S7-300 - Fail-Safe Signal Modules

s
Contents Preface
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
SIMATIC Automation System S7-300 Fail-Safe Signal Modules

Manual
Product Overview Configuration Options Configuring and Assigning Parameters Addressing and Installing Wiring Fault Reactions and Diagnostics General Technical Specifications Digital Modules Analog Module Safety Protector Appendices Diagnostic Data of Signal Modules Dimension Drawings Accessories and Order Numbers Response Times Type Examination Certificate and Declaration of Conformity Glossary Index
Edition 03/2004
A5E0085586-05
Safety Guidelines
This manual contains notices intended to ensure personal safety, as well as to protect the products and connected equipment against damage. These notices are highlighted by the symbols shown below and graded according to severity by the following texts:
! ! !
Danger
indicates that death, severe personal injury or substantial property damage will result if proper precautions are not taken.
Warning
indicates that death, severe personal injury or substantial property damage can result if proper precautions are not taken.
Caution
indicates that minor personal injury can result if proper precautions are not taken.
Caution
indicates that property damage can result if proper precautions are not taken.
Notice
draws your attention to particularly important information on the product, handling the product, or to a particular part of the documentation.
Qualified Personnel
Only qualified personnel should be allowed to install and work on this equipment. Qualified persons are defined as persons who are authorized to commission, to ground and to tag circuits, equipment, and systems in accordance with established safety practices and standards.
Correct Usage
Note the following:
Warning
This device and its components may only be used for the applications described in the catalog or the technical description, and only in connection with devices or components from other manufacturers which have been approved or recommended by Siemens. This product can only function correctly and safely if it is transported, stored, set up, and installed correctly, and operated and maintained as recommended.
Trademarks
SIMATIC, SIMATIC HMI and SIMATIC NET are registered trademarks of SIEMENS AG. Third parties using for their own purposes any other names in this document which refer to trademarks might infringe upon the rights of the trademark owners. Copyright Siemens AG 2004 All rights reserved
The reproduction, transmission or use of this document or its contents is not permitted without express written authority. Offenders will be liable for damages. All rights, including rights created by patent grant or registration of a utility model or design, are reserved.
Disclaimer of Liability
We have checked the contents of this manual for agreement with the hardware and software described. Since deviations cannot be precluded entirely, we cannot guarantee full agreement. However, the data in this manual are reviewed regularly and any necessary corrections included in subsequent editions. Suggestions for improvement are welcomed. Siemens AG 2004 Technical data subject to change.
Siemens AG
Bereich Automation and Drives Geschaeftsgebiet Industrial Automation Systems Postfach 4848, D- 90327 Nuernberg
Siemens Aktiengesellschaft
A5E0085586-05
Contents
1 2 Preface ............................................................................................................................ 1-1 Product Overview........................................................................................................... 2-1 2.1 2.2 2.3 3 3.1 3.2 3.3 4 5 Introduction ....................................................................................................... 2-1 Using Fail-Safe Signal Modules ....................................................................... 2-2 Guide to Commissioning Fail-Safe Signal Modules ......................................... 2-5 Introduction ....................................................................................................... 3-1 Configuration with F-SMs in Standard Mode.................................................... 3-2 Configuration with F-SMs in Safety Mode ........................................................ 3-3
Configuration Options ................................................................................................... 3-1
Configuring and Assigning Parameters ...................................................................... 4-1 Addressing and Installing ............................................................................................. 5-1 5.1 5.2 5.3 5.4 5.4.1 5.4.2 5.5 Introduction ....................................................................................................... 5-1 Address Assignments in the CPU .................................................................... 5-1 Addressing the Channels.................................................................................. 5-3 Assigning PROFIsafe Address ......................................................................... 5-4 Assigning PROFIsafe Address (Starting Address of F-SM) ............................. 5-5 Assigning PROFIsafe Address (F_destination_address) ................................. 5-7 Installing............................................................................................................ 5-9 Introduction ....................................................................................................... 6-1 Safe Functional Extra-Low Voltage for Fail-Safe Signal Modules.................... 6-2 Wiring Fail-Safe Signal Modules ...................................................................... 6-3 Replacing Fail-Safe Signal Modules................................................................. 6-4 Sensor and Actuator Requirements for F-SMs in Safety Mode ...................... 6-5 Introduction ....................................................................................................... 7-1 Reactions to Faults in F-SMs ........................................................................... 7-2 Reactions to Faults in Standard Mode ............................................................. 7-2 Reactions to Faults in Safety Mode.................................................................. 7-3 Diagnosis of Faults of F-SMs ........................................................................... 7-6 Introduction ....................................................................................................... 8-1 Standards and Approvals ................................................................................. 8-2 Electromagnetic Compatibility .......................................................................... 8-5 Transport and Storage Conditions.................................................................... 8-8 Mechanical and Climatic Environmental Conditions ........................................ 8-9 Specifications for Nominal Line Voltages, Isolation Tests, Protection Class, and Degree of Protection..................................................................... 8-11 Use of Fail-Safe Signal Modules in Zone 2 Potentially Explosive Atmosphere .................................................................................................... 8-12
Wiring .............................................................................................................................. 6-1 6.1 6.2 6.3 6.4 6.5
Fault Reactions and Diagnostics ................................................................................. 7-1 7.1 7.2 7.2.1 7.2.2 7.3
General Technical Specifications................................................................................. 8-1 8.1 8.2 8.3 8.4 8.5 8.6 8.7
Fail-Safe Signal Modules A5E00085586-05
iii
Contents
8.7.1 8.7.2 8.7.3 8.7.4 8.7.5 8.7.6 8.7.7 8.7.8 8.7.9 8.7.10 8.7.11 9
Einsatz der fehlersicheren Signalbaugruppen im explosionsgefhrdeten Bereich Zone 2 ............................................................................................... 8-12 Use of Fail-Safe Signal Modules in a Zone 2 Hazardous Area ...................... 8-14 Utilisation des modules de signaux de scurit dans un environnement risque d'explosion en zone 2 ....................................................................... 8-16 Aplicacin de mdulos de seales de alta disponibilidad en reas con peligro de explosin, zona 2 ........................................................................... 8-18 Impiego delle unit di segnale ad elevata sicurezza nell'area a pericolo di esplosione zona 2........................................................................................... 8-20 Gebruik van de foutbestendige signaalmodulen het explosieve gebied zone 2 ............................................................................................................. 8-22 Brug af fejlsikre signalkomponenter i det eksplosions-farlige omrde zone 2 ............................................................................................................. 8-24 Virheilt suojattujen signaalirakenneryhmien kytt rjhdysvaarannetuilla alueilla, vyhyke 2 ..................................................... 8-26 Anvndning av felskrade signalkomponent-grupper i explosions-riskomrde zon 2.......................................................................... 8-28 Uso de grupos de componentes de sinais protegidos contra erro em rea exposta ao perigo de exploso, zona 2 ........................................... 8-30 , 2 ..................................... 8-32 Introduction ....................................................................................................... 9-1 Discrepancy Analysis for Fail-safe Digital Input Modules................................. 9-2 SM 326; DI 24 DC 24V ................................................................................. 9-5 Properties, Front View, Connection Diagram, and Block Diagram .................. 9-5 Applications for SM 326; DI 24 DC 24V ..................................................... 9-10 Application 1: Standard Mode ........................................................................ 9-11 Application 2: Standard Mode with High Availability ...................................... 9-13 Application 3: Safety Mode, SIL 2 (AK 4, Category 3) ................................... 9-15 Application 4: Safety Mode, SIL 2 (AK 4, Category 3) with High Availability (only in S7 F/FH Systems)............................................................ 9-17 Application 5: Safety Mode, SIL 3 (AK 6, Category 4) ................................... 9-20 Application 6: Safety Mode, SIL 3 (AK 6, Category 4) with High Availability (only in S7 F/FH Systems)............................................................ 9-25 Diagnostic Messages for the SM 326; DI 24 DC 24V ................................ 9-30 Technical Specifications - SM 326; DI 24 DC 24V..................................... 9-33 SM 326; DI 8 NAMUR ................................................................................. 9-35 Properties, Front View, Connection Diagram, and Block Diagram ................ 9-35 Special Features when Wiring SM 326; DI 8 NAMUR for Hazardous Areas ............................................................................................ 9-38 Applications of SM 326; DI 8 NAMUR:........................................................ 9-41 Application 1: Standard Mode and Application 3: Safety Mode SIL 2 (Safety Level AK 4, Category 3)............................................................ 9-42 Application 2: Standard Mode with High Availability and Application 4: Safety Mode SIL 2 (Safety Level AK 4, Category 3) with High Availability (only in S7 F/FH Systems)............................................ 9-43 Application 5: Safety Mode, SIL 3 (AK 6, Category 4) ................................... 9-45 Application 6: Safety Mode, SIL 3 (AK 6, Category 4) with High Availability (only in S7 F/FH Systems) ................................................... 9-46 Diagnostic Messages for SM 326; DI 8 NAMUR:........................................ 9-49 Technical Specifications - SM 326; DI 8 NAMUR ....................................... 9-52 SM 326; DO 8 DC 24V/2A PM ................................................................... 9-54 Properties, Front View, Connection Diagram, and Block Diagram ................ 9-54 Applications of the SM SM 326; DO 8 DC 24V/2A PM .............................. 9-57
Digital Modules............................................................................................................... 9-1 9.1 9.2 9.3 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.3.6 9.3.7 9.3.8 9.3.9 9.3.10 9.4 9.4.1 9.4.2 9.4.3 9.4.4 9.4.5 9.4.6 9.4.7 9.4.8 9.4.9 9.5 9.5.1 9.5.2
iv
Contents
9.5.3 9.5.4 9.5.5 9.6 9.6.1 9.6.2 9.6.3 9.6.4
9.6.5 9.6.6 9.6.7 10 10.1 10.2 10.3 10.3.1 10.3.2 10.3.3 10.3.4
Application 1: Safety Mode SIL 2 (Safety Level AK 4, Category 3) and Application 2: Safety Mode SIL 3 (Safety Level AK 6, Category 4) .............. 9-58 Diagnostic Messages for SM 326; DO 8 DC 24V / 2A PM ....................... 9-62 Technical Specifications - SM 326; DO 8 DC 24V / 2A PM ...................... 9-66 SM 326; DO 10 DC 24V/2A........................................................................ 9-68 Properties, Front View, Connection Diagram, and Block Diagram ................ 9-68 Applications for SM 326; DO 10 DC 24V / 2A............................................ 9-73 Application 1: Standard Mode, Application 3: Safety Mode SIL 2 (Safety Level AK 4, Category 3) and Application 5: Safety Mode SIL 3 (Safety Level AK 6, Category 4) ..................................................................... 9-74 Application 2: Standard Mode with High Availability and Application 4: Safety Mode SIL 2 (Safety Level AK 4, Category 3) with High Availability and Application 6: Safety Mode SIL 3 (Safety Level AK 6, Category 4) with High Availability (only in S7 F/FH Systems)........................................... 9-77 Parallel Connection of Two Outputs for Dark Period Suppression................. 9-79 Diagnostic Messages of SM 326; DO 10 DC 24V/2A ................................ 9-80 Technical Specifications - SM 326; DO 10 DC 24V/2A............................. 9-85
Analog Module ............................................................................................................. 10-1 Introduction ..................................................................................................... 10-1 Analog Value Representation......................................................................... 10-2 SM 336; AI 6 13 Bit..................................................................................... 10-4 Properties, Front View, Connection Diagram, and Block Diagram ................ 10-4 Applications for SM 336; AI 6 13 Bit......................................................... 10-10 Application 1: Standard Mode ...................................................................... 10-12 Application 2: Standard Mode with High Availability (only in S7 F/FH Systems)............................................................................ 10-15 10.3.5 Application 3: Safety Mode, SIL 2 (AK 4, Category 3) ................................. 10-20 10.3.6 Application 4: Safety Mode, SIL 2 (AK 4, Category 3) with High Availability (only in S7 F/FH Systems).......................................................... 10-22 10.3.7 Application 5: Safety Mode, SIL 3 (AK 6, Category 4) ................................. 10-26 10.3.8 Application 6: Safety Mode, SIL 3 (AK 6, Category 4) with High Availability (only in S7 F/FH Systems) ................................................. 10-29 10.3.9 Diagnostic Messages for SM 336; AI 6 13 Bit.......................................... 10-33 10.3.10 Technical Specifications - SM 336; AI 6 13 Bit ........................................ 10-36
11
Safety Protector ........................................................................................................... 11-1 11.1 11.2 11.3 11.4 Introduction ..................................................................................................... 11-1 Properties, Front View, and Block Diagram.................................................... 11-2 Configuration Variants .................................................................................... 11-4 Technical Specifications ................................................................................. 11-6
12 13 14 15 16 17
Diagnostic Data of Signal Modules ............................................................................ 12-1 Dimension Drawings.................................................................................................... 13-1 Accessories and Order Numbers ............................................................................... 14-1 Response Times........................................................................................................... 15-1 Type Examination Certificate and Declaration of Conformity................................. 16-1 Glossary........................................................................................................................ 17-1
Index ..................................................................................................................................Index-1
Contents
vi
Preface
Purpose of the Manual

The information in this manual is a reference source for operations, function descriptions, and technical specifications of the S7-300 fail-safe signal modules.
Audience
You require a general knowledge in the field of automation engineering to be able to understand this manual. In addition, you should be familiar with the STEP 7 basic software, the S7-300 automation system, and the ET 200M distributed I/O device.
Scope of the Manual

Module Safety protector Bus module for safety protector SM 326; DI 24 SM 326; DI 8 SM 326; DO 8 SM 326; DO 10 SM 336; AI 6 DC 24V NAMUR DC 24V /2A PM DC 24V /2A 13 Bit Order Number 6ES7195-7KF00-0XA0 6ES7195-7HG00-0XA0 6ES7326-1BK01-0AB0 6ES7326-1RF00-0AB0 6ES7326-2BF40-0AB0 6ES7326-2BF01-0AB0 6ES7336-1HE00-0AB0 Release Version and Higher 03 01 01 05 01 01 04
What's New
The following descriptions have been added to this manual: New functions of SM 326; DI 24 New SM 326; DO 8 DC 24V
DC 24V /2A PM
In addition, the names of the fail-safe systems have been changed as follows: "S7-300F" is now "S7 Distributed Safety" and "S7-400F/FH" is now "S7 F/FH Systems".
1-1
Preface
Certification
The S7-300 complies with the requirements and criteria of IEC 1131, Part 2. The S7-300 has earned CSA, UL, and FM approvals (see Section 8.2 Standards and Approvals). In addition, the S7-300 fail-safe signal modules are certified for use in safety mode up to: Safety class SIL 3 (Safety Integrity Level) in accordance with IEC 61508 Requirements class (AK) 6 in accordance with DIN V 19250 (DIN V VDE 0801) Category 4 in accordance with EN 954-1
CE Labeling
See Section 8.2 Standards and Approvals
Certification Mark for Australia (C-Tick Mark)

Standards
Position in the Information Landscape

When working with fail-safe modules, you will need to refer to the additional documentation below according to your particular application. References to additional documentation are included in this manual where appropriate.
Documentation Brief Description of Relevant Contents
ET 200M Distributed I/O Device Describes the ET 200M hardware (including design, installation, and manual wiring of IM 153 with modules from the S7-300 family) Describes the configuration, installation, wiring, addressing, and S7-300 Automation System, Hardware and Installation: CPU commissioning of S7-300 systems 31xC and CPU 31x installation manual S7-300, M7-300, ET 200M Automation Systems, I/O Modules with IntrinsicallySafe Signals reference manual SM 326; DI 8 NAMUR is part of the SIMATIC S7-Ex digital module family. It is to be implemented in accordance with the configuration guidelines of a SIMATIC S7-Ex digital module. This reference manual provides a detailed explanation of the configuration guidelines for a SIMATIC S7-Ex digital module.
S7-300, M7-300, ET 200M Describes the basic principles of explosion protection Automation Systems, Principles of Intrinsically-Safe Design manual
1-2
Preface
Documentation Safety Engineering in SIMATIC S7 system description
Brief Description of Relevant Contents Provides an overview of the implementation, configuration, and method of operation of S7 Distributed Safety and S7 F/FH fail-safe automation systems Contains a summary of detailed technical information concerning fail-safe engineering in S7-300 and S7-400 Includes monitoring and response time calculations for S7 Distributed Safety and S7 F/FH fail-safe systems The Programmable Controllers S7 F/FH Systems manual describes the tasks that must be performed to commission an S7 F/FH fail-safe system. The S7-400, M7-400 Programmable Controllers Hardware and Installation manual describes the installation and assembly of S7-400 systems. The S7-400H Programmable Controllers, Fault-Tolerant Systems manual describes the CPU 41x-H central modules and the tasks required to set up and commission an S7-400H fault-tolerant system. The CFC for SIMATIC S7 manual/online help provides a description of programming with CFC.
For integration in the S7 F/FH fail-safe systems
For integration in the S7 Distributed Safety fail-safe system
The following elements are described in the S7 Distributed Safety, Configuring and Programming manual and online help: Configuration of the fail-safe CPU and the fail-safe I/O Programming of the fail-safe CPU in fail-safe FBD or LAD
Depending on which F-CPU you use, you will need the following documentation: The CPU Specifications: CPU 31xC and CPU 31x reference manual describes the standard functions of the CPU 315F-2 DP and the CPU 317F-2 DP. The product information for CPU 315F-2 DP describes only the deviations from the standard CPU 315-2 DP. The product information for CPU 317F-2 DP describes only the deviations from the standard CPU 317-2 DP. The S7-400, CPU Data reference manual described the standard functions of the CPU 416F-2. The product information for CPU 416F-2 DP describes only the deviations from the standard CPU 416-2 DP. The ET 200S, Interface Module IM151-7 CPU manual describes the 151-7 CPU standard IM. The product information for the IM 151-7 F-CPU describes only the deviations from the standard IM 151-7 CPU.
1-3
Preface
Documentation STEP 7 manuals
Brief Description of Relevant Contents The Configuring Hardware and Communication Connections with STEP 7 V5.x manual describes operation of the standard tools of STEP 7. The System and Standard Functions reference manual describes functions for distributed I/O access and diagnostics. Describes how to operate the standard tools in STEP 7 Contains information about how to configure and assign parameters to modules and intelligent slaves with HW Config Contains a description of the FBD and LAD programming languages Describes operation of the PCS 7 control system (required if a failsafe I/O module is integrated in a higher-level control system)
STEP 7 online help PCS 7 manuals
The entire SIMATIC S7 documentation is available on CD-ROM.
How to Use this Documentation

This manual describes the S7-300 fail-safe signal modules. It consists of instructions and reference material (technical specifications and appendices) and contains the following basic information about fail-safe signal modules: Design and use Configuring and assigning parameters Addressing, mounting, and wiring Diagnostic evaluation Technical specifications Order numbers
Conventions
In this manual, the terms "safety engineering" and "fail-safe engineering" are used synonymously. The same applies to the terms "fail-safe" and "F-." "F-SM" means"fail-safe signal module." "S7 Distributed Safety" and "S7 F Systems" in italics refer to the optional packages for the two fail-safe systems: "S7 Distributed Safety" and "S7 F/FH Systems".
Recycling and Disposal

Because the S7-300 contains very little hazardous material, it is recyclable. For proper recycling and disposal of your old device, consult a certified disposal facility for electronic scrap.
1-4
Preface
Additional Support
If you have any additional questions about the use of products presented in this manual, contact your local Siemens representative: http://www.siemens.com/automation/partner
Training Center
We offer a number of courses to help you get started with the SIMATIC S7 automation system. For more information, contact your regional training center or the main training center in Nuremberg, Germany D-90327. Telephone: +49 (911) 895-3200 Internet: http://www.sitrain.com H/F Competence Center The H/F Competence Center in Nuremberg offers special workshops on SIMATIC S7 fail-safe and fault tolerant (high availability) automation systems. The H/F Competence Center can also provide assistance with onsite configuration, commissioning, and troubleshooting. Telephone: +49 (911) 895-4759 Fax: +49 (911) 895-5193 For questions about workshops, etc.: mailto:hf-cc@nbgm.siemens.de
1-5
Preface
A&D Technical Support

Available worldwide, 24 hours a day:
Nuremberg Johnson City Beijing P ki
Worldwide (Nuernberg) Technical Support

24 hours a day, 365 days a year Phone: Fax: GMT: +49 (180) 5050-222 +49 (180) 5050-223 +1:00
mailto:adsupport@siemens.com
Europe / Africa (Nuernberg) Authorization

Local time: Mon.-Fri. 8:00 to 5:00 PM Phone: Fax: GMT: +49 (180) 5050-222 +49 (180) 5050-223 +1:00
United States (Johnson City) Technical Support and Authorization

Local time: Mon.-Fri. 8:00 to 5:00 PM Phone: Fax: GMT: +1 (423) 262 2522 +1 (423) 262 2289 -5:00
Asia / Australia (Beijing) Technical Support and Authorization

Local time: Mon.-Fri. 8:00 to 5:00 PM Phone: Fax: GMT: +86 10 64 75 75 75 +86 10 64 74 74 74 +8:00
mailto:adsupport@siemens.com
mailto:simatic.hotline@sea.siemens.com mailto:adsupport.asia@siemens.com
The languages of the SIMATIC Hotlines and the authorization hotline are generally German and English.
1-6
Preface
Service & Support on the Internet

In addition to our paper documentation, we also provide all of our technical information on the Internet at: http://www.siemens.com/automation/service&support Here, you will find the following information: Newsletter providing the latest information on your products Exactly the right documents for your needs, which you can access by performing an online search in Service & Support Forum in which users and experts worldwide exchange ideas Your local Automation & Drives contact person, who can be accessed in our Contacts database Information about local service, repair, and replacement parts. Much more information can be found under "Services.
1-7
Preface
1-8
2
2.1
Overview
Product Overview
Introduction
This section provides information on the following topics: How fail-safe signal modules fit into SIMATIC S7 fail-safe automation systems Which fail-safe signal modules are available What steps you must take, from selection to commissioning of fail-safe modules
Important Note for Maintaining Operational Safety of Your System

Note Systems with safety-related characteristics are governed by operational safety requirements on the operator's side. The supplier is also obliged to comply with special product monitoring measures. For this reason, a special newsletter is available containing information on product developments and properties that are important (or potentially important) for operating systems where safety is an issue. Accordingly, by subscribing to the appropriate newsletter, you will ensure that you are always up-to-date and able to make changes to your system, when necessary. Please go to Internet at http://my.ad.siemens.de/myAnD/guiThemes2Select.asp?subjectID=2&lang=en and register for the following newsletters:

SIMATIC S7-300 SIMATIC S7-400 Distributed I/O SIMATIC Industrial Software
Select the "Add" check box for each newsletter.
2-1
Product Overview
2.2
Using Fail-Safe Signal Modules
What is a Fail-Safe Automation System?

Fail-safe automation systems (F-systems) are used in systems with stricter safety requirements. F-systems are used to control processes with a safe state that can be achieved immediately after shutdown. That is, F-systems control processes in which an immediate shutdown does not endanger humans or the environment.
What Are Fail-Safe Signal Modules?

The main distinction between fail-safe signal modules and standard modules in the S7-300 module family is that fail-safe modules have a two-channel internal design. The two integrated processors monitor each other, automatically test the input and output wiring, and place the fail-safe signal module in a safe state in the event of a fault. The F-CPU communicates with the fail-safe signal module by means of the PROFIsafe safety-related bus profile.
What Fail-Safe Signal Modules Are Available?

