


Order Number 6ES7 326-1RF00-0AB0

Features SM 326; DI 8 NAMUR bit has the following features:

• SIMATIC S7 intrinsically safe digital module, suitable for connecting signals from a hazardous area

• 8 single-channel inputs and 4 two-channel inputs isolated from one another

• 24V DC rated input voltage

• Suitable for the following sensors

- To DIN 19234 and NAMUR (with diagnostic evaluation)

- Switched mechanical contacts (with diagnostic evaluation)

• 8 short circuit-proof sensor supplies for 1 channel, isolated from one another








Adhering to Clearance in Air and Leakage Paths in Hazardous Areas

Note For the digital input modules SM 326; DI 8 NAMUR, the L+/M infeed must be via a wire chamber (order no. 6ES7 393-4AA10-0AA0) to meet the clearance for air and leakage paths in hazardous areas (see chapter 9.4.2).

Digital Modules



Addressing of the inputs in the user program:

x = modules start addresses

I x.0I x.1

I x.2I x.3

I x.4I x.5

I x.6I x.7

0

1

2

3

4

5

6

7

Figure 9-22 Address assignment for SM 326; DI 8 NAMUR

Front View

Saftey mode indicator - green

Per channel (0 to 7):

4 Status indicator - green

Channel No.

SF

SAFE

3

2

7

6

1

0

5

4

Common error indicator – red

Use of front connector (behind the front door): for connecting the inputs and power supply

Figure 9-23 Front view of SM 326; DI 8 NAMUR:

Digital Modules


Connectable Sensors The following Figure shows the possible sensors and their connection to SM 326; DI 8 NAMUR.

Digitalmodule

Switched contact with monitoring for- Wire break- Short circuit(resistances directly on the contact)

10 k

1 k

Digitalmodule

NAMUR sensorMonitoring for- Wire break- Short circuit

Figure 9-24 Connectable sensors of the SM 326; DI 8 NAMUR

Connection and Block Diagram The following Figure - shows the terminal assignment and block diagram of the SM 326; DI 8 NAMUR.

24 V M L+

protection

Logic andbackplane businterface

Address switch

Status anddiagnostics

Test

M

Status0 ... 7

5 6

2122

2526

2829

3132

3435

8 9

14 15

11 12

+ 8,2 V

+ 8,2 V

+ 8,2 V

+ 8,2 V

+ 8,2 V

+ 8,2 V

M MSF SAFE

+ 8,2 V

+ 8,2 V

Overvoltage

Figure 9-25 Connection and block diagram of the SM 326; DI 8 NAMUR

Digital Modules


Channel Numbers The inputs are identified uniquely by means of the channel numbers and the channel-specific diagnostic messages are assigned.

In the 1oo2 evaluation of the sensors the number of channels is halved.

Channel number: 1oo1 1oo11oo2 1oo2

0

1

2

3

4

5

6

7

left right

Figure 9-26 Kchannel numbers for SM 326; DI 8 NAMUR

9.4.2 Special Features when Wiring SM 326; DI 8 NAMUR for Hazardous Areas

Wire Chamber for SM 326; DI 8 NAMUR in Hazardous Areas Adhere to the note below when using SM 326; DI 8 NAMUR for explosive areas:

Note In the case of the digital input module SM 326; DI 8 NAMUR; the L+/M infeed must be via a wire chamber to adhere to the creepages and clearances in hazardous areas.

Wire Chamber Order number: 6ES7 393-4AA10-0AA0; 5 units

Separator line (break):Separate the three parts here

Wire chamber for screw type Wedge for spring terminals Wire chamber for spring terminals

Figure 9-27 Wire chamber for SM 326; DI 8 NAMUR

Digital Modules


Wire front connector for SM 326; DI 8 NAMUR in Hazardous Areas Wire the 40-pin front connector as follows:

1. Fasten the supply lines in the terminals 21 (L+) and 22 (M) and lead them out of the top (1).

2. Insert the wiring chamber into terminals (3 and 23) of the front connector (2).

Screw-type connection:

Then tighten the screws for terminals 3 and 23.

Spring-type connection

Use the supplied special key instead of the screwdriver to install the wire chamber.

3. Wire the process wires and feed them out of the bottom of the module (3).

4. Do not forget to fit the enclosed strain-relief grip around the wires (4).

Result: This ensures a safely isolated connection between the wire chamber and the front connector and thus meets the safety requirements to prevent explosions.

34

1

2

Wire chamberof screw type terminal

Wire chamberfor spring terminals

2

Wedge forspring terminals

Figure 9-28 Front connector wired for SM 326; DI 8 NAMUR

Digital Modules


Minimum Thread Length for SM 326; DI 8 NAMUR in Hazardous Areas

! Warning There must be a minimum thread length of 50 mm between the connections with safe functional extra-low voltage and the intrinsically safe connections of the SM 326; DI 8 NAMUR.This can be achieved within the front connector by using a wire chamber.

The minimum thread length between the different modules may be violated in some circumstances (for example, when explosion-proof and standard modules are used together and the minimum thread length between live parts of explosion-proof and standard modules is < 50 mm).

You can comply with the thread length requirements between the modules in the following ways:

• Always insert the SM 326; DI 8 NAMUR into the ET 200M as the last module (on the far right) on the rail. This will ensure that the thread length to the module on the left is automatically correct because of the module width of the SM 326; DI 8 NAMUR.

• If that is not possible, insert the DM 370 dummy module between the affected intrinsically safe and standard modules.

• If you use the bus modules of the active backplane bus, you can also use the intrinsically safe separation bar.

! Warning When performing the wiring, you should always keep intrinsically safe wires separate from wires that are not intrinsically safe. Lay them in separate ducts.

Additional Information about Hazardous Areas You can find more information on the use of the DM 370 and the intrinsically safe separation bar as well as the separation of wires that are intrinsically safe from those that are not in the reference manual S7-300, M7-300, ET 200M Programmable Controllers, I/O Modules with Intrinsically-Safe Signals.

Digital Modules


9.4.3 Applications of SM 326; DI 8 NAMUR:

Selecting the Application The following figure helps you to select an application according to the requirements for high availability and availability. On the following pages you can find out how to wire the module for each application and which parameters you must set with STEP 7 using the S7 Distributed Safety or F Systems optional package.

Yes

Safety mode

Safety mode?

Required safety level?

Yes

No No


SIL 2Safety mode

SIL 2Safety mode, fault tolerance

SIL 3 Safety mode

SIL 3 Safety mode, fault tolerance


Yes

Standard mode

No

No

Standard mode

Module redundant?

Applications 1 to 6

2 See

1 See

Chap. 9.4.4

6 See

5See

4See

3See

SIL 2(AK 4, Cat. 3)

SIL3(AK 6, Cat. 4)


Figure 9-29 Selecting an application - SM 326; DI 8 NAMUR

! Warning The achievable safety class is dependent on the quality of the sensor and the magnitude of the proof-test interval in accordance with IEC 61508. If the quality of the sensor is lower than the quality stipulated in the required safety class, the sensor must be applied redundantly with a two-channel connection.

Digital Modules


9.4.4 Application 1: Standard Mode and Application 3: Safety Mode SIL 2 (Safety Level AK 4, Category 3)

Below you can find the wiring diagram and the parameter assignment of the SM 326; DI 8 NAMUR for:




Wiring Diagram for Applications 1 and 3 A one-channel sensor (1oo1 evaluation) is connected via a single channel to the digital modules for each process signal. The digital module provides the sensor supply Vs.

Digital inputmodule

L+

M

DI

Vs + 8.2 V

Figure 9-30 Wiring diagram for SM 326; DI 8 NAMUR for applications 1 and 3


Parameter Settings for Applications 1 and 3

Table 9-11 Parameters of SM 326; DI 8 NAMUR for applications 1 and 3

Range of Values in Parameter Safety Mode Standard Mode

Type Effective in

"Inputs" Tab Enable diagnostic interrupt

Yes/No Yes/No Static Module

Safety Mode Yes No Static Module Monitoring Time 10 to 10000 ms - Static Module Sensor Evaluation 1oo1 Evaluation - Static Module Group diagnostics Yes/No Yes/No Static Channel "Redundancy" Tab Redundancy None - Static Module

Digital Modules


9.4.5 Application 2: Standard Mode with High Availability and Application 4: Safety Mode SIL 2 (Safety Level AK 4, Category 3) with High Availability (only in S7 F/FH Systems)





Wiring Diagram for Applications 2 and 4 Two one-channel, redundant sensors are connected via one channel (1oo1 evaluation) to the two digital modules for each process signal. The respective digital modules provide the sensor supply Vs.

Digital inputmodule

+ 8.2 V

Digital inputmodule

L+

M

DI

Vs

L+

M

DI

Vs + 8.2 V


Figure 9-31 Wiring diagram for SM 326; DI 8 NAMUR for applications 2 and 4


Digital Modules


Parameter Settings for Applications 2 and 4

Table 9-12 Parameters of SM 326; DI 8 NAMUR for applications 2 and 4

Range of Values in Parameter Safety Mode Standard Mode

Type Effective in



Safety Mode Yes No Static Module Monitoring Time 10 to 10000 ms - Static Module Sensor Evaluation 1oo1 Evaluation - Static Module Group diagnostics Yes/No Yes/No Static Channel "Redundancy" Tab Redundancy Two Modules -* Static Module Redundant module (Selection of an

existing additional module of the same type)

- Static Redundant module pair

Discrepancy Time 10 to 30000 ms - Static Redundant module pair

* For a redundant configuration in the standard mode, there are two digital values which you have to evaluate in the standard user program.

Digital Modules






Wiring Diagram for Application 5 Two one-channel sensors are connected via two channels to two opposite inputs in the digital module (1oo2 evaluation) for each process signal. The digital module provides the sensor supply Vs. The left channels on the module supply the user signals. This means, if no errors are detected, these signals will be available in the I/O area for inputs in the F-CPU.


+ 8,2 V

L+

M

DI

Vs

DI

Vs

left: channel 0...3 right: channel 0...3* 0 and 4

1 and 5 2 and 6 3 and 7

** alternatively, the sensor contacts can be connected mechanically

**

* The left channels supply the user signals

Opposite inputs for sensor connection: Acquires the same

process variable with mechanically separated sensors

Figure 9-32 Wiring diagram for SM 326; DI 8 NAMUR for application 5


Digital Modules



Table 9-13 Parameters of SM 326; DI 8 NAMUR for application 5

Parameter Value Range in Safety Mode

Type Scope of Action


Yes/No Static Module

Safety Mode Yes Static Module Monitoring Time 10 to 10000 ms Static Module Sensor Evaluation 1oo2 evaluation Static Module Group diagnostics Yes/No Static Channel Discrepancy Time 10 to 30000 ms Static Channel "Redundancy" Tab Redundancy None Static Module





Digital Modules


Wiring Diagram for Application 6 Four one-channel, redundant sensors are connected via two channels (1oo2 evaluation) to the two digital modules for each process signal. The sensor contacts of the sensor each lead to opposite inputs of the same digital module. The respective digital modules provide the sensor supply Vs. The left channels on the module supply the user signals. This means, if no errors are detected, these signals will be available in the I/O area for inputs in the F-CPU.

Digital inputmodule

+ 8,2 V

Digital inputmodule

+ 8.2 V

L+

M

DI

Vs

DI

Vs

L+

M

DI

Vs

DI

Vs

0 and 41 and 52 and 63 and 7

0 and 41 and 52 and 63 and 7


**

** left: channel 0...3

right: channel 0...3*

left: channel 0...3 right: channel 0...3*

* The left channels supply the user signals** alternatively, the sensor contacts can be connected mechanically

Opposite inputs for sensorconnection:

Opposite inputs for sensorconnection:

Figure 9-33 Wiring diagram for SM 326; DI 8 NAMUR for application 6


Digital Modules



Table 9-14 Parameters of SM 326; DI 8 NAMUR for application 6

Parameter Value Range in Safety Mode Type Scope of Action "Inputs" Tab Enable diagnostic interrupt


Safety Mode Yes Static Module Monitoring Time 10 to 10000 ms Static Module Sensor Evaluation 1oo2 evaluation Static Module Group diagnostics Yes/No Static Channel Discrepancy Time 10 to 30000 ms Static Channel "Redundancy" Tab Redundancy Two Modules Static Module Redundant module (Selection of an existing

additional module of the same type)

Static Redundant module pair

Discrepancy Time 10 to 30000 ms Static Redundant module pair

Digital Modules


9.4.8 Diagnostic Messages for SM 326; DI 8 NAMUR:

Possible Diagnostic Messages The following table gives you an overview of the diagnostic messages of the SM 326; DI 8 NAMUR.

Diagnostic messages are assigned either to one channel or to the entire module. Some diagnostic messages occur only in particular applications.

Table 9-15 Diagnostic messages of SM 326; DI 8 NAMUR



Configur-able

Wire break or internal error in sensor supply Short circuit between sensor line and sensor supply line

Yes

Internal error in read circuit/test circuit or defective sensor supply

1, 2, 3, 4, 5, 6

Channel

No

Discrepancy error (1oo2 evaluation)

5, 6 Channel Yes

Missing external auxiliary supply Module not assigned parameters Wrong parameters on module Communication error Module-internal supply voltage failed Time monitoring responded (watchdog) EPROM fault RAM fault Processor failure Parameter assignment error (with consecutive number)

1, 2, 3, 4, 5, 6

Module

Error in the cyclic redundancy check (CRC) Monitoring time for data message frame exceeded

3, 4, 5, 6

Module


1, 2 Module

No

Digital Modules


Causes of Errors and Remedies In the following table, you find the possible causes of faults and the corresponding remedies for the individual diagnostic messages of the SM 326, DI 8 NAMUR.

Table 9-16 Diagnostic messages and their remedies for SM 326; DI 8 NAMUR

Diagnostic message Possible Causes Remedies Interruption of the wire between the module and the NAMUR sensor

Reestablish the connection

With contacts as sensors: 10 kΩ series resistor directly above the contact is missing or interrupted

Insert 10 kΩ series resistor directly above the contact

Channel is not connected (open) Disable the "Group Diagnosis" parameter for the channel

Wire break or internal fault of the sensor supply

Internal fault of the sensor supply Replace module Short circuit between the sensor line and the sensor supply line

Short circuit between the two sensor lines


Faulty process signal Defective NAMUR sensor

Check the process signal; replace the NAMUR sensor, if necessary



Wire break on the switched sensor line (contact closed) or on the sensor supply line

Eliminate broken wire

Discrepancy error 1oo2 evaluation

Assigned discrepancy time too short Check the assigned discrepancy time


Supply voltage L+ for module missing Feed in supply L+


No parameters transferred to the module


Incorrect parameters transferred to the module

Reassign module parameters Wrong parameters on module

The setting of the logical module address in STEP 7 does not correspond to the setting of the address switch on the module.