The following fail-safe signal modules (F-SM for short) are available: SM 326; DI 24 SM 326; DI 8 SM 326; DO 8 SM 326; DO 10 SM 336; AI 6 DC 24V NAMUR DC 24V/2A PM DC 24V/2A 13 Bit
Possible Use of Fail-Safe Signal Modules

S7-300 fail-safe signal modules can be used in the following systems: S7-300 automation systems (centrally in S7-300; distributed in ET 200M) S7-400 automation systems (distributed in ET 200M)
2-2
Product Overview
F-System with Fail-Safe Signal Modules

The following figure shows an example configuration of an S7 Distributed Safety F-system with fail-safe signal modules/submodules in S7-300, ET 200M, and ET 200S.
S7-300 with CPU 315F-2 DP
Fail-safe Signal Modules Fail-safe Signal Modules ET 200M Fail-safe Modules
PROFIBUS DP ET 200S
Figure 2-1 S7 Distributed Safety Fail-Safe Automation System
Use in Standard Mode

With the exception of the SM 326; DO 8 DC 24V/2A PM, you can use all other fail-safe signal modules in standard mode with stricter diagnostic requirements. Fail-safe signal modules in standard mode behave exactly like standard S7-300 I/O modules.
Use in Safety Mode

Fail-safe signal modules can be used in safety mode. Safety mode is enabled via STEP 7 in HW Config and an address switch on the back of the fail-safe signal module (see Section 5). When the signal module is in safety mode, the "SAFE" LED illuminates.
2-3
Product Overview
Achievable Safety Classes

Fail-safe signal modules are equipped with integrated safety functions for use in safety mode. The following safety classes can be achieved in safety mode by assigning appropriate parameters to the safety functions in STEP 7 with the S7 Distributed Safety or S7 F Systems option package and by arranging and wiring the sensors and actuators in a specific manner:
Table 2-1 Achievable Safety Classes in Safety Mode
Safety Class in Safety Mode In Accordance with IEC 61508 In Accordance with DIN V 19250 SIL 2 SIL 3 AK 4 AK 6 In Accordance with EN 954-1 Category 3 Category 4
Increased Availability in Standard Mode and Safety Mode

In standard mode F-SMs can be operated redundantly for increased availability (except for SM 326; DO 8 DC 24V/2A PM). In safety mode, F-SMs can be operated redundantly in S7 FH Systems (except for SM 326; DO 8 DC 24V/ 2A PM). Depending on the availability requirement, redundant signal modules can be inserted as follows (for an example configuration, refer to Safety Engineering in SIMATIC S7, System Description): Separately in two ET 200M distributed I/O devices Together in the same ET 200M distributed I/O device The software requirements for redundant operation of F-SMs are described in chapter 4.
2-4
Product Overview
2.3
Guide to Commissioning Fail-Safe Signal Modules
Introduction
The following table lists all of the essential steps for commissioning fail-safe signal modules in S7-300 or ET 200M.
Sequence of Steps from Selecting to Commissioning F-SMs

Table 2-3 Step 1. 2. Sequence of Steps from Selecting to Commissioning F-SMs Procedure Selecting F-SMs for configuration Setting the operating mode (standard or safety mode) on F-SM, configuring and assigning parameters for F-SM Installing F-SMs Wiring F-SMs Commissioning F-SMs See ... Product catalog; section on special F-SMs (Sections 9 or 10) Sections 4 and 5
3. 4. 5.
Section 5 Section 6 ET 200M Distributed I/O Device manual and S7-300, CPU 31xC and CPU 31x: Configuration operator's guide Section 7 and section on special F-SMs (Sections 9 or 10)
6.
If commissioning was not successful, you must perform diagnostics
2-5
Product Overview
2-6
3
3.1
Overview
Configuration Options
Introduction
This section provides information on the following topics: Local and distributed configuration with F-SMs Components that can be used with F-SMs in standard mode Components that can be used with F-SMs in safety mode Options for combining F-SMs and standard modules in one configuration
Local and Distributed Configuration

All fail-safe signal modules can be used in standard and safety mode both as local modules in S7-300 and as distributed modules in ET 200M distributed I/O devices.
3-1
3.2
Configuration with F-SMs in Standard Mode
Configuration Variants in Standard Mode

In standard mode, fail-safe signal modules behave in exactly the same way as standard S7-300 I/O modules (standard modules for short). The configuration variants are the same as for S7-300 or ET 200M configurations with standard modules.
Permitted CPUs in S7-300 (Local Configuration)

When fail-safe signal modules are operated in standard mode, all CPUs from the S7-300 family can be used in a local configuration.
Permitted IM 153 in ET 200M (Distributed Configuration)

When fail-safe signal modules are operated in standard mode, all IM 153-2/-2 FO interface modules of the ET 200M distributed I/O device can be used.
Mixed Operation of F-SMs with Standard Modules in Standard Mode

In standard mode, fail-safe signal modules can be operated in combination with standard modules in an S7-300/ET 200M without restrictions.
Additional Information
For a detailed description of the configuration variants of S7-300, refer to the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual. You will find a detailed description of ET 200M configuration in the ET 200M Distributed I/O Device manual. If you are implementing fail-safe signal modules as redundant I/O in S7 FH systems, consult the S7-400H Automation Systems; Fault-Tolerant Systems manual for more information.
3-2
3.3
Configuration with F-SMs in Safety Mode
Configuration Variants in Safety Mode

In safety mode, configuration variants with F-SMs are dependent on: Configuration (local or distributed) Safety class of the configuration Availability of the configuration
Permitted CPUs in S7-300 (Local Configuration)

When fail-safe signal modules are operated in safety mode, all F-CPUs from the S7-300 family can be used in a local configuration.
Permitted IM 153 in ET 200M (Distributed Configuration)

When fail-safe signal modules are operated in safety mode, the IM 153-2/-2 FO interface modules of the ET 200M distributed I/O device can be used.
Options for Combining F-SMs and Standard Modules in Safety Mode
Warning For applications with safety class AK4/SIL2/Category 3 and below, the same protective measures against accidental contact can be applied as for standard components (see S7-300, Module Specifications reference manual). Applications with safety class AK6/SIL3/Category 4 require particular measures beyond contact protection to prevent hazardous overvoltages of F-circuits via the power supply and backplane bus, even in the event of a fault. For this reason, the safety protector is available for protection from backplane bus interference for local and distributed F-SM configurations. For protection from power supply interference, we provide configuration rules for supply devices, standard I/O, and F-I/O for your use (see Section 6.2).
3-3
Rules for Using the Safety Protector

The safety protector protects the F-SMs from possible overvoltages in the event of a fault. Warning The safety protector must be used for AK6/SIL3/Cat. 4 applications:

Generally, if the F-SMs are used locally in an S7-300 Generally, if the PROFIBUS DP is set up with copper cable If the PROFIBUS DP is set up with fiber optic cable and joint operation of standard SMs and F-SMs is required in one ET 200M.
Configuration Variants According to Availability

Table 3-2 Configuration Variants of F-Systems Contingent on Availability
System S7 Distributed Safety S7 F/FH Systems S7 FH Systems
Configuration Variant
Description Single-channel, fail-safe (one F-CPU and one F-SM)
Availability Standard availability
Single-channel I/O
Single-channel switched I/O
Single-channel switched, fail-safe (redundant F-CPU, one F-SM; in the event of a fault, system switches to other F-CPU) Multiple channel, fail-safe (F-CPU, PROFIBUS DP, and F-SMs are redundant)
Increased availability
Redundant switched I/O
Highest availability
The configuration variants according to availability are described using examples in the Safety Engineering in SIMATIC S7 system description. You can find detailed information about the safety protector in Section 11. For a detailed description of the configuration variants of S7-300, refer to the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual. You can find a detailed description of the configuration of ET 200M in the ET 200M Distributed I/O Device manual. If you are implementing fail-safe signal modules as redundant I/O in S7 FH systems, consult the S7-400H Automation Systems; Fault-Tolerant Systems manual for more information.
3-4
Configuring and Assigning Parameters
Requirements
One of the following optional packages must be installed in order to configure and assign parameters for fail-safe modules in STEP 7. S7 Distributed Safety S7 F Systems The following requirements apply to the SM 326; DI 24 DC 24V, starting with order no. 6ES7 326-1BK01-0AB0, and the SM 326; DO 8 DC 24V/2A PM: STEP 7 V 5.2 and higher F Configuration Pack V 5.3 service pack 2 and higher The F Configuration Pack can be downloaded on the Internet at http://www.siemens.com/automation/service&support.
Configuration
Fail-safe signal modules are configured in the customary way (same as standard modules) with STEP 7 HW Config.
Configuration in RUN (CiR)

During standard operation of the SM 326; DI 24 DC 24V (starting with order no. 6ES7 326-1BK01-0AB0), you can make configuration changes while the system is operating (CiR).
Additional Information on CiR

Additional information on CiR can be found in: STEP 7 online help: "Making system changes during operation using CiR" Safety Engineering in SIMATIC S7 system description
4-1
Configuring and Assigning Parameters
Higher Availability in Standard Mode and Safety Mode

To increase availability, you can operate the fail-safe signal modules redundantly in standard mode (exception: SM 326; DO 8 DC 24V/2A PM). Requirements: STEP 7 V 5.3 and higher, or STEP 7 V 5.2 and higher, plus optional software S7 H Systems V 5.2 and higher In safety mode, F-SMs can be operated redundantly in S7 FH Systems (except for SM 326; DO 8 DC 24V/ 2A PM). Requirements: STEP 7 V 5.3 and higher, or STEP 7 V 5.2 and higher, plus optional software S7 H Systems V 5.2 and higher S7 F Systems optional software F Configuration Pack V 5.3 Service Pack 1 and higher For SM 326; DI 24 DC 24V, starting with order no. 6ES7 326-1BK01-0AB0: F Configuration Pack V 5.3 Service Pack 2 and higher F Configuration Packs can be downloaded on the Internet at: http://www.siemens.com/automation/service&support. For higher availability of modules, parameters are assigned in the "Redundancy" tab in the object properties of the modules.
Assigning Module Property Parameters

To assign parameters for fail-safe signal modules, select the module in STEP 7 HW Config and select the Edit > Object Properties menu command. Parameters are downloaded from the programming device to the F-CPU, where they are stored and then transferred to the fail-safe signal module. Note SFC 56 "WR_DPARM" (changing module parameters via the user program) is not permissible for fail-safe signal modules.
Where to Find Parameter Descriptions

For a description of available parameter settings for fail-safe modules, refer to Sections 9 and 10.
PROFIsafe Address and PROFIsafe Address Assignment

For a description of the PROFIsafe address and the procedure for assigning addresses, refer to Section 5.
4-2
5
5.1
Overview
Addressing and Installing

Introduction
This section provides information on the following topics: Address assignments of F-SMs in the CPU Addressing channels of F-SMs Assigning the PROFIsafe address for F-SMs Installing F-SMs
5.2
Address Assignments in the CPU
Address Assignment in Standard and Safety Modes

The fail-safe signal modules occupy the following address ranges in the CPU In standard mode: in the entire I/O range (inside and outside the process image) In safety mode: For S7 Distributed Safety: in the process image range For S7 F/FH systems: in the entire I/O range (inside and outside the process image)
Address Assignment in Standard and Safety Modes Occupied Bytes in the CPU: In Input Range SM 326; DI 24 SM 326; DI 8 SM 326; DO 8 SM 326; DO 10 SM 336; AI 6 DC 24V NAMUR DC 24V/2A PM DC 24V/2A 13 Bit x + 0 to x + 9 x + 0 to x + 5 x + 0 to x + 4 x + 0 to x + 5 x + 0 to x + 15 In Output Range x + 0 to x + 3 x + 0 to x + 3 x + 0 to x + 4 x + 0 to x + 7 x + 0 to x + 3
Table 5-1 Module
x = Module starting address
5-1
Addresses Occupied by Useful Data

Of the assigned addresses in standard and safety modes of the F-SMs, useful data occupy the following addresses in the CPU.
Table 5-2
Address Assignment by Useful Data Occupied Bits in CPU per Module: 7 6 Channel 6 Channel 14 Channel 22 Channel 6 Channel 6 Channel 6 5 Channel 5 Channel 13 Channel 21 Channel 5 Channel 5 Channel 5 4 Channel 4 Channel 12 Channel 20 Channel 4 Channel 4 Channel 4 3 Channel 3 Channel 11 Channel 19 Channel 3 Channel 3 Channel 3 2 Channel 2 Channel 10 Channel 18 Channel 2 Channel 2 Channel 2 1 Channel 1 Channel 9 Channel 17 Channel 1 Channel 1 Channel 1 Channel 9 0 Channel 0 Channel 8 Channel 16 Channel 0 Channel 0 Channel 0 Channel 8 DC 24V: Channel 7 Channel 15 Channel 23 NAMUR: Channel 7 Channel 7 DC 24V/2A: Channel 7 13 Bit: Channel 0 Channel 1 Channel 2 Channel 3 Channel 4 Channel 5
Bytes in CPU SM 326; DI 24 x+0 x+1 x+2 SM 326; DI 8 x+0 SM 326; DO 8 x+0 SM 326; DO 10 x+0 x+1 SM 336; AI 6 x + 0, x + 1 x + 2, x + 3 x + 4, x + 5 x + 6, x + 7 x + 8, x + 9 x + 10, x + 11
DC 24V/2A PM:
x = Module starting address
Warning In the standard user program as well as the safety program, you can access only the addresses occupied by useful data.The other address ranges occupied by the F-SMs are assigned for functions including safety-related communication between the F-SMs and F-CPU in accordance with PROFIsafe. In 1oo2 evaluation of sensors in module safety mode, only the less significant channel of the channels that are grouped as a result of the 1oo2 sensor evaluation can be accessed in the safety program.
5-2
5.3
Addressing the Channels
Addresses of Fail-Safe Signal Modules

Channels of fail-safe signal modules are addressed the same way as S7-300 standard I/O modules.
e. g. A 16.2
outpu t
byte address
bit addre ss (0 to 7)
The byte address conforms to the module starting address that you set in the object properties for the module using STEP 7 HW Config. The bit address results from the position of the channel on the module. Eight channels are always consecutively assigned to one byte address.
Permissible Address Range in Standard Mode

Permissible address range for byte address: S7 Distributed Safety and S7 F/FH systems: in entire I/O range (inside and outside the process image) according to which CPU is used For SM 326; DI 24 DC 24V (Order No. 6ES7326-1BK00-0AB0), SM 326; DI 8 Namur, SM 326 DO 10 DC 24V/2A, and SM 336; AI 6 13 Bit, the following also applies: 8 to 8184 in increments of 8
Permissible Address Range in Safety Mode

Permissible address range for byte address: S7 Distributed Safety: in range of process image according to which F-CPU is used For SM 326; DI 24 DC 24V (Order No. 6ES7326-1BK00-0AB0), SM 326; DI 8 Namur, SM 326 DO 10 DC 24V/2A, and SM 336; AI 6 13 Bit, the following also applies: 8 to 8184 increments of 8 S7 F/FH systems: in entire I/O range (inside and outside the process image) according to which CPU is used For SM 326; DI 24 DC 24V (Order No. 6ES7326-1BK00-0AB0), SM 326; DI 8 Namur, SM 326 DO 10 DC 24V/2A, and SM 336; AI 6 13 Bit, the following also applies: 8 to 8184 in increments of 8
5-3
Access to Channels of F-SMs in Standard Mode

Channels of F-SMs are accessed the same way as for S7-300 standard I/O modules.
Access to Channels of F-SMs in Safety Program

In S7 Distributed Safety, you access the channels of the F-I/O via the process image in the F-CPU, while in S7 F/FH systems, access is via F driver blocks.
Address assignment of individual channels can be found in the module description in Sections 9 and 10. Detailed information on F-I/O access can be found in the S7 Distributed Safety, Configuring and Programming manual or the S7 F/FH Automation Systems manual.
5.4
Assigning PROFIsafe Address
PROFIsafe Address
Every fail-safe signal module has its own PROFIsafe address. For safety mode, you must configure the PROFIsafe address in STEP 7 HW Config and set it on the module using a switch.
Overview: Assigning PROFIsafe Address

Depending on the module, two methods are used to assign the PROFIsafe address of the F-SMs in safety mode. These two addressing methods are described in the following sections.
Table 5-3 Module Overview: Assigning PROFIsafe Address Assigning PROFIsafe Address (Starting Address of F-SM) DC 24V DC 24V NAMUR DC 24V/2A PM DC 24V/2A 13 Bit x x x x Assigning PROFIsafe Address (F_destination_address) x x -
SM 326; DI 24 SM 326; DI 24 SM 326; DI 8 SM 326; DO 8 SM 326; DO 10 SM 336; AI 6
6ES7326-1BK00-0AB0 6ES7326-1BK01-0AB0
5-4
5.4.1
Assigning PROFIsafe Address (Starting Address of F-SM)
Introduction
In order to use SM 326; DI 24 DC 24V (Order No. 6ES7326-1BK00-0AB0), SM 326; DI 8 Namur, SM 326 DO 10 DC 24V/2A and SM 336; AI 6 13 Bit in safety mode, you must: 1. Set the module starting address 2. Set safety mode 3. Set the PROFIsafe address (=module starting address/8) on the address switch of the module before installing the fail-safe signal module.
Setting Module Starting Address

The module starting address is set the same as for S7-300 standard I/O modules in the object properties for the module in STEP 7 HW Config (for permissible address range, see Section 5.3).
Setting Safety Mode

Set "Safety mode" in the object properties for the module in HW Config.
Address switch
An address switch (10-pin DIP switch) is located on the back of the fail-safe signal modules. The address switch is used to specify: Whether the module is set to safety mode or standard mode In safety mode: the PROFIsafe address = starting address/8 of F-SM The F-SMs are supplied with standard mode setting (all switches set in the up position; alternatively, you can set all switches in the down position for safety mode; see Figure 5-2).
5-5
Setting the Address Switch

Prior to installation, verify that the address switch setting is correct.
Standard mode: Safety mode: All possible combinations not corresponding to standard mode. Here, by way of example, address 4096:
or
4096 2048 1024 512 246 128 64 32 16 8
Figure 5-2
Example of Setting the Address Switch (DIP Switch)
Rules for Address Assignment
Warning Make sure that the address switch setting on the F-SM matches the module starting address in HW Config. In order for the module starting address to be unique on the PROFIBUS DP, a fail-safe signal module may only be addressed by one CPU. Exception: switched I/O in S7 FH systems (one signal module is always addressed with the same address by one of two F-CPUs, i.e., the current DP bus master) The address switch setting of the F-SMs, i.e., its PROFIsafe destination address, must be unique from all others on the network* and station ** (systemwide). A maximum of 1,022 PROFIsafe destination addresses can be assigned in one system. That is, a maximum of 1,022 F-modules can be addressed using PROFIsafe. F-CPUs in S7 FH systems must address the same fail-safe signal modules in the case of switched I/O.
A network consists of one or more subnets. Address setting is unique across PROFIBUS subnet boundaries Address setting is unique for one station in HW Config (e.g., one S7-300 station or even one I-slave)
* **
Incorrect Address Reference

If the address reference is incorrect, e.g., a different address is set than the address in HW Config, a parameter assignment error occurs. The module does not go into safety mode.
5-6
4096 2048 1024 512 246 128 64 32 16 8
ON
ON
5.4.2
Assigning PROFIsafe Address (F_destination_address)
Introduction
In order to use the SM 326; DI 24 DC 24V (starting with order no. 6ES7326-1BK01-0AB0) and the SM 326; DO 8 DC 24V/2A PM in safety mode, the following steps must be performed: 1. For the SM 326; DI 24 DC 24V, set the operating mode to "safety mode." 2. Set the PROFIsafe address =F_destination_address on the address switch of the module before installing the fail-safe signal module In contrast to the addressing method described in Section 5.4.1, there is no correlation between the module starting address and the PROFIsafe address for the modules indicated above. The module starting address is set the same way as for standard I/O modules of S7-300, i.e., in the object properties for the module in HW Config of STEP 7 .
Setting Safety Mode

For SM 326; DI 24 DC 24V (starting with Order No. 6ES7326-1BK01-0AB0), set "safety mode" in the object properties in HW Config. The SM 326; DO 8 DC 24V/2A PM can only be set to safety mode. Therefore, the operating mode is permanently set to "safety mode."
PROFIsafe Address Assignment

The PROFIsafe addresses (F_source_address, F_destination_address) are automatically assigned for the two F-SMs indicated above when they are configured in STEP 7. The F_destination_address is shown in binary format in the "DIP switch setting" parameter in the object properties for the F-SMs in HW Config. You can change the configured F_destination_address in HW Config. To prevent addressing errors, however, we recommend using the automatically assigned F_destination_address.
Address switch
An address switch (10-pin DIP switch) is located on the back of the fail-safe signal modules. The address switch is used to specify: Whether the module is set to safety mode or standard mode In safety mode: the PROFIsafe address = F_destination_address The F-SMs are supplied with standard mode setting (all switches set in the up position; alternatively, you can set all switches in the down position for safety mode; see Figure 5-3).
5-7
Setting the Address Switch

Prior to installation of the F-SM, verify that the address switch setting is correct.
Standard mode: Safety Mode: PROFIsafe addresses from 1 to 1022 are permitted. Here, by way of exam ple, address 1018 (binary presentation of the F_destination_Address):
or
10 9 8 7 6 5 4 3 2 1
Figure 5-3
Example of Setting the Address Switch (DIP Switch)
Rules for Address Assignment
Warning Make sure that the address switch setting on the F-SM matches the "DIP switch position" in HW Config.
In order for the module starting address to be unique on the PROFIBUS DP, a fail-safe signal module may only be addressed by one CPU. Exception: switched I/O in S7 FH systems (one signal module is always addressed with the same address by one of two F-CPUs, i.e., the current DP bus master) The address switch setting of the F-SMs, i.e., its PROFIsafe destination address, must be unique from all others on the network* and station ** (systemwide). A maximum of 1,022 PROFIsafe destination addresses can be assigned in one system. That is, a maximum of 1,022 F-modules can be addressed using PROFIsafe. F-CPUs in S7 FH systems must address the same fail-safe signal modules in the case of switched I/O.
A network consists of one or more subnets. Address setting is unique across PROFIBUS subnet boundaries Address setting is unique for one station in HW Config (e.g., one S7-300 station or even one I-slave)
* **
Incorrect Address Reference

If the address reference is incorrect, e.g., a different address is set than the address in HW Config, a parameter assignment error occurs. The module does not go into safety mode.
5-8
10 9 8 7 6 5 4 3 2 1
ON
ON
5.5
Installing
Installing Fail-Safe Signal Modules

The fail-safe signal modules are part of the S7-300 family of signal modules and are suitable for use as local modules in S7-300 and as distributed I/O modules in the ET 200M. The fail-safe signal modules are installed the same way as all other S7-300 signal modules in an S7-300 or ET 200M. Therefore, you should read the detailed information regarding installation in the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual or the Distributed I/O Device ET 200M manual.
Redundant Configuration of ET 200M

Note If you use the ET 200M in a redundant configuration, it must be in a cabinet with sufficient damping to ensure that the limit values for radio interference are adhered to (see Section 8.3).
5-9
5-10
6
6.1
Wiring
Introduction
Warning In order to prevent hazardous threats to persons or the environment, you must not under any circumstances override safety functions or implement measures that cause safety functions to be bypassed or that result in the bypassing of safety functions. The manufacturer is not liable for the consequences of such manipulations or for damages that result from failure to heed this warning.
Overview
This section provides information on the following topics: Operation of F-SMs with safe functional extra-low voltage Special aspects to consider when wiring F-SMs Important information for replacing F-SMs
For wiring information that applies to both fail-safe signal modules and standard signal modules, refer to the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual.
6-1
Wiring
6.2
Safe Functional Extra-Low Voltage for Fail-Safe Signal Modules
Safe Functional Extra-Low Voltage
Warning Fail-safe signal modules must be operated with safe functional extra-low voltage. This means that fail-safe modules may only be exposed to a voltage of Um, even in the event of a fault. The following applies to all fail-safe signal modules: Um < 60.0 V More information about safe functional extra-low voltage can be found, for example, in the specification sheets of the power supplies to be used.
All components of the system that can supply electrical energy in any form must satisfy this condition. Every additional circuit (24V DC) that is used in the system must have a safe functional extra-low voltage. Refer to the relevant data specification sheets or contact the manufacturer for information. Note also that sensors and actuators with an external power supply can be connected to I/O modules Here, pay attention to the supply voltage from safe functional extra-low voltage. The process signal of a 24 V digital module must not exceed a fault voltage of Um , even in the event of a fault. Warning All voltage sources, e.g., 24V DC internal load voltage supplies, 24V DC external load voltage supplies, and 5V DC bus voltage must be galvanically interconnected so as to prevent voltage accumulation from occurring in the individual voltage sources, thus causing fault voltage Um to be exceeded, even when there is a difference in potential. Make sure that the wire cross-section for the galvanic connection is sufficient according to the S7-300 configuration guidelines (see S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual).
In standard and safety modes, fail-safe signal modules can be supplied with all standard components from one or more shared power supply units.
6-2
Wiring
Power Supply Requirements in Compliance with NAMUR Recommendations

Note For compliance with NAMUR Recommendation NE 21, IEC 61131-2, and EN 298, use only power packs/power supply units (230V AC --> 24V DC) with a power loss ride-through of at least 20 ms. To accomplish this, the following SV components are available, e.g.: S7-400:

6ES7 407-0KA01-0AA0 for 10 A 6ES7 407-0KR00-0AA0 for 10 A, 6ES7 307-1BA00-0AA0 for 2 A 6ES7 307-1EA00-0AA0 for 5 A 6ES7 307-1KA00-0AA0 for 10 A
S7-300:

These requirements also apply to power packs/power supply units that are not made using S7-300/400 mounting technology.
6.3
Wiring Fail-Safe Signal Modules
same wiring as for standard signal modules