Correct the address setting and set the parameters the module again

Communication problem between the CPU and the module due, for example to a defective PROFIBUS connection or to impermissibly high electromagnetic interference


Monitoring time for data frame exceeded




Communication error

CPU has gone into STOP Read out diagnostic buffer

Digital Modules


Diagnostic message Possible Causes Remedies Module-internal supply voltage failed

Internal fault of the L+ supply voltage Replace module









Module Defect Replace module Internal error in read circuit/test circuit or defective sensor supply

Module Defect Replace module




Error in dynamic parameter assignment

Check the parameter assignment in the user program If necessary, contact SIMATIC Customer Support


Test value error during communication between the CPU and the module due, for example, to impermissibly high electromagnetic interference or due to watchdog monitoring errors


Configured monitoring time exceeded Check the parameterization of the monitoring time

Monitoring time for safety frame exceeded

Power-up of fail-safe signal module -


Enter the watchdog and/or the test value in the data frame


Digital Modules


9.4.9 Technical Specifications - SM 326; DI 8 NAMUR

Dimensions and Weight Dimensions W H D (mm) 80 125 120 Weight Approx. 482 g Module-Specific Data Number of inputs • 1-channel • 2-channel

8 4

Assigned address area • In I/O for input • In I/O for output

6 Byte 4 Byte

Length of cable • Shielded • Unshielded

200 m, maximum 100 m, maximum

Ignition protection type II(2)G [EEx ib] IIC to EN 50020

Test number KEMA 99 ATEX 2671 X Maximum achievable safety class in safety mode • In Accordance with



EN 954-1

Single-ch. Two-ch. SIL 2 SIL 3 AK 4 AK 6 Cat. 3 Cat. 4




SIL 2 SIL 3 2.74E-06 4.83E-08 3.13E-11 5.51E-13

Voltages, Currents, Potentials Rated supply voltage of the electr. comp. and sensor L+ • Reverse polarity protection • Voltage failure ride-through

24V DC Yes 5 ms

Number of simultaneously controllable inputs • Horizontal installation

Up to 60 °C • Vertical installation

Up to 40 °C

8 8


backplane bus • Between channels and

voltage supply of electronics

• Between the channels

Yes Yes Yes

Permitted potential difference • Between different circuits

[EEx] • Between different circuits

[not EEx]

60 V DC 30 V AC 75 V DC 60 V AC

Isolation tested with: • Channels against the

backplane bus and load voltage L+

• Load voltage L+ against the backplane bus

• Chan. between each other

1500 VAC 500 V DC and 350 V AC 1500 VAC


90 mA, maximum

• From load voltage L+ (without load)

160 mA, maximum

Power loss of module 4.5 W, typical Status, Interrupts, Diagnostics Status display

Green LED per channel

Interrupts • Diagnostic Interrupt

Assignable


be displayed


Sensor Supply Outputs Number of outputs 8 Output voltage 8,2 VDC Short-circuit protection Yes, electronically Safety Guidelines (See Conformity Description in the Appendix) Highest values of the input circuits (per channel)

• U0

• I0 • P0 • L0

• C0

• Um

• Ta

(Output open-circuit voltage) (Short-circuit current) (Load power) (Permissible external induction) (Permissible external capacity) (Fault voltage) (Permissible ambient temperature)

10 V, maximum 13,9 mA, maximum Max. 33.1 mW Max. 80 mH Max. 3 µF Max. 60 V DC Max. 30 V AC Max. 60 °C

Digital Modules


Specifications for Sensor Selection Sensor To DIN 19234 and

NAMUR Input current • At signal "0" • At signal ”1”

0.35 to 1,2 mA 2,1 to 7 mA

Time, Frequency Internal preprocessing time (without input delay) for • Standard Mode • Safety Mode

Typically 55 ms 55 ms

Max. 60 ms 60 ms

Input delay • From ”0” to ”1” • From "1" to "0"

1,2 to 3 ms 1,2 to 3 ms

Acknowledgment Time • in safety mode

68 ms, maximum

Minimum sensor signal duration

Min. 38 ms

Digital Modules


9.5 SM 326; DO 8 DC 24V/2A PM


Order Number 6ES7 326-2BF40-0AB0

Features The SM 326; DO 8 DC 24V/2A PM; has the following features:

• 8 outputs, isolated as two groups of 4

• P-M switching (current sourcing/sinking)

• 2 A output current

• 24V DC rated load voltage

• Suitable for solenoid valves, DC contactors, and indicator lights

• Common error display (SF)

• Safety mode indicator (SAFE)




• can be used in safety mode

• simplified PROFIsafe address assignment


Digital Modules



x = modules start address

Q x.0Q x.1

Q x.2Q x.3

Q x.4Q x.5

Q x.6Q x.7

0

1

2

3

4

5

6

7

Addressing of the outputs in the user program

Figure 9-34 Address assignment for SM 326; DO 8 DC 24V/2A PM

Front View

Common error indicator – red

Safety mode indicator – green


5 Status indicator –green

Bit address

SF

SAFE

Use of front connector (behind the front door) for: - Connection of outputs - Power supply of the modules - Load voltage supply of the outputs

Figure 9-35 Front View of the SM 326; DO 8 DC 24V/2A PM; with Diagnostic Interrupt

Digital Modules


Connection and Block Diagram The following figure shows the terminal assignment and block diagram of the SM 326; DO 8 DC 24V/2A PM.

dsfs

Read backLogic andbackplanebusinterface

Address switch

M

SAFE

M

SF

2L+

2M2L+

2M

56

89

1112

1415

17181920

3L+

3M3L+

3M

2526

2829

3132

3435

37383940

Status

M

Overvoltageprotection 24 V1M

1L+2122

(1 of 8)

Read back

Diagnostic switch

M switch

P switch

Diagnostic status

Figure 9-36 Terminal assignment and block diagram of the SM 326; DO 8 DC 24V/2A PM

Channel Numbers The outputs are identified uniquely by means of the channel numbers and the channel-specific diagnostic messages are assigned.

0

1

2

3

4

Channel number: left

5

6

7

right

Figure 9-37 Channel numbers for SM 326; DO 8 DC 24V/2A PM Applications of SM 326;

DO 8 DC 24V/2A PM

Digital Modules


9.5.2 Applications of the SM SM 326; DO 8 DC 24V/2A PM

Selecting the Application The following figure helps you to select a use case according to the requirements for high availability and availability.On the following pages you can find out how to wire the module for each application and which parameters you must set with STEP 7 using the S7 Distributed Safety or F Systems optional package.

Required safety level?

SIL 2Safety mode

SIL 3Safety mode

Applications 1 and 2

2See

Chapt. 9.5.2

1See

Chapt. 9.5.2

SIL 2(AK 4, Cat. 3)

SIL3(AK 6, Cat. 4)

Figure 9-38 Selecting an Application - SM 326; DO 8 DC 24V/2A PM

Digital Modules


9.5.3 Application 1: Safety Mode SIL 2 (Safety Level AK 4, Category 3) and Application 2: Safety Mode SIL 3 (Safety Level AK 6, Category 4)

Below you can find the wiring diagram and the parameter assignment of the SM 326; DO 8 DC 24V/2APM for:



Diagnostic messages, possible causes and remedies can be found in Tables 9-18 and 9-19.

Wiring Diagram for Applications 1 and 2 The 8 fail-safe digital outputs each consist of a P-switch DOx P (current sourcing) and an M-switch DOx M (current sinking). The load is connected between the P and M-switches. 00


1L+

1M

2L+

2M

DOx P

DOx M

Figure 9-39 Wiring diagram for SM 326; DO 8 DC 24V/2A PM for applications 1 and 2

Digital Modules


Connection of Two Relays on One Digital Output You can connect two relays using one fail-safe digital output. The following conditions should be kept in mind:

• L+ and M of the relays must be connected to L2+ and M of the module (reference potential must be equal).

• The normally open contact of the two relays must be connected in series.

A connection to each of the 8 digital outputs is possible.An example of the connection of an output is shown in the figure below. This connection enables AK6/SIL3/Category 4 to be achieved. 00


1L+

1M

2L+

2M

DOx P

DOx M

Figure 9-40 Wiring diagram 2 relays on one digital output of SM 326;

DO 8 DC 24V/2A PM

! Warning To avoid cross circuits between P and M-switches of a fail-safe digital output, you should connect the relay on the between P and M-switches to protect against cross circuits (for example with cables separately sheathed or in a separate cable duct).

! Warning When connecting two relays on one digital output, the errors "wire break“ and "overload" are detected only on the P-switch of the output (not on the M-switch).

The controlled actuator can no longer be switched off when there is a cross circuit between the P and M-switches of the output.

Digital Modules


Avoiding/Protecting against Cross Circuits between P and M-Switches To protect against cross circuits between P and M-switches of a fail-safe digital output, we recommend the following wiring schemes: 00


1L+

1M

2L+

2M

DOx P

DOx M

Figure 9-41 Wiring diagram 2 relays on one digital output of SM 326;

DO 8 DC 24V/2A PM – Protection against cross circuits

Note

The "wire break“ fault is only detected at the P or M-switch of the output when the two P or M relays are separated.

Digital Modules


Parameter Settings for Applications , 1 and 2

Table 9-17 Parameters of SM 326; DO 8 DC 24V/2A PM for applications 1 and 2

Parameter Range of Values Type

Effective in

"Parameter" tab F-Parameter: F-monitoring time 10 to 10000 ms Static Module Module Parameters: Diagnostic Interrupt Activated/deactivated Static Module For Single Channels or Channel Pairs: Activated Activated/deactivated Static Channel Diagnostics: Wire break Activated/deactivated Static Channel

Digital Modules


9.5.4 Diagnostic Messages for SM 326; DO 8 DC 24V/2A PM

Possible Diagnostic Messages The following table gives you an overview of the diagnostic messages of the SM 326; DO 8 DC 24V/2A PM.

Diagnostic messages are assigned either to one channel or to the entire module.

Table 9-18 Diagnostic messages of the SM 326; DO 8 DC 24V/2A;



Configu-rable

Wire break DOx_P Short circuit to ground at the output or output driver defective DOx_M Short circuit to ground at the output or output driver defective DOx_P Short circuit to L+ at the output or output driver defective DOx_M Short circuit to L+ at the output or output driver defective

1, 2

Channel

Yes

Missing external auxiliary supply Module not assigned parameters Wrong parameters on module Communication error Module-internal supply voltage failed Watchdog operated EPROM fault RAM fault Internal error in read circuit/test circuit or defective sensor supply Processor failure Parameter assignment error (with consecutive number) External load voltage missing Short circuit DOx_P to DOx_M Defective output driver Excess temperature at output driver Load voltage not connected Defective load voltage or not connected

1, 2

Module


1, 2

Module

No

Digital Modules


Causes of Errors and Remedies You will find the possible causes of faults and the corresponding remedies for the individual diagnostic messages of the SM 326, DO 8 DC 24V/2A PM.

Table: 9-19 Diagnostic messages and their remedies for the SM 326; DO 8 DC 24V

Diagnostic message

Error Detection

Possible Causes Remedies

Interruption in the wire between the module and the actuator


Wire break Only in the event of "1" at the output signal

Channel not connected (open) or unused

Disable "Group diagnosis" for the channel

Output overload Eliminate overload Short circuit of the output to M Eliminate short circuit Undervoltage of the load voltage supply

Check the load voltage supply

Short circuit to ground at the output or output driver defective

Only when the output signal is "1"

Defective output driver Replace module Short circuit of the output to 1L+ of the module supply

Eliminate short circuit Module reset necessary (supply voltage off/on)

Short circuit between channels with different signals


Short circuit to L+ at the output or output driver defective

Only when the output signal is "1"

Defective output driver Replace module


General The 1L+ supply voltage of the module is missing

Feed the 1L+ supply


General No parameters transferred to the module



General Incorrect parameters transferred to the module


Module-internal supply voltage failed

General Internal fault of the 1L+ supply voltage

Replace module

Digital Modules


Diagnostic message

Error Detection







General

Module Defect Replace module Communication problem between the CPU and the module due, for example to a defective PROFIBUS connection or to impermissibly high electromagnetic interference






Loss of communication

General

CPU has gone into STOP Read out diagnostic bufferImpermissibly high electromagnetic interference



General

Module Defect Replace module Internal error in the read circuit/test circuit

General Module Defect Replace module


Eliminate the interference Processor failure General


General Error in dynamic parameter assignment

Check the parameterization in the user program. If necessary, contact SIMATIC Customer Support

Defective output driver


Output overload Eliminate overload Excess temperature at output driver

General Internal error of the output driver Replace module

Digital Modules


Diagnostic message

Error Detection


Load voltage 2L+, 3L not connected Feed supply 2L+, 3L+ Defective load voltage or not connected

General

External fault of the load voltage 2L+, 3L+

Replace module


General Test value error occurred in the communication between the CPU and the module due, for example, to impermissibly high electromagnetic interference or due to watchdog monitoring errors


Configured monitoring time exceeded



General

Power-up of fail-safe signal module -

Digital Modules


9.5.5 Technical Specifications - SM 326; DO 8 DC 24V/2A PM

Dimensions and Weight Dimensions W H D (mm) 80 125 120 Weight Approx. 465 g

Module-Specific Data

Number of outputs 8 Assigned address area • In I/O for input • In I/O for output

5 Byte 5 Byte

Length of cable • Unshielded • Shielded • At SIL 3, safety level AK 5

and 6, Cat. 4

600 m, maximum 1000 m, maximum 200 m, maximum

Maximum achievable safety class in safety mode • In Accordance with



EN 954-1





SIL 2 SIL 3 to be determined to be determined

Voltages, Currents, Potentials Rated supply voltage of the electronic components 1L+ • Reverse polarity protection

24V DC Yes

Rated load voltage 2L+/3L+ • Reverse polarity protection

24V DC No

Total current of the outputs (per group) • Horizontal installation



Max. 7.5 A Max. 5 A Max. 5 A




• Between the channels In groups of

Yes Yes Yes 4


Current consumption • From backplane bus • From the supply volt. 1L+ • From the load voltage 2L+/

3L+ (without load)

max. 100 mA max. 75 mA max. 100 mA

Power loss of module typically 12 W

Status, Interrupts, Diagnostics Status display Green LED per

channel Interrupts • Diagnostic Interrupt

Assignable


be read out


Data for Selecting an Actuator Output voltage • At signal ”1”

Min. L + (- 1.0 V)

Output current • At signal ”1”

Rated value Permissible range up to 40° C horizontal installation Permissible range up to 40° C horizontal installation Permissible range up to 60° C horizontal installation

• At signal ”0” (residual current)

2 A 7 mA to 2 A 7 mA to 1 A

7 mA to 1 A Max. 0.5 mA

Load impedance range • Up to 40 °C • Up to 60 °C

12 Ωto 3,4 kΩ 24 Ωto 3,4 kΩ

Digital Modules


Data for Selecting an Actuator (Continued) Lamp load 5 W, maximum Control of a digital input Switching frequency • With resistive load • In the case of an inductive

load To IEC 947-5-1, 13 DC

• With lamp load

Not possible 30 Hz, maximum

2 Hz, maximum 10 Hz, maximum

Inductive breaking voltage limited (internally) to

Minimum L+ (33 V)

Short-circuit protection of the output • Response threshold

Yes, electronically 2.6 to 4 A

Time, Frequency Internal processing time for Safety Mode

to be determined

Acknowledgment Time in safety mode

to be determined

Digital Modules


9.6 SM 326; DO 10 DC 24V/2A


Order Number 6ES7 326-2BF01-0AB0

Features The SM 326; DO 10 DC 24V/2A has the following features:

• 10 outputs, isolated as two groups of 5

• 2 A output current

• 24V DC rated load voltage

• Suitable for solenoid valves, DC contactors, and indicator lights

• 2 connections per output

- One connection for single-channel actuator control (without series diode)

- One connection for redundant actuator control (with series diode)






• Configurable substitute value output in standard mode



Digital Modules


Redundant Output Signals

! Warning The output with a series diode can be used for redundant control of an actuator. Redundant control can take place from 2 different modules without an external circuit. The two signal modules must have the same reference potential (M).