Fail-safe signal modules are a component of the S7-300 module family. They are wired in the same way as all standard signal modules in an S7-300 or an ET 200M. You can therefore refer to the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual for information on wiring signal modules. In Sections 9 and 10 you will find additional information you will need to know when wiring special F-SMs, as well as connection diagrams for various use cases with F-SMs. Warning Note that when signals of fail-safe digital input modules are assigned, signals should only be routed within a cable or a nonmetallic sheathed cable if:

A short circuit in the signals does not conceal a serious safety risk Signals are supplied by different sensor supplies of this F-DI module
Front Panel Connector Design

You will use a 40-pin front panel connector to wire fail-safe signal modules. There are two types of 40-pin front panel connector available: a spring-type connector and a screw-type connector (refer to Section 14 for order numbers). Consult the S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual for information about how to wire a 40-pin front panel connector.
6-3
Wiring
6.4
Replacing Fail-Safe Signal Modules
Inserting and Removing F-SMs in Standard Mode

Fail-safe signal modules can be inserted and removed just like all standard signal modules in S7-300 and ET 200M. If you configure the ET 200M with active bus modules , you can insert and remove the F-SMs while the ET 200M is in operation.
Inserting and Removing F-SMs in Safety Mode

Fail-safe signal modules can be inserted and removed just like all standard signal modules in S7-300 and ET 200M. If you configure the ET 200M with active bus modules, you can insert and remove the F-SMs during operation. If you are using an safety protector, you must use a special bus module to couple the safety protector with the active backplane bus (refer to Section 14 for the order number). Irrespective of whether or not active bus modules are used, a module replacement in safety mode results in an error in safety-related communication (communication error) between the F-CPU and the replaced F-SM. For additional information on the consequences of communication errors, refer to the S7 Distributed Safety, Configuring and Programming manual or Programmable Controllers S7 F/FH Systems manual. Warning The safety protector may not be inserted or removed during operation! (Insertion or removal would cause the ET 200M to fail.)
Note Address Setting for Module Replacement in Safety Mode

When replacing a module, make sure that the address switch (DIP switch) on the backside of the F-SM has the same setting!
Section 11.3 describes a configuration with an safety protector on the active backplane bus. The S7-300 Automation System, Configuration manual explains how to replace modules within an S7-300. The ET 200M Distributed I/O Device manual explains how to replace modules within an ET 200M and describes the "module replacement during operation" function.
6-4
Wiring
6.5
Sensor and Actuator Requirements for F-SMs in Safety Mode
General Requirements for Sensors and Actuators

Note the following important information for fail-safe use of sensors and actuators: Warning We cannot control the use of sensors and actuators. We have equipped our electronics from a safety engineering perspective such that we can leave 85% of the residual error probability for the sensors and actuators up to you. (This corresponds to the recommended load distribution between sensor devices, actuator devices, and electronic circuits for input, processing, and output in safety engineering). Note, therefore, that instrumentation with sensors and actuators entails a considerable safety responsibility. Consider also that sensors and actuators generally do not endure a proof test interval of 10 years with IEC 61508 without a considerable safety degradation. The probability of hazardous faults and the rate of occurrence of hazardous faults of a safety function must comply with an upper limit determined by a safety integrity level (SIL). You will find the values achieved by the F-SMs under "Safety Parameters" in the technical specifications for F-SMs, in Sections 9 and 10. Sensors and actuators with relevant qualifications are required to achieve SIL 3 (AK 6, Category 4).
Additional Sensor Requirements

In general, a single-channel sensor is sufficient to achieve AK4/SIL2/Cat.3, whereas sensors must be connected with two channels to achieve AK6/SIL3/Cat.4. However, to achieve AK4/SIL2/Cat.3 with a single-channel sensor, the sensor itself must have AK4/SIL2/Cat.3 capability, otherwise, this safety level can only be achieved with a two-channel sensor connection.
Additional Requirement for Sensors and NAMUR Sensors
Warning When faults are detected in fail-safe input modules, a value of "0" is passed to the F-CPU. You must therefore ensure that the sensors are implemented such that a safe response from the safety program is achieved when a "0" state occurs Example: In its safety program, an emergency OFF sensor must cause the respective actuator to switch off with "0" state (emergency OFF button pressed). In order for pulses to be detected with certainty, the time between two signal changes (pulse duration) must be greater than the PROFIsafe monitoring time.
6-5
Wiring
Requirement for Duration of Sensor Signals for SM 326; DI 24
DC 24V
Warning To guarantee proper acquisition of sensor signals by the SM 326; DI 24 DC 24V, you must ensure that the sensor signals exhibit a certain minimum duration.
Safe Acquisition by SM 326; DI 24 X DC 24V The minimum sensor signal duration for proper acquisition by the SM 326; DI 24 DC 24V is dependent on the parameter assignment for the shortcircuit test in STEP 7 (see Section 9.3).
Table 6-1 Minimum Duration of Sensor Signals for Proper Signal Acquisition by SM 326; DI 24 X DC 24V Minimum Duration of Sensor Signals to be determined to be determined
Short-Circuit Test Parameter disabled enabled
Safe Acquisition by Safety Program in the F-CPU For information on the times for proper acquisition of sensor signals in the safety program, refer to Section 9 of the Safety Engineering in SIMATIC S7 system description.
Additional Requirements for Actuators

Fail-safe output modules test the outputs at regular intervals. To do so, the module briefly switches off activated outputs and briefly switches on any outputs that are switched off. These test pulses have the following duration: Dark period < 1 ms Bright period < 1 ms Fast-responding actuators can briefly drop out or be activated during this test. If your process does not tolerate this, you must use actuators with a sufficient lag (> 1 ms). Warning If the actuators are operated at voltages higher than 24V DC (for example, 230 VDC) or if the actuators clear higher voltages, safe isolation must be ensured between the outputs of a fail-safe output module and the components carrying a higher voltage (in accordance with EN 50178). This is generally the case for relays and contactors. Particular attention must be paid to this aspect for semiconductor switching devices.
6-6
Wiring
Avoiding Dark Periods in Safety Mode
Warning If you are using actuators that respond too quickly exclusively during "dark period" test signal injection (i.e., < 1 ms), you can still use the internal test coordination by parallel-switching two opposite outputs (with a series diode) at a time. This parallel switching suppresses the dark periods (see "Parallel Switching of Two Outputs for Dark Period Suppression" in Section 9.6.4).
Technical Specifications for Sensors and Actuators

You should also refer to Sections 9 and 10 for technical specifications for selecting sensors and actuators.
6-7
Wiring
6-8
7
7.1
Fault Reactions and Diagnostics

Introduction
Overview
This section provides information on the following topics: Reactions to faults in F-SMs in standard mode Reactions to faults in F-SMs in safety mode Diagnostics for F-SMs in the event of a fault
7-1
7.2
7.2.1
Reactions to Faults in F-SMs

Reactions to Faults in Standard Mode
Reactions to Faults
In standard mode, the fail-safe signal modules react to faults the same way as standard modules in S7-300 or ET 200M. When a fault or interrupt event occurs, either the CPU goes into STOP mode or the user program can react to the fault by means of an error OB or interrupt OB (see S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x installation manual).
Substitute Values
Substitute values are assignable values that the fail-safe modules supply to the process, for example, when the following occur: CPU goes into STOP mode (or the CP goes into STOP mode, if a CP is the DP master) IM 153-2/-2 FO (ET 200M) goes into STOP mode PROFIBUS DP is disconnected
Substitute Value Output for Output Modules

In safety mode, it is possible to apply substitute values "0", "1", or "Keep last value" in the case of fail-safe digital output modules. The substitute value is assigned in the object properties of the F-SM in HW Config (see Section 9).
7-2
7.2.2
Reactions to Faults in Safety Mode
Safe State (Safety Concept)

The basic principle behind the safety concept is the existence of a safe state for all process variables. For digital signal modules, the safe state is, for example, the value "0". This applies to both sensors and actuators.
Reactions to Faults and Startup of F-System

The safety function requires that fail-safe values (safe state) be used for a signal module instead of process values (passivation of fail-safe signal modules) in the following cases: When the F-system is started up In the case of errors during safety-related communication between the F-CPU and F-SM via the PROFIsafe safety protocol (communication error). In the case of F-I/O or channel faults (e.g., wire break, short circuit, discrepancy error)
Identified faults are entered in the diagnostic buffers of the F-SM and the CPU, and communicated to the safety program in the F-CPU. Warning For reaction to channel faults, remember during parameter assignment to enable group diagnostics on a channel-by-channel basis in the object properties dialog of the F-SM in HW Config for the following F-SMs (see Sections 9 and 10): SM 326; DI 8 SM 326; DO 10 SM 336; AI 6 NAMUR DC 24V/2A 13 Bit
7-3
Fail-safe value Output for Fail-Safe Signal Modules

For fail-safe input modules, if passivation occurs, the F-system provides fail-safe values for the safety program instead of the process values pending at the fail-safe inputs: In S7 Distributed Safety F-systems: The fail-safe value is always (0) for fail-safe digital input and analog input modules. In S7 F/FH F-systems: The fail-safe value is always (0) for fail-safe digital input modules. The fail-safe value can be assigned in the safety program (in the failsafe driver block) for fail-safe analog input modules.
For fail-safe output modules, if passivation occurs, the F-system transfers fail-safe values (0) to the fail-safe outputs instead of the output values provided by the safety program. The output channels go to the zero current and zero voltage state. This also applies when the F-CPU goes into STOP mode. It is not necessary to assign parameters for fail-safe values. Depending on which F-system is used and the type of fault that occurred (F-I/O, channel, or communication error), fail-safe values are used either for the affected channel only or for all channels of the fail-safe signal module involved.
Reintegration of a Fail-Safe Signal Module

Switchover from fail-safe values to process values (reintegration of an F-SM) occurs either automatically or only after user acknowledgement in the safety program. After reintegration, the following occurs: For a fail-safe input module, the process values pending at the fail-safe inputs are provided for the safety program For a fail-safe output module, the output values provided in the safety program are again transferred to the fail-safe outputs
Additional Information on Passivation and Reintegration

For additional information on passivation and reintegration of F-I/O, refer to the S7 Distributed Safety, Configuring and Programming manual or S7 F/FH Automation Systems manual.
7-4
Disabling Group Diagnostics?

The "Group diagnostics" parameter is used to enable and disable transfer of channel-specific diagnostic messages (e.g., wire break, short circuit) for the module to the CPU. For availability reasons, you should disable the group diagnostics on nonutilized input or output channels of the following F-SMs: SM 326; DI 8 SM 326; DO 10 SM 336; AI 6 NAMUR DC 24V/2A 13 Bit
Warning In safety mode, group diagnostics must be enabled on all connected channels of fail-safe input and output modules. Verify that group diagnostics has been disabled only on nonutilized input and output channels.
For SM 326; DI 24 following applies:
DC 24V and SM 326; DO 8
DC 24V/2A PM, the
If you disable a channel in STEP 7 HW Config, the group diagnostic for this channel is simultaneously disabled.
7-5
7.3
Diagnosis of Faults of F-SMs
Definition
Diagnostics can be used to determine whether faults occurred during signal acquisition by the fail-safe signal modules. Diagnostic information is assigned either to a channel or to the module as a whole.
Diagnostic Functions Are Not Critical with Respect to Safety

None of the diagnostic functions (displays and messages) are critical with respect to safety, and, thus, these functions are not implemented with fail-safe characteristics. That is, the diagnostic functions are not tested internally.
Diagnostic Options for Fail-Safe Signal Modules

The following diagnostic options are available for fail-safe signal modules: LED display on front panel of module Diagnostic messages of fail-safe signal modules
Assignable and Nonassignable Diagnostic Messages

For diagnostic evaluation, there is a distinction between assignable and nonassignable diagnostic messages. Warning Diagnostic functions must be enabled or disabled in coordination with the application.
7-6
Diagnostics by LED Display

Diagnostic messages always result in illumination of the SF LED (group fault LED). The SF LED illuminates as soon as a diagnostic message is triggered by the F-SM. It is extinguished when all faults have been eliminated. Limitation for the Following F-SMs: SM 326; DI 8 SM 326; DO 10 SM 336; AI 6 NAMUR DC 24V/2A 13 Bit
In the case of assignable diagnostic messages (for example, wire break or short circuit), the SF LED only illuminates if you enabled the diagnostics when assigning parameters ("Group diagnostics" parameter in the object properties of the F-SM in HW Config) (see Sections 9 and 10).
Diagnostic LEDs of F-SMs

Table 7-1 LED Diagnostic LEDs of F-SMs Safety Mode Channel or Module Fault SF (red) SAFE (green) On On Module Defective On Off Standard mode Channel or Module Fault On Off Module Defective On Off
Diagnostic Interrupt
When a fault is detected (for example, a short circuit), the fail-safe signal modules trigger a diagnostic interrupt, provided a diagnostic interrupt is enabled. The F-CPU interrupts execution of the user program (standard or safety) or the lower priority classes and executes the diagnostic interrupt block (OB82).
Assigning the Diagnostic Interrupt Enable

The diagnostic interrupt is disabled by default. You can assign the diagnostic interrupt enable it in the object properties dialog for the F-SM in HW Config (see Sections 9 and 10).
Special Information on Diagnostic Messages

All module-specific diagnostic messages and their possible causes and corrective measures are described in Sections 9 and 10. Information is also included on which diagnostic messages have to be assigned and which are displayed on a channel-specific basis.
7-7
Reading Out Diagnostic Messages

The cause of a fault can be read out with STEP 7 in the following ways: From the diagnostic buffer of the CPU or the diagnostic buffer of the module (STEP 7 function "Diagnose Hardware"). In the standard user program with SFC 59 (see Section 12 and the System and Standard Functions reference manual).
7-8
8
8.1
Overview
General Technical Specifications

Introduction
This section contains the following information on the fail-safe signal modules: Most important standards and approvals General technical specifications This information applies to all standard products of the SIMATIC S7-300 and S7-400.
What are General Technical Specifications?

The general technical specifications include the standards that were adhered to and the test values that were satisfied by the fail-safe signal modules when used in an S7-300/ET 200M, or the test criteria that were used when testing the signal modules.
8-1
8.2
Standards and Approvals
CE Certification
Siemens products satisfy the requirements and safety objectives of the following European Community directives and comply with the harmonized European standards (EN) for programmable logic controllers published in the Gazette of the European Community: 89/336/EWG Electromagnetic Compatibility (EMC Guideline) 73/23/EEC Electrical Equipment Designed for Use within Certain Voltage Limits (low voltage directive) The EC declarations of conformity are kept available for the relevant authorities at: Siemens Aktiengesellschaft Bereich Automatisierungstechnik A&D AS RD4 Postfach 1963 D-92209 Amberg
UL approval
Underwriters Laboratories Inc., in accordance with UL 508 (Industrial Control Equipment) CSA C22.2 No. 142 (Process Control Equipment) UL 1604 (Hazardous Location) CSA-213 (Hazardous Location) APPROVED for use in Class I, Division 2, Group A, B, C, D Tx; Class I, Zone 2, Group IIC Tx Note The nameplate of the module indicates the currently valid approvals.
FM approval
Factory Mutual Research (FM) in accordance with Approval Standard Class Number 3611, 3600, 3810 APPROVED for use in Class I, Division 2, Group A, B, C, D Tx; Class I, Zone 2, Group IIC Tx
Warning There is a risk of personal injury or property damage. In areas exposed to explosion hazard, personal injury or property damage can occur if plug-in connections are disconnected during operation. Before disconnecting plug-in connections in areas exposed to explosion hazard, always deenergize the distributed I/O.
8-2
In accordance with EN 50021 (Electrical Apparatus for Potentially Explosive Atmospheres; Type of Protection "n) II (3) G EEx nA II T3 to T6 (except for SM 326; DI 8 II 3 (2) G EEx nA [ib] IIC T4 (SM 326; DI 8 NAMUR)
NAMUR only)
For SM 326; DI 8 NAMUR: 94/9/EC Equipment and Protective Systems Intended for Use in Potentially Explosive Atmospheres" (Explosion Protection Guideline): II (2) G [EEx ib] IIC This approval applies to explosive gas mixtures of Group IIC (see S7-300, M7-300, ET 200M Automation Systems, Principles of Intrinsically-Safe Design manual). The safety-related limit values can be obtained from the certificate of conformity (see Section 16).
Note Modules with II (2) G [EEx ib] IIC approval are considered to be associated items of equipment and must therefore be installed outside the potentially explosive area. Intrinsically-safe electrical equipment items for Zones 1 and 2 may be connected.
Overview of UL and FM Approvals

The table below provides an overview of the fail-safe signal modules including detailed information on approvals and fields of application.
Approval for: Component UL 508 CSA C 22.2 No. 142 UL 1604 CSA213 24 VDC Yes FM 3611, 3600, 3810 CI. I Div. 2 CI. I Zone 2 Yes ATEX 2671 X Guideline 94/9/EG No ATEX EN 50021: 1999
SM 326; DI 24
II (3) G EEx nA II T3 to T6 available II 3 (2) G EEx nA [ib] IIC T4 available Yes II (3) G EEx nA II T3 to T6 available II (3) G EEx nA II T3 to T6 available
SM 326; DI 8
NAMUR
Yes
Yes
II (2) G [EEx ib] IIC available No No
SM 326; DO 8 VDC/2 A PM SM 326; DO 10 VDC/2 A SM 336; AI 6
24 24
Yes Yes
Yes Yes
13 Bit
Yes
Yes
No
8-3
Marking for Australia

The fail-safe signal modules satisfy the requirements of AS/NZS 2064 (Class A).
IEC 61131
The fail-safe signal modules satisfy the requirements and criteria of IEC 61131-2 (Programmable Controllers - Part 2: Equipment Requirements and Tests).
Field of Application
SIMATIC products are designed for use in industrial environments.
Field of Application Industry Requirement Relating to Emitted Interference EN 50081-2 :1993
Immunity to Interference EN 50082-2 :1995
TV Certificate and Standards

The fail-safe signal modules are certified for the following standards. Refer to the report accompanying the TV certificate for the current version/edition of the standard.
Functional Safety Standards DIN V 19250 DIN V VDE 0801 DIN V VDE 0801/A1 IEC 61508-1 to 7 EN 50159-1 and 2 Process Engineering Standards DIN V 19251 VDI/VDE 2180-1, 2, 3 and 5 NE 31 ISA S 84.01 Machine Safety Standards 98/37/EC EN 60204-1 EN 954-1 Combustion Engineering Standards DIN VDE 0116, Clause 8.7 prEN 50156-1 EN 230, Clause 7.3 EN 298 Nos. 7.3, 8, 9, and 10 DIN V ENV 1954 Other Standards DIN VDE 0110-1 73/23/EEC 93/68/EEC EN 55011 EN 50081-2 EN 50082-2 EN 61131-2
Requesting TV Certificate
You can request copies of the TV certificate and the accompanying report at the following address: Siemens Aktiengesellschaft Bereich Automatisierungstechnik A&D AS RD ST Postfach 1963 D-92209 Amberg
8-4
8.3
Electromagnetic Compatibility
Introduction
This section presents information on the interference immunity of fail-safe signal modules and information on radio interference suppression. The fail-safe signal modules satisfy the requirements of the EMC legislation for the internal European market.
Definition of EMC
Electromagnetic compatibility is the ability of an electrical device to function in its electromagnetic environment in a satisfactory manner without affecting this environment.
Pulse-Shaped Interference
The table below shows the electromagnetic compatibility of the fail-safe signal modules with respect to pulse-shaped interferences. As a prerequisite, the S7-300/M7-300/ET 200M system must comply with the specifications and guidelines for electrical installation.
Pulse-Shaped Interference Electrostatic discharge in accordance with IEC 61000-4-2 (DIN VDE 0843 Part 2) Tested With 8 kV 6 kV Burst pulse (rapid transient interference) in accordance with IEC 61000-4-4 (DIN VDE 0843 Part 4) 2 kV (supply line) 2 kV (signal line) Degree of Severity 3 (air discharge) 3 (contact discharge) 3 4
Surge in accordance with IEC 61000-4-5 (DIN VDE 0839 Part 10) No external surge filter required (see S7-300 Automation System, Hardware and Installation:CPU 31xC and CPU 31x installation manual, Section Lightning and Surge Voltage Protection)* Asymmetrical connection 1 kV (supply line) 1 kV (signal line/ data line) Symmetrical connection 0.5 kV (supply line) 0.5 kV (signal line/ data line) * An external surge filter is required for severity level 3. The test value is then 2 kV for unsymmetrical connections and 1 kV for symmetrical connections. 2*
8-5
Overvoltage Protection for S7-300/ET 200M with Fail-Safe Signal Modules

If your system has to achieve a greater level of protection than severity level 2, we recommend use of an external surge filter to ensure surge resistance in S7-300/ET 200M with fail-safe signal modules. The exact type designation can be obtained in the S7-300 Automation System, Hardware and Installation:CPU 31xC and CPU 31x installation manual, Section Lightning and Surge Voltage Protection). Note Lightning protection measures always require a case-by-case examination of the entire system. Nearly complete protection from overvoltages, however, can only be achieved if the entire building surroundings have been designed for overvoltage protection. In particular, this involves structural measures in the building design phase. Therefore, for detailed information regarding overvoltage protection, we recommend that you contact your Siemens representative or a company specializing in lightning protection.
Sinusoidal Interferences
HF radiation of the device in accordance with IEC 61000-4-3: Electromagnetic HF field, amplitude-modulated From 80 MHz to 1000 MHz; 10 V/m; 80% AM (1 kHz) Electromagnetic HF field, pulse-modulated 900 5 MHz; 10 V/m; 50% ESD; 200 Hz repetition frequency GSM/ISM field interferences of different frequencies (EN 298: 1998):
System GSM GSM ISM ISM ISM ISM ISM ISM ISM ISM ISM ISM ISM Frequency 890-915 MHz 1710-1785 MHz 6,765-6,795 MHz 13,553-13,567 MHz 26,957-27,283 MHz 40.66-40.70 MHz 433.05-434.79 MHz 3,370-3,410 MHz 13,533-13,533 MHz 13,567-13,587 MHz 83,996-84,004 MHz 167,992-168,008 MHz 886,000-906,000 MHz Test Level 20 V/m 20 V/m 20 V/m 20 V/m 20 V/m 20 V/m 20 V/m 20 V/m 20 V/m 20 V/m 20 V/m 20 V/m 20 V/m Modulation Pulse modulation 200Hz Pulse modulation 200Hz AM, 80% 1 kHz AM, 80% 1 kHz AM, 80% 1 kHz AM, 80% 1 kHz AM, 80% 1 kHz AM, 80% 1 kHz AM, 80% 1 kHz AM, 80% 1 kHz AM, 80% 1 kHz AM, 80% 1 kHz AM, 80% 1 kHz
8-6
HF interference on signal and data lines, etc., in accordance with IEC 61000-4-6, high frequency, unsymmetrical, and amplitude modulated From 0.15 MHz to 80 MHz; 10 V root-mean-square value, unmodulated; 80% AM (1 kHz); 150 Source impedance
Emission of Radio Interferences

Emitted interference of electromagnetic fields in accordance with EN 55011: Limit class A, Group 1.
Between 20 MHz and 230 MHz Between 230 MHz and 1000 MHz; Measured at 30 m distance < 30 dB (V/m)Q < 37 dB (V/m)Q
Emitted interference over network AC power supply in accordance with EN 55011: Limit class A, Group 1.
Between 0.15 MHz and 0.5 MHz; Between 0.5 MHz and 5 MHz Between 5 MHz and 30 MHz < 79 dB (V)Q, < 66 dB (V)M < 73 dB (V)Q, < 60 dB (V)M < 73 dB (V)Q, < 60 dB (V)M
Redundant Configuration of ET 200M

Note If you use the ET 200M in a redundant configuration, it must be in a cabinet with sufficient damping to ensure that the limit values for radio interferences are adhered to.
Expanding the Field of Application

If you use the fail-safe signal modules in residential areas, you must ensure limit class B (EN 55011) for emission of radio interferences. Measures to achieve the limit class B radio interference level include: Installation in grounded control cabinets/switchboxes Use of filters in power supply lines
8-7
8.4
Transport and Storage Conditions
Conditions for Fail-Safe Signal Modules