Note If you use 326; DO 10 × DC 24V/2A redundantly, you have to supply these F-SMs with the same load voltage. If this is not possible with one power supply unit due to availability, then use two redundant power supply units. Please note that the power supply units must be connected via diodes.

Short circuit to L+ in a Redundant Interconnection

! Warning Short circuit to L+ in SM 326; DO 10 DC 24V/2A must be avoided by wiring in accordance with standards.

In the event of a short circuit to L+ in a redundant interconnection on an output with a series diode, the corresponding output may not be switched off and the actuator remains activated.

Digital Modules


Connecting capacitive loads The error message "Short circuit to L+ or Defective output driver“ may occur when the outputs without series diodes of the SM 326; DO 10 DC 24V/2A are connected to loads that require little current and show a capacity. Reason: Capacities cannot be sufficiently discharged during self-test readback time of 1 ms.

The following figure shows a typical curves representing the correlation between load impedance and switched load capacitance for a 24V DC power supply.

Load current in mA

Cap

aciti

ve in

µF

Figure 9-42 Correlation between load impedance and switched load capacitance for SM 326;

DO 10 24V/2A DC

Remedy:

1. Determine the load current and capacitance of the load.

2. Determine the operating point in the figure above.

3. If the operating point lies above the curve, do one of the following:

- Increase the load current by connecting a resistor in parallel to bring the operating point below the curve or

- Use the output with series diodes

Digital Modules


Front View

Common errorindicator – red

Safety modeindicator – green


6 Status indicator –green

Bit address

SF

SAFE

3

4

2

Use of front connector (behind thefront door) for:- Connection of outputs- Power supply of the modules- Load voltage supply of the outputs

Figure 9-43 Front view of SM 326; DO 10 DC 24V /2 A


Output byte x (Q x.0 to A x.4)

x = Modules start address

Output byte x (Q x.5 to Q x.7)

0

1

2

3

4Output byte x+1 (Q x+1.0, Q x+1.1)

5

6

7

0

1

Figure 9-44 Address assignment for SM 326; DO 10 DC 24V/2A

Digital Modules


Connection and Block Diagram The following figure shows the terminal assignment and block diagram of the SM 326; DO 10 DC 24V/2A PM.

dsfs

24 V 1M 1L+ Overvoltage

protection

Output driver

Main switch

Status

Read back

Diagnostics

Logic andbackplanebus interface

Address switchM

SFM

SAFE

2L+

2M 2L+

2M

M

34

67

910

12 13

15 16 17 18 19 20

3L+

3M 3L+

3M

21 22 2324

2627

2930

3233

353637383940

24V 24V

Figure 9-45 Terminal assignment and block diagram of the SM 326; DO 10 DC 24V/2A

Channel Numbers The outputs are identified uniquely by means of the channel numbers and the channel-specific diagnostic messages are assigned.

0

1

2

3

4

Channel number: left5

6

7

0

1

right

Figure 9-46 Channel numbers for SM 326; DO 10 DC 24V/2A

Digital Modules


9.6.2 Applications for SM 326; DO 10 DC 24V/2A

Selecting the Application The following figure helps you to select the application in accordance with the requirements in terms of fail safety and fault tolerance (availability). On the following pages you can find out how to wire the module for each application and which parameters you must set with STEP 7 using the S7 Distributed Safety or F Systems optional package.

Yes

Safety mode

Safety mode?

SIL 2(AK 4, Cat. 3)


safety level?

Standard mode

No

Yes

No No


SIL 2Safety mode


SIL 3


Yes

No

Standard mode

Mlodule redundant?

Applications 1 to 6

2 see

1 see

Chap. 9.6.3

6 see

5see

4see

3see




Figure 9-47 Selecting an application - SM 326; DO 10 DC 24V/2A

Digital Modules


Avoiding Dark Periods During Safety Mode

! Warning If you are using actuators that respond too quickly exclusively during "dark period" test signal injection (i..e. < 1 ms), you can still use the internal test coordination by parallel-switching two opposite outputs (with a series diode) at a time. The dark periods are suppressed in the case of parallel connection (see chapter 9.6.5).

9.6.3 Application 1: Standard Mode, Application 3: Safety Mode SIL 2 (Safety Level AK 4, Category 3) and Application 5: Safety Mode SIL 3 (Safety Level AK 6, Category 4)

Below you can find the wiring diagram and the parameter assignment of the SM 326; DO 10 DC 24V/2A; for:





Wiring Diagram for Applications 1, 3 and 5 One actuator is connected via a single pin for each process signal. The load power supply is connected to the digital module on terminals 2L+/2M, 3L+/3M.


1L+

1M

2L+

2M

DO

Figure 9-48 Wiring diagram for the SM 326; DO 10 DC 24V/2A; for applications 1,

3 and 5

! Warnung A suitable actuator is required to attain SIL 3 (safety level AK 6, category 4) with this interface module.

Digital Modules



Connection of Two actuators to 1 Digital Output You can connect two actuators using one fail-safe digital output. The following conditions should be kept in mind:

• L+ and M of the actuators must be connected to L2+ and M of the module (reference potential must be equal).

The actuators can be connected to each of the 10 digital outputs. An example of the connection of an output is shown in the figure below. This connection enables AK6/SIL3/Category 4 to be achieved.


1L+

1M

2L+

2M

DO

Figure 9-49 Wiring diagram 2 actuators on one digital output of SM 326;

DO 10 DC 24V/2A


Digital Modules


Parameter Settings for Applications 1, 3 and 5

Table 9-20 Parameter of the SM 326; DO 10 DC 24V/2A; for applications 1, 3 and 5

Range of Values Parameter Safety Mode Standard Mode

Type Effective in



mode • Safety mode in accordance with SIL2/safety level AK4

• Safety Mode in Accordance with SIL3/Safety Level AK 6

• Standard Mode Static Module

Monitoring Time 10 to 10000 ms - Static Module Daily (or More Frequent) Signal Change

Yes/No - Static Module

Behavior during CPU STOP

- • Apply Substitute Value

• Keep Last Valid Value

Static Module

Group diagnostics Yes/No Yes/No Static Channel Apply Substitute Value "1"

- Yes/No Static Channel

"Redundancy" Tab Redundancy None - Static Module

Digital Modules


9.6.4 Application 2: Standard Mode with High Availability and Application 4: Safety Mode SIL 2 (Safety Level AK 4, Category 3) with High Availability and Application 6: Safety Mode SIL 3 (Safety Level AK 6, Category 4) with High Availability (only in S7 F/FH Systems)

Below you can find the wiring diagram and the parameter assignment of the SM 326; DO 10 DC 24V/2A; for:





Wiring Diagram for Applications 2, 4 and 6 One actuator controlled redundantly by the two digital modules is required for each process signal. The load power supply is connected to the relevant digital module at terminals 2L+/2M, 3L+/3M.



1L+

1M

2L+

2M

1L+

1M

2L+

2M

DO

DO

Figure 9-50 Wiring diagram for the SM 326; DO 10 DC 24V/2A;

for applications 2, 4 and 6

Digital Modules


Parameter Settings for Applications 2, 4 and 6

Table 9-21 Parameter of the SM 326; DO 10 DC 24V/2A; for applications 2, 4 and 6

Range of Values Parameter Safety Mode Standard Mode

Type Effective in



mode • Safety mode in accordance with SIL2/safety level AK4

• Safety Mode in Accordance with SIL3/Safety Level AK 6

• Standard Mode Static Module

Monitoring Time 10 to 10000 ms - Static Module Daily (or More Frequent) Signal Change

Yes/No - Static Module

Behavior during CPU STOP

- • Apply Substitute Value

• Keep Last Valid Value

Static Module

Group diagnostics Yes/No Yes/No Static Channel Apply Substitute Value "1"

- Yes/No Static Channel

"Redundancy" Tab Redundancy Two Modules -* Static Module Redundant module

(Selection of an existing additional module of the same type)

- Static Redundant module pair

* In the standard mode in the event of a redundant configuration, there are two digital values which you have to evaluate in the standard user program.

Digital Modules


9.6.5 Parallel Connection of Two Outputs for Dark Period Suppression

Applications Connecting two outputs in parallel to suppress a dark period is possible in all applications in safety mode (3, 4, 5 and 6).

wiring diagram Connect two opposite outputs with a series diode to an output. By interconnecting them in this way and using an internal test coordination between outputs 0...4 and 5... 9, you suppress the "0" test pulse (dark period). jhhjh


1L+

1M

DO

3L+

3M

2L+

2M

right:channel 5...9

left:channel 0...4

Figure 9-51 Parallel connection of two outputs for the dark period suppression of

SM 326; DO 10 DC 24V/2A

Assign parameters to the fail-safe signal modules as described for the various applications on the previous pages. An additional parameter is not required for the interconnection.

Make sure that the two interconnected outputs are always controlled identically rather than one output on its own. A total of 4 outputs with a series diode are required for a process signal in a redundant I/O system.

Digital Modules


9.6.6 Diagnostic Messages of SM 326; DO 10 DC 24V/2A

Possible Diagnostic Messages The following table gives you an overview of the diagnostic messages of the SM 326; DO 10 DC 24V/2A.


Table 9-22 Diagnostic messages of the SM 326; DO 10 DC 24V/2A



Configurable

Wire break Short circuit to ground at the output or output driver defective

1, 2, 3, 4, 5, 6

Channel

Yes

Short circuit to L+ at the output or output driver defective*

1, 2, 3, 4, 5, 6 Module Yes

Missing external auxiliary supply Module not assigned parameters Wrong parameters on module Communication error Module-internal supply voltage failed Time monitoring responded (watchdog) EPROM fault, RAM fault Internal error in read circuit/test circuit or defective sensor supply Processor failure Parameter assignment error (with consecutive number) External load voltage missing Defective main switch Defective output driver Excess temperature at output driver Load voltage not connected Defective load voltage or not connected

1, 2, 3, 4, 5, 6

Module


3, 4, 5, 6

Module


1, 2 Module

No

* The module is passivated. In the event of a repeated short-circuit, the module immediately switches off itself with "Processor failure".

Digital Modules


Causes of Errors and Remedies You can find the possible causes for faults and the corresponding remedies for the individual diagnostic messages of the SM ; DO DC 24V/2A; with diagnostic interrupt in the subsequent tables.

Table 9-23 Diagnostic messages and their remedies for the SM 326; DO 10 DC 24V/2A

Diagnostic message

Error Detection


Interruption in the wire between the module and the actuator


Channel is not connected (open) Disable "Group diagnosis" for the channel

In the case of outputs with a series diode: Short circuit of the output to 1L+ of the module supply


Wire break Only in the event of "1" at the output or during light test*

In the case of outputs with a series diode: Short circuit between channels with different signals


Output overload Eliminate overload Short circuit of the output to M Eliminate short circuit Undervoltage of the load voltage supply

Check the load voltage supply

Short circuit to ground at the output or output driver defective

Only in the event of "1" at the output or during light test*


Short circuit of the output to 1L+ of the module supply


Short circuit between channels with different signals


Short circuit to L+ at the output or output driver defective

Only in the event of "1" at the output without a series diode or in the case of an output with a series diode and an internal L+ short circuit



General The 1L+ supply voltage of the module is missing

Feed the 1L+ supply


General No parameters transferred to the module



General Incorrect parameters transferred to the module


* Light period occurs in SIL when the "Signal Changes Daily or More Often" parameter is deselected

Digital Modules


Diagnostic message

Error Detection


Module-internal supply voltage failed

General Internal fault of the 1L+ supply voltage

Replace module






General

Module Defect Replace module Communication problem between the CPU and the module due, for example to a defective PROFIBUS connection or to impermissibly high electromagnetic interference







General

CPU has gone into STOP Read out diagnostic buffer




General

Module Defect Replace module Internal error in the read circuit/test circuit



Eliminate the problem, remove and insert the module again

Processor failure General


General Error in dynamic parameter assignment

Check the parameterization in the user program. If necessary, contact SIMATIC Customer Support

External load voltage missing

General The load voltage 2L+, 3L+ of the module is missing

Feed supply 2L+, 3L+

Defective main switch


Defective output driver


Output overload Eliminate overload Excess temperature at output driver

General Internal error of the output driver Replace module

Load voltage not connected

General The load voltage 2L+, 3L+ of the module is missing

Feed supply 2L+, 3L+

Load voltage 2L+, 3L not connected Feed supply 2L+, 3L+ Defective load voltage or not connected

General External fault of the load voltage 2L+, 3L+

Replace module

Digital Modules


Diagnostic message

Error Detection



General Test value error occurred in the communication between the CPU and the module due, for example, to impermissibly high electromagnetic interference or due to watchdog monitoring errors


Configured monitoring time exceeded



General

Power-up of fail-safe signal module - Message frame error during non fail-safe communication

General Enter the watchdog and/or the test value in the data frame


Digital Modules


Faulty Diagnosis After a Wire Break on Redundant Digital Output Modules During the redundant use of fail-safe output modules SM 326; DO 10 DC 24V/2A; the following response may occur in the event of a fault: When a wire break occurs on a channel, the faulty channel and another channel or several other channels are reported as faulty when the connected loads are very different.


12 OhmI=2 A

wirebreak

1 kOhmI=24 mA


1L+

1M

1L+

1M

2L+

2M

A1

A0

2L+

2M

A1

A0

The load rate is wronglyselected here!

Figure 9-52 Incorrect detection of wire break on redundant SM 326;

DO 10 DC 24V/2A

Example: In this example, channels A0 and A1 are reported faulty when a wire break occurs at A0. The cause is the very extreme variation in load on the two channels: 2 A and 24 mA.

What to do: To obtain a correct error diagnosis from the modules, the output channels of a module must have approximately the same load. This means that the ratio of the lowest load to the highest load must be at least 1:5.

Faulty Diagnosis Given a Short Circuit During a short circuit of a channel of the fail-safe digital output module SM 326; DO 10 DC 24V/2A; with diagnostic interrupt after L+ or a short circuit between channels with different signals, in addition to the affected channel, all the other channels of the half containing the faulty channel are also reported as faulty and passivated. A short circuit that lasts a long time will result in the complete failure of the module.