Fail-safe signal modules exceed the requirements for transport and storage conditions specified in IEC 61131, Part 2. The information below applies to fail-safe signal modules that are transported and stored in their original packaging.
Type of Condition Free fall Temperature Air pressure Permitted Range 1m - 40 C to + 70 C 1080 hPA to 660 hPa (corresponds to an altitude of -1000 m to 3500 m) 5% to 95%, without condensation
Relative humidity
8-8
8.5
Mechanical and Climatic Environmental Conditions
Conditions of Use
The fail-safe signal modules are intended for weatherproof, stationary use. The conditions of use exceed the requirements of IEC 61131-2. The fail-safe signal modules satisfy the conditions of application of class 3C3 in accordance with DIN EN 60721 3-3 (locations with high traffic intensity and in the immediate vicinity of industrial plants with chemical emissions).
Restrictions
A fail-safe signal module must not be used without additional measures where the following conditions apply: Locations with a high level of ionizing radiation Locations with severe operating conditions; for example, due to Dust Corrosive vapors or gases Electrical systems in particularly hazardous spaces
Systems that require special monitoring, such as: An example of an additional measure for use of a fail-safe signal module is cabinet installation of the ET 200M/S7-300 with fail-safe signal modules.
Mechanical Environmental Conditions

The following table presents the mechanical environmental conditions for fail-safe signal modules, expressed as sinusoidal vibrations.
Frequency Range (Hz) 10 f 58 58 f 150 Continuous 0.0375 mm amplitude 0.5 g constant acceleration Intermittent 0.075 mm amplitude 1 g constant acceleration
Reduction of Vibration
If the fail-safe signal modules are exposed to greater shocks or vibration, you must take suitable measures to reduce the acceleration and amplitude. We recommend installation on dampening material (such as rubber-metal vibration dampers).
8-9
Testing for Mechanical Environmental Conditions

The following table provides information about the type and scope of testing for mechanical environmental conditions.
Condition Vibration
Test Standard Vibration test in accordance with IEC 68 Part 2-6 (sine)
Comments Vibration method: frequency sweeps with a rate of change velocity of 1 octave per minute. 10 Hz f 58 Hz, constant amplitude 0.075 mm 58 Hz f 150 Hz, constant acceleration 1 g Vibration duration: 10 frequency sweeps per axis in each of three perpendicular axes
Shock pulse
Shock pulse test in accordance with IEC 68 Part 2-27
Shock method: half sine Shock intensity: 15 g peak value, 11 ms duration Shock direction: 3 shocks each in +/- direction in each of three perpendicular axes
Climatic Environmental Conditions

The fail-safe signal modules may be used under the following climatic environmental conditions:
Environmental Requirements Temperature: Horizontal installation: Vertical installation Relative humidity Range of Application Comments 0 to 60 C 0 to 40 C 5% to 95%, No condensation; corresponds to relative humidity (RH) stress level 2 in accordance with IEC 1131-2 Corresponds to an altitude of -1000 m to 2000 m Test: SO2: < 0.5 ppm; relative humidity < 60%, no condensation H2S: < 0.1 ppm; relative humidity < 60%, no condensation 10 ppm; 4 days
Air pressure Pollutant concentration
1080 hPa to 795 hPa
1 ppm; 4 days
8-10
8.6
Specifications for Nominal Line Voltages, Isolation Tests, Protection Class, and Degree of Protection
Nominal Line Voltages for Operation

The fail-safe signal modules work with a nominal line voltage of 24 VDC. The tolerance range is 20.4 VDC to 28.8 VDC. We recommend use of the Siemens "SITOP power" line of power supplies for supplying voltage.
Test Voltages
Isolation stability is proven in routine testing with the following test voltages in accordance with IEC 1131 Part 2:
Circuits with Nominal Line Voltage Ue against Other Circuits and against the Ground 0 V < Ue 50 V
Test Voltage
500 VDC
Protection Class
Protection class I in accordance with IEC 60536 (VDE 0106, Part 1), i.e., ground terminal required on DIN rail!
Foreign Body and Water Protection

Degree of protection IP 20 in accordance with EN 60529, i.e., protection from contact with standard test probes Additional: Protected from foreign bodies with diameters over 12.5 mm. No special protection from water.
8-11
8.7
Use of Fail-Safe Signal Modules in Zone 2 Potentially Explosive Atmosphere

Einsatz der fehlersicheren Signalbaugruppen im explosionsgefhrdeten Bereich Zone 2
8.7.1
Zone 2
Explosionsgefhrdete Bereiche werden in Zonen eingeteilt. Die Zonen werden nach der Wahrscheinlichkeit des Vorhandenseins einer explosionsfhigen Atmosphre unterschieden.
Zone Explosionsgefahr Example explosive Gasatmosphre tritt nur Bereiche um Flanschverbindungen mit Flachselten und kurzzeitig auf dichtungen bei Rohrleitungen in geschlossenen Rumen sicherer Bereich No auerhalb der Zone 2 Standardanwendungen von dezentraler Peripherie 2
Nachfolgend finden Sie wichtige Hinweise fr die Installation der fehlersicheren Signalbaugruppen im explosionsgefhrdeten Bereich.
Fertigungsort
Siemens AG, Bereich A&D Werner-von-Siemens-Strae 50 92224 Amberg Germany
Zulassung fr S7-300 Fehlersichere Signalbaugruppen

II 3 G Prfnummer: Note Baugruppen mit der Zulassung II 3 G EEx nA II T3 .. T6 drfen nur in Automatisierungssystemen SIMATIC S7-300 / ET 200M der Gertekategorie 3 eingesetzt werden. EEx nA II T3 .. T6 KEMA 02ATEX1096 X nach EN 50021 : 1999
8-12
Instandhaltung
Fr eine Reparatur muss die betroffene Komponente an den Fertigungsort geschickt werden. Nur dort darf die Reparatur durchgefhrt werden.
Besondere Bedingungen
Die fehlersicheren Signalbaugruppen mssen in einen Schaltschrank oder ein metallisches Gehuse eingebaut werden. Diese mssen mindestens die Schutzart IP 54 (nach EN 60529) gewhrleisten. Dabei sind die Umgebungsbedingungen zu bercksichtigen, in denen das Gert installiert wird. Fr das Gehuse muss eine Herstellererklrung fr Zone 2 vorliegen (gem EN 50021). Wenn am Kabel bzw. an der Kabeleinfhrung dieses Gehuses unter Betriebsbedingungen eine Temperatur > 70 C erreicht wird oder wenn unter Betriebsbedingungen die Temperatur an der Aderverzweigung > 80 C sein kann, mssen die Temperatureigenschaften der Kabel mit den tatschlich gemessenen Temperaturen bereinstimmen. Die eingesetzten Kabeleinfhrungen mssen der geforderten IP-Schutzart und dem Abschnitt 7.2 (gem EN 50021) entsprechen. Alle Gerte, einschlielich Schalter etc., die an den Ein- und Ausgngen von fehlersicheren Signalbaugruppen angeschlossen werden, mssen fr den Explosionsschutz Typ EEx nA oder EEx nC genehmigt sein. Es mssen Manahmen getroffen werden, dass die Nennspannung durch Transienten um nicht mehr als 40 % berschritten werden kann. Umgebungstemperaturbereich: 0 C bis 60 C Innerhalb des Gehuses ist an einem nach dem ffnen gut sichtbaren Platz ein Schild mit folgender Warnung anzubringen:
Warning Das Gehuse darf nur kurze Zeit geffnet werden, z. B. fr visuelle Diagnose. Bettigen Sie dabei keine Schalter, ziehen oder stecken keine Baugruppen und trennen keine elektrischen Leitungen (Steckverbindungen). Diese Warnung kann unbercksichtigt bleiben, wenn bekannt ist, dass keine explosionsgefhrdete Atmosphre herrscht.
Liste der zugelassenen Baugruppen

Die Liste mit den zugelassenen Baugruppen finden Sie im Internet: http://www4.ad.siemens.de/WW/view/de/ unter der Beitrags-ID 13702947.
8-13
8.7.2
Zone 2
Use of Fail-Safe Signal Modules in a Zone 2 Hazardous Area
Hazardous areas are divided up into zones. The zones are distinguished according to the probability of the existence of an explosive atmosphere.
Zone 2 Explosion Hazard Example
Explosive gas atmosphere occurs Areas around flange joints with flat gaskets in pipes in only seldom and for a short time enclosed spaces Outside zone 2 Standard distributed I/O applications
Safe area No
Below you will find important information on the installation of fail-safe signal modules in a hazardous area.
Production Location
Certification for S7-300 Fail-Safe Signal Modules

II 3 G Test number: Note II 3 G EEx nA II T3 to T6 certification can only be used in Modules with SIMATIC S7-300/ET 200M automation systems belonging to equipment category 3. EEx nA II T3 to T6 KEMA 02ATEX1096 X to EN 50021 : 1999
8-14
Maintenance
If repair is necessary, the affected component must be sent to the production location. Repairs can only be carried out there.
Special Conditions
The fail-safe signal modules must be installed in a switch cabinet or a metal housing. These must comply with the IP 54 degree of protection at a minimum. The environmental conditions under which the equipment is installed must be taken into account. There must be a manufacturer's declaration for zone 2 available for the housing (in accordance with EN 50021). If a temperature of > 70 C is reached in the cable or at the cable entry of this housing under operating conditions, or if a temperature of > 80 C can be reached at the junction of the conductors under operating conditions, the temperaturerelated properties of the cables must correspond to the temperatures actually measured. The cable entries used must comply with the required IP degree of protection and Section 7.2 (in accordance with EN 50021). All devices (including switches, etc.) that are connected to the inputs and outputs of fail-safe signal modules must be approved for EEx nA or EEx nC explosion protection. Steps must be taken to ensure that the rated voltage through transients cannot be exceeded by more than 40%. Ambient temperature range: 0 C to 60 C A sign containing the following warning must be put up inside the housing in an easily visible position when the housing is opened: Warning The housing can only be opened for a short time (e.g., for visual diagnostics). If you do this, do not operate any switches, remove or install any modules, or disconnect any electrical cables (plug-in connections). You can disregard this warning if you know that the atmosphere is not hazardous (i.e., there is no risk of explosion).
List of Approved Modules

You will find the list of approved modules under the ID 13702947 on the Internet: http://www4.ad.siemens.de/WW/view/en/
8-15
8.7.3
Utilisation des modules de signaux de scurit dans un environnement risque d'explosion en zone 2
Zone 2
Les environnements risque d'explosion sont rpartis en zones. Les zones se distinguent par la probabilit de prsence d'une atmosphre explosive.
Zone 2 Risque d'explosion Formation rare et brve d'une atmosphre gazeuse explosive Exemple Environnement de raccords joints plats dans le cas de conduites dans des locaux ferms A l'extrieur de la zone 2 Utilisation standard de priphrie dcentralise
Zone sre Non
Vous trouverez ci-aprs des remarques importantes pour l'installation des modules de signaux de scurit dans un environnement risque d'explosion.
Lieu de production
Homologation pour modules de signalisation S7-300 scurit intrinsque

II 3 G EEx nA II T3 .. T6 selon EN 50021 : 1999
Numro de contrle : Note
KEMA 02ATEX1096 X
II 3 G EEx nA II T3 .. T6 ne peuvent tre utiliss Les modules homologus que dans des automates SIMATIC S7-300 / ET 200M de catgorie 3.
8-16
Entretien
Si une rparation est ncessaire, la composante concerne doit tre expdie au lieu de production. La rparation ne doit tre effectue qu'en ce lieu.
Conditions particulires
Les modules de signalisation et autres modules scurit intrinsque doivent tre logs dans une armoire de commande ou un botier mtallique. Ceux-ci doivent assurer au moins l'indice de protection IP 54. Il faut alors tenir compte des conditions d'environnement dans lesquelles l'appareil est install. Le botier doit faire lobjet dune dclaration de conformit du fabricant pour la zone 2 (selon EN 50021). Si dans les conditions dexploitation, une temprature > 70 C est atteinte au niveau du cble ou de lentre du cble dans ce botier, ou bien si la temprature au niveau de la drivation des conducteurs peut tre > 80 C, les capacits de rsistance thermique des cbles doivent corespondre aux tempratures effectivement mesures. Les entres de cbles utilises doivent avoir le niveau de protection IP exig et tre conformes au paragraphe 7.2 (selon EN 50021). Tous les appareillages (y compris les interrupteurs, etc.) raccords aux entres et sorties de modules de signaux scurit intrinsque doivent tre homologus pour la protection antidflagrante type EEx nA ou EEx nC. Il faut prendre des mesures pour que la tension nominale ne puisse pas tre dpasse de plus de 40% sous linfluence de transitoires. Plage de temprature ambiante : 0 C 60 C A lintrieur du botier, il faut placer, un endroit bien visible aprs ouverture, une plaquette comportant lavertissement suivant :
Avertissement Ouvir le botier le moins longtemps possible, par exemple pour effectuer un diagnostic visuel. Ce faisant, nactionnez aucun commutateur, ne dconnectez aucun module et ne dbranchez pas de cbles lectriques (connexions). Le respect de cet avertissement nest pas impratif sil est certain que lenvironnement ne prsente pas de risque dexplosion.
Liste des modules homologus

Vous trouverez sur Internet la liste des modules homologus :
http://www4.ad.siemens.de/WW/view/fr/ rfrence ID 13702947.
8-17
8.7.4
Aplicacin de mdulos de seales de alta disponibilidad en reas con peligro de explosin, zona 2
Zona 2
Las reas con peligro de explosin se clasifican en zonas. Las zonas se diferencian segn la probabilidad de la existencia de una atmsfera capaz de sufrir una explosin.
Zona 2 Peligro de explosin La atmsfera explosiva de gas slo se presenta rara vez y muy brevemente Ejemplo reas alrededor de uniones abridadas con juntas planas en tuberas en locales cerrados fuera de la zona 2 Aplicaciones estndar de la periferia descentralizada
rea segura No
A continuacin encontrar importantes informaciones para la instalacin de los mdulos de seales de alta disponibilidad en reas con peligro de explosin.
Lugar de fabricacin
Homologacin para mdulos de sealizacin de seguridad S7-300

II 3 G EEx nA II T3 .. T6 efter EN 50021 : 1999
Nmero de comprobacin: KEMA 02ATEX1096 X Nota II 3 G EEx nA II T3 .. T6 pueden Los mdulos con la homologacin utilizarse nicamente en los autmatas programables SIMATIC S7-300 / ET 200M de la categora de equipo 3.
8-18
Mantenimiento
Para una reparacin se ha de remitir el componente afectado al lugar de fabricacin. Slo all se puede realizar la reparacin.
Condiciones especiales
Los mdulos de sealizacin de seguridad/mdulos deben ir montados en un armario de distribucin o una caja metlica. stos deben garantizar como mnimo el grado de proteccin IP 54. Para ello se han de tener en cuenta las condiciones ambientales, en las cuales se instala el equipo. La caja deber contar con una declaracin del fabricante para la zona 2 (conforme a EN 50021). Si durante la operacin se alcanzara una temperatura > 70 C en el cable o la entrada de cables de esta caja o bien una temperatura > 80 C en la bifurcacin de hilos, debern adaptarse las propiedades trmicas de los cables a las temperaturas medidas efectivamente. Las entradas de cable utilizadas deben cumplir el grado de proteccin IP exigido y lo expuesto en el apartado 7.2 (conforme a EN 50021). Todos los dispositivos inclusive interruptores, etc. conectados a las entradas y salidas de mdulos de seales de alta disponibilidad deben estar homologados para la proteccin contra explosiones del tipo EEx nA o EEx nC. Es necesario adoptar las medidas necesarias para evitar que la tensin nominal pueda rebasar en ms del 40 % debido a efectos transitorios. Margen de temperatura ambiente: 0 C hasta 60 C Dentro de la caja deber colocarse en un lugar perfectamente visible tras su apertura un rtulo con la siguiente advertencia: Precaucin Abrir la caja slo brevemente, p.ej. para el diagnstico visual. Durante este tiempo Ud. no deber activar ningn interruptor, desenchufar o enchufar mdulos ni separar conductores elctricos (conexiones enchufables). Esta advertencia puede ignorarse si Ud. sabe que en la atmsfera existente no hay peligro de explosin.
Lista de los mdulos homologados

En la internet hallar Ud. una lista con los mdulos homologados: http://www4.ad.siemens.de/WW/view/es/ bajo el ID de asignacin 13702947.
8-19
8.7.5
Impiego delle unit di segnale ad elevata sicurezza nell'area a pericolo di esplosione zona 2
Zona 2
Le aree a pericolo di esplosione vengono suddivise in zone. Le zone vengono distinte secondo la probabilit della presenza di un'atmosfera esplosiva.
Zona 2 Pericolo di esplosione L'atmosfera esplosiva si presente solo raramente e brevemente Esempio Aree intorno a collegamenti a flange con guarnizioni piatte nelle condotte in ambienti chiusi Al di fuori della zona 2 Applicazioni standard di periferia decentrata
Area sicura No
Qui di seguito sono riportate delle avvertenze importanti per l'installazione delle unit di segnale ad elevata sicurezza nell'area a pericolo di esplosione.
Luogo di produzione
Omologazione per le unit di segnale S7-300 ad elevata sicurezza

II 3 G EEx nA II T3 .. T6 secondo EN 50021 : 1999
Numero di controllo: Avvertenza
KEMA 02ATEX1096 X
II 3 G EEx nA II T3 .. T6 possono essere Le unit con l'autorizzazione impiegate solo nei sistemi di controllori programmabili SIMATIC S7-300 / ET 200M della categoria di apparecchiature 3.
8-20
Manutenzione
Per una riparazione, il componente interessato deve essere inviato al luogo di produzione. La riparazione pu essere effettuata solo l.
Condizioni particolari
Le unit di segnale/moduli ad elevata sicurezza devono essere montati in un armadio elettrico o in un contenitore metallico. Questi devono assicurare almeno il tipo di protezione IP 54. In questo caso bisogna tenere conto delle condizioni ambientali nelle quali l'apparecchiatura viene installata. Per il contenitore deve essere presente una dichiarazione del costruttore per la zona 2 (secondo EN 50021). Se nei cavi o nel loro punto di ingresso in questo contenitore viene raggiunta in condizioni di esercizio una temperatura > 70 C o se in condizioni di esercizio la temperatura nella derivazione dei fili pu essere > 80 C, le caratteristiche di temperatura dei cavi devono essere conformi alla temperatura effettivamente misurata. Gli ingressi dei cavi usati devono essere conformi al tipo di protezione richiesto e alla sezione 7.2 (secondo EN 50021). Tutte le apparecchiature, inclusi interruttori, ecc. che vengono collegati agli ingressi/uscite di unit di segnale ad elevata sicurezza, devono essere stati omologati per la protezione da esplosione tipo EEx nA o EEx nC. Devono essere prese delle misure per evitare che la tensione nominale possa essere superata per pi del 40% da parte di transienti. Campo termico ambientale: da 0 C a 60 C Allinterno del contenitore va apportata, in un luogo ben visibile dopo lapertura, una targhetta con il seguente avvertimento: Attenzione Il contenitore pu rimanere aperto solo per breve tempo, ad esempio per una diagnostica a vista. In tal caso non azionare alcun interruttore, non disinnestare o innestare unit e non staccare connessioni elettriche (connettori). Non necessario tenere conto di questo avvertimento se noto che non c unatmosfera a rischio di esplosione.
Elenco delle unit abilitate

La lista con le unit omologate si trova in Internet al sito: http://www4.ad.siemens.de/WW/view/it/ allID di voce 13702947.
8-21
8.7.6
Gebruik van de foutbestendige signaalmodulen het explosieve gebied zone 2
Zone 2
Explosieve gebieden worden ingedeeld in zones. Bij de zones wordt onderscheiden volgens de waarschijnlijkheid van de aanwezigheid van een explosieve atmosfeer.
Zone 2 Explosiegevaar Een explosieve gasatmosfeer treedt maar zelden op en voor korte duur Voorbeeld Gebieden rond flensverbindingen met pakkingen bij buisleidingen in gesloten vertrekken Buiten de zone 2 Standaardtoepassingen van decentrale periferie
Veilig gebied neen
Hierna vindt u belangrijke aanwijzingen voor de installatie van de foutbestendige signaalmodulen in een explosief gebied.
Productieplaats
Siemens AG, Bereich A&D Werner-von-Siemens-Strasse 50 92224 Amberg Germany
Vergunning voor de tegen fouten beveiligde signaalmodulen S7-300

II 3 G EEx nA II T3 .. T6 conform EN 50021 : 1999
Keuringsnummer: KEMA 02ATEX1096 X Opmerking II 3 G EEx nA II T3 .. T6 mogen slechts worden Modulen met de vergunning gebruikt in automatiseringssystemen SIMATIC S7-300 / ET 200M van de apparaatcategorie 3.
8-22
Instandhouding
De te herstellen component moet voor reparatie naar de plaats van vervaardiging worden gestuurd. Alleen daar mag de reparatie worden uitgevoerd.
Speciale voorwaarden
De tegen fouten beveiligde signaalmodulen/module moeten worden ingebouwd in een schakelkast of in een behuizing van metaal. Deze moeten minstens de veiligheidsgraad IP 54 waarborgen. Hierbij dient rekening te worden gehouden met de omgevingsvoorwaarden waarin het apparaat wordt genstalleerd. Voor de behuizing dient een verklaring van de fabrikant voor zone 2 te worden ingediend (volgens EN 50021). Als aan de kabel of aan de kabelinvoering van deze behuizing onder bedrijfsomstandigheden een temperatuur wordt bereikt > 70 C of als onder bedrijfsomstandigheden de temperatuur aan de adervertakking > 80 C kan zijn, moeten de temperatuureigenschappen van de kabel overeenstemmen met de werkelijk gemeten temperaturen. De aangebrachte kabelinvoeringen moeten de vereiste IP-veiligheidsgraad hebben en in overeenstemming zijn met alinea 7.2 (volgens EN 50021). Alle apparaten, schakelaars enz. inbegrepen, die worden aangesloten op de in- en uitgangen van tegen fouten beveiligde signaalmodulen, moeten zijn goedgekeurd voor de explosiebeveiliging type EEx nA of EEx nC. Er dienen maatregelen te worden getroffen, zodat de nominale spanning door transinten met niet meer dan 40 % kan worden overschreden. Omgevingstemperatuurbereik: 0 C tot 60 C Binnen de behuizing dient op een na het openen goed zichtbare plaats een bord te worden aangebracht met de volgende waarschuwing: Waarschuwing De behuizing mag slechts voor korte tijd worden geopend, bijv. voor een visuele diagnose. Bedien hierbij geen schakelaar, trek of steek geen modulen en ontkoppel geen elektrische leidingen (steekverbindingen). Deze waarschuwing kan buiten beschouwing blijven, indien bekend is dat er geen explosieve atmosfeer heerst.
Lijst van de toegelaten modulen

De lijst met de toegelaten modulen vindt u in het internet: http://www4.ad.siemens.de/WW/view/en/ onder de bijdrage-ID 13702947.
8-23
8.7.7
Brug af fejlsikre signalkomponenter i det eksplosions-farlige omrde zone 2
Zone 2
Eksplosionsfarlige omrder inddeles i zoner. Zonerne adskiller sig indbyrdes efter hvor sandsynligt det er, at der er en eksplosiv atmosfre.
Zone 2 Eksplosionsfare Eksempel
Eksplosiv gasatmosfre optrder Omrder rundt om flangeforbindelser med flade kun sjldent og varer kort pakninger ved rrledninger i lukkede rum Uden for zone 2 Standardanvendelser decentral periferi
Sikkert omrde Nej
I det flgende findes vigtige henvisninger vedr. installation af de fejlsikre signalkomponenter i det eksplosionsfarlige omrde.
Produktionssted
Tilladelse for S7-300 fejlsikre signalkomponenter

II 3 G Kontrolnummer: Bemrk II 3 G EEx nA II T3 .. T6 m kun monteres i Komponenter med godkendelsen automatiseringssystemer SIMATIC S7-300 / ET 200M - udstyrskategori 3. EEx nA II T3 .. T6 KEMA 02ATEX1096 X efter EN 50021 : 1999
8-24
Vedligeholdelse
Skal den pgldende komponent repareres, bedes De sende den til produktionsstedet. Reparation m kun udfres der.
Srlige betingelser
De fejlsikre signalkomponenter/moduler skal monteres i et kontaktskab eller et metalbelagt kabinet. Disse skal mindst kunne sikre beskyttelsesklasse IP 54. I denne forbindelse skal der tages hjde for de omgivelsestemperaturer, i hvilke udstyret er installeret. Der skal vre udarbejdet en erklring fra fabrikanten for kabinettet for zone 2 (iht. EN 50021). Hvis kablet eller kabelindfringen p dette hus nr op p en temperatur p > 70 C under driftsbetingelser eller hvis temperaturen p reforegreningen kan vre > 80 C under driftsbetingelser, skal kablernes temperaturegenskaber stemme overens med de temperaturer, der rent faktisk mles. De benyttede kabelindfringer skal vre i overensstemmelse med den krvede IP-beskyttelsestype og afsnittet 7.2 (iht. EN 50021). Alle apparater, inkl. kontakter osv., der forbindes med ind- og udgangene til fejlsikre signalkomponenter, skal vre godkendt til eksplosionsbeskyttelse af type EEx nA eller EEx nC. Der skal trffes foranstaltninger, der srger for, at den nominelle spnding via transienter ikke kan overskrides mere end 40 %. Omgivelsestemperaturomrde:0 C til 60 C I kabinettet skal der anbringes et skilt, der skal kunne ses, nr kabinettet bnes. Dette skilt skal have flgende advarsel: Advarsel Kabinettet m kun bnes i kort tid, f.eks. til visuel diagnose. Tryk i denne forbindelse ikke p kontakter, trk eller ist ikke komponenter og afbryd ikke elektriske ledninger (stikforbindelser). Denne advarsel skal der ikke tages hjde for, hvis man ved, at der ikke er nogen eksplosionsfarlig atmosfre.
Liste over godkendte komponenter

Listen med de godkendte komponenter findes p internettet: http://www4.ad.siemens.de/WW/view/en/ under bidrags-ID 13702947.
8-25
8.7.8
Virheilt suojattujen signaalirakenneryhmien kytt rjhdysvaarannetuilla alueilla, vyhyke 2
Vyhyke 2
Rjhdysvaarannetut alueet jaetaan vyhykkeisiin. Vyhykkeet erotellaan rjhdyskelpoisen ilmakehn olemassa olon todennkisyyden mukaan.
Vyhyke 2 Rjhdysvaara Rjhtv kaasuilmakeh ilmaantuu vain harvoin ja lyhytaikaisesti Esimerkki Alueet putkistojen lattatiivisteill varustuilla laippaliitoksilla suljetuissa tiloissa vyhykkeen 2 ulkopuolella hajautetun ulkopiirin vakiosovellukset
turvallinen alue ei
Seuraavasta lydtte trkeit ohjeita virheilt suojattujen signaalirakenneryhmien asennukseen rjhdysvaarannetuilla alueilla.
Valmistuspaikka
Hyvksynt S7-300 virhevarmoja signaalirakenneryhmi varten

II 3 G EEx nA II T3 .. T6 EN 50021 mukaan: 1999
Tarkastusnumero: KEMA 02ATEX1096 X Ohje II 3 G EEx nA II T3 .. T6 kanssa saadaan Rakenneryhmt hyvksynnn kytt ainoastaan laitekategorian 3 automatisointijrjestelmiss SIMATIC S7-300 / ET 200M.
8-26
Kunnossapito
Korjausta varten tytyy kyseinen komponentti lhett valmistuspaikkaan. Korjaus voidaan suorittaa ainoastaan siell.
Erityiset vaatimukset
Virhevarmat signaalirakenneryhmt/moduulit tytyy asentaa kytkentkaappiin tai metalliseen koteloon.. Niden tytyy olla vhintn kotelointiluokan IP 54 mukaisia. Tllin on huomioitava ympristolosuhteet, johon laite asennetaan. Kotelolle tytyy olla valmistajaselvitys vyhykett 2 varten (EN 50021 mukaan). Kun johdolla tai tmn kotelon johdon sisnviennill saavutetaan > 70 C lmptila tai kun kyttolosuhteissa lmptila voi piuhajaotuksella olla > 80 C, tytyy johdon lmptilaominaisuuksien vastata todellisesti mitattuja lmptiloja. Kytettyjen johtojen sisnohjauksien tytyy olla vaaditun IP-kotelointiluokan ja kohdan 7.2 (EN 50021 mukaan) mukaisia. Kaikkien laitteiden, kytkimet jne. mukaan lukien, jotka liitetn virheilt suojattujen signaalirakenneryhmien tuloille ja lhdille, tytyy olla hyvksyttyj tyypin EEx nA tai EEx nC rjhdyssuojausta varten. Toimenpiteet tytyy suorittaa, ettei nimellisjnnite voi transienttien kautta ylitty enemmn kuin 40 %. Ympristlmptila-alue: 0 C ... 60 C Kotelon sislle, avauksen jlkeen nkyvlle paikalle, on kiinnitettv kilpi, jossa on seuraava varoitus: Varoitus Kotelo saadaan avata ainoastaan lyhyeksi ajaksi, esim. visuaalista diagnoosia varten. l tllin kyt mitn kytkimi, ved tai liit mitn rakenneryhmi, lk erota mitn shkjohtoja (pistoliittimi). Tt varoitusta ei tarvitse huomioida, kun on tiedossa, ett minknlaista rjhdysvaarannettua ilmakeh ei ole olemassa.
Hyvksyttyjen rakenneryhmien lista

Lista hyvksiytyist rakennesarjoista lytyy internetist osoitteesta: http://www4.ad.siemens.de/WW/view/en/ kyttjtunnuksella 13702947.
8-27
8.7.9
Anvndning av felskrade signalkomponent-grupper i explosions-riskomrde zon 2
Zon 2
Explosionsriskomrden delas in i zoner. Zonerna delas in enligt sannolikheten att en
atmosfr med explosionsfara freligger. Zon 2 Explosionsfara Explosiv gasatmosfr uppstr endast sllan eller kortvarigt Exempel Omrden kring flnsfrbindelser med packningar vid rrledningar i slutna utrymmen Utanfr zon 2 Standardanvndning av decentral periferi
Skert omrde Nej
Nedan fljer viktiga anvisningar om installationen av de felskrade signalkomponentgruppern i ett explosionsriskomrde.
Tillverkningsort
Godknnande fr S7-300 felskrade signalenheter

II 3 G Kontrollnummer: Anvisning II 3 G EEx nA II T3 .. T6 fr endast Komponentgrupper med godknnande anvndas i automatiseringssystemen SIMATIC S7-300 / ET200M frn apparatgrupp 3. EEx nA II T3 .. T6 KEMA 02ATEX1096 X enligt EN 50021 : 1999
8-28
Underhll
Vid reparation mste den aktuella komponenten insndas till tillverkaren. Reparationer fr endast genomfras dr.
Srskilda villkor
De felskrade signalenheterna/modulerna mste monteras i ett kopplingsskp eller metallhus. Dessa mste minst vara av skyddsklass IP 54. Drvid ska omgivningsvillkoren dr enheten installeras beaktas. Fr kpan mste en tillverkardeklaration fr zon 2 freligga (enligt EN 50021). Om en temperatur p > 70C uppns vid husets kabel resp kabelinfring under driftvillkor eller om temperaturen vid trdfrgreningen kan vara > 80C under driftvillkor, mste kabelns temperaturegenskaper verensstmma med den verkligen uppmtta temperaturen. De anvnda kabelinfringarna mste uppfylla kraven i det krvda IPskyddsutfrandet och i avsnitt 7.2 (enligt EN 50021). Alla apparater, inklusive brytare osv, som ansluts till felskrade signalenheters inoch utgngar, mste vara godknda fr explosionsskydd av typ EEx nA eller EEx nC. tgrder mste vidtas s, att mrkspnningen ej kan verskridas med mer n 40% genom transienter. Omgivningstemperatur: 0 C till 60 C Nr huset ppnats ska en skylt med fljande varning monteras p ett tydligt synligt stlle huset: Varning Huset fr endast ppnas under kort tid, t ex fr visuell diagnos. Anvnd drvid inga brytare, lossa eller anslut inga enheter och frnskilj inga elektriska ledningar (insticksanslutningar). Ingen hnsyn mste tas till denna varning om det r skert att det inte rder ngon explosionsfarlig atmosfr.
Lista ver godknda komponentgrupper

Lista ver godknda enheter terfinns i Internet: http://www4.ad.siemens.de/WW/view/en/ under bidrags-ID 13702947.
8-29
8.7.10
Uso de grupos de componentes de sinais protegidos contra erro em rea exposta ao perigo de exploso, zona 2
Zona 2
As reas expostas ao perigo de exploso so divididas em zonas. As zonas so diferenciadas de acordo com a probabilidade da existncia de uma atmosfera
explosiva. Zona 2 Perigo de exploso S raramente e por um breve perodo de tempo surgem atmosferas explosivas Exemplo reas em torno de ligaes flangeadas com vedaes chatas em tubulaes em recintos fechados fora da zona 2 Aplicaes descentralizadas de periferia descentralizada
rea segura no
A seguir, o Sr. encontrar avisos importantes para a instalao dos grupos de componentes de sinais protegidos contra erro em rea exposta ao perigo de exploso.
Local de produo
Licena para os Grupos de Sinal sem Defeitos S7-300

II 3 G EEx nA II T3 .. T6 seg. EN 50021 : 1999
Nmero de ensaio: KEMA 02ATEX1096 X Aviso II 3 G EEx nA II T3 .. T6 s podem ser Componentes com a licena aplicados em sistemas de automao SIMATIC S7-300 / ET 200M da categoria de aparelho 3.
8-30
Reparo
Os componentes em questo devem ser remetidos para o local de produo a fim de que seja realizado o reparo. Apenas l deve ser efetuado o reparo.
Condies especiais
Os grupos de sinal/mdulos sem defeito devem ser montados dentro de um armrio do quadro de comandos ou de uma caixa metlica. Estes devem garantir no mnimo o tipo de proteo IP 54. Durante este trabalho devero ser levados em considerao as condies locais, nas quais o aparelho ser instalado. Para a caixa dever ser apresentada uma declarao do fabricante para a zona 2 (de acordo com EN 50021). Caso no cabo ou na entrada do cabo desta carcaa sob as condies operacionais seja atingida uma temperatura de > 70 C, ou caso sob condies operacionais a temperatura na ramificao do fio poder atingir > 80 C, as caratersticas de temperatura devero corresponder s temperaturas realmente medidas. As entradas de cabo utilizadas devem corresponder ao tipo exigido de proteo IP e seo 7.2 (de acordo com o EN 50021). Todos os aparelhos, inclusive as chaves, etc., que estejam conectadas em entradas e sadas de mdulos de sinais protegidos contra erro, devem possuir a licena para a proteo de exploso do tipo EEx nA ou EEx nC. Precisam ser tomadas medidas para que a tenso nominal atravs de transitrios no possa ser ultrapassada em mais que 40 %. rea de temperatura ambiente: 0 C at 60 C No mbito da carcaa deve ser colocada, aps a abertura, em um ponto bem visvel uma placa com a seguinte advertncia: Advertncia A carcaa deve ser aberta apenas por um breve perodo de tempo, por ex. para diagnstico visual. No acione nenhum interruptor, no retire ou conecte nenhum mdulo e no separe nenhum fio eltrico (ligaes de tomada). Esta advertncia poder ser ignorada caso se saiba que no h nenhuma atmosfera sujeita ao perigo de exploso.
Lista dos componentes autorizados

A lista com os mdulos autorizados encontram-se na Internet: http://www4.ad.siemens.de/WW/view/en/ sob o nmero de ID 13702947.
8-31
8.7.11
, 2
2
. .
2

S7-300
II 3 G EEx nA II T3 .. T6 EN 50021 : 1999 : II 3 G EEx nA II T3 .. T6 SIMATIC S7-300 / ET 200M 3. KEMA 02ATEX1096 X
8-32
. .

/ . IP 54. , . 2 ( EN 50021). 70 C 80 C, . IP 54 7.2 ( EN 50021). , .., , EEx nA EEx nC. , 40 %. : 0 C 60 C : , .. . , ( ). , .

: http://www4.ad.siemens.de/WW/view/en/ 13702947.
8-33
8-34
9
9.1
Overview
Digital Modules
Introduction
Four fail-safe digital modules from the S7-300 module range are available for connecting digital sensors and/or actuators. This chapter contains the following information on each fail-safe digital module: Features Module view and block diagram Applications with connection diagrams and parameter assignments Diagnostic messages with remedies Technical specifications
9-1
Digital Modules
9.2
Discrepancy Analysis for Fail-safe Digital Input Modules
Discrepancy Analyses
There are two types of discrepancy analyses for fail-safe input modules: for 1oo2 evaluation in a digital input module for redundant modules
Discrepancy Analysis for 1oo2 Evaluation in a Digital Input Module

The discrepancy analysis is carried out in the safety mode between the two input signals of the 1oo2 evaluation in the fails-safe input module. If the input signals do not match after the assigned discrepancy time has elapsed (due to a broken wire in a sensor cable, for example), the input signal to the F-CPU is set to 0. In addition, the diagnostic message discrepancy error is generated with information about the faulty channel in the diagnostic buffer of the module. Note The input signals from the process are considered to be correct process values within the discrepancy time even if the two readings of the redundant input signals are different. While the discrepancy time is running inside the module, the following value is sent to the F-CPU:
for SM 326; DI 8 input channel
NAMUR: the last, valid value (old value) of the affected
for SM 326; DI 24 DC 24V: parameters can be assigned for the last valid value (old value) of the affected input channel or the value "0" (parameters "discrepancy behavior")
If, for example, a filling operation is being controlled with the sensor signal, the filling will be stopped by the first of the two discrepancy signals after reading the "0" signal if the value is "0". If the second signal is never read as "0", an error is detected following the expiration of the discrepancy time. Select the last valid value for this example.
9-2
Digital Modules
"Provide last valid value"

The last valid value (old value) before discrepancy occurs is made available in the safety program in F-CPU as soon as a discrepancy is determined between the signals of the affected input channels. This value remains available until the discrepancy disappears or until the discrepancy time expires and a discrepancy error is detected. The sensor-actuator response time is extended according to the this time. This means the discrepancy time of a 2-channel sensor for fast reactions has to be adjusted to short response times. Thus, for example, it makes no sense for a time-critical deactivation to be triggered by 2-channel sensors with a discrepancy time of 500 ms. In the worst case, the sensor-actuator response time is extended by an amount approximately equal to the discrepancy time: For this reason, position the sensor in the process in such a way to minimize discrepancy. Then select the shortest possible discrepancy time that also has sufficient back-up against false tripping of discrepancy errors.
"Provide 0 value"
The value "0" is immediately made available to the safety program in the F-CPU as soon as a discrepancy is detected between the signals of the two affected input channels. If you assigned the parameter "Provide 0 value, the sensor-actuator response time will not be affected by the discrepancy time.
9-3
Digital Modules
Discrepancy Analysis in Redundant Digital Input Modules (only in F Systems S7 F/FH Systems)
The fail-safe driver blocks of the optional software S7 F Systems perform the discrepancy analysis in F systems S7 F/FH system between both input signals of the redundant input modules. For the redundant digital input modules, both input signals are interconnected by the OR fail-safe driver blocks so that the output signal of the driver block is set to 1 in the event of a discrepancy between the two input signals . Since the signals of both modules can be considered safe, you can trust the value "1" of the signal module and forward this signal to the driver output without taking any safety risks. This way, the desired availability of the system is achieved. In the event of discrepancy errors, diagnostic information is additionally issued at the outputs DIAG_1/2 on the fail-safe module driver (see the Programmable Controllers S7 F/FH Systems manual). If the input signals do not correspond (discrepancy error) following the expiration of the configured discrepancy time, corresponding diagnostic information is output on the fail-safe module driver at the outputs DIAG_1/2 (see the Programmable Controllers S7 F/FH Systems manual).
Parameter Assignment
You assign parameters for the discrepancy time and the discrepancy behavior in HW Config, in the object properties catalog of the fail-safe signal module (Parameters see chapter 9.3 and 9.4).
9-4
Digital Modules
9.3
9.3.1
SM 326; DI 24
DC 24V
Properties, Front View, Connection Diagram, and Block Diagram
Order Number
6ES7 326-1BK01-0AB0
Features
The SM 326; DI 24 DC 24V has the following features: 24 inputs, isolated in groups of 12 24V DC rated input voltage Suitable for switches and 2-/3-/4-wire proximity switches (BEROs) 4 short circuit-proof sensor supplies for 6 channels in each case, isolated in groups of 2 External sensor supply possible Group error display (SF) Safety mode display (SAFE) Status indicator for each channel (green LED) Reconfiguration in Run (CiR) possible in standard mode Assignable diagnostics Diagnostic alarm with assignable parameters Usable in standard and safety modes Configure 1oo1 and 1oo2 for each channel simplified PROFIsafe address assignment Warning The fail-safe performance characteristics in the technical specifications are valid for a proof-test interval of 10 years a planned outage time of 100 hours.
9-5
Digital Modules
Address Assignment
The following figure shows the allocation of channels to addresses.
Addressing of the inputs in the user program I x.0 Ix.1 I x.2 I x.3 Ix.4 I x.5 I x.6 I x.7 x+1.0 x+1.1 x+1.2 x+1.3 I I I I I I I I I I I I x+1.4 x+1.5 x+1.6 x+1.7 x+2.0 x+2.1 x+2.2 x+2.3 x+2.4 x+2.5 x+2.6 x+2.7
0 1 2 3 4 5 6 7 0 1 2 3
4 5 6 7 0 1 2 3 4 5 6 7
I I I I
x = module start address
Figure 9-1 Address assignment for SM 326; DI 24
DC 24V
Configuration in RUN (CiR)

During standard operation of the SM 326; DI 24 DC 24V (starting with order no. 6ES7 326-1BK01-0AB0), you can make configuration changes while the plant is operating (CiR).
Additional Information on CiR

For further information on CiR refer to: the STEP 7 Online Help: "System Modification in RUN Mode via CiR" in the Safety Engineering in SIMATIC S7 system description
9-6
Digital Modules
Front View
Common error indicator red Sensor supply indicator green (for 6 channels) Status indicator green (per channel) Channel number
SF
Vs
SAFE
Vs 0 1 2 3 4 5 Vs 4 5 6 7 0 1
Safety mode indicator green
Vs 6 7 0 1 2 3
Vs 2 3 4 5 6 7
Use of front connector (behind the front door): for connecting the inputs and power supply
Figure 9-2 Front view SM 326; DI 24
DC 24V
9-7
Digital Modules
Channel Numbers
The inputs are identified uniquely by means of the channel numbers and the channel-specific diagnostic messages are assigned. For a module you can configure a 1oo1 and 1oo2 evaluation of the sensor (example see table 9-2) in a channel or channel pair granular.
Left Channel number: 1oo1 0 1 2 3 4 5 1oo2 0 1 2 3 4 5 Right 1oo1 12 13 14 15 16 17 1oo2 0 1 2 3 4 5
0 1 2 3 4 5 6 7 0 1 2 3
4 5 6 7 0 1 2 3 4 5 6 7
6 6 7 7 8 8 9 9 10 10 11 11
18 6 19 7 20 8 21 9 22 10 23 11
Figure 9-3 Channel numbers for SM 326; DI 24
DC 24V
Table 9-2 Left Channels 0
SM 326; DI 24
Right Channels 12
24V : Example of a channel configuration

Description Channel pair configured for 1oo2, channel 0 exists as E x.0 in the I/O area for inputs in the F-CPU Channel pair configured for 1oo2, channel 1 exists as E x.1 in the I/O area for inputs in the F-CPU Single channels configured for 1oo1, channels 2 and 14 exist as E x.2 and E x+1.6 in the I/O area for inputs in the F-CPU Single channels configured for 1oo1, channels 3 and 15 exist as E x.3 and E x+1.7 in the I/O area for inputs in the F-CPU Channel pair configured for 1oo2, channel 4 exists as E x.4 in the I/O area for inputs in the F-CPU
Evaluation of sensors 1oo2
13
1oo2
14
1oo1
15
1oo1
16
1oo2
9-8
Digital Modules
Connection and Block Diagram

The following figure shows the terminal assignment and block diagram of the SM 326; DI 24 DC 24V.
24 V
1L+ 1M 1Vs
1 2 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Logic and bus interface
Overvoltage protection L+
21 22 24 25 26 27 28 29 30 31 32 33 34 35 36 37
2L+ 2M 3Vs
24 V *
Sensor supply
2Vs
Test
4Vs
Status M
Address switch SF M
SAFE M
* The representation of the normally open contacts corresponds to the printing on the module. However, the typical encoder contacts used are normally closed contacts (to keep process variables in a safe state)
Figure 9-4
Terminal assignment and block diagram of the SM 326; DI 24 supply
DC 24V and internal sensor
External Sensor Supply

The following figure shows how the sensors can be supplied via an external sensor supply (for example, via another module: L+). All 6 channels of a channel group (0 to 5; 6 to 11; 12 to 17 or 18 to 23) must be supplied via the same external sensor supply.
2L+ 2M Vs Digital input module DI M Figure 9-5 External sensor supply for the SM 326; DI 24 DC 24V L+
9-9
Digital Modules
Note Note that the following faults cannot be detected during an external sensor supply:

Short circuit to L+ on the unswitched sensor line (contact open) Cross circuit between the channels of a channel group Cross circuit between the channels in different channel groups
9.3.2
Applications for SM 326; DI 24
DC 24V
Selecting the Application

The following figure helps you to select an application according to the requirements for high availability and availability. On the following pages you can find out how to wire the module for each application and which parameters you must set with STEP 7 using the S7 Distributed Safety or F Systems optional package.
Standard mode
No Safety mode?
Safety mode
Yes Required safety level? SIL 2 (AK 4, Cat. 3) Yes Module redundant? Module redundant? Yes Module redundant? Yes SIL3 (AK 6, Cat. 4)
No
No
No
Standard mode
Standard mode, fault tolerance
SIL 2 Safety mode
SIL 2 Safety mode, fault tolerance
SIL 3 Safety mode
Applications 1 to 6
1
see Chap. 9.3.3
2
see Chap. 9.3.4
3
see Chap. 9.3.5
4
see Chap. 9.3.6
5
see Chap. 9.3.7
6
see Chap. 9.3.8
Figure 9-6 Selecting the application - SM 326; DI 24
DC 24V
9-10
Digital Modules
Warning The achievable safety class is dependent on the quality of the sensor and the magnitude of the proof-test interval in accordance with IEC 61508. If the quality of the sensor is lower than the quality stipulated in the required safety class, the sensors must be applied redundantly with a two-channel connection.
Note You can configure a 1oo1 and 1oo2 evaluation of the sensor for a module (example see table 9-2).
9.3.3
Application 1: Standard Mode

Below you can find the wiring diagram and the parameter assignment of SM 326; DI 24 DC 24V for the Application 1: Standard Mode For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-9 and 9-10.
Wiring Diagram for Application 1 Connecting a Sensor to One Channel

A sensor is connected via a single channel for each process signal. The sensors can also be supplied via an external sensor supply.
1L+ 1M Vs
Digital input module
DI
Figure 9-7 Wiring diagram for the SM 326; DI 24 a sensor to one channel
DC 24V; for application 1 Connecting
9-11
Digital Modules
Assignable Parameters for Application 1

Table 9-3
Parameter
Parameters SM 326; DI 24
DC 24V for application 1

Type Effective in
Value Range in Standard Mode
"Parameter" tab Operating mode

Module Parameters:
Standard Mode Activated/deactivated Activated/deactivated Activated/deactivated (only if "Sensor Supply via Module" is activated) Activated/deactivated Activated/deactivated Falling edge 1 -> 0/ rising edge 0 -> 1(only if "time stamp" is activated)
Static Static Static Static
Module Module Supply group Supply group
Diagnostic Interrupt Sensor Supply via Module Short-circuit test
Module Parameters for a Supply Group:
For Single Channels or Channel Pairs:
Activated
Time-of-day stamp
Static Static Static
Channel Module Module
Time stamp Edge evaluation incoming
9-12
Digital Modules
9.3.4
Application 2: Standard Mode with High Availability

Below you can find the wiring diagrams and the parameter assignment of SM 326; DI 24 DC 24V for Application 2: standard mode with high availability For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-9 and 9-10.
Wiring Diagram for Application 2 Connecting a Sensor to One Channel

One sensor is connected via a single channel to the two digital modules for each process signal. The sensors must be supplied via an external sensor supply.
1L+ 1M
Vs Digital input module

DI 1L+ 1M
L+

DI
Figure 9-8 Wiring diagram for the SM 326; DI 24 a sensor to one channel
9-13
Digital Modules
Wiring Diagram for Application 2 Connecting Two Redundant Sensors to One Channel
Two redundant sensors are connected via one channel to the two digital modules for each process signal. The sensors can also be supplied via an external sensor supply.
1L+ 1M Vs
DI 1L+ 1M Vs Acquires the same process variable with mechanically separated sensors
DI
Figure 9-9 Wiring diagram for SM 326; DI 24 redundant sensors to one channel
DC 24V; for application 2 Connecting two

Table 9-4
Parameter
Parameters SM 326; DI 24 DC 24V
for application 2
Type Effective in