Digital Modules


9.6.7 Technical Specifications - SM 326; DO 10 DC 24V/2A Dimensions and Weight Dimensions W H D (mm) 80 125 120 Weight Approx. 465 g Module-Specific Data Number of outputs 10 Assigned address area • In I/O for input • In I/O for output

6 Byte 8 Byte

Length of cable • Unshielded • Shielded • At SIL 3, safety level AK 6,

Cat. 4

600 m, maximum 1000 m, maximum 200 m, maximum

Maximum achievable safety class in safety mode • In Accordance with IEC

61508 • In Accordance with


EN 954-1





SIL 2 SIL 3 6.97E-06 6.97E-06 7.96E-11 7.96E-11

Voltages, Currents, Potentials Rated supply voltage of the electronic components 1L+ • Reverse polarity protection

24V DC Yes

Rated load voltage 2L+/3L+ • Reverse polarity protection

24V DC No

Total current of the outputs without series diode (per group) • Horizontal installation



Max. 7.5 A Max. 5 A Max. 5 A

Total current of the outputs with series diode (per group) • Horizontal installation



Max. 5 A Max. 4 A Max. 4 A




• Between the channels In groups of

Yes Yes Yes 5

Permissible potential differences between the different circuits

75 V DC 60 V AC


Current consumption • From backplane bus • From the supply volt. 1L+ • From the load voltage 2L+/

3L+ (without load)

100 mA, maximum 70 mA, maximum 100 mA, maximum

Power loss of module 12 W, typical Status, Interrupts, Diagnostics Status display Green LED per

channel Interrupts • Diagnostic Interrupt

Assignable


be read out Substitute values can be applied

Assignable Red LED (SF) Green LED (SAFE)Possible Yes, only in standard mode

Data for Selecting an Actuator Output voltage • At signal ”1”

Without series diode With series diode

Min. L + (- 1.0 V) Min. L + (- 1.8 V)

Output current • At signal ”1”

Rated value Permissible range up to 40°C Horizontal installation Permissible range up to 40°C horizontal installation Permissible range up to 60°C Horizontal installation

• At signal ”0” (residual current)

2 A 7 mA to 2 A 7 mA to 1 A 7 mA to 1 A Max. 0.5 mA

Data for Selecting an Actuator (Continued) Load resistance range • Up to 40 °C • Up to 60 °C

12 Ω to 3,4 kΩ 24 Ω to 3,4 kΩ

Lamp load 5 W, maximum Parallel connection of 2 outputs • For redundant control of a

load

• For an increase in power

Only outputs with series diode; outputs must have the same reference potential Not possible

Control of a digital input Possible

Digital Modules


Switching frequency • With resistive load • In the case of an inductive

load To IEC 947-5-1, 13 DC

• With lamp load

10 Hz, maximum 2 Hz, maximum 10 Hz, maximum

Short-circuit protection of the output • Response threshold • Response threshold for

redundant interconnections

Yes, electronically 2.6 to 4.5 A 5.2 to 9 A

Time, Frequency Internal processing time for • Standard Mode • Safety Mode

Max. 22 ms 24 ms

Acknowledgment Time • in safety mode

20 ms, maximum


10 Analog Module

10.1 Introduction

Overview The SM 336; AI 6 13 Bit, a fail-safe, redundancy-capable analog input module of the S7-300 module family, is available for connecting analog sensors/encoders.

This section presents the following information on this fail-safe analog module:

• Properties


• Applications with connection diagrams and parameter assignment

• Diagnostic messages with remedies



Analog Module


10.2 Analog Value Representation

Measured Value Ranges

Table 10-1 Measured value ranges for SM 336; AI 6 13 Bit

Measuring Range

Measuring Range

Measuring Range

Unit Range

0 to 20 mA 4 to 20 mA 0 to 10 V As a percentage of nominal range

Decimal Hexadecimal

Standard mode

Safety mode Standard mode

Operating mode

> 23.515 mA > 22.814 mA > 11.7593 V > 117.589 32767 7FFFH* Overflow 23.515 mA

.

. 20.007 mA

22.814 mA . .

20.007 mA

11.7589 V . .

> 10.0004 V

117.589 . .

100.004

32511 . .

27649

7EFFH . .

6C01H

Overrange

20 mA . .

2.89 µA 0 mA, typical

20 mA . .

4 mA + 2.315 µA

4.00 mA, typical

10 V . .

1.45 mV 0 V

100 . .

0.014 0

27648 . . 4 0

6C00H

.

.

4H 0H

Nominal range

-0.0007 mA . .

-3.518 mA

3.9995 mA . .

1.185512 mA

-0.36 mV . .

-1.759 V

-0.0036 . .

-17.593

-1 . .

-4864

FFFFH

.

. ED00H

Underrange

< -3.518 mA < 1.185 mA (see below)

< - 1.759 V < -17.593 -32768 8000H*

Underflow

* In S7 F/FH systems, a fail-safe value is output for this value in the safety program in the event of overflow or underflow.

Units in decimal and hexadecimal format can only assume values that are multiples of 4.

Wire break test and underflow test in the range of 4 to 20 mA In the 4 to 20 mA range, it becomes apparent whether parameters have been assigned for a wire break test

• If wire break test parameters have been assigned, an underflow test is not performed. A wire break is reported at < 3.6 mA with 7FFFH.

• If a wire break test is not configured, then underflow is reported at < 1.18 mA with 8000H.

Analog Module


Measured Value Resolution The SM 336; AI 6 13 Bit has a 13-bit resolution. This means that the last two bits are set to 0. Thus, only values that are multiples of 4 can be assumed. 1 digit (13-bit measuring range) corresponds to 4 digits Simatic.

Table 10-2 Bit pattern representation

Bit number 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 Bit significance Sign 215 214 213 212 210 29 28 27 26 25 24 23 22 21 20 Example 0 1 0 0 1 1 0 0 1 1 1 1 1 1 0 0

Table 10-3 Resolution

Measuring Range % of Nominal Range Resolution

0 to 20 mA 0.014 2.89 µA 4 to 20 mA 0.014 2.32 µA 0 to 10 V 0.014 1.45 mV

! Warning Only a measuring range of 4 to 20 mA is permitted in safety mode.

Analog Module


10.3 SM 336; AI 6 13 Bit


Order Number 6ES7 336-1HE00-0AB0

Properties SM 336; AI 6 13 Bit has the following properties:

• Six analog inputs with electrical isolation between the channels and the backplane bus

• Input ranges:

- 0 to 20 mA or 4 to 20 mA, 0 to 10 V in standard mode

- 4 to 20 mA in safety mode

• Short-circuit-proof power supply of 2- or 4-wire measuring transducers over the module

• External sensor supply possible



• Sensor supply display (Vs)



• Can be operated in both standard mode and safety mode

Use of Inputs You can use the inputs as follows:

In standard mode

• All 6 channels for current measurement, 0 to 20 mA or 4 to 20 mA

• Up to 4 channels for voltage measurement, 0 to 10 V, and the remaining two for current measurement

• Other combinations of current measurement and voltage measurement, taking into account the above-mentioned limitation for voltage measurement.

In safety mode:

• All 6 channels for current measurement, 4 to 20 mA.

Analog Module


Address Assignment The figure below shows the assignment of channels to addresses.

Addressing the inputs in the user program:

x = module-start address

IW xIW x+2IW x+4

IW x+6IW x+8IW x+10

0

1

2

3

4

5

Figure 10-1 Address assignment for SM 336; AI 6 13 Bit

Front View

Common error indicator - red

Safety mode indicator - green

Front connector assignment (behind the front panel): for connecting the inputs and power supply

SF

SAFE Vs

Sensor supply indicator – green (for all 6 channels)Vs

Figure 10-2 Front view of SM 336; AI 6 13 Bit

Analog Module


Connection and Block Diagram The figure below shows the connection and block diagram of the SM 336; AI 6 13 Bit. The internal protective circuit of the connections on the left side of the figure corresponds to the protective circuit of the connections on the right. The interconnection of analog sensors for the different applications is presented in the sections that follow.

Over-

Electricalisolation

Multi-plexer

voltageprotection

SensorSupply

Address switch

Logic and backplane bus interface

MSF

MSAFE

M

252423

21

V

V

V

V

A

A

A

A

A

A

A

A

A

A A

A

22

26

2827

2930

32

34

31

33

353637383940

24 V M Vs

MA N A

MA N A ADU

TestDAU

UMonitor

C M M

L+

L+

56

8910

1213

151617181920

VsMonitor

CH0

CH1

CH2

CH3

CH4

CH5

CH0

CH1

CH2

CH3

CH4

CH5

Figure 10-3 Connection and dlock diagram of the SM 336; AI 6 13 Bit and internal sensor supply

Key:

A - current measurement

V - voltage measurement

Analog Module


Channel Numbers Channel numbers are used to uniquely designate the inputs and to assign the channel-specific diagnostic messages.

Channel number: 012

345

0

1

2

3

4

5

Figure 10-4 Channel numbers for SM 336; AI 6 13 Bit

External Sensor Supply The following figures show how the sensors can be supplied by means of an external sensor supply (e.g., by means of another module: 1L+).

Analog inputmodule

L+M

2 DMU

P

1M

1L+VS

22

M-M+

MANA

21

recommended

Figure 10-5 External sensor supply, 2-wire measuring transducer for SM 336; AI 6 13 Bit

Analog inputmodule

L+M

4 DMU

P

1M

1L+VS

22

M-M+

MANA

21Sensore.g. pressure gauge

recommended

Figure 10-6 External sensor supply, 4-wire measuring transducer for SM 336; AI 6 13 Bit

Analog Module


! Warning The stability of the external sensor supply must correspond to the desired safety requirement class AK 4, 5, 6 or SIL 2, 3. If this is not the case, we recommend either one of the following two options:

• Redundant external sensor supply

• Monitoring of the external sensor supply for overvoltage/undervoltage, including disconnection of the sensor supply in the event of a fault (single-channel for SIL 2 and 2-channel for SIL 3).

Recommendation for Internal Sensor Supply We recommend that you always use the short-circuit-protected internal sensor supply of the module. The internal sensor supply is monitored, and its state is displayed by the Vs LED (see Figure 10-2).

Isolated Measuring Sensor The isolated measuring sensors are not connected to the local potential to ground. They can be operated potential-free. Due to local conditions or disturbances, potential differences UCM (static or dynamic) can occur between the measuring leads M– of the input channels and the reference point of the measuring circuit MANA .

To prevent the permitted value for UCM from being exceeded during implementation in environments with high levels of electromagnetic disturbances, we recommend that you connect M– to MANA .

Non-Isolated Measuring Sensors The non-isolated measuring sensors are connected to the local potential to ground. You must connect MANA to the potential to ground. Due to local conditions or disturbances, potential differences UCM (static or dynamic) can occur between the locally distributed measuring points.

If the permitted value for UCM is exceeded, you must provide equipotential bonding conductors between the measuring points.

Analog Module


Improving Accuracy of Current Measurement on Channels 0 through 3 of the Analog Input Module

If you are using channel 1, 2, or 3 of SM 336; AI 6 13 Bit for current measurements, we recommend that you connect the non-protected voltage input to the associated current input, as shown in Figure 10-7 and Figure 10-8. This improves accuracy by approximately 0.2%.

Analog input module

L+M

2 DMU P

VS

2221

MU-

MVn+

MIn+

MANA

N=0 to 3

recommended

Figure 10-7 Improving accuracy of current measurement on channels 0 to 3 with 2-wire measuring transducer

Analog input-module

L+M

4 DMU P

VS

2221

Mn-

MVn+

MIn+

MANA

n= 0 to 3

+ -recommended

recommended

Figure 10-8 Improving accuracy of current measurement on channels 0 to 3 with 4-wire measuring transducer

Analog Module


10.3.2 Applications for SM 336; AI 6 13 Bit

Selecting the Application The following figure helps you to select a application according to the requirements for high availability and availability. On the following pages, you will learn how to wire the module for each application and which parameters you will need to set in STEP 7.

Yes

Safety mode

Safety mode?

SIL 2(AK 4, Cat. 3)


safety level?

Standard mode

No

Yes

No No


SIL 2Safety mode


SIL 3


Yes

No

Standard mode

Module redundant?

Applications 1 to 6

2 1 6 543see see

Chap. 10.3.3 see seeseesee




all measurement areas

Figure 10-9 Selecting a application - SM 336; AI 6 13 Bit

! Warning The achievable safety class depends on the sensor quality and the duration of the proof test interval in accordance with IEC 61508. If the quality of the sensor is lower than the quality stipulated in the required safety class, the sensor must be set up redundantly with a two-channel connection.

Analog Module


Wiring Schemes Each application has three wiring schematics, depending on the measurement type.

Table 10-4 Wiring schematic for SM 336; AI 6 13 Bit

Wiring Scheme

Measurement Type Range Channels Abbreviation in HW Config

A Current measurement with 2-wire measuring transducer

4 to 20 mA 0 to 5 2 WMC

B Current measurement with 4-wire measuring transducer

4 to 20 mA 0 to 20 mA*

0 to 5 4 WMC

C Voltage measurement* 0 to 10 V 0 to 3 U

* Current measurement, 0 to 20 mA, and voltage measurement are only possible in standard mode.

Note

In the following wiring scheme figures, connections to the reference point of measuring circuit MANA are represented by a dashed line. This means that these connections are optional but recommended (see "Improving Accuracy of Current Measurement on Channels 0 to 3 of the Analog Module" in Section 10.3.1).

A dashed connection between two or four sensors means that the sensors are measuring the same variable.

Analog Module


10.3.3 Application 1: Standard Mode

The wiring schemes and the parameter assignment of the SM 336; AI 6 13 Bit are presented below for:

• Application 1: standard mode

For diagnostic messages, possible causes of faults, and fault remedies, refer to Tables 10-11 and 10-12.

Wiring Schematic A, Current Measurement, 4 to 20 mA, 2-Wire Measuring Transducer, for Application 1

Six (6) process signals can be connected to an analog module. Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-5).

2-wire measuringtransducer

P

+-

L+M

SM 336;AI 6 x 13Bit

Figure 10-10 Current measurement, 4 to 20 mA, 2-wire measuring transducer, for

application 1 with SM 336; AI 6 13 Bit

Analog Module


Wiring Schematic B, Current Measurement, 0 to 20 mA, 4-Wire Measuring Transducer, for Application 1


With wire-break monitoring, the measuring range decreases to 4 to 20 mA.

4-wire meas. transducer P

+ -

L+M

SM 336; AI 6 x 13Bit

Figure 10-11 Current measurement, 4 to 20 mA, 4-wire measuring transducer, for

application 1 with SM 336; AI 6 13 Bit

Analog Module


Wiring Schematic C, Voltage Measurement 0 to 10 V, for Application 1 Four (4) process signals can be connected to an analog module. Sensor supply VS is provided for 4 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-6).

4-wire meas.transducer

P + -

L+M


Figure 10-12 Voltage measurement, 0 to 10 V for application 1 with SM 336; AI 6 13 Bit

Analog Module



Table 10-5 Parameters for application 1 SM 336; AI 6 13 Bit

Parameter Value Range in Standard Mode Type Scope of Action "Inputs 1" Tab Enable for diagnostic interrupt


Interference frequency

50 Hz/60 Hz Static Module

Group diagnostics Yes/No Static Channel Wire-break test (only for 4 to 20 mA)

Yes/No Static Channel

Measurement type Deactivated 4WMC 2WMC U

Static Channel

Measuring range 4 to 20 mA 0 to 20 mA 0 to 10 V

Static Channel

"Inputs 2" Tab Safety mode No (standard mode) Static Module Monitoring time - Static Module "Redundancy" Tab Redundancy None Static Module

10.3.4 Application 2: Standard Mode with High Availability (only in S7 F/FH Systems)




Analog Module



Six (6) process signals can be connected to two redundant analog modules. For each process signal, two sensors are connected using 1 channel to the two analog modules. Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-5).