Module Parameters:
Standard Mode Activated/deactivated

Module Module Supply group
Diagnostic Interrupt Sensor Supply via Module
deactivated (with singlechannel sensor) activated/deactivated (with redundant sensor)
Short-circuit test
Activated/deactivated (only if "Sensor Supply via Module" is activated) Activated/deactivated Activated/deactivated Falling edge 1 -> 0/ rising edge 0 -> 1(only if "time stamp" is activated)
Static
Supply group
Activated
Time-of-day stamp
Channel Module Module
9-14
Digital Modules
Parameter
Type
Effective in
"Redundancy" Tab Redundancy Redundant module Discrepancy Time Reaction after discrepancy Two Modules (Selection of an existing additional module of the same type) 10 to 30000 ms

*
Module Redundant module pair Redundant module pair Redundant module pair
Connect "AND" signals Connect "OR" signals Use last valid value
For a redundant configuration in the standard mode, there are two digital values which you have to evaluate in the standard user program.
9.3.5
Application 3: Safety Mode, SIL 2 (AK 4, Category 3)

Below you can find the wiring diagram and the parameter assignment of the SM 326; DI 24 DC 24V; digital module for: Application 3: safety mode, SIL 2 (AK 4, Category 3) For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-9 and 9-10.
Wiring Diagram for Application 3 Connecting a One-channel Sensor to One Channel

One sensor is connected via one channel (1oo1 evaluation) for each process signal. The sensors can also be supplied via an external sensor supply.
1L+ 1M Vs
DI
Figure 9-10 Wiring diagram for SM 326; DI 24 sensor to one channel
DC 24V; for application 3 Connecting one
Warning A suitable sensor is required to attain SIL 2 wiring (safety level AK 4, category 3) with this interface module.
9-15
Digital Modules

Table 9-5
Parameter

Type Effective in
Value Range in Safety Mode

F-Parameter:
Safety Mode 10 to 10000 ms Activated/deactivated Activated/deactivated Activated/deactivated (only if "Sensor Supply via Module" is activated) Activated/deactivated 1oo1 Evaluation
Static Static Static Static Static
Module Module Module Supply group Supply group
F-monitoring time
Module Parameters:
Activated Evaluation of sensors

Time-of-day stamp
Static Static
Channel Channel/channel pair Module Module
Activated/deactivated Falling edge 1 -> 0/ rising edge 0 -> 1(only if "time stamp" is activated)
Static Static
9-16
Digital Modules
9.3.6
Application 4: Safety Mode, SIL 2 (AK 4, Category 3) with High Availability (only in S7 F/FH Systems)
Below you can find the wiring diagrams and the parameter assignment of SM 326; DI 24 DC 24V; digital module for: Application 4: safety mode, SIL 2 (AK 4, Category 3) with fault tolerance For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-9 and 9-10.
Wiring Diagram for Application 4 Connecting One Sensor to One Channel

One sensor is connected via a single channel (1oo1 evaluation) to the two digital modules for each process signal. The sensors must be supplied via an external sensor supply.
1L+ 1M

DI 1L+ 1M
L+

DI
Figure 9-11 Wiring diagram for SM 326; DI 24 sensor to one channel
DC 24V; for application 4 Connecting one
9-17
Digital Modules
Wiring Diagram for Application 4 Connecting Two Redundant Sensors to One Channel
Two redundant sensors are connected via one channel (1oo1 evaluation) to two digital modules for each process signal. The sensors can also be supplied via an external sensor supply.
1L+ 1M Vs
DI 1L+ 1M Vs Acquires the same process variable with mechanically separated sensors
DI
Figure 9-12 - Wiring diagram for the SM 326; DI 24 DC 24V; for application 4 Connecting two redundant sensors to one channel
9-18
Digital Modules

Table 9-6
Parameter

Type Effective in

F-Parameter:
Safety Mode 10 to 10000 ms Activated/deactivated Activated/deactivated Activated/deactivated (only if "Sensor Supply via Module" is activated) Activated/deactivated 1oo1 Evaluation
F-monitoring time
Module Parameters:
Activated Evaluation of sensors

Time-of-day stamp
Static Static
Channel Channel

"Redundancy" Tab
Activated/deactivated Falling edge 1 -> 0/ rising edge 0 -> 1(only if "time stamp" is activated) Two Modules (Selection of an existing additional module of the same type) 10 to 30000 ms
Static Static
Module Module
Redundancy Redundant module Discrepancy Time
Module Redundant module pair Redundant module pair
9-19
Digital Modules
9.3.7

Below you can find the wiring diagrams and the parameter assignment of the SM 326; DI 24 DC 24V; digital module for: Application 5: safety mode, SIL 3 (AK 6, Category 4) For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-9 and 9-10.
Internal Sensor Supply If a Sensor Is Connected to the Module

Note Generally, if you connect one sensor to two inputs of a module and you use the internal sensor supply of the module, you have to use the sensor supply of the left half of the module 1Vs (Pin 4) or 2VS (Pin 11) .
Wiring Diagram for Application 5 Connecting One Sensor to One Channel

A sensor is connected via one channel to two opposite inputs in the digital module (1oo2 evaluation) for each process signal. The sensors can also be supplied via an external sensor supply.
1L+ 1M Vs left: Channels 0...11 right: Channels 0...11 DI DI
Figure 9-13 Wiring diagram for the SM 326; DI 24 one sensor to one channel
9-20
Digital Modules
Wiring Diagram for Application 5 Connecting a Non-equivalent Sensor to Two Non-equivalent Channels
A non-equivalent sensor is connected via 2 antivalent channels to two opposite inputs in the digital module (1oo2 evaluation) for each process signal. The sensors can also be supplied via an external sensor supply. The left channels on the module supply the user signals. This means, if no errors are detected, these signals will be available in the I/O area for inputs in the F-CPU.
1L+ 1M Vs DI left: Channels 0...11 right: Channels 0...11 DI
Figure 9-14 Wiring diagram for SM 326; DI 24 DC 24V; for application 5 Connecting a non-equivalent sensor to two non-equivalent channels
9-21
Digital Modules
Wiring Diagram for Application 5 Connecting Two One-channel Sensors to Two Non-equivalent Channels
For each process signal, two one-channel sensors are connected to two opposite inputs in the digital module (1oo2 evaluation) via two non-equivalent channels. The sensors can also be supplied via an external sensor supply. The left channels on the module supply the user signals. This means, if no errors are detected, these signals will be available in the I/O area for inputs in the F-CPU.
1L+ 1M Vs left: channel 0...11* right: channel 0...11 DI Vs DI * The left channels supply the user signals Acquires the same process variable with mechanically separated sensors
Figure 9-15 Wiring diagram for SM 326; DI 24 DC 24V; for application 5 Connecting two one-channel sensors to two non-equivalent channels
9-22
Digital Modules
Wiring Diagram for Application 5 Connecting a Two-channel Sensor to Two Channels

A two-channel sensor is connected via two channels to two opposite inputs in the digital module (1oo2 evaluation) for each process signal. The sensors can also be supplied via an external sensor supply.
1L+ 1M Vs left: channel 0...11 right: channel 0...11 DI Vs DI Sensor contacts are connected mechanically
Figure 9-16 Wiring diagram for SM 326; DI 24 DC 24V; for application 5 Connecting a two-channel sensor to two channels
Wiring Diagram for Application 5 Connecting Two One-channel Sensors to Two Channels
Two one-channel sensors are connected via two channels to two opposite inputs in the digital module (1oo2 evaluation) for each process signal. The sensors can also be supplied via an external sensor supply.
1L+ 1M Vs left: channel 0...11 right: channel 0...11 DI Vs DI Acquires the same process variable with mechanically separated sensors
Figure 9-17 Wiring diagram for SM 326; DI 24 DC 24V; for application 5 Connecting two one-channel sensors to two channels
9-23
Digital Modules

Table 9-7
Parameter
SM 326 DI 24 parameter; DI 24
DC 24V of application 5
Type Effective in

F-Parameter:
Safety Mode 10 to 10000 ms Activated/deactivated Activated/deactivated Activated/deactivated (only if "Sensor Supply via Module" is activated) Activated/deactivated 1oo2 evaluation

F-monitoring time
Module Parameters:
Activated Evaluation of sensors Type of Sensor Circuit
Channel Pair Channel Pair Channel Pair
2-chann. equiv. (for figures 9-16, 9-17) 2-chann. non-equiv. (for figures 9-14, 9-15) 1-chann. (for figure 9-13)
Discrepancy Behavior Discrepancy Time

Time-of-day stamp
(only for 2-chann.)

Static
Channel Pair
provide last valid value. "Provide 0 value" Static Static Static Channel Pair Module Module
10 to 30000 ms (2-Chann. only) Activated/deactivated Falling edge 1 -> 0/ rising edge 0 -> 1(only if "time stamp" is activated)
9-24
Digital Modules
9.3.8
Below you can find the wiring diagrams and the parameter assignment of the SM 326; DI 24 DC 24V; digital module for: Application 6: safety mode, SIL 3 (AK 6, Category 4) with fault tolerance For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-9 and 9-10.
Internal Sensor Supply If a Sensor Is Connected to the Module

Note Generally, if you connect one sensor to two inputs of a module and you use the internal sensor supply of the module, you have to use the sensor supply of the left half of the module 1Vs (Pin 4) or 2VS (Pin 11) .
Wiring Diagram for Application 6 Connecting Two Redundant, One-channel Sensors to One Channel
Two redundant, one-channel sensors are required for each process signal. One sensor is connected via a single channel to two opposite inputs in the digital module (1oo2 evaluation) for each module. The sensors can also be supplied via an external sensor supply.
1L+ 1M Vs left: channel 0...11 right: channel 0...11 DI DI 1L+ 1M Vs left: channel 0...11 right: channel 0...11 DI DI Acquires the same process variable with mechanically separated sensors
Figure 9-18 Wiring diagram for the SM 326; DI 24 DC 24V; for application 6 Connecting two redundant, one-channel sensors to one channel
9-25
Digital Modules
Wiring Diagram for Application 6 Connecting Two Redundant, Non-equivalent Sensors to Two Non-equivalent Channels
Two redundant, non-equivalent sensors are required for each process signal. One non-equivalent sensor is connected to two opposite inputs in the digital module (1oo2 evaluation) for each module. The sensors can also be supplied via an external sensor supply. The left channels on the module supply the user signals. This means, if no errors are detected, these signals will be available in the I/O area for inputs in the F-CPU.
1L+ 1M Vs left: channel 0...11* right: channel 0...11 DI ** DI 1L+ 1M Vs DI left: channel 0...11* right: channel 0...11 DI ** Acquires the same process variable with mechanically separated sensors
* The left channels supply the user signals ** alternatively, you can connect two single-channel sensors (see figure 9-15)
Figure 9-19 Wiring diagram for the SM 326; DI 24 DC 24V; for application 6 Connecting two redundant, non-equivalent sensors to two non-equivalent channels
9-26
Digital Modules
Wiring Diagram for Application 6 Connecting a Two-channel Sensor to Two Channels

A two-channel sensor is connected via 2 channels to the two digital modules (1oo2 evaluation) for each process signal. The sensors must be supplied via an external sensor supply.
1L+ 1M DI DI 1L+ 1M DI DI *

left: channel 0...11 right: channel 0...11
L+ L+

left: channel 0...11 right: channel 0...11
* Sensor contacts are connected mechanically; alternatively you can connect two single-channel sensors (see figure 9-17)
Figure 9-20 Wiring diagram for SM 326; DI 24 DC 24V; for application 6 Connecting a two-channel sensor to two channels
9-27
Digital Modules
Wiring Diagram for Application 6 Connecting Two Two-channel, Redundant Sensors to Two Channels
Two two-channel, redundant sensors are required for each process signal. One sensor is connected via 2 channels to two opposite inputs in the digital module (1oo2 evaluation) for each module. The sensors can also be supplied via an external sensor supply.
1L+ 1M Vs left: channel 0...11 right: channel 0...11 DI Vs DI 1L+ 1M Vs left: channel 0...11 right: channel 0...11 DI Vs DI Acquires the same process variable with mechanically separated sensors
Digital output module
* Sensor contacts are mechanically connected; alternatively, you can connect two singlechannel sensors (see figure 9-17)
Figure 9-21 Wiring diagram for SM 326; DI 24 DC 24V; for application 6 Connecting two two-channel redundant sensors to two channels
9-28
Digital Modules

Table 9-8
Parameter

Type Effective in

F-Parameter:
Safety Mode 10 to 10000 ms Activated/deactivated Activated/deactivated Activated/deactivated (only if "Sensor Supply via Module" is activated) Activated/deactivated

F-monitoring time
Module Parameters:
Activated Type of Sensor Circuit
Channel Pair Channel Pair Channel Pair
Evaluation of sensors 1oo2 evaluation 2-chann. equiv. (for figures 9-20, 9-21) 2-chann. non-equiv. (for figure 9-19) 1-chann. (for figure 9-18)
Discrepancy Behavior Discrepancy Time

Time-of-day stamp
(only for 2-chann.)

Static
Channel Pair
provide last valid value. "Provide 0 value" Static Static Static Channel Pair Module Module
10 to 30000 ms (2-Chann. only) Activated/deactivated Falling edge 1 -> 0/ rising edge 0 -> 1(only if "time stamp" is activated) Two Modules (Selection of an existing additional module of the same type) 10 to 30000 ms

"Redundancy" Tab
Redundancy Redundant module Discrepancy Time
Module Redundant module pair Redundant module pair
9-29
Digital Modules
9.3.9
Diagnostic Messages for the SM 326; DI 24
DC 24V
Possible Diagnostic Messages

The following table gives you an overview of the diagnostic messages of the SM 326; DI 24 DC 24V. Diagnostic messages are assigned either to one channel or to the entire module. Some diagnostic messages occur only in particular use cases.
Table 9-9 SM 326 DI 24; DI 24 DC 24V
Relevant Application Effective Range of Diagnostic Configurable
Diagnostic message
Short circuit or sensor supply defective Short circuit to L+ on the unswitched sensor line (contact open) Short circuit to ground or sensor supply defective Short circuit to sensor supply line on unswitched sensor line (contact open) Short circuit or wire break on unswitched sensor line (contact open) Discrepancy error (1oo2 evaluation) Missing external auxiliary supply Module not assigned parameters Wrong parameters on module Communication error Module-internal supply voltage failed Time monitoring responded (watchdog) EPROM fault RAM fault Processor failure Parameter assignment error (with consecutive number) Internal error in the read circuit/test circuit Error in the cyclic redundancy check (CRC) Monitoring time for data message frame exceeded Message frame error during non fail-safe communication
3, 4, 5, 6 1,2 1, 2, 3, 4, 5, 6 1, 2, 3, 4, 5, 6 5, 6 1, 2, 3, 4, 5, 6
Channel
Yes
Module
No
Channel Module
Module
9-30
Digital Modules
Short Circuit to M and L+

The internal short-circuit tests are carried out as follows: Short circuit to chassis ground is always tested, regardless of the configuration. Short circuit to L+ is only tested when sensor supply via module or internal supply and short-circuit test are configured in HW Config.
Causes of Errors and Remedies

You can find the possible causes for faults and the corresponding remedies for the individual diagnostic messages of the SM ; DI DC 24V; with diagnostic interrupt in the subsequent tables.
Table 9-10 Diagnostic messages and their remedies for the SM 326; DI 24
Possible Causes Remedies
DC 24V
Diagnostic message
Internal short circuit or sensor supply defective Short circuit to L+ on the unswitched sensor line (contact open) Short circuit to ground or sensor supply defective
Internal fault of the sensor supply Short circuit to L+ on the unswitched sensor line (contact open) Short circuit of the input to M Internal fault of the sensor supply
Replace module Eliminate short circuit
Eliminate short circuit Replace module Eliminate short circuit
Short circuit between the unswitched Short circuit on the sensor line (contact open) and the unconnected sensor line (contact open) to the sensor sensor supply line supply line Short circuit or wire break on unswitched sensor line (contact open) Discrepancy error 1oo2 evaluation Short circuit to M of the unconnected sensor line Interruption in the wire between the module and the sensor Faulty process signal Defective sensor Short circuit between the unswitched sensor line (contact open) and the sensor supply line
Eliminate short circuit Reestablish the connection Check process signal, replace sensor if necessary Eliminate short circuit
Wire break on the switched sensor line Eliminate broken wire (contact closed) or on the sensor supply line Assigned discrepancy time too short Missing external auxiliary supply Module not assigned parameters Wrong parameters on module Supply voltage L+ for module missing No parameters transferred to the module Check the assigned discrepancy time Feed in supply L+ Reassign module parameters
Incorrect parameters transferred to the Reassign module parameters module
9-31
Digital Modules
Diagnostic message Communication error
Possible Causes
Remedies
Communication problem between the CPU and the module due, for example to a defective PROFIBUS connection or to impermissibly high electromagnetic interference Monitoring time for safety frame exceeded Test value error (CRC) due, for example, to impermissibly high electromagnetic interference CPU has gone into STOP
Check the PROFIBUS connection Eliminate the interference
Check the parameterization of the monitoring time Eliminate the interference
Read out diagnostic buffer Replace module Reduce the number of diagnostic requests Eliminate the interference Replace module Eliminate the interference and switch the supply voltage off/on Replace module Eliminate the interference Replace module Check the parameter assignment in the user program If necessary, contact SIMATIC Customer Support
Module-internal supply voltage failed Time monitoring responded (watchdog)
Internal fault of the L+ supply voltage Overload due to diagnostic request (SFCs) Impermissibly high electromagnetic interference Module Defect
EPROM fault RAM fault Processor failure
Impermissibly high electromagnetic interference Module Defect Impermissibly high electromagnetic interference Module Defect
Parameter assignment error Error in dynamic parameter (with consecutive number) assignment
Internal error in the read circuit/test circuit Error in the cyclic redundancy check (CRC)
Module Defect
Replace module
Test value error during communication Eliminate the interference between the CPU and the module due, for example, to impermissibly high electromagnetic interference or due to watchdog monitoring errors Configured monitoring time exceeded Power-up of fail-safe signal module Check the parameterization of the monitoring time Check the data frame for the "0" entry for the watchdog and test value
Monitoring time for data message frame exceeded
Message frame error during Enter the watchdog and/or the test non fail-safe communication value in the data frame
9-32
Digital Modules
Procedure Following a Wire Break Message for Multiple Channels on a Module Side
1. In the event of a simultaneous wire break message for multiple channels on a module side, check the common ground connection for this module side. 2. If necessary, repair the wire break at the common ground connection. 3. To reintegrate the module, switch the module power supply off and then on again.
9.3.10
Technical Specifications - SM 326; DI 24
DC 24V
Dimensions and Weight Dimensions W H D (mm) Weight Module-Specific Data Reconfiguration in Run (CiR) possible Behavior of nonconfigured inputs during CiR
80 125 120 Approx. 442 g Yes Deliver the last valid process value before the parameter assignment 24 12 10 Byte 4 Byte 100 m, maximum 200 m, maximum
Number of simultaneously controllable inputs Horizontal installation Up to 40 C Up to 60 C
24 24 (with 24 V) 18 (with 28.8 V) 24
Number of inputs 1-channel 2-channel Assigned address area In I/O for input In I/O for input Length of cable Unshielded Shielded Maximum achievable safety class in safety mode In Accordance with IEC 61508 In Accordance with DIN V 19250 In Accordance with EN 954-1 Fail-safe performance characteristics Low demand mode (average probability of failure on demand) High demand/continuous mode (probability of a dangerous failure per hour)
Vertical installation Up to 40 C Electrical isolation Between channels and backplane bus Between the channels In groups of Permissible potential differences between the different circuits Isolation tested with:
Yes
12 75 V DC 60 V AC DC500V/AC350V for 1 min or DC600V for 1s max. 100 mA max. 450 mA type 10 W
SIL 3 AK 6 Category 4 SIL 2 SIL 3
Current consumption From backplane bus From the load voltage 1L+/ 2L+ (without load) Power loss of module
Status, Interrupts, Diagnostics

Status display Interrupts Diagnostic Interrupt Diagnostic functions Group error display Fail-safe mode display Diagnostic information can be displayed Green LED per channel Assignable Assignable Red LED (SF) Green LED (SAFE) Possible
to be determined to be determined to be determined to be determined
Voltages, Currents, Potentials 24V DC Rated supply voltage of the electronic components and sensors 1L+, 2L+ Reverse polarity protection Yes 5 ms Voltage failure bridging (does not apply to sensor supply outputs)
9-33
Digital Modules
Sensor Supply Outputs

Number of outputs Electrical isolation between channels and backplane bus In groups of Output voltage Loaded Output current Rated value Permitted Range Additional redundant supply Short-circuit protection Input voltage Rated value At signal 1 At signal "0" Input current At signal 1 Input characteristic Connection of 2-wire proximity switch 4 Yes 2
Time, Frequency
Internal preprocessing time (without input delay) for Standard Mode
Max. to be determined
Minimum L+ (-1.5 V) 400 mA, typical 0 to 400 mA Permissible Yes, electronically
Safety mode SIL 2 (safety to be determined level AK 4, category 3) Safety mode SIL 3 (safety to be determined level AK 6, category 4)
Specifications for Sensor Selection

24V DC 11 to 30 V - 30 to 5 V 10 mA, typical In accordance with IEC 1131, Type 2 Possible if "With short-circuit Test" parameter is set to "no" Max. 2 mA
Input delay From 0 to 1 From "1" to "0" Acknowledgment Time In safety mode with 1oo1 sensor evaluation In safety mode with 1oo2 sensor evaluation Minimum sensor signal duration
2,1 to 3,4 ms 2,1 to 3,4 ms to be determined to be determined

see table 6.1
Permissible quiescent current
9-34
9.4
9.4.1
SM 326; DI 8
NAMUR
Order Number
6ES7 326-1RF00-0AB0
Features
SM 326; DI 8 NAMUR bit has the following features: SIMATIC S7 intrinsically safe digital module, suitable for connecting signals from a hazardous area 8 single-channel inputs and 4 two-channel inputs isolated from one another 24V DC rated input voltage Suitable for the following sensors To DIN 19234 and NAMUR (with diagnostic evaluation) Switched mechanical contacts (with diagnostic evaluation)
8 short circuit-proof sensor supplies for 1 channel, isolated from one another Group error display (SF) Safety mode display (SAFE) Status indicator for each channel (green LED) Assignable diagnostics Diagnostic alarm with assignable parameters Usable in standard and safety modes Warning The fail-safe performance characteristics in the technical specifications are valid for a proof-test interval of 10 years a planned outage time of 72 hours.
Adhering to Clearance in Air and Leakage Paths in Hazardous Areas

Note For the digital input modules SM 326; DI 8 NAMUR, the L+/M infeed must be via a wire chamber (order no. 6ES7 393-4AA10-0AA0) to meet the clearance for air and leakage paths in hazardous areas (see chapter 9.4.2).
9-35
Digital Modules
Address Assignment
Addressing of the inputs in the user program:
I x.0 I x.1 I x.2 I x.3
0 1
4 5
I x.4 I x.5 I x.6 I x.7
2 3
6 7
x = modules start addresses Figure 9-22 Address assignment for SM 326; DI 8 NAMUR
Front View
Common error indicator red Per channel (0 to 7):
SF SAFE
4
0 4
Saftey mode indicator - green
Status indicator - green Channel No.
Use of front connector (behind the front door): for connecting the inputs and power supply
Figure 9-23 Front view of SM 326; DI 8
NAMUR:
9-36
Digital Modules
Connectable Sensors
The following Figure shows the possible sensors and their connection to SM 326; DI 8 NAMUR.
10 k
Digital module
Digital module
1k
NAMUR sensor Monitoring for - Wire break - Short circuit
Switched contact with monitoring for - Wire break - Short circuit (resistances directly on the contact)
Figure 9-24 Connectable sensors of the SM 326; DI 8
NAMUR

The following Figure - shows the terminal assignment and block diagram of the SM 326; DI 8 NAMUR.
Overvoltage protection + 8,2 V
21 22
L+ M 24 V + 8,2 V
5 6 8 9 Status and diagnostics Logic and backplane bus interface
25 26 28 29
+ 8,2 V
+ 8,2 V
+ 8,2 V
11 12 14 15
Test
31 32 34 35
+ 8,2 V
+ 8,2 V
+ 8,2 V
Address switch
SF M
SAFE M
Status 0 ... 7
Figure 9-25 Connection and block diagram of the SM 326; DI 8
NAMUR
9-37
Digital Modules
Channel Numbers
The inputs are identified uniquely by means of the channel numbers and the channel-specific diagnostic messages are assigned. In the 1oo2 evaluation of the sensors the number of channels is halved.
left Channel number: 1oo1 1oo2
0 1 4 5
right 1oo1 1oo2
2 3
6 7
Figure 9-26 Kchannel numbers for SM 326; DI 8
NAMUR
9.4.2
Special Features when Wiring SM 326; DI 8 Hazardous Areas
NAMUR for
Wire Chamber for SM 326; DI 8
NAMUR in Hazardous Areas