2-wire meas, transducer P

- +

1L+1M

2 wire meas. transducer

SM 336;AI 6 x 13Bit

SM 336;AI 6 x 13Bit

P

- +

2L+2M

Acquires the same process variables with mechanically separated sensors

Analog Module



Six (6) process signals can be connected to two redundant analog modules. For each process signal, two sensors are connected using 1 channel to the two analog modules. Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-6). With wire-break monitoring, the measuring range decreases to 4 to 20 mA.

4 wire meas.transducer

+ -

1L+1M


+ -

2L+2M



P

P


Analog Module


Wiring Schematic A, Voltage Measurement, 0 to 10 V, 4-Wire Measuring Transducer, for Application 2

Four (4) process signals can be connected to two redundant analog modules. For each process signal, two sensors are connected using 1 channel to the two analog modules. Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-6).

4 wire meas.trransducer

+ -

1L+1M

4 wire meas.trransducer

+ -

2L+2M

P

P


Analog Module




Parameter Value Range in Standard Mode Type Scope of Action "Inputs 1" Tab Enable diagnostic interrupt






Measurement Type Deactivated 4WMC 2WMC U

Static Channel

Measuring Range 4 to 20 mA 0 to 20 mA 0 to 10 V

Static Channel

"Inputs 2" Tab Safety mode No (standard mode) Static Module Monitoring time - Static Module "Redundancy" Tab* Redundancy 2 modules Static Module Redundant module Selection of another available

module of the same type Static Redundant

module pair

* With redundant configuration in standard mode, there are two analog values that have to be evaluated in the standard user program.

Analog Module



The wiring schemes and the parameter assignment of the SM 336; AI 6 13 Bit is presented below for:

• Application 3: safety mode, SIL 2 (AK 4, category 3)




2 wire meas.ttrraannssdduucceerr

P

+-

L+M


CH0

CH1

CH2

CH3

CH4

CH5

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4- MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20

Figure 10-16 Current measurement, 4 to 20 mA, 2-wire measuring transducer for application 3 with

SM 336; AI 6 13 Bit

Analog Module





P

+ -

L+M


CH0

CH1

CH2

CH3

CH4

CH5

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4- MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20


SM 336; AI 6 13 Bit

Analog Module




Parameter Value Range in Safety Mode Type Scope of Action

"Inputs 1" Tab Enable diagnostic interrupt






Measurement Type Deactivated 4WMC 2WMC

Static Channel

Measuring Range 4 to 20 mA Static Channel "Inputs 2" Tab Safety mode In accordance with SIL 2 / AK 4

1 sensor Static Module

Monitoring time 10 to 10,000 ms Static Module "Redundancy" Tab Redundancy None Static Module


The wiring schemes and the parameter assignment of the SM 336; AI 6 13 Bit is presented below for:



Analog Module





CH0

CH1

CH2

CH3

CH4

CH5

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4- MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20


CH0

CH1

CH2

CH3

CH4

CH5

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4- MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20


P

- +

1L+1M


P

- +

2L+2M

Acquires the same process variables with 2 mechanically separated sensors

Analog Module





CH0

CH1

CH2

CH3

CH4

CH5

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4- MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20


CH0

CH1

CH2 A

CH3 A

CH4 A

CH5 A

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4- MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20


P

+ -

1L+1M


P

+ -

2L+2M

Acquires the same process variables with 2 mechanically separated sensors

Analog Module




Parameter Value Range in Safety Mode Type Scope of Action "Inputs 1" Tab Enable for diagnostic interrupt






Measurement type Deactivated 4WMC 2WMC

Static Channel

Measuring range 4 to 20 mA

Static Channel

"Inputs 2" Tab Safety mode In accordance with SIL 2 / AK 4

1 sensor Static Module

Monitoring time 10 to 10,000 ms Static Module "Redundancy" Tab Redundancy 2 modules Static Module Redundant module Selection of another available


module pair

Analog Module







Six (6) process signals can be connected to an analog module. For each process signal, two redundant sensors are connected to two opposite inputs of the analog module (1oo2 evaluation). Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-5).


CH0

CH1

CH2

CH3

CH4

CH5

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4- MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20



L+M

M

- -+ +



SM 336; AI 6 13 Bit

Analog Module



Six (6) process signals can be connected to an analog module. For each process signal, two redundant sensors are connected to two opposite inputs of the analog module (1oo2 evaluation). Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-6).


CH0

CH1

CH2

CH3

CH4

CH5

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4-

MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20



L+M

+ - +-


Figure 10-21 Current measurement, 4 to 20 mA, 4-wire measuring transducer for application 5 with SM 336; AI 6 13 Bit

Analog Module




Parameter Value Range in Safety Mode Type Scope of Action "Inputs 1" Tab Enable for diagnostic interrupt




Group diagnostics Yes/No Static Channel Wire-break test Yes/No Static Channel Measurement type Deactivated

4WMC 2WMC

Static Channel

Measuring range 4 to 20 mA Static Channel "Inputs 2" Tab Safety mode Measured. SIL 3 / AK 6

2 sensors Static Module

Monitoring time 10 to 10,000 ms Static Module Discrepancy time 10 to 10,000 ms Static Module Tolerance window with reference to measuring range

0 to 20% in 1% increments Static Module

Standard value MIN/MAX Static Module "Redundancy" Tab Redundancy None Static Module

Discrepancy Analysis for Fail-Safe Analog Input Modules If you have configured safety mode in accordance with SIL3/AK 6, you can configure a discrepancy time and an absolute tolerance window in % with reference to the measuring range of 4 mA to 20 mA for each input of the analog input module. You also configure the standard value (MIN = the smaller value / MAX= the larger value) that is to be accepted and passed on to the CPU.

If the difference between the two measured values is outside of the tolerance window longer than the configured discrepancy time, a fault is signaled and the standard value is accepted

Analog Module






Analog Module



Six (6) process signals can be connected to two redundant analog modules. Four (4) redundant sensors are required per process signal. For each module, two redundant sensors are connected using two channels to two opposite inputs of the analog module (1oo2 evaluation). Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-5).


CH0

CH1

CH2

CH3

CH4

CH5

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4-

MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20


CH0

CH1

CH2

CH3

CH4

CH5

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4-

MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20



1L+M1

M1

M2



2L+M2

-

-

-

-

+

+

+

+


Analog Module



Six (6) process signals can be connected to two redundant analog modules. Four (4) redundant sensors are required per process signal. For each module, two sensors are connected using 2 channels to two opposite inputs of the analog module (1oo2 evaluation). Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-6).


CH0

CH1

CH2

CH3

CH4

CH5

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4- MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20


CH0

CH1

CH2

CH3

CH4

CH5

MI 0+

M 0-

MI 1+

M 1- M ANA

MI 2+

M 2-

MI 3+

M 3- MI 4+

M 4- MI 5+

M 5-

1 2 3

5 6

8 9

12 13

15

18 17 16

19

10

20



L1+M1

+ - +-

4-wire meas.-transducer


L2+M2

+ - +-


Analog Module




Parameter Value Range in Safety Mode Type Scope of Action "Inputs 1" Tab Enable diagnostic interrupt






Measurement type Deactivated 4WMC 2WMC

Static Channel

Measuring range 4 to 20 mA Static Channel "Inputs 2" Tab Safety mode Measured. SIL 3 / AK 6

2 sensors Static Module

Monitoring time 10 to 10,000 ms Static Module Discrepancy time 0 to 30,000 ms Static Module Tolerance window with reference to measuring range

1 to 20% in 1% increments Static Module

Standard value MIN/MAX Static Module "Redundancy" Tab Redundancy 2 modules Static Module Redundant module Selection of another available


module pair

Discrepancy Analysis for Fail-Safe Analog Input Modules If you have configured safety mode in accordance with SIL3/AK 6, you can configure a discrepancy time and an absolute tolerance window in % with reference to the measuring range of 4 mA to 20 mA for each input of the analog input module. You also configure the standard value (MIN = the smaller value / MAX= the larger value) that is to be accepted and passed on to the CPU.

If the difference between the two measured values is outside of the tolerance window longer than the configured discrepancy time, a fault is signaled and the standard value is accepted

Analog Module


10.3.9 Diagnostic Messages for SM 336; AI 6 13 Bit

Possible Diagnostic Messages Table 10-11 provides an overview of the diagnostic messages for SM 336; AI 6 13 Bit.


Table 10-11 Diagnostic messages for SM 336; AI 6 13 Bit

Diagnostic Message Relevant Application


Assignable Parameter?

Wire break 1, 2, 3, 4, 5, 6 Discrepancy error 4, 6

A, B

Channel

Yes

Common mode error 1, 2, 3, 4, 5, 6 A, B, C Overflow or underflow of measured value (see "Wire break and Underflow" on page 10-2 )

1, 2, 3, 4, 5, 6 A, B, C

Channel

Wrong parameters in the module Parameter assignment error (with specification of a serial number) ADC/DAC error No external auxiliary voltage Communications problem (CPU Stop) Time monitoring addressed EPROM fault, RAM fault Processor failure

1, 2, 3, 4, 5, 6

A, B, C

Error in test value (CRC) Monitoring time for safety message frame exceeded

3, 4, 5, 6

Message frame general fault 1, 2

A, B, C

Module

No

Analog Module


Causes of Faults and Corrective Measures In Table 10-12, you will find a list of possible causes of for each SM 336;AI 6 x 13 Bit diagnostic message, as well as appropriate remedies.

Table 10-12 Diagnostic messages and remedies for SM 336; AI 6 13 Bit

Diagnostic Message Possible Causes Remedy

Interruption of measuring lead between module and sensor

Reconnect lead Wire break (only in measuring range of 4 to 20 mA) Incorrect measuring range set Set measuring range to 4 to 20

mA Assigned tolerance window parameters exceeded after discrepancy time expired

Assign a larger tolerance window and/or discrepancy window, as required

Discrepancy error

Wire break Repair wire break as required Check process signal,.

Common mode error Potential difference UCM between the inputs (M-) and reference potential of the measuring circuit (MANA) is too high

Connect M- to MANA

Measuring range fallen below Use an appropriate sensor; check wiring (sensor polarity reversed)

Overflow or underflow of measured value (see "Wire break and Underflow" on page 10-2 )

Measuring range exceeded Use an appropriate sensor; sensor polarity reversed

Wrong parameters in the module

Faulty parameters transferred to the module


Parameter assignment error (with specification of a serial number; e.g., "16": Wrong address)

Error during dynamic reassignment of parameters

Parameter assignment check in user program Contact SIMATIC Customer Support, if necessary

Internal error during analog value test

Replace module

Deviation of two inputs too large in safety mode in accordance with SIL 2

ADC/DAC error

Internal voltage monitor has reported a fault

Wiring fault; wire analog signal to both inputs or replace module

No external auxiliary voltage Supply voltage L+ for module missing

Feed in supply L+

Problem in communication between CPU and module, e.g., due to defective PROFIBUS connection or interference in excess of permitted levels


Monitoring time for safety message frame exceeded

Check parameter assignment for monitoring time

Test value error (CRC), e.g., due to interference in excess of permitted levels


Communications problem

CPU has gone into STOP mode Read out diagnostic buffer

Analog Module


Diagnostic Message Possible Causes Remedy

Electromagnetic interference occasionally too high

Eliminate the interference Time monitoring addressed (watchdog)

Module defective Replace module Occasionally high electromagnetic interference

Eliminate the interference and cycle ON/OFF the supply voltage of the CPU

EPROM fault, RAM fault

Module defective Replace module Interference in excess of permitted levels


Module defective Replace module Error in test value (CRC) Test value error occurred during

communication between CPU and module, e.g., due to interference in excess of permitted levels or due to an error during sign-of-life monitoring


Assigned monitoring time exceeded

Check parameter assignment for monitoring time

Monitoring time for safety message frame exceeded

Startup of fail-safe signal module - Message frame general fault Sign-of-life and/or test value

entered in the data message frame Check the data message frame for the entry "0" for sign-of-life and test value

Analog Module


10.3.10 Technical Specifications - SM 336; AI 6 13 Bit

Dimensions and Weight Dimensions W H D (mm) 80 125 120 Weight Approx. 480 g

Module-Specific Data

Number of inputs 6 Assigned address range • In I/O range for inputs • In I/O range for outputs

16 bytes 4 bytes

Length of cable • Shielded

200 m, maximum

Maximum achievable safety class in safety mode • In accordance with



EN 954-1

SIL 3, maximum AK 6, maximum Cat. 4, maximum


(average probability of failure on demand) SIL 3

• High demand / continuous mode (probability of a dangerous failure per hour) SIL 3

4.96 E-08 5.66 E-13

Surge protection of supply voltages L+ and Lext in accordance with IEC 1000-4-5 (internal)

±0.5 kV, 1.2/50 µs

Surge protection of analog inputs and sensor supply voltage in accordance with IEC 1000-4-5 (internal)

±2 kV, 1.2/50 µs

Voltage, Currents, Potentials

Rated supply voltage of electronics L+ • Reverse polarity protection • Voltage failure ride-through

24 VDC Yes 5 ms




• Between the channels • Between voltage supply

and sensor supply

Yes Yes, only for external supply of sensors No No

Permitted potential difference • Between inputs and MANA

(UCM) • Between MANA and

Minternal (UISO)

6,0 VDC 75 VDC, 60 VAC



90 mA, maximum

• From supply voltage L+ 160 mA, typical Common-mode voltage • Permitted common-mode

voltage between inputs (UCM)

• Monitoring for common-mode voltage

±6 V, maximum Yes, operating range > 6 V and < -6 V

Power loss of module 4.25 W, typical

Analog Value Generation Measurement principle Integrating Integration/conversion time • Assignable • Integration time

at 50 Hz at 60 Hz

• Resolution, including overrange

Yes 20.00 ms 16.66 ms 13 bit + sign

Response time per activated channel at 50 Hz at 60 Hz Basic response time at 50 Hz at 60 Hz

50 ms, maximum 44 ms, maximum 50 ms, maximum 44 ms, maximum

Acknowledgment time corresponds to maximum response time = maximum response time per channel N + maximum basic response time (N = number of activated channels)

Analog Module


Noise Suppression, Limits of Error Noise suppression for f=n × (50/60 Hz±1%), n=1, 2, etc..