NAMUR for explosive areas:
Adhere to the note below when using SM 326; DI 8
Note In the case of the digital input module SM 326; DI 8 NAMUR; the L+/M infeed must be via a wire chamber to adhere to the creepages and clearances in hazardous areas.
Wire Chamber
Order number: 6ES7 393-4AA10-0AA0; 5 units
Wire chamber for screw type Wedge for spring terminals Wire chamber for spring terminals
Separator line (break): Separate the three parts here Figure 9-27 Wire chamber for SM 326; DI 8 NAMUR
9-38
Digital Modules
Wire front connector for SM 326; DI 8
Wire the 40-pin front connector as follows: 1. Fasten the supply lines in the terminals 21 (L+) and 22 (M) and lead them out of the top (1). 2. Insert the wiring chamber into terminals (3 and 23) of the front connector (2). Screw-type connection: Then tighten the screws for terminals 3 and 23. Spring-type connection Use the supplied special key instead of the screwdriver to install the wire chamber. 3. Wire the process wires and feed them out of the bottom of the module (3). 4. Do not forget to fit the enclosed strain-relief grip around the wires (4). Result: This ensures a safely isolated connection between the wire chamber and the front connector and thus meets the safety requirements to prevent explosions.
Wire chamber of screw type terminal
Wire chamber for spring terminals
2 3 4
Wedge for spring terminals
Figure 9-28 Front connector wired for SM 326; DI 8
NAMUR
9-39
Digital Modules
Minimum Thread Length for SM 326; DI 8
Warning There must be a minimum thread length of 50 mm between the connections with safe functional extra-low voltage and the intrinsically safe connections of the SM 326; DI 8 NAMUR.This can be achieved within the front connector by using a wire chamber. The minimum thread length between the different modules may be violated in some circumstances (for example, when explosion-proof and standard modules are used together and the minimum thread length between live parts of explosionproof and standard modules is < 50 mm). You can comply with the thread length requirements between the modules in the following ways: Always insert the SM 326; DI 8 NAMUR into the ET 200M as the last module (on the far right) on the rail. This will ensure that the thread length to the module on the left is automatically correct because of the module width of the SM 326; DI 8 NAMUR. If that is not possible, insert the DM 370 dummy module between the affected intrinsically safe and standard modules. If you use the bus modules of the active backplane bus, you can also use the intrinsically safe separation bar. Warning When performing the wiring, you should always keep intrinsically safe wires separate from wires that are not intrinsically safe. Lay them in separate ducts.
Additional Information about Hazardous Areas

You can find more information on the use of the DM 370 and the intrinsically safe separation bar as well as the separation of wires that are intrinsically safe from those that are not in the reference manual S7-300, M7-300, ET 200M Programmable Controllers, I/O Modules with Intrinsically-Safe Signals.
9-40
Digital Modules
9.4.3
Applications of SM 326; DI 8
NAMUR:

The following figure helps you to select an application according to the requirements for high availability and availability. On the following pages you can find out how to wire the module for each application and which parameters you must set with STEP 7 using the S7 Distributed Safety or F Systems optional package.
Standard mode
No Safety mode?
Safety mode
Yes Required safety level? SIL 2 (AK 4, Cat. 3) SIL3 (AK 6, Cat. 4)
Yes Module redundant? Module redundant?
Yes Module redundant?
Yes
No
No
No
Standard mode
SIL 2 Safety mode
SIL 3 Safety mode
Applications 1 to 6
1
See Chap. 9.4.4
2
See Chap. 9.4.5
3
See Chap. 9.4.4
4
See Chap. 9.4.5
5
See Chap. 9.4.6
6
See Chap. 9.4.7
Figure 9-29 Selecting an application - SM 326; DI 8
NAMUR
Warning The achievable safety class is dependent on the quality of the sensor and the magnitude of the proof-test interval in accordance with IEC 61508. If the quality of the sensor is lower than the quality stipulated in the required safety class, the sensor must be applied redundantly with a two-channel connection.
9-41
Digital Modules
9.4.4
Application 1: Standard Mode and Application 3: Safety Mode SIL 2 (Safety Level AK 4, Category 3)
Below you can find the wiring diagram and the parameter assignment of the SM 326; DI 8 NAMUR for: Application 1: Standard Mode Application 3: safety mode, SIL 2 (AK 4, Category 3) For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-15 and 9-16.
Wiring Diagram for Applications 1 and 3

A one-channel sensor (1oo1 evaluation) is connected via a single channel to the digital modules for each process signal. The digital module provides the sensor supply Vs.
L+ M Vs + 8.2 V
DI
Figure 9-30 Wiring diagram for SM 326; DI 8
NAMUR for applications 1 and 3
Parameter Settings for Applications 1 and 3

Table 9-11
Parameter "Inputs" Tab
Parameters of SM 326; DI 8
Range of Values in Safety Mode

Type Standard Mode Effective in
Enable diagnostic interrupt Safety Mode Monitoring Time Sensor Evaluation Group diagnostics
"Redundancy" Tab
Yes/No Yes 10 to 10000 ms 1oo1 Evaluation Yes/No None
Yes/No No Yes/No -
Static Static Static Static Static Static
Module Module Module Module Channel Module
Redundancy
9-42
Digital Modules
9.4.5
Application 2: Standard Mode with High Availability and Application 4: Safety Mode SIL 2 (Safety Level AK 4, Category 3) with High Availability (only in S7 F/FH Systems)
Below you can find the wiring diagram and the parameter assignment of the SM 326; DI 8 NAMUR for: Application 2: standard mode with high availability Application 4: safety mode, SIL 2 (AK 4, Category 3) with fault tolerance For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-15 and 9-16.

Two one-channel, redundant sensors are connected via one channel (1oo1 evaluation) to the two digital modules for each process signal. The respective digital modules provide the sensor supply Vs.
L+ M Vs + 8.2 V
DI L+ M Vs + 8.2 V Acquires the same process variable with mechanically separated sensors
DI
9-43
Digital Modules
Parameter Settings for Applications 2 and 4

Table 9-12
Range of Values in Safety Mode

Type Standard Mode Effective in
Enable diagnostic interrupt Safety Mode Monitoring Time Sensor Evaluation Group diagnostics
"Redundancy" Tab
Yes/No Yes 10 to 10000 ms 1oo1 Evaluation Yes/No Two Modules (Selection of an existing additional module of the same type) 10 to 30000 ms
Yes/No No Yes/No -* -
Static Static Static Static Static Static Static
Module Module Module Module Channel Module Redundant module pair Redundant module pair
Redundancy Redundant module
Discrepancy Time
Static
For a redundant configuration in the standard mode, there are two digital values which you have to evaluate in the standard user program.
9-44
Digital Modules
9.4.6

Below you can find the wiring diagram and the parameter assignment of the SM 326; DI 8 NAMUR for: Application 5: safety mode, SIL 3 (AK 6, Category 4) For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-15 and 9-16.
Wiring Diagram for Application 5

Two one-channel sensors are connected via two channels to two opposite inputs in the digital module (1oo2 evaluation) for each process signal. The digital module provides the sensor supply Vs. The left channels on the module supply the user signals. This means, if no errors are detected, these signals will be available in the I/O area for inputs in the F-CPU.
L+ M Vs DI left: channel 0...3 right: channel 0...3* Vs DI * The left channels supply the user signals ** alternatively, the sensor contacts can be connected mechanically ** + 8,2 V Opposite inputs for sensor Acquires the same connection: process variable with mechanically separated 0 and 4 sensors 1 and 5 2 and 6 3 and 7
NAMUR for application 5
9-45
Digital Modules

Table 9-13

Type Scope of Action
Enable diagnostic interrupt Safety Mode Monitoring Time Sensor Evaluation Group diagnostics Discrepancy Time
"Redundancy" Tab
Yes/No Yes 10 to 10000 ms 1oo2 evaluation Yes/No 10 to 30000 ms None
Static Static Static Static Static Static Static
Module Module Module Module Channel Channel Module
Redundancy
9.4.7
Below you can find the wiring diagram and the parameter assignment of the SM 326; DI 8 NAMUR for: Application 6: safety mode, SIL 3 (AK 6, Category 4) with fault tolerance For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-15 and 9-16.
9-46
Digital Modules
Wiring Diagram for Application 6

Four one-channel, redundant sensors are connected via two channels (1oo2 evaluation) to the two digital modules for each process signal. The sensor contacts of the sensor each lead to opposite inputs of the same digital module. The respective digital modules provide the sensor supply Vs. The left channels on the module supply the user signals. This means, if no errors are detected, these signals will be available in the I/O area for inputs in the F-CPU.
L+ M Vs DI left: channel 0...3 right: channel 0...3* Vs DI ** + 8,2 V Opposite inputs for sensor connection: 0 and 4 1 and 5 2 and 6 3 and 7
L+ M Vs DI + 8.2 V
Acquires the same process variable with mechanically separated sensors Opposite inputs for sensor connection: ** 0 and 4 1 and 5 2 and 6 3 and 7
left: channel 0...3 right: channel 0...3* Vs DI
* The left channels supply the user signals ** alternatively, the sensor contacts can be connected mechanically
9-47
Digital Modules

Table 9-14

Type Scope of Action
Enable diagnostic interrupt Safety Mode Monitoring Time Sensor Evaluation Group diagnostics Discrepancy Time
"Redundancy" Tab
Yes/No Yes 10 to 10000 ms 1oo2 evaluation Yes/No 10 to 30000 ms Two Modules (Selection of an existing additional module of the same type) 10 to 30000 ms
Static Static Static Static Static Static Static Static
Module Module Module Module Channel Channel Module Redundant module pair Redundant module pair
Discrepancy Time
Static
9-48
Digital Modules
9.4.8
Diagnostic Messages for SM 326; DI 8
NAMUR:

The following table gives you an overview of the diagnostic messages of the SM 326; DI 8 NAMUR. Diagnostic messages are assigned either to one channel or to the entire module. Some diagnostic messages occur only in particular applications.
Table 9-15 Diagnostic messages of SM 326; DI 8 NAMUR
Effective Range of Diagnostic Configurable
Diagnostic message
Relevant Application
Wire break or internal error in sensor supply Short circuit between sensor line and sensor supply line Internal error in read circuit/test circuit or defective sensor supply Discrepancy error (1oo2 evaluation) Missing external auxiliary supply Module not assigned parameters Wrong parameters on module Communication error Module-internal supply voltage failed Time monitoring responded (watchdog) EPROM fault RAM fault Processor failure Parameter assignment error (with consecutive number) Error in the cyclic redundancy check (CRC) Monitoring time for data message frame exceeded Message frame error during non fail-safe communication
3, 4, 5, 6 1, 2 1, 2, 3, 4, 5, 6 5, 6 1, 2, 3, 4, 5, 6
Channel
Yes No
Channel
Yes
Module No
Module Module
9-49
Digital Modules

In the following table, you find the possible causes of faults and the corresponding remedies for the individual diagnostic messages of the SM 326, DI 8 NAMUR.
Table 9-16 Diagnostic messages and their remedies for SM 326; DI 8
Possible Causes
NAMUR
Diagnostic message
Remedies
Wire break or internal fault of the sensor supply
Interruption of the wire between the module and the NAMUR sensor With contacts as sensors: 10 k series resistor directly above the contact is missing or interrupted Channel is not connected (open) Internal fault of the sensor supply Short circuit between the two sensor lines Faulty process signal Defective NAMUR sensor Short circuit between the unswitched sensor line (contact open) and the sensor supply line Wire break on the switched sensor line (contact closed) or on the sensor supply line Assigned discrepancy time too short Supply voltage L+ for module missing No parameters transferred to the module Incorrect parameters transferred to the module The setting of the logical module address in STEP 7 does not correspond to the setting of the address switch on the module. Communication problem between the CPU and the module due, for example to a defective PROFIBUS connection or to impermissibly high electromagnetic interference Monitoring time for data frame exceeded Test value error (CRC) due, for example, to impermissibly high electromagnetic interference CPU has gone into STOP
Reestablish the connection Insert 10 k series resistor directly above the contact Disable the "Group Diagnosis" parameter for the channel Replace module Eliminate short circuit
Short circuit between the sensor line and the sensor supply line Discrepancy error 1oo2 evaluation
Check the process signal; replace the NAMUR sensor, if necessary Eliminate short circuit
Eliminate broken wire
Missing external auxiliary supply Module not assigned parameters Wrong parameters on module
Check the assigned discrepancy time Feed in supply L+ Reassign module parameters Reassign module parameters Correct the address setting and set the parameters the module again Check the PROFIBUS connection Eliminate the interference
Communication error
Read out diagnostic buffer
9-50
Digital Modules
Diagnostic message
Possible Causes
Remedies
Internal fault of the L+ supply voltage Overload due to diagnostic request (SFCs) Impermissibly high electromagnetic interference Module Defect Impermissibly high electromagnetic interference Module Defect Module Defect
Replace module Reduce the number of diagnostic requests Eliminate the interference Replace module Eliminate the interference and switch the supply voltage off/on Replace module Replace module
EPROM fault RAM fault Internal error in read circuit/test circuit or defective sensor supply Processor failure
Impermissibly high electromagnetic interference Module Defect Parameter assignment error Error in dynamic parameter (with consecutive number) assignment
Eliminate the interference Replace module Check the parameter assignment in the user program If necessary, contact SIMATIC Customer Support Eliminate the interference
Error in the cyclic redundancy check (CRC)
Monitoring time for safety frame exceeded
Test value error during communication between the CPU and the module due, for example, to impermissibly high electromagnetic interference or due to watchdog monitoring errors Configured monitoring time exceeded Check the parameterization of the monitoring time Power-up of fail-safe signal module Check the data frame for the "0" entry for the watchdog and test value
Message frame error during Enter the watchdog and/or the test non fail-safe communication value in the data frame
9-51
Digital Modules
9.4.9
Technical Specifications - SM 326; DI 8
NAMUR
Dimensions and Weight Dimensions W H D (mm) Weight Module-Specific Data Number of inputs 1-channel 2-channel Assigned address area In I/O for input In I/O for output Length of cable Shielded Unshielded Ignition protection type
Test number KEMA Maximum achievable safety class in safety mode In Accordance with IEC 61508 In Accordance with DIN V 19250 In Accordance with EN 954-1 Fail-safe performance characteristics Low demand mode (average probability of failure on demand) High demand/continuous mode (probability of a dangerous failure per hour)
80 125 120 Approx. 482 g
8 4 6 Byte 4 Byte 200 m, maximum 100 m, maximum II(2)G [EEx ib] IIC to EN 50020 99 ATEX 2671 X Single-ch. Two-ch. SIL 2 SIL 3 AK 4 Cat. 3 SIL 2 AK 6 Cat. 4 SIL 3
Permitted potential difference Between different circuits [EEx] Between different circuits [not EEx] Isolation tested with: Channels against the backplane bus and load voltage L+ Load voltage L+ against the backplane bus Chan. between each other Current consumption From backplane bus From load voltage L+ (without load) Power loss of module
60 V DC 30 V AC 75 V DC 60 V AC 1500 VAC 500 V DC and 350 V AC 1500 VAC 90 mA, maximum 160 mA, maximum 4.5 W, typical
2.74E-06 4.83E-08
Status, Interrupts, Diagnostics Status display Green LED per channel Interrupts Diagnostic Interrupt Assignable Assignable Diagnostic functions Group error display Red LED (SF) Fail-safe mode display Green LED (SAFE) Diagnostic information can be displayed Possible Sensor Supply Outputs Number of outputs Output voltage Short-circuit protection
8 8,2 VDC Yes, electronically
3.13E-11 5.51E-13
Voltages, Currents, Potentials Rated supply voltage of the electr. comp. and sensor L+ Reverse polarity protection Voltage failure ride-through Number of simultaneously controllable inputs Horizontal installation Up to 60 C Vertical installation Up to 40 C Electrical isolation Between channels and backplane bus Between channels and voltage supply of electronics Between the channels
24V DC Yes 5 ms
8 8
Yes Yes
Safety Guidelines (See Conformity Description in the Appendix) Highest values of the input circuits (per channel) U0 (Output open-circuit 10 V, maximum voltage) I0 (Short-circuit current) 13,9 mA, maximum P0 (Load power) Max. 33.1 mW L0 (Permissible external Max. 80 mH induction) C0 (Permissible external Max. 3 F capacity) Um (Fault voltage) Max. 60 V DC Max. 30 V AC Ta (Permissible ambient Max. 60 C temperature)
Yes
9-52
Digital Modules
Specifications for Sensor Selection Sensor To DIN 19234 and NAMUR Input current At signal "0" 0.35 to 1,2 mA At signal 1 2,1 to 7 mA
Time, Frequency Internal preprocessing time (without input delay) for Standard Mode Safety Mode
Input delay From 0 to 1 From "1" to "0" Acknowledgment Time in safety mode Minimum sensor signal duration
Typically 55 ms 55 ms 1,2 to 3 ms 1,2 to 3 ms
Max. 60 ms 60 ms
68 ms, maximum Min. 38 ms
9-53
Digital Modules
9.5
9.5.1
SM 326; DO 8
DC 24V/2A PM
Order Number
6ES7 326-2BF40-0AB0
Features
The SM 326; DO 8 DC 24V/2A PM; has the following features: 8 outputs, isolated as two groups of 4 P-M switching (current sourcing/sinking) 2 A output current 24V DC rated load voltage Suitable for solenoid valves, DC contactors, and indicator lights Common error display (SF) Safety mode indicator (SAFE) Status indicator for each channel (green LED) Assignable diagnostics Diagnostic alarm with assignable parameters can be used in safety mode simplified PROFIsafe address assignment Warning The fail-safe performance characteristics in the technical specifications are valid for a proof-test interval of 10 years a planned outage time of 100 hours.
9-54
Digital Modules
Address Assignment
Addressing of the outputs in the user program
Q x.0 Q x.1
0 1
4 5
Q x.4 Q x.5
Q x.2 Q x.3
2 3
6 7
Q x.6 Q x.7
x = modules start address
Figure 9-34 Address assignment for SM 326; DO 8
DC 24V/2A PM
Front View
Common error indicator red
SF SAFE
Per channel (0 to 7):
Status indicator green Bit address
Use of front connector (behind the front door) for: - Connection of outputs - Power supply of the modules - Load voltage supply of the outputs
Figure 9-35 Front View of the SM 326; DO 8
DC 24V/2A PM; with Diagnostic Interrupt
9-55
Digital Modules

The following figure shows the terminal assignment and block diagram of the SM 326; DO 8 DC 24V/2A PM.
dsfs
Overvoltage protection 5 6 8 9 11 12 14 15 Logic and backplane bus interface Diagnostic status
21 22
1L+ 1M
24 V
Diagnostic switch
25 26 28 29 31 32 34 35 37 38 39 40 3L+ 3L+ 3M 3M
P switch
Read back
M switch 2L+ 2L+ 2M 2M 17 18 19 20 Address switch SF M
Read back
SAFE M
Status (1 of 8) M
Figure 9-36 Terminal assignment and block diagram of the SM 326; DO 8
DC 24V/2A PM
Channel Numbers
The outputs are identified uniquely by means of the channel numbers and the channel-specific diagnostic messages are assigned.
Channel number:
left
0 1 4 5
right
2 3
6 7
Figure 9-37 Channel numbers for SM 326; DO 8 DO 8 DC 24V/2A PM
DC 24V/2A PM Applications of SM 326;
9-56
Digital Modules
9.5.2
Applications of the SM SM 326; DO 8
DC 24V/2A PM

The following figure helps you to select a use case according to the requirements for high availability and availability.On the following pages you can find out how to wire the module for each application and which parameters you must set with STEP 7 using the S7 Distributed Safety or F Systems optional package.
SIL3 (AK 6, Cat. 4)
Required safety level? SIL 2 (AK 4, Cat. 3)
SIL 2 Safety mode
SIL 3 Safety mode
Applications 1 and 2
1
See Chapt. 9.5.2
2
See Chapt. 9.5.2
Figure 9-38 Selecting an Application - SM 326; DO 8
DC 24V/2A PM
9-57
Digital Modules
9.5.3
Application 1: Safety Mode SIL 2 (Safety Level AK 4, Category 3) and Application 2: Safety Mode SIL 3 (Safety Level AK 6, Category 4)
Below you can find the wiring diagram and the parameter assignment of the SM 326; DO 8 DC 24V/2APM for: Application 1: safety mode, SIL 2 (AK 4, Category 3) Application 2: safety mode, SIL 3 (AK 6, Category 4) Diagnostic messages, possible causes and remedies can be found in Tables 9-18 and 9-19.

The 8 fail-safe digital outputs each consist of a P-switch DOx P (current sourcing) and an M-switch DOx M (current sinking). The load is connected between the P and M-switches.
00
1L+ 1M DOx P DOx M 2L+
2M
Figure 9-39 Wiring diagram for SM 326; DO 8
DC 24V/2A PM for applications 1 and 2
9-58
Digital Modules
Connection of Two Relays on One Digital Output

You can connect two relays using one fail-safe digital output. The following conditions should be kept in mind: L+ and M of the relays must be connected to L2+ and M of the module (reference potential must be equal). The normally open contact of the two relays must be connected in series. A connection to each of the 8 digital outputs is possible.An example of the connection of an output is shown in the figure below. This connection enables AK6/SIL3/Category 4 to be achieved.
00
2M
Figure 9-40 Wiring diagram 2 relays on one digital output of SM 326; DO 8 DC 24V/2A PM
Warning To avoid cross circuits between P and M-switches of a fail-safe digital output, you should connect the relay on the between P and M-switches to protect against cross circuits (for example with cables separately sheathed or in a separate cable duct).
Warning When connecting two relays on one digital output, the errors "wire break and "overload" are detected only on the P-switch of the output (not on the M-switch). The controlled actuator can no longer be switched off when there is a cross circuit between the P and M-switches of the output.
9-59
Digital Modules
Avoiding/Protecting against Cross Circuits between P and M-Switches

To protect against cross circuits between P and M-switches of a fail-safe digital output, we recommend the following wiring schemes:
00
2M
Figure 9-41 Wiring diagram 2 relays on one digital output of SM 326; DO 8 DC 24V/2A PM Protection against cross circuits
Note The "wire break fault is only detected at the P or M-switch of the output when the two P or M relays are separated.
9-60
Digital Modules
Parameter Settings for Applications , 1 and 2

Table 9-17 Parameters of SM 326; DO 8 Parameter "Parameter" tab
F-Parameter:
DC 24V/2A PM for applications 1 and 2 Type Effective in
Range of Values
F-monitoring time
Module Parameters:
10 to 10000 ms
Static
Module Module Channel Channel
Diagnostic Interrupt Activated Diagnostics: Wire break
Activated/deactivated Static Activated/deactivated Static Activated/deactivated Static
9-61
Digital Modules
9.5.4
Diagnostic Messages for SM 326; DO 8
DC 24V/2A PM

The following table gives you an overview of the diagnostic messages of the SM 326; DO 8 DC 24V/2A PM. Diagnostic messages are assigned either to one channel or to the entire module.
Table 9-18 Diagnostic messages of the SM 326; DO 8
Diagnostic message
DC 24V/2A;
Effective Range of Diagnostic Configurable
Wire break DOx_P Short circuit to ground at the output or output driver defective DOx_M Short circuit to ground at the output or output driver defective DOx_P Short circuit to L+ at the output or output driver defective DOx_M Short circuit to L+ at the output or output driver defective Missing external auxiliary supply Module not assigned parameters Wrong parameters on module Communication error Module-internal supply voltage failed Watchdog operated EPROM fault RAM fault Internal error in read circuit/test circuit or defective sensor supply Processor failure Parameter assignment error (with consecutive number) External load voltage missing Short circuit DOx_P to DOx_M Defective output driver Excess temperature at output driver Load voltage not connected Defective load voltage or not connected Error in the cyclic redundancy check (CRC) Monitoring time for data message frame exceeded
1, 2 1, 2 1, 2
Channel
Yes
Module
No
Module
9-62
Digital Modules

You will find the possible causes of faults and the corresponding remedies for the individual diagnostic messages of the SM 326, DO 8 DC 24V/2A PM.
Table: 9-19
Diagnostic message
Diagnostic messages and their remedies for the SM 326; DO 8