38 dB, minimum

Common mode noise (Ucm ≤ 6 Veff)

75 dB, minimum

Crosstalk between inputs 75 dB, minimum

Basic error limit (operational limits at 25 °C with reference to input range) • Current input • Voltage input

± 0.40% ± 0.40%

Temperature error (with reference to input range)

± 0.002%/K

Linearity error (with reference to input range)

± 0.05%

Repeat accuracy (in steady-state condition at 25°C with reference to input range)

± 0.05%

Operational limits (in entire temperature range with reference to input range) • Current • Voltage

±0.48% ±0.48%

Status, Interrupts, Diagnostics

Interrupts • Hardware interrupt • Diagnostic interrupt

No Yes, assignable parameter

Diagnostic functions • Display of fail-safe

operation • Sensor supply monitor • Group error display • Diagnostic information can

be read out

Yes, assignable parameter

Green LED (SAFE) Green LED (Vs) Red LED (SF)

Yes

Fail-safe values can be applied Programmable in safety program

Sensor Supply Output Number of outputs 1 Output voltage • Loaded

Minimum L+ (-1.5 V)

Output current • Rated value • Permissible range

1.0 A 0 to 1.3 A

Short-circuit protection Yes, electronic Electrical isolation in accordance with DIN VDE 0160 • Between output Vs and

backplane bus • Between output Vs and L+ • Test voltage • Nominal circuit voltage

Yes No 600 VDC 75 VDC/60 VAC

Specifications for Sensor Selection Input range (rated values)/input resistance in standard mode • Voltage • Current Input range (rated values)/input resistance in safety mode • Current

0 to 10 V / 59 kΩ 0 to 20 mA 4 to 20 mA/107 Ω 4 to 20 mA/107 Ω

Permitted input voltage for voltage input (destruction limit)

Maximum 30 V continuous; Maximum 38 V for maximum 1 s (pulse duty factor 1:20)

Permitted input current for current input (destruction limit)

40 mA, maximum

Signal sensor connection • For voltage measurement Possible • For current measurement Possible • As 4-wire measuring

transducer Possible

• As 2-wire measuring transducer

Possible

• Load of 2-wire measuring transducer

Maximum 600 Ω

Analog Module



11 Safety Protector

11.1 Introduction

Overview The safety protector protects the F-SMs from possible overvoltages in the event of a fault. This section provides the following information on the safety protector:

• Properties


• Configuration variants


Safety Protector


11.2 Properties, Front View, and Block Diagram

Order Number 6ES7 195-7KF00-0XA0

Properties The safety protector protects the fail-safe signal modules from possible overvoltages in the event of a fault.

The safety protector does not occupy an address, does not supply diagnostic messages, and is not assigned parameters with STEP 7.

Note

The safety protector controls overvoltages up to a maximum of 230 V.

Safety Class AK6/SIL3/Cat.4 with Safety Protector Note the following for applications in safety class AK6/SIL3/Cat.4:

! Warning The safety protector must be used for AK6/SIL3/Cat. 4 applications:

• Generally, if the F-SMs are used locally in an S7-300

• Generally, if the PROFIBUS DP is set up with copper cable

• If the PROFIBUS DP is set up with fiber optic cable and joint operation of standard SMs and F-SMs is required in one ET 200M.

Safety Class AK4/SIL2/Cat.3 without Safety Protector If you comply with the safe functional extra-low voltage (see Section 6.2) for all components connected on the PROFIBUS DP, the safety protector is not required for applications in safety class AK4/SIL2/Cat.3.

Safety Protector


Front View

Do not remove with power on


Safety Protector

Figure 11-1 Front view of safety protector

Block Diagram The following figure shows the block diagram of the safety protector.

Fuse

Over-voltageprotection

Backplane businterface

Backplane businterface

Figure 11-2 Block diagram of safety protector

Safety Protector


11.3 Configuration Variants

Introduction There are two possible ways of configuring an S7-300/ET 200M with an safety protector, depending on whether or not it is necessary to replace modules during operation.

Configuration of an S7-300/ET 200M with an Safety Protector (No Module Replacement during Operation)

The safety protector increases the width of the S7-300/ET 200M by 40 mm. However, you can still insert a maximum of 8 signal modules.

The following figure shows an example configuration with seven signal modules.

Fail-safe signal modules

IM 153-2

Safety protector

Standard signal modules

Power supply

Figure 11-3 Configuration of an ET 200M with an safety protector (no module replacement during

operation)

Note

To ensure that overvoltage protection is maintained in safety mode, you must do the following:

• Always insert the standard signal modules to the left of the safety protector and the fail-safe signal modules to the right of the safety protector.

• Ground the mounting rail.

• Connect the safety protector to the functional ground. To do so, connect pins 19 and 20 of the safety protector to the mounting rail using one cable each of the shortest possible length (cable cross section of 1.5 mm2).

Safety Protector


Replacing Modules in ET 200M in Safety Mode If you use active bus modules to set up the safety protector and the other modules in an ET 200M, you can then insert and remove any of the modules - except the safety protector - during operation.

! Warning The bus module for the safety protector (order no. 6ES7 195-7HG00-0XA0) can only be used if the safety protector is inserted. The sole purpose of the bus module is to connect the safety protector to the active backplane bus.

The safety protector itself must not be inserted or removed during operation! (Insertion or removal would cause the ET 200M to fail.)

Configuration of an ET 200M with the Safety Protector on the Active Backplane Bus

The bus module for the safety protector increases the width of the ET 200M by 80 mm. However, you can still insert a maximum of 8 signal modules. Note that the mounting rail designed for "Module replacement during operation" (order no. 6ES7 195-1GX00) is required for installation. The following figure shows an example configuration with seven signal modules.

Standard signal modules Fail-safe signal modules Power supply

IM 153-2

Safety Protector

Bus module for safety protector

Figure 11-4 Configuration of an ET 200M with the safety protector on the active backplane bus

Note To ensure that overvoltage protection is maintained in safety mode, you must do the following:

• Always insert the standard signal modules to the left of the safety protector and the fail-safe signal modules to the right of the safety protector.

• Ground the mounting rail.

• Connect the safety protector to the functional ground. To do so, connect pins 19 and 20 of the safety protector to the mounting rail using one cable each of the shortest possible length (cable cross section of 1.5 mm2).

Safety Protector


11.4 Technical Specifications

Dimensions and Weight

Dimensions W H D (mm) 40 125 120 Weight Approx. 230 g

Voltages, Currents, Potentials

Power loss of module None


12 Diagnostic Data of Signal Modules

Introduction This appendix describes the structure of diagnostic data in the system data. You need to know this structure if you want to evaluate diagnostic data of fail-safe signal modules in the standard user program.

Further Reading The System and Standard Functions reference manual describes in detail the principles of evaluating diagnostic data of signal modules in the standard user program and describes the SFCs used for this.

Reading Out SFCs for Diagnostics The following SFCs are available for reading out diagnostic data of fail-safe signal modules in the standard user program:

Table 12-1 SFCs for Reading Out Diagnostic Data

SFC No. Identifier Application

59 RD_REC Reading out data records of S7 diagnostics (storing in data area of the standard user program)

13 DPNRM_DG Reading out slave diagnostics (storing in data area of the standard user program)

Position in the Diagnostic Message Frame of the Slave Diagnostics When fail-safe modules are being used in a distributed configuration in the ET 200M and a diagnostic interrupt occurs, data records 0 and 1 are entered in the slave diagnostics of the ET 200M (interrupt section).

The position of the interrupt section in the slave diagnostics depends on the structure of the diagnostic message frame and the length of the channel-related diagnostics.

A detailed description of the structure of the diagnostic message frame and the position of the interrupt section in accordance with the PROFIBUS standard can be found in the section on "Commissioning and Diagnostics" in the Distributed I/O Device ET 200M manual.

Diagnostic Data of Signal Modules


Data Records 0 and 1 of the System Data The diagnostic data of a module can be up to 16 bytes long and are located in data records 0 and 1 of the system data area:

• Data record 0 contains 4 bytes of diagnostic data describing the state of the signal module

• Data record 1 contains

- 4 bytes of diagnostic data of the signal module, which are also found in data record 0

- Up to 12 bytes of channel-related diagnostic data

Structure and Content of Diagnostic Data The structure and content of the individual diagnostic data bytes are described below.

The following applies generally: If a fault occurs, the corresponding bit is set to "1".

Bytes 0 and 1 The following figure shows the content of bytes 0 and 1 of the diagnostic data.

Byte 0

7 06

Module faultInternal fault

External faultChannel fault exists

External auxiliary voltage missing

5 4 3 2 1

Module not assigned parametersWrong parameters on module

Byte 17 06

Module class: FM

Channel information available

5 4 3 2 1

0

00 0 0001

Figure 12-1 Bytes 0 and 1 of diagnostic data



Bytes 2 and 3 The following figure shows the content of bytes 2 and 3 of the diagnostic data.

Byte 2

7 06


Time monitoring responded (watchdog)Module-internal supply voltage failed

5 4 3 2 10

Byte 37 06

Processor failureEPROM fault

RAM faultADC/DAC fault

5 4 3 2 10

000 0

00 0

Figure 12-2 Bytes 2 and 3 of diagnostic data



Bytes 4 to 6 The following figure shows the content of bytes 4 to 6 of the diagnostic data.

Byte 4 7 06 5 4 3 2 1

Channel type B#16#30: fail-safe digital input module B#16#31: fail-safe digital output module B#16#32: fail-safe analog input module

0

Byte 5 7 0

Byte 6 7 0

Number of channels

0 0 0 000 0 0

24: SM 326; DI 24 x DC 24V; with diagnostic interrupt 8: SM 326; DI 8 x NAMUR; with diagnostic interrupt 10: SM 326; DO 10 x DC 24V /2A; with diagnostic interrupt 6: SM 336; AI 6 x 13Bit; with diagnostic interrupt

Figure 12-3 Bytes 4 to 6 of diagnostic data



Bytes 7 to 9 for SM 326; DI 24 DC 24V The following figure shows the content of bytes 7 to 9 of the diagnostic data for SM 326; DI 24 DC 24V.

Byte 7

7 06

Channel fault on channel 0Channel fault on channel 1


Channel fault on channel 4

5 4 3 2 1



Byte 9

7 06




5 4 3 2 1



Byte 87 06




5 4 3 2 1



Figure 12-4 Bytes 7 to 9 of diagnostic data for SM 326; DI 24 DC 24V



Byte 7 for SM 326; DI 8 NAMUR The following figure shows the content of byte 7 of the diagnostic data for SM 326; DI 8 NAMUR.

Byte 7

7 06




5 4 3 2 1



Figure 12-5 Byte 7 of diagnostic data for SM 326 DI 8 NAMUR

Byte 7 for SM 326; DO 8 DC 24V/2A PM The following figure shows the content of byte 7 of the diagnostic data for the SM 326; DO 8 DC 24V/2A PM.

Byte 7 7 06




5 4 3 2 1



Figure 12-6 Byte 7 of diagnostic data for SM 326 DO 8 DC 24V/2A PM



Bytes 7 and 8 for SM 326; DO 10 DC 24V/2A The following figure shows the content of bytes 7 and 8 of the diagnostic data for SM 326; DO 10 DC 24V/2A.

Byte 7

7 06




5 4 3 2 1



Byte 8

7 06


5 4 3 2 1 000000 0

Figure 12-7 Bytes 7 and 8 of diagnostic data for SM 326; DO 10 DC 24V/2A



Byte 7 for SM 336; AI 6 13 Bit The following figure shows the content of byte 7 of the diagnostic data for the SM 336; AI 6 13 Bit.

Byte 7

7 06




5 4 3 2 1


Figure 12-8 Byte 7 of diagnostic data for SM 336; AI 6 13 Bit


13 Dimension Drawings

Signal Module

The following figure shows the dimension drawing of the signal modules (without functionality for removal/insertion during operation). The different signal modules can vary in appearance, but the specified dimensions are always the same.

hbjhb

SF

SAFE

3

2

7

6

1

0

5

4

80 120

125

Figure 13-1 Dimension drawing of signal module

Dimension Drawings


Signal Module with Active Bus Module The following figure shows the dimension drawing (side view) of a signal module with "removal and insertion" functionality with active bus module, S7-300 module, and explosion barrier. The specified dimensions are the same for all signal modules on the active backplane bus.

122

125

155

59

152

166

Intrinsically safe partition S7-300 module

active bus moduleRail for the "Insertion and Removal” function

Figure 13-2 Dimension drawing of a signal module with active bus module, S7-300 module, and explosion

barrier

Dimension Drawings


Saftey Protector

The following figure shows the dimension drawing of the safety protector. hbjhb125

125

40 117



Safety Protector

Figure 13-3 Dimension drawing of the safety protector

Dimension Drawings


Bus Module for the Safety Protector

The following figure shows the dimension drawing of the bus module for the safety protector.

hbjhb9

97

92

Figure 13-4 Dimension drawing of the bus module for the safety protector


14 Accessories and Order Numbers

Accessories and Order Numbers The following table lists the order numbers of the fail-safe signal modules, the safety protector, and additional parts you can order for fail-safe signal modules.

Table 14-1 Accessories and Order Numbers

Component Order Number

Fail-safe signal modules • SM 326; DI 24 DC 24V • SM 326; DI 8 NAMUR • SM 326; DO 8 DC 24V/2A PM • SM 326; DO 10 DC 24V/2A • SM 336; AI 6 13 Bit

6ES7 326-1BK01-0AB0 6ES7 326-1RF00-0AB0 6ES7 326-2BF40-0AB0 6ES7 326-2BF01-0AB0 6ES7 336-1HE00-0AB0

Safety Protector 6ES7 195-7KF00-0XA0 Bus module for safety protector 6ES7 195-7HG00-0XA0 Wiring chamber for SM 326; DI 8 NAMUR (5) 6ES7 393-4AA10-0AA0 Labeling plate • Yellow labeling strips (10) • Yellow cover plates, transparent yellow (10)

6ES7 392-2XX20-0AA0 6ES7 392-2XY20-0AA0

Front panel connector, 40-pin • Screw-type connection system • Spring-type connection system

6ES7 392-1AM00-0AA0 6ES7 392-1BM00-0AA0

Bus connector 6ES7 390-0AA00-0AA0

Accessories and Order Numbers

Fehlersichere Signalbaugruppen 14-2 A5E00048969-05


15 Response times

Introduction This appendix presents the response times of the fail-safe modules. The response times of the fail-safe modules enter into the calculation of the response time of the F-system. You will find information about the calculation of the F-system response time in the Safety Engineering in SIMATIC S7 system description.

Individual elements of the formulas below are taken from the technical specifications for the respective module in Sections 9 and 10.

Definition of Response time For fail-safe digital inputs: the response time represents the time between a signal change at the digital input and safe delivery of the safety message frame on the backplane bus.

For fail-safe digital outputs: the response time represents the time between an arriving safety message frame from the backplane bus and the signal change at the digital output.

Response time of SM 326; DI 8 NAMUR Response time of SM 326; DI 8 NAMUR (with or without presence of a fault) is calculated as the following:

Response time = internal processing time + input delay

Example SM 326; DI 8 NAMUR:

Response time = 55 ms + 3 ms = 58 ms

When a fault is present, the response time is increased by the amount of the parameterized discrepancy time, provided “1oo2 evaluation” was selected.

Note

The maximum response time is calculated by applying the maximum values from the technical specifications for the fail-safe signal modules in the formulas above.

Response times


Response time of SM 326; DO 10 X DC 24V/2A The response time of the SM 326; DO 10 X DC 24V/2A (with or without a fault present) is calculated using the following formula:

Response time = internal processing time + output delay

Whereby the output delay is always negligible

Example SM 326; DO 10 DC 24V/2 A in safety mode:

Response time = 24 ms + 0 ms = 24 ms

Note


Maximum Response time of SM 326; DI 24 DC 24V

Formula for calculating maximum response time when no fault is present:

Maximum response time when no fault is present = Tmax + 3 ms* + 6 ms**

* Input delay

** Short-circuit test duration = 2 x input delay

You assign parameters for the short-circuit test in STEP 7 (see Section 9.5).

Table 15-1 SM 326; DI 24 DC 24V: Internal Processing Times

Sensor Evaluation Minimum Internal Processing Time Tmin

Maximum Internal Processing Time Tmax

1oo1 and 1oo2 to be determined to be determined

Maximum Response time When a Fault is Present:

The following table contains the maximum response times for the SM 326; DI 24 DC 24V when a fault is present, according to the parameter assignment in STEP 7 and the type of sense evaluation.

Table 15-2 SM 326; DI 24 DC 24V: Maximum Response time When a Fault is Present

Short-Circuit Test Parameter

1oo1 Evaluation 1oo2 Evaluation***

Short-circuit test disabled to be determined to be determined Short-circuit test enabled to be determined to be determined

*** In the case of 1oo2 evaluation, the response times also depend on the assigned discrepancy behavior: Provide a value of 0: The times in the table above apply. Provide last valid value: The times in the table above are increased by the parameterized discrepancy time.

Response times


Maximum Response time of SM 326; DO 8 DC 24V/2 A PM The maximum response time of the SM 326; DO 8 DC 24V/2 A PM (with or without a fault present) corresponds to the maximum internal processing time Tmax.

Minimum internal processing time Tmin = to be determined

Maximum internal processing time Tmax = to be determined

Response time of Fail-Safe Analog Input Modules The response time (conversion time) of fail-safe analog input modules (with or without a fault present) is calculated using the following formula:

Response time = response time per channel N + base response time

Where N = number of enabled channels

Example SM 336; AI 6 13 Bit, all channels connected (N = 6), interference frequency of 50 Hz:

Response time = 6 50 ms + 50 ms = 350 ms

When a fault is present, the response time is increased by the parameterized discrepancy time, provided “2 sensors” were selected and the failure direction of the signal is unsafe (or the “unit value” was not assigned in accordance with the safe failure direction).

Note


Note on Calculation of Response times

Note The MS Excel files for calculating maximum response times (s7fcotib.xls or s7ftimeb.xls) provided with the S7 Distributed Safety and S7 F/FH Systems optional packages support calculation of the “maximum response time when a fault is present” by increasing the response time by the amount of the parameterized discrepancy time.

Response times



16 Type Examination Certificate and Declaration of Conformity

SM 326; DI 8 NAMUR This appendix contains the EC type examination certificate and declaration of conformity for the SM 326; DI 8 NAMUR for connection of signals from potentially explosive locations.

Type Examination Certificate and Declaration of Conformity


EC Type Examination Certificate for SM 326; DI 8 NAMUR



EC Type Examination Certificate for SM 326; DI 8 NAMUR, Continued



EC Type Examination Certificate for SM 326; DI 8 NAMUR, Continued



EC Type Examination Certificate for SM 326; DI 8 NAMUR, Addendum



Declaration of Conformity for SM 326; DI 8 NAMUR


17 Glossary

1oo1 Evaluation -> Sensor evaluation method: In 1oo1 evaluation, there is one -> sensor

and it is connected to the module via a single channel.

1oo2 Evaluation -> Sensor evaluation method - In 1oo2 evaluation, two input channels are occupied, either by one 2-channel sensor or two single channel sensors. The input signals are compared internally for equality (equivalence) or non-equality (nonequivalence).

A

Acknowledgment Time

During the acknowledgement time, the -> F-I/O acknowledge the sign of life specified by the -> F-CPU. The acknowledgement time enters into the calculation of the -> monitoring time and -> response time for the F-system as a whole.

Actuator Actuators can be power relays or contactors for switching on consumers, or they can be consumers themselves (for example, directly controlled solenoid valves).

Availability Theprobability that a system is functional at a specific point in time. Availability can be increased by redundancy, e.g., by using redundant signal modules and/or by using multiple -> sensors at the same measuring point.

C

Category Category in accordance with EN 954-01:

With -> fail-safe signal modules, categories up to category 4 can be used in safety mode.

Channel Fault A channel fault is a channel-related fault, such as a wire break or a short circuit.

Channel Number Channel numbers are used to uniquely identify the inputs and outputs of a module and to assign channel-specific diagnostic messages.

Channel-Granular Passivation

In this passivation method, when a -> channel fault occurs, only the channel involved is passivated (method available in S7 F/FH systems only). In the case of a -> module fault, all channels of the -> fail-safe signal module are passivated.

Glossary


CiR CiR stands for Configuration in RUN. System modification in RUN mode via CiR enables configuration changes in parts of the system with distributed I/O while in RUN mode. Process execution is thereby halted for a brief, assignable time period. The process inputs retain their last value during this time period.

Configuration Systematic arrangement of individual signal modules (configuration)

CRC Cyclic Redundancy Check

CRC Signature A CRC signature in the safety message frame is used to safeguard the validity of the process values in the safety message frame, the correctness of the assigned address references, and the safety-related parameters.

D

Dark Period Dark periods occur during switch-off tests and during complete bit pattern tests. This involves test-related 0 signals being switched to the output while the output is active. The output is then switched off briefly (dark period). A sufficiently slow -> actuator does not respond and remains switched on.

Discrepancy Analysis

Discrepancy analysis for equivalence or nonequivalence is used for fail-safe inputs to determine faults based on the time characteristic of two signals with the same functionality. Discrepancy analysis is initiated when different levels are detected for two associated input signals (for nonequivalence testing, when the same levels are detected). After a programmable time interval (so-called -> discrepancy time) has elapsed, a check is made to determine whether the difference has disappeared (for nonequivalence testing, whether the agreement has disappeared). If not, this means that a discrepancy error exists.

There are two types of discrepancy analyses for fail-safe input modules: • In the case of -> 1oo2 evaluation:

The discrepancy analysis is carried out between the two input signals of the 1oo2 evaluation in the fail-safe input module.

• In the case of redundant I/O (S7 FH systems only):

The discrepancy analysis is performed between the two input signals of the redundant input modules by the fail-safe driver blocks of the S7 F Systems optional software.

Discrepancy Time Discrepancy time is a period of time configured for the -> discrepancy analysis. If the discrepancy time is set too high, the times for fault detection and -> fault reaction are extended unnecessarily. If the discrepancy time is set too low, availability is decreased unnecessarily because a discrepancy error is detected when, in reality, no fault exists.

Glossary


F

Fail-Safe Signal Modules

Signal modules of S7-300 that can be used for safety-related operation (-> safety mode) in S7 Distributed Safety or S7 F/FH fail-safe systems. These modules are equipped with integrated -> safety functions.

Fail-Safe Systems Fail-safe systems (F-systems) are systems that remain in a safe state or immediately switch to another safe state as soon as particular failures occur.

Fault Reaction Time The maximum fault reaction time for an F-system is the time between the occurrence of any fault and a safe response at all affected fail-safe outputs. For -> F-System in total: The maximum fault reaction time is the time between occurrence of any fault in any -> F-I/O and a safe response at the relevant fail-safe output.

For inputs: The maximum fault reaction time is the time between the occurrence of a fault and a safe response at the backplane bus.

For digital outputs: The maximum fault reaction time is the time between the occurrence of a fault and a safe response at the digital output.

F-CPU An F-CPU is a central processing unit with fail-safe capability that is permitted for use in S7 Distributed Safety/S7 F/FH systems. For S7 F/FH systems, the F-copy license allows the central processing unit to be used as an F-CPU. That is, it can execute a -> safety program. For S7 Distributed Safety, an F-copy license is not required. A -> standard user program can also be run on the F-CPU.

F-I/O F-I/O is a group designation for fail-safe inputs and outputs available in SIMATIC S7 for integration in S7 Distributed Safety and S7 F/FH systems. The following F-I/O modules are available: • ET 200eco Distributed I/O Station

• S7-300 fail-safe signal modules (F-SMs)

• ET 200S fail-safe modules

• Fail-safe DP standard slaves (for S7 Distributed Safety only)

F-monitoring time -> PROFIsafe monitoring time

F-SM -> Fail-safe signal modules

F-Systems -> Fail-safe systems

Glossary


L

Light Period Light periods occur during complete bit pattern tests. This involves test-related 1 signals being switched to the output while the output is inactive (output signal "0"). The output is then switched on briefly (light period). A sufficiently slow actuator does not respond to this and remains deactivated.

M

Module Fault Module-wide fault: A module fault can be an external fault (such as missing load voltage) or an internal fault (such as processor failure). An internal fault always necessitates a module replacement.

Module Redundancy

An additional, identical module is operated redundantly to increase availability.

Monitoring Time -> PROFIsafe monitoring time

M-Switch (Current Sinking)

In the SM 326 DO 8 24 VDC/2 A PM, every fail-safe digital output consists of a P-switch DOx P (current sourcing) and an M-switch DOx M (current sinking). The load is connected between the P and M-switches. The two switches are always controlled so that voltage is applied to the load.

N

Nonequivalent Sensor

A nonequivalent -> sensor is a reversing switch that is connected to two inputs of an -> F-I/O (via 2 channels) in -> fail-safe systems (for -> 1oo2 evaluation of sensor signals).

P

Parameter Assignment

Parameter assignment via PROFIBUS DP: Transfer of slave parameters from the DP master to the DP slave

Parameter assignment of modules: Setting the module behavior using the STEP 7 configuration software

Passivation If an -> F-I/O module detects a fault, it switches either the affected channel or all channels to a -> safe state; that is, the channels of the F-I/O module are passivated. The F-I/O signals the detected faults to the -> CPU.

For an F-I/O with inputs, if passivation occurs, the F-system provides fail-safe values for the safety program instead of the process values pending at the fail-safe inputs.

For an I/O module with outputs, if passivation occurs, the F-system transfers fail-safe values (0) to the fail-safe outputs instead of the output values provided by the safety program.

Glossary


PG Programming devices (PGs) are compactly designed personal computers made especially for use in an industrial setting. A programming device (PG) is fully equipped for programming SIMATIC automation systems.

Process Image The process image is a component of the system memory of the CPU. At the start of the cyclical program, the signal states of the input modules are transferred to the process image of the inputs. At the end of the cyclic program, the process image of the outputs is transferred to the output modules as the signal state.

Process Safety Time

The process safety time of a process is a time interval during which the process can be left on its own without risk to life and limb of the operating personnel or damage to the environment.

Within the process safety time, any type of F-system process control is tolerated. That is, during this time, the -> F-system can control its process incorrectly or it can even exercise no control at all. The process safety time depends on the process type and must be determined on a case-by-case basis.

PROFIBUS PROcess FIeld BUS, German process and fieldbus standard specified in IEC 61784-1:2002 Ed1 CP 3/1. This standard specifies functional, electrical, and mechanical properties for a bit-serial field bus system.

PROFIBUS is available with the following protocols: DP (= distributed I/O), FMS (= Fieldbus message specification), PA (= Process automation), or TF (= Technological functions).

PROFIsafe Safety-related PROFIBUS DP/PA for communication between the -> safety program and the -> F-I/O in an -> F-system.

PROFIsafe Address Every -> F-I/O module has a PROFIsafe address You must configure the PROFIsafe address in STEP 7 HW Config and set it on the F-I/O using a switch.

PROFIsafe Monitoring Time

Monitoring time for safety-related communication between the F-CPU and F-I/O

Proof-Test Interval A component must be set in the fail-safe state following the proof-test interval. That is, it is replaced by an unused component or it is proven to be completely without faults.

P-Switch -> See M-Switch.

Glossary


R

Response time Response time starts with the detection of an input signal and ends with the modification of a gated output signal.

The actual response time is between the shortest and the longest response time. The longest response time must always be anticipated.

For fail-safe inputs: the response time represents the time between a signal change at the input and safe delivery of the safety message frame on the backplane bus.

For fail-safe digital outputs: the response time represents the time between an arriving safety message frame from the backplane bus and the signal change at the digital output.

Redundancy, Availability-Enhancing

Availability-enhancing redundancy means multiple availability of components to ensure that components continue to function even in the event of hardware faults.

Redundancy, Safety-Enhancing

Multiple availability of components with the aim of exposing hardware faults based on comparison (for example, -> 1oo2 evaluation in -> fail-safe signal modules.

Redundant switched I/O

Redundant switched I/O are a configuration variant of S7 FH systems in -> safety mode for increasing availability. -> F-CPU, PROFIBUS DP, and -> F-I/O are redundant. In the event of a fault, the F-I/O are no longer available.

Reintegration Once a fault has been eliminated, the -> F-I/O must be reintegrated (depassivated). The reintegration (switchover from fail-safe values to process values) occurs either automatically or only after user acknowledgement in the safety program.

For an F-I/O module with inputs, the process values pending at the fail-safe inputs are provided again for the -> safety program after reintegration. For an F-I/O module with outputs, the -> F-system again transfers the output values provided in the safety program to the fail-safe outputs.

S

Safe State The basis of the safety concept for fail-safe systems is that there is a safe state for all process variables. For digital signal modules, the safe state is, for example, the value “0“.

Safety Function Safety function is a mechanism built into the -> F-CPU and -> F-I/O that allows them to be used in -> S7 Distributed Safety or S7 F/FH systems.

IEC 61508: Function implemented by a safety system to ensure that the system is kept in a safe state or brought to a safe state in the event of a particular fault.

Glossary


Safety Integrity Level

The safety integrity level (SIL) is a safety class in accordance with IEC 61508 and prEN 50129. The higher the safety integrity level, the stricter the measures must be to prevent and eliminate systematic faults and to remedy hardware failures.

With fail-safe signal modules, safety-integrity levels up to SIL 3 can be used in safety mode.

Safety Message Frame

In safety mode, data are transferred between the -> F-CPU and -> the fail-safe signal module in a safety message frame.

Safety Mode Safety mode is the operating mode of the -> F-I/O that allows -> safety-related communication by means of -> safety message frames. -> ET 200S fail-safe modules can only be used in safety mode. -> S7-300 F-SMs can be used in -> standard mode or safety mode.

Safety Program The safety program is a safety-related user program.

Safety Requirement Class (AK)

Safety requirement class (AK) in accordance with DIN V 19250 (DIN V VDE 0801):

Safety requirement classes are a means of categorizing safety requirements for preventing and remedying faults. With -> fail-safe signal modules, safety requirement classes up to A6 can be used in -> safety mode.

Safety-Related Communication

Safety-related communication is used to exchange fail-safe data.

Sensor Sensors permit exact acquisition of digital and analog signals and exact measurement of routes, positions, velocities, rotational speeds, weights, etc.

Sensor Evaluation There are two types of sensor evaluation:

• -> 1oo1 evaluation – Sensor signal is read out once

• -> 1oo2 evaluation: To increase availability, the sensor signal is read twice by the same module and compared internally.

Single-channel I/O Single-channel I/O are a configuration variant of S7 Distributed Safety/S7 F systems in -> safety mode. The -> F-CPU and -> F-I/O are not redundant. In the event of a fault, the F-I/O are no longer available.

Glossary


Single-channel switched I/O

Redundant switched I/O are a configuration variant of S7 FH systems in -> safety mode for increasing availability. -> F-CPU is redundant, -> F-I/O are not redundant; if a fault occurs, a switch is made to the other -> F-CPU. In the event of a fault, the F-I/O are no longer available.

Standard mode Operating mode of F-I/O, in which standard communication is possible but not -> safety-related communication by means of -> safety message frames.

Fail-safe signal modules of S7-300 can be used in standard mode or -> safety mode. Fail-safe modules of ET 200S are designed for safety mode only.

Static Parameter Static parameters can only be set when the CPU is in STOP mode and cannot be changed by means of SFC (system function) while the user program is running.

T

Thread length Air clearance and creepage distance in air (Air clearance is the shortest distance between two components in air. Creepage distance in air is the shortest distance in air between two conductive parts along the surface of an insulating material)

Fail-Safe Signal Modules A5E00085586-05 Index-1

Index

1 1oo1 evaluation............................................ 17-1 1oo2 evaluation..................................... 5-2, 17-1

A Accessories.................................................. 14-1 Acknowledgment time.................................. 17-1 Actuator ....................................................... 17-1

requirements .............................................. 6-5 Address

PROFIsafe .......................................... 5-4, 5-7 Address assignment ...................................... 9-6 Address assignment in standard and safety

modes ........................................................ 5-1 Address range

permissible................................................. 5-3 Address switch........................................ 5-5, 5-7

for PROFIsafe addresses .......................... 5-7 setting ................................................. 5-6, 5-8

Addresses occupied by useful data ............... 5-2 Addressing

of channels in standard mode.................... 5-3 rules .................................................... 5-6, 5-8

AK 4, AK 6 ..................................................... 2-4 Analog input module

measured value resolution....................... 10-3 Analog value representation

measured value range ............................. 10-2 Assigning parameters .................................... 4-2 Availability .................................................... 17-1

according to F-I/O ...................................... 3-4 higher......................................................... 4-2

B Basic knowledge

requirements .............................................. 1-1

C Capacitive loads

Connecting............................................... 9-70 Category ............................................... 3-4, 17-1 Category 3 and 4 ........................................... 2-4 Causes of errors

in SM 326, DI 24 DC 24V..................... 9-31 in SM 326, DI 8 NAMUR....................... 9-50 in SM 326, DO 8 DC 24V/2A PM......... 9-63 in SM 336, AI 6 13 Bit ........................ 10-34 in the SM 326, DO 10 DC 24V/2A ....... 9-81

Certification.................................................... 1-2

Changes from previous version .................................1-1

Changes in manual ........................................1-1 Channel fault ................................................17-1 Channel number...........................................17-1 CiR ................................................ 4-1, 9-6, 17-2 Commissioning

fail-safe signal modules ..............................2-5 Communication

safety-related............................................17-7 Conditions of Use ...........................................8-9 Configuration .........................................4-1, 17-2

distributed...................................................3-1 local ............................................................3-1 redundant ...................................................5-9

Configuration in RUN.............................4-1, 17-2 Configuration variants

according to availability ..............................3-4 in safety mode ............................................3-3 in standard mode........................................3-2

Conventions in manual....................................................1-4

CPU permitted .............................................3-2, 3-3

CRC..............................................................17-2 Cross circuit

Avoidance.................................................9-59

D Dark Period ...........................................6-7, 17-2 Dark Period Suppression..............................9-79 Data records 0 and 1

diagnostic data .........................................12-1 Degree of protection.....................................8-11 Degree of protection IP 20............................8-11 Diagnostic buffer ............................................7-3 Diagnostic data.............................................12-1 Diagnostic evaluation .....................................7-6 Diagnostic functions .......................................7-6 Diagnostic interrupt ........................................7-7

assigning ....................................................7-7 Diagnostic LEDs.............................................7-7 Diagnostic messages

SM 326, DI 24 DC 24V.........................9-30 SM 326, DI 8 NAMUR ...........................9-49 SM 326, DO 10 DC 24V/2A..................9-80 SM 326, DO 8 DC 24V/2A PM .............9-62 SM 336, AI 6 13 Bit ............................10-33

Diagnostic messages and corrective measures....................................................7-7

Diagnostics by LED display ............................7-7 Digital Modules...............................................9-1 Dimension drawing of bus module for

safety protector.........................................13-4

Index

Fail-Safe Signal Modules Index-2 A5E00085586-05

Dimension drawing of safety protector......... 13-3 Dimension drawing of signal module ........... 13-1 DIN V 19250 .................................................. 2-4 DIP switch............................................... 5-5, 5-7 Discrepancy Analysis.................9-2, 10-32, 17-2 Discrepancy Behavior .................................... 9-2 Discrepancy time ......................................... 17-2 Distributed configuration ................................ 3-1 Documentation

additional ................................................... 1-2 Duration of Sensor Signals

Requirement for ......................................... 6-6

E Electromagnetic Compatibility........................ 8-5 EMC............................................................... 8-5 EMC guidelines.............................................. 8-7 EN 954-1........................................................ 2-4 Environmental Requirements......................... 8-9

mechanical................................................. 8-9

F F Configuration Pack ..................................... 4-1 F_destination_address................................... 5-4

assigning.................................................... 5-7 Fail-safe automation system .......................... 2-2 Fail-safe signal module .................................. 2-2 Fail-Safe Signal Modules in a Zone 2 .......... 8-12 Fail-safe systems......................................... 17-3 Fault reaction time ....................................... 17-3 Fault reactions ............................................... 7-2 F-CPU.......................................................... 17-3 F-I/O.................................................... 17-3, 17-5 Field of Application......................................... 8-4 F-monitoring time ......................................... 17-3 Front panel connector .................................... 6-3 F-SM .............................................................. 2-2 F-System ....................................................... 2-2

example configuration................................ 2-3 Functional extra-low voltage

safe ............................................................ 6-2

G General Techical Specifications..................... 8-1 Group diagnostics .......................................... 7-5

H H/F Competence Center ................................ 1-5 Hazardous Areas ......................................... 9-35 Higher availability........................................... 4-2 How to use

manual ....................................................... 1-4

I IEC 1131........................................................ 8-4 IEC 61508............................................. 2-4, 9-11

IM 153 permitted .............................................3-2, 3-3

Increased availability ......................................2-4 Input delay....................................................15-2 Insertion/removal............................................6-4 Installing .........................................................5-9 Interferences

pulse-shaped.......................................8-5, 8-6 sinusoidal ...................................................8-6

IP 20.............................................................8-11 Isolation test .................................................8-11

L Light period...................................................17-4 Loads, capacitive

Connecting ...............................................9-70 Local configuration .........................................3-1 Logical base address......................................5-5

M Manual

contents......................................................1-4 Measuring sensor

analog input module .................................10-8 Module fault..................................................17-4 Module redundancy......................................17-4 Module starting address .................. 5-1, 5-4, 5-5 Monitoring time.............................................17-4 M-switch (current sinking).............................17-4

N Namur sensors ...............................................6-5 Nominal line voltages ...................................8-11 Nonequivalent sensor...................................17-4

O Operation safety

of system....................................................2-1 Order number ........................................1-1, 14-1 Overvoltage protection .................................11-4

P Parameter assignment .................................17-4 Parameter Reassignment in RUN ..................9-6 Parameters.....................................................4-2 Passivation ............................................7-3, 17-4

Channel-granular......................................17-1 Power supplies ...............................................6-3 Process image..............................................17-5 Process safety time ......................................17-5 PROFIBUS...................................................17-5 PROFIsafe....................................................17-5

address...................................... 5-4, 5-7, 17-5 address assignment ...................................5-7 -Monitoring time........................................17-5

Programming device.....................................17-5 Proof-test interval ................................9-11, 17-5

Index

Fail-Safe Signal Modules A5E00085586-05 Index-3

Protection Class........................................... 8-11 P-switch ....................................................... 17-5 Pulse-Shaped Interference ..................... 8-5, 8-6 Purpose of manual......................................... 1-1

R Radio interferences

emission of................................................. 8-7 Reading out diagnostic messages with

STEP 7....................................................... 7-8 Recycling and disposal .................................. 1-4 Redundancy

availability-enhancing............................... 17-6 safety-enhancing...................................... 17-6

Redundant Configuration ........................ 5-9, 8-7 Redundant I/O......................................... 2-4, 4-2 Redundant switched I/O........................ 3-4, 17-6 References

additional ................................................... 1-2 Reintegration......................................... 7-4, 17-6 Replacing modules ........................................ 6-4 Requirement class .........................2-4, 3-4, 17-7 Requirements

software ..................................................... 4-1 Response time............................................. 17-6

fail-safe analog input modules ................. 15-3 fail-safe digital modules ........................... 15-1

S Safe extra-low voltage ................................... 6-2 Safe state.......................................2-2, 7-3, 17-6 Safety class ............................................ 2-4, 3-4 Safety function ............................................. 17-6 Safety integrity level.............................. 6-5, 17-7 Safety message frame ................................. 17-7 Safety mode............................2-3, 2-4, 5-7, 17-7

replacing modules............................. 6-4, 11-5 Safety program ............................................ 17-7 Safety protector.............................................. 3-4

block diagram........................................... 11-3 front view............................................... 11-3 Order No. ................................................. 11-2 set up in ET 200M/S7-300 ....................... 11-4 technical specifications ............................ 11-6

Scope of manual ................................................... 1-1

DIN V VDE 0801............................................ 2-4 Sensor ......................................................... 17-7

requirements .............................................. 6-5 Sensor evaluation ........................................ 17-7 Sensor Signal

Requirement for Duration........................... 6-6 Sensor Supply

internal ..................................................... 9-20 Service........................................................... 1-6 Setting safety mode ................................ 5-5, 5-7 Short-circuit test ........................................... 15-2 Signal module

fail-safe ...................................................... 2-2

SIL 2, SIL 3 Requirement classes..................................2-4 Safety classes ............................................2-4

Single-channel I/O.................................3-4, 17-7 Single-channel switched I/O ..................3-4, 17-8 SM 326, DI 24 DC 24V

Applications ..............................................9-10 Causes of Errors and Remedies ..............9-31 Channel numbers .......................................9-8 Connection and block diagram ...................9-9 Diagnostic messages ...............................9-30 External Sensor Supply ..............................9-9 Features .....................................................9-5 Front View ..................................................9-7 internal sensor supply...............................9-20 Order number .............................................9-5 Parameter.................................................9-24 Short Circuit to M and L+..........................9-31 Sinusoidal Interferences .............................8-6

SM 326, DI 8 NAMUR Address Assignment ................................9-36 Applications ..............................................9-41 Causes of Errors and Remedies ..............9-50 Channel numbers .....................................9-38 Connectable Sensors ...............................9-37 Connection and block diagram .................9-37 Diagnostic messages ...............................9-49 Features ...................................................9-35 Front View ................................................9-36 Order number ...........................................9-35 Technical specifications............................9-52

SM 326, DO 10 DC 24V/2A Address Assignment ................................9-71 Applications ..............................................9-73 Causes of Errors and Remedies ..............9-81 Channel Numbers ....................................9-72 Connection and block diagram .................9-72 Diagnostic messages ...............................9-80 Features ...................................................9-68 Front View ................................................9-71 Order Number ..........................................9-68

SM 326, DO 8 DC 24V/2A PM Address Assignment ................................9-55 Applications ..............................................9-57 Causes of Errors and Remedies ..............9-63 Channel numbers .....................................9-56 Connection and block diagram .................9-56 Diagnostic messages ...............................9-62 Front View ................................................9-55 Order number ...........................................9-54 Properties .................................................9-54 Technical specifications............................9-66

SM 336, AI 6 13 Bit ................................10-36 address assignment .................................10-5 applications ............................................10-10 causes of errors and corrective

measures............................................10-34 Channel numbers .....................................10-7 connection and block diagram..................10-6 diagnostic messages..............................10-33 external sensor supply..............................10-7 front view..................................................10-5 order number............................................10-4 properties .................................................10-4

Index

Fail-Safe Signal Modules Index-4 A5E00085586-05

Software requirements................................... 4-1 Standard mode ..................................... 2-3, 17-8

addressing of channels .............................. 5-3 Static parameter........................................... 17-8 STEP 7 .......................................................... 4-1 Substitute value ............................................. 7-2 Substitute value output ........................... 7-2, 7-4 Support .......................................................... 1-6

additional ................................................... 1-5 Switching capacitive loads ........................... 9-70

T Technical specifications

general ....................................................... 8-1 Safety protector........................................ 11-6 SM 326, DI 8 NAMUR........................... 9-52 SM 326, DO 8 DC 24V/2A PM............. 9-66 SM 336, AI 6 13 Bit............................ 10-36

Test Voltages ............................................... 8-11 Thread length...................................... 9-40, 17-8

Training center ...............................................1-5 Transport and storage conditions ...................8-8 TÜV certificate................................................8-4

U Underflow .....................................................10-2

V Vibration .........................................................8-9 Voltages

nominal line ..............................................8-11

W Wire break ....................................................10-2 Wire Chamber .....................................9-35, 9-38 Wiring .............................................................6-3

SIMATIC S7 Distributed Safety: feedback for Version 03/2004A5E00297771-01

Siemens AG

A&D AS SM IDPostfach 1963D-92209 Amberg

Telefax: +49(9621)80-3103mailto:[email protected]

Your Feedback as regards the S7 Distributed Safety (Version 03/2004)

Dear SIMATIC user,

Our goal is to provide you information with a high degree of quality and usability, and to continuouslyimprove the SIMATIC documentation for you. To achieve this goal, we require your feedback andsuggestions. Please take a few minutes to fill out this questionnaire and return it to me by Fax, e-mail orby post.

We are giving out three presents every month in a raffle among the senders. Which present would youlike to have?

SIMATIC Manual Collection Automation Value Card Laser pointer

Dr. Thomas Rubach,Head of Information & Documentation

General Questions

1. Are you familiar with the SIMATIC ManualCollection?

yes no

2. Have you ever downloaded manuals from theinternet?

yes no

3. Do you use Getting Starteds?

yes no

if yes, which:

4. How much experience do you have with theS7 Distributed Safety?

Expert

Experienced user

Advanced user

Beginner

Your Address:

Name:

Company:

Position:

Street:

Postal code / Place:

Email:

Phone:

Fax:

SIMATIC S7 Distributed Safety: feedback for Version 03/2004A5E00297771-01

Please specify the documents, for which you want to answer the questions below:

A: Manual S7 Distributed Safety, D: Manual ET 200eco, Distributed I/O Configuring and Programming Fail-Safe I/O Module

B: Manual S7-300 Fail-Safe, E: System DescriptionSignal Modules Safety Engineering in SIMATIC S7

C: Manual ET 200S, Distributed I/O SystemFail-Safe Modules

1. In which project phase do you use thisdocument frequently?

Information Assembly

Planning Commissioning

Configuration Maintenance & Service

Programming others:

2. Finding the required information in thedocument:

How quickly can you find the desired information inthe document?

immediately not at all

after a brief after a long search search

Which search method do you prefer?

Table of contents Index

Full-text search others:

Which supplements/improvements would you like in order to help you find the required information quickly?

3. Your judgement of the document as regardscontent.

How satisfied are you with this document

Totally satisfied not very satisfied

Very satisfied not satisfied

Satisfied

Were able to find the required information?

yes no

which was not:

4. What is the scope of the information?

Just right

Not enough - which topic:

Too detailed – which topic:

5. Is the information easy to understand (texts,figures, tables)?

yes no

if no, which was not:

6. Are examples important to you?

no, of less importance

yes, important –were the examplesenough?

yes no

if no, on which topic:

7. What are your suggestions as regards thecontents of the document?

Thank you for your cooperation

Documents

Automation System S7-300 Fail-Safe Signal Modules