Error Detection Possible Causes
DC 24V
Remedies
Wire break
Only in the event of "1" at the output signal Only when the output signal is "1"
Interruption in the wire between the module and the actuator Channel not connected (open) or unused Output overload Short circuit of the output to M Undervoltage of the load voltage supply Defective output driver Short circuit of the output to 1L+ of the module supply Short circuit between channels with different signals Defective output driver
Reestablish the connection Disable "Group diagnosis" for the channel Eliminate overload Eliminate short circuit Check the load voltage supply Replace module Eliminate short circuit Module reset necessary (supply voltage off/on) Eliminate short circuit Module reset necessary (supply voltage off/on) Replace module Feed the 1L+ supply Reassign module parameters Reassign module parameters Replace module
Short circuit to ground at the output or output driver defective
Short circuit to L+ at the output or output driver defective
Only when the output signal is "1"
Missing external auxiliary supply Module not assigned parameters Wrong parameters on module Module-internal supply voltage failed
General General General General
The 1L+ supply voltage of the module is missing No parameters transferred to the module Incorrect parameters transferred to the module Internal fault of the 1L+ supply voltage
9-63
Digital Modules
Diagnostic message
Error Detection
Possible Causes
Remedies
Time monitoring responded (watchdog)
General
Overload due to diagnostic request (SFCs) Impermissibly high electromagnetic interference Module Defect
Reduce the number of diagnostic requests Eliminate the interference Replace module Check the PROFIBUS connection Eliminate the interference
Loss of communication
General
Communication problem between the CPU and the module due, for example to a defective PROFIBUS connection or to impermissibly high electromagnetic interference Monitoring time for data frame exceeded Test value error (CRC) due, for example, to impermissibly high electromagnetic interference CPU has gone into STOP
Read out diagnostic buffer Eliminate the interference and switch the supply voltage off/on Replace module Replace module
EPROM fault RAM fault
General
Impermissibly high electromagnetic interference Module Defect
Internal error in the read circuit/test circuit Processor failure
General
Module Defect
General
Impermissibly high electromagnetic interference Module Defect Error in dynamic parameter assignment
Eliminate the interference Replace module Check the parameterization in the user program. If necessary, contact SIMATIC Customer Support Replace module Eliminate overload Replace module
Parameter assignment error (with consecutive number)
General
Defective output driver Excess temperature at output driver
General General
Module Defect Output overload Internal error of the output driver
9-64
Digital Modules
Diagnostic message
Error Detection
Possible Causes
Remedies
Defective load voltage or not connected Error in the cyclic redundancy check (CRC)
General
Load voltage 2L+, 3L not connected External fault of the load voltage 2L+, 3L+
Feed supply 2L+, 3L+ Replace module Eliminate the interference
General
Test value error occurred in the communication between the CPU and the module due, for example, to impermissibly high electromagnetic interference or due to watchdog monitoring errors Configured monitoring time exceeded Power-up of fail-safe signal module
General
Check the parameterization of the monitoring time -
9-65
Digital Modules
9.5.5
Technical Specifications - SM 326; DO 8

Electrical isolation 80 125 120

DC 24V/2A PM
Dimensions and Weight

Dimensions W Weight H D (mm) Approx. 465 g
Between channels and backplane bus Between channels and voltage supply of electronics Between the channels In groups of
Yes Yes
Module-Specific Data
Number of outputs Assigned address area

8 5 Byte 5 Byte 600 m, maximum 1000 m, maximum 200 m, maximum
Yes 4 DC500V/AC350V for 1 min or DC600V for 1s max. 100 mA max. 75 mA max. 100 mA typically 12 W Green LED per channel Assignable Assignable Red LED (SF) Green LED (SAFE) Possible
In I/O for input In I/O for output Unshielded Shielded At SIL 3, safety level AK 5 and 6, Cat. 4
Isolation tested with:
Length of cable Current consumption

From backplane bus From the supply volt. 1L+ From the load voltage 2L+/ 3L+ (without load)
Maximum achievable safety class in safety mode

In Accordance with IEC 61508 In Accordance with DIN V 19250 In Accordance with EN 954-1
Power loss of module

Status display Interrupts

Diagnostic Interrupt Group error display Fail-safe mode display Diagnostic information can be read out
Fail-safe performance characteristics
Diagnostic functions

Low demand mode (average probability of failure on demand) High demand/continuous mode (probability of a dangerous failure per hour)
to be determined to be determined
Data for Selecting an Actuator

Output voltage
Voltages, Currents, Potentials

Rated supply voltage of the electronic components 1L+

At signal 1
Min. L + (- 1.0 V)
24V DC Output current Yes 24V DC No
Reverse polarity protection Reverse polarity protection
Rated load voltage 2L+/3L+ Total current of the outputs (per group)
Horizontal installation Up to 40 C Up to 60 C Vertical installation Up to 40 C
Max. 7.5 A Max. 5 A Max. 5 A
At signal 1 Rated value Permissible range up to 40 C horizontal installation Permissible range up to 40 C horizontal installation Permissible range up to 60 C horizontal installation At signal 0 (residual current) Up to 40 C Up to 60 C
2A 7 mA to 2 A 7 mA to 1 A 7 mA to 1 A Max. 0.5 mA
Load impedance range

12 to 3,4 k 24 to 3,4 k
9-66
Digital Modules
Data for Selecting an Actuator (Continued)

Lamp load Control of a digital input Switching frequency

5 W, maximum Not possible 30 Hz, maximum
With resistive load
In the case of an inductive 2 Hz, maximum load To IEC 947-5-1, 13 DC With lamp load 10 Hz, maximum Minimum L+ (33 V) Yes, electronically 2.6 to 4 A
Inductive breaking voltage limited (internally) to Short-circuit protection of the output
Response threshold
Time, Frequency
Internal processing time for Safety Mode Acknowledgment Time in safety mode to be determined to be determined
9-67
Digital Modules
9.6
9.6.1
SM 326; DO 10
DC 24V/2A
Order Number
6ES7 326-2BF01-0AB0
Features
The SM 326; DO 10 2 A output current 24V DC rated load voltage Suitable for solenoid valves, DC contactors, and indicator lights 2 connections per output One connection for single-channel actuator control (without series diode) One connection for redundant actuator control (with series diode) DC 24V/2A has the following features: 10 outputs, isolated as two groups of 5
Group error display (SF) Safety mode display (SAFE) Status indicator for each channel (green LED) Assignable diagnostics Diagnostic alarm with assignable parameters Configurable substitute value output in standard mode Usable in standard and safety modes Warning The fail-safe performance characteristics in the technical specifications are valid for a proof-test interval of 10 years a planned outage time of 72 hours.
9-68
Digital Modules
Redundant Output Signals
Warning The output with a series diode can be used for redundant control of an actuator. Redundant control can take place from 2 different modules without an external circuit. The two signal modules must have the same reference potential (M).
Note If you use 326; DO 10 DC 24V/2A redundantly, you have to supply these F-SMs with the same load voltage. If this is not possible with one power supply unit due to availability, then use two redundant power supply units. Please note that the power supply units must be connected via diodes.
Short circuit to L+ in a Redundant Interconnection
Warning Short circuit to L+ in SM 326; DO 10 accordance with standards.
DC 24V/2A must be avoided by wiring in
In the event of a short circuit to L+ in a redundant interconnection on an output with a series diode, the corresponding output may not be switched off and the actuator remains activated.
9-69
Digital Modules
Connecting capacitive loads

The error message "Short circuit to L+ or Defective output driver may occur when the outputs without series diodes of the SM 326; DO 10 DC 24V/2A are connected to loads that require little current and show a capacity. Reason: Capacities cannot be sufficiently discharged during self-test readback time of 1 ms. The following figure shows a typical curves representing the correlation between load impedance and switched load capacitance for a 24V DC power supply.
Capacitive in F
Load current in mA
Figure 9-42 Correlation between load impedance and switched load capacitance for SM 326; DO 10 24V/2A DC
Remedy: 1. Determine the load current and capacitance of the load. 2. Determine the operating point in the figure above. 3. If the operating point lies above the curve, do one of the following: Increase the load current by connecting a resistor in parallel to bring the operating point below the curve or Use the output with series diodes
9-70
Digital Modules
Front View
Common error indicator red Per channel (0 to 9):
SF SAFE
Status indicator green Bit address
Use of front connector (behind the front door) for: - Connection of outputs - Power supply of the modules - Load voltage supply of the outputs
Figure 9-43 Front view of SM 326; DO 10
DC 24V /2 A
Address Assignment
0 1 2
5 6 7
Output byte x (Q x.5 to Q x.7)
Output byte x (Q x.0 to A x.4)
3 4
0 1
Output byte x+1 (Q x+1.0, Q x+1.1)
x = Modules start address Figure 9-44 Address assignment for SM 326; DO 10 DC 24V/2A
9-71
Digital Modules

The following figure shows the terminal assignment and block diagram of the SM 326; DO 10 DC 24V/2A PM.
dsfs
Overvoltage protection 3 4 6 7 9 10 12 13 15 16 17 18 19 20 Logic and backplane bus interface Main switch Output driver Status
21 22 23 24 26 27 29 30 32 33 35 36 37 38 39 40
1L+ 1M
24 V
Read back
24V 2L+ 2L+ 2M 2M
Diagnostics
3L+ 3L+ 3M 3M
24V
Address switch SF M
SAFE M
Figure 9-45 Terminal assignment and block diagram of the SM 326; DO 10
DC 24V/2A
Channel Numbers
The outputs are identified uniquely by means of the channel numbers and the channel-specific diagnostic messages are assigned.
Channel number: left
0 1 2 5 6 7
right
3 4
0 1
Figure 9-46 Channel numbers for SM 326; DO 10
DC 24V/2A
9-72
Digital Modules
9.6.2
Applications for SM 326; DO 10
DC 24V/2A

The following figure helps you to select the application in accordance with the requirements in terms of fail safety and fault tolerance (availability). On the following pages you can find out how to wire the module for each application and which parameters you must set with STEP 7 using the S7 Distributed Safety or F Systems optional package.
Standard mode
No Safety mode? Yes Required safety level? SIL 2 (AK 4, Cat. 3) Yes Mlodule redundant? Module redundant? Yes Module redundant? Yes SIL3 (AK 6, Cat. 4)
Safety mode
No
No
No
Standard mode
SIL 2 Safety mode
SIL 3 Safety mode
Applications 1 to 6
1
see Chap. 9.6.3
2
see Chap. 9.6.4
3
see Chap. 9.6.3
4
see Chap. 9.6.4
5
see Chap. 9.6.3
6
see Chap. 9.6.4
Figure 9-47 Selecting an application - SM 326; DO 10 DC 24V/2A
9-73
Digital Modules
Avoiding Dark Periods During Safety Mode
Warning If you are using actuators that respond too quickly exclusively during "dark period" test signal injection (i..e. < 1 ms), you can still use the internal test coordination by parallel-switching two opposite outputs (with a series diode) at a time. The dark periods are suppressed in the case of parallel connection (see chapter 9.6.5).
9.6.3
Application 1: Standard Mode, Application 3: Safety Mode SIL 2 (Safety Level AK 4, Category 3) and Application 5: Safety Mode SIL 3 (Safety Level AK 6, Category 4)
Below you can find the wiring diagram and the parameter assignment of the SM 326; DO 10 DC 24V/2A; for: Application 1: Standard Mode Application 3: safety mode, SIL 2 (AK 4, Category 3) Application 5: safety mode, SIL 3 (AK 6, Category 4) For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-22 and 9-23.
Wiring Diagram for Applications 1, 3 and 5

One actuator is connected via a single pin for each process signal. The load power supply is connected to the digital module on terminals 2L+/2M, 3L+/3M.
1L+ 1M DO
2L+
2M
Figure 9-48 Wiring diagram for the SM 326; DO 10 3 and 5
DC 24V/2A; for applications 1,
Warnung A suitable actuator is required to attain SIL 3 (safety level AK 6, category 4) with this interface module.
9-74
Digital Modules
Connection of Two actuators to 1 Digital Output

You can connect two actuators using one fail-safe digital output. The following conditions should be kept in mind: L+ and M of the actuators must be connected to L2+ and M of the module (reference potential must be equal). The actuators can be connected to each of the 10 digital outputs. An example of the connection of an output is shown in the figure below. This connection enables AK6/SIL3/Category 4 to be achieved.
1L+ 1M DO
2L+
2M
Figure 9-49 Wiring diagram 2 actuators on one digital output of SM 326; DO 10 DC 24V/2A
9-75
Digital Modules
Parameter Settings for Applications 1, 3 and 5

Table 9-20
Parameter of the SM 326; DO 10

Range of Values Safety Mode
DC 24V/2A; for applications 1, 3 and 5

Type Effective in
Standard Mode
Enable diagnostic interrupt mode
Yes/No
Yes/No
Static Static
Module Module
Safety mode in accordance with SIL2/safety level AK4 Safety Mode in Accordance with SIL3/Safety Level AK 6
Standard Mode
Monitoring Time Daily (or More Frequent) Signal Change Behavior during CPU STOP
10 to 10000 ms Yes/No
Static Static
Module Module
Apply Substitute Value Keep Last Valid Value
Static Module
Group diagnostics Yes/No Apply Substitute Value "1"

"Redundancy" Tab
Yes/No Yes/No
Static Static
Channel Channel
Redundancy
None
Static
Module
9-76
Digital Modules
9.6.4
Application 2: Standard Mode with High Availability and Application 4: Safety Mode SIL 2 (Safety Level AK 4, Category 3) with High Availability and Application 6: Safety Mode SIL 3 (Safety Level AK 6, Category 4) with High Availability (only in S7 F/FH Systems)
Below you can find the wiring diagram and the parameter assignment of the SM 326; DO 10 DC 24V/2A; for: Application 2: standard mode with high availability Application 4: safety mode, SIL 2 (AK 4, Category 3) with fault tolerance Application 6: safety mode, SIL 3 (AK 6, Category 4) with fault tolerance For diagnostic messages, possible causes of error and their remedies, refer to Tables 9-22 and 9-23.
Wiring Diagram for Applications 2, 4 and 6

One actuator controlled redundantly by the two digital modules is required for each process signal. The load power supply is connected to the relevant digital module at terminals 2L+/2M, 3L+/3M.
1L+ 1M
DO 2L+
2M
1L+ 1M
DO 2L+
2M
Figure 9-50 Wiring diagram for the SM 326; DO 10 for applications 2, 4 and 6
DC 24V/2A;
9-77
Digital Modules
Parameter Settings for Applications 2, 4 and 6

Table 9-21
Parameter of the SM 326; DO 10 for applications 2, 4 and 6

Range of Values Safety Mode
DC 24V/2A;
Type Effective in
Standard Mode
Enable diagnostic interrupt mode
Yes/No
Yes/No
Static Static
Module Module
Safety mode in accordance with SIL2/safety level AK4 Safety Mode in Accordance with SIL3/Safety Level AK 6
Standard Mode
Monitoring Time Daily (or More Frequent) Signal Change Behavior during CPU STOP
10 to 10000 ms Yes/No
Static Static
Module Module
Apply Substitute Value Keep Last Valid Value
Static Module
Group diagnostics Yes/No Apply Substitute Value "1"

"Redundancy" Tab
Yes/No Yes/No
Static Static
Channel Channel
Two Modules (Selection of an existing additional module of the same type)
-* -
Static Static
Module Redundant module pair
In the standard mode in the event of a redundant configuration, there are two digital values which you have to evaluate in the standard user program.
9-78
Digital Modules
9.6.5
Parallel Connection of Two Outputs for Dark Period Suppression
Applications
Connecting two outputs in parallel to suppress a dark period is possible in all applications in safety mode (3, 4, 5 and 6).
wiring diagram
Connect two opposite outputs with a series diode to an output. By interconnecting them in this way and using an internal test coordination between outputs 0...4 and 5... 9, you suppress the "0" test pulse (dark period).
jhhjh
1L+ 1M
DO 3L+
right: channel 5...9 left: channel 0...4
3M
2L+ 2M
Figure 9-51 Parallel connection of two outputs for the dark period suppression of SM 326; DO 10 DC 24V/2A
Assign parameters to the fail-safe signal modules as described for the various applications on the previous pages. An additional parameter is not required for the interconnection. Make sure that the two interconnected outputs are always controlled identically rather than one output on its own. A total of 4 outputs with a series diode are required for a process signal in a redundant I/O system.
9-79
Digital Modules
9.6.6
Diagnostic Messages of SM 326; DO 10
DC 24V/2A

The following table gives you an overview of the diagnostic messages of the SM 326; DO 10 DC 24V/2A. Diagnostic messages are assigned either to one channel or to the entire module. Some diagnostic messages occur only in particular applications.
Table 9-22 Diagnostic messages of the SM 326; DO 10
DC 24V/2A
Effective Range of Diagnostic Configur able
Diagnostic message
Wire break Short circuit to ground at the output or output driver defective Short circuit to L+ at the output or output driver defective* Missing external auxiliary supply Module not assigned parameters Wrong parameters on module Communication error Module-internal supply voltage failed Time monitoring responded (watchdog) EPROM fault, RAM fault Internal error in read circuit/test circuit or defective sensor supply Processor failure Parameter assignment error (with consecutive number) External load voltage missing Defective main switch Defective output driver Excess temperature at output driver Load voltage not connected Defective load voltage or not connected Error in the cyclic redundancy check (CRC) Monitoring time for data message frame exceeded Message frame error during non fail-safe communication
3, 4, 5, 6 1, 2 1, 2, 3, 4, 5, 6 1, 2, 3, 4, 5, 6 1, 2, 3, 4, 5, 6
Channel Module
Yes Yes
Module No
Module Module
The module is passivated. In the event of a repeated short-circuit, the module immediately switches off itself with "Processor failure".
9-80
Digital Modules

You can find the possible causes for faults and the corresponding remedies for the individual diagnostic messages of the SM ; DO DC 24V/2A; with diagnostic interrupt in the subsequent tables.
Table 9-23
Diagnostic message
Diagnostic messages and their remedies for the SM 326; DO 10

Error Detection Possible Causes
DC 24V/2A
Remedies
Wire break
Only in the event of "1" at the output or during light test*
Interruption in the wire between the module and the actuator Channel is not connected (open)
Reestablish the connection Disable "Group diagnosis" for the channel Eliminate short circuit
In the case of outputs with a series diode: Short circuit of the output to 1L+ of the module supply In the case of outputs with a series diode: Short circuit between channels with different signals
Eliminate short circuit
Short circuit to ground at the output or output driver defective
Only in the event of "1" at the output or during light test*
Output overload Short circuit of the output to M Undervoltage of the load voltage supply Defective output driver
Eliminate overload Eliminate short circuit Check the load voltage supply Replace module Eliminate short circuit Module reset necessary (supply voltage off/on) Eliminate short circuit Module reset necessary (supply voltage off/on) Replace module
Short circuit to L+ at the output or output driver defective
Only in the Short circuit of the output to 1L+ of event of "1" at the module supply the output without a series Short circuit between channels with diode different signals or in the case of an output with a Defective output driver series diode and an internal L+ short circuit
Missing external auxiliary supply Module not assigned parameters Wrong parameters on module
General General General
The 1L+ supply voltage of the module is missing No parameters transferred to the module Incorrect parameters transferred to the module
Feed the 1L+ supply Reassign module parameters Reassign module parameters
* Light period occurs in SIL when the "Signal Changes Daily or More Often" parameter is deselected
9-81
Digital Modules
Diagnostic message
Error Detection
Possible Causes
Remedies
General General
Internal fault of the 1L+ supply voltage Overload due to diagnostic request (SFCs) Impermissibly high electromagnetic interference Module Defect
Replace module Reduce the number of diagnostic requests Eliminate the interference Replace module Check the PROFIBUS connection Eliminate the interference
Loss of communication
General
Communication problem between the CPU and the module due, for example to a defective PROFIBUS connection or to impermissibly high electromagnetic interference Monitoring time for data frame exceeded Test value error (CRC) due, for example, to impermissibly high electromagnetic interference CPU has gone into STOP
Read out diagnostic buffer Eliminate the interference and switch the supply voltage off/on Replace module Replace module
EPROM fault RAM fault
General
Internal error in the read circuit/test circuit Processor failure
General
Module Defect
General
Eliminate the problem, remove and insert the module again Replace module Check the parameterization in the user program. If necessary, contact SIMATIC Customer Support Feed supply 2L+, 3L+ Replace module Replace module Eliminate overload Replace module Feed supply 2L+, 3L+ Feed supply 2L+, 3L+ Replace module
Parameter assignment error (with consecutive number)
General
Error in dynamic parameter assignment
External load voltage General missing Defective main switch Defective output driver Excess temperature at output driver Load voltage not connected Defective load voltage or not connected General General General General General
The load voltage 2L+, 3L+ of the module is missing Module Defect Module Defect Output overload Internal error of the output driver The load voltage 2L+, 3L+ of the module is missing Load voltage 2L+, 3L not connected External fault of the load voltage 2L+, 3L+
9-82
Digital Modules
Diagnostic message
Error Detection
Possible Causes
Remedies
Error in the cyclic redundancy check (CRC)
General
Test value error occurred in the communication between the CPU and the module due, for example, to impermissibly high electromagnetic interference or due to watchdog monitoring errors Configured monitoring time exceeded Power-up of fail-safe signal module
Eliminate the interference
General
Check the parameterization of the monitoring time Check the data frame for the "0" entry for the watchdog and test value
Message frame error General during non fail-safe communication
Enter the watchdog and/or the test value in the data frame
9-83
Digital Modules
Faulty Diagnosis After a Wire Break on Redundant Digital Output Modules

During the redundant use of fail-safe output modules SM 326; DO 10 DC 24V/2A; the following response may occur in the event of a fault: When a wire break occurs on a channel, the faulty channel and another channel or several other channels are reported as faulty when the connected loads are very different.
1L+ 1M A0
A1
wire break
2L+
12 Ohm I=2 A
2M
1L+ 1M A0
1 kOhm I=24 mA The load rate is wrongly selected here!

2L+
A1
2M
Figure 9-52 Incorrect detection of wire break on redundant SM 326; DO 10 DC 24V/2A
Example: In this example, channels A0 and A1 are reported faulty when a wire break occurs at A0. The cause is the very extreme variation in load on the two channels: 2 A and 24 mA. What to do: To obtain a correct error diagnosis from the modules, the output channels of a module must have approximately the same load. This means that the ratio of the lowest load to the highest load must be at least 1:5.
Faulty Diagnosis Given a Short Circuit

During a short circuit of a channel of the fail-safe digital output module SM 326; DO 10 DC 24V/2A; with diagnostic interrupt after L+ or a short circuit between channels with different signals, in addition to the affected channel, all the other channels of the half containing the faulty channel are also reported as faulty and passivated. A short circuit that lasts a long time will result in the complete failure of the module.
9-84
Digital Modules
9.6.7
Dimensions W Weight
Technical Specifications - SM 326; DO 10

H D (mm) 80 125 120 Approx. 465 g 10 6 Byte 8 Byte 600 m, maximum 1000 m, maximum 200 m, maximum
DC 24V/2A
75 V DC 60 V AC DC500V/AC350V for 1 min or DC600V for 1s 100 mA, maximum 70 mA, maximum 100 mA, maximum 12 W, typical Green LED per channel Assignable Assignable Red LED (SF) Green LED (SAFE) Possible Yes, only in standard mode
Number of outputs Assigned address area In I/O for input In I/O for output Length of cable Unshielded Shielded At SIL 3, safety level AK 6, Cat. 4 Maximum achievable safety class in safety mode In Accordance with IEC 61508 In Accordance with DIN V 19250 In Accordance with EN 954-1 Fail-safe performance characteristics Low demand mode (average probability of failure on demand) High demand/continuous mode (probability of a dangerous failure per hour)
Permissible potential differences between the different circuits Isolation tested with:
Current consumption From backplane bus From the supply volt. 1L+ From the load voltage 2L+/ 3L+ (without load) Power loss of module

Status display
6.97E-06 6.97E-06
Interrupts Diagnostic Interrupt Diagnostic functions Group error display Fail-safe mode display Diagnostic information can be read out Substitute values can be applied
Data for Selecting an Actuator

Output voltage At signal 1 Without series diode With series diode Output current At signal 1 Rated value Permissible range up to 40C Horizontal installation Permissible range up to 40C horizontal installation Permissible range up to 60C Horizontal installation
7.96E-11 7.96E-11
Min. L + (- 1.0 V) Min. L + (- 1.8 V)
Voltages, Currents, Potentials

Rated supply voltage of the electronic components 1L+ Reverse polarity protection Rated load voltage 2L+/3L+ Reverse polarity protection Total current of the outputs without series diode (per group) Horizontal installation Up to 40 C Up to 60 C Vertical installation Up to 40 C Total current of the outputs with series diode (per group) Horizontal installation Up to 40 C Up to 60 C Vertical installation Up to 40 C Electrical isolation Between channels and backplane bus Between channels and voltage supply of electronics Between the channels In groups of 24V DC Yes 24V DC No
2A 7 mA to 2 A
7 mA to 1 A 7 mA to 1 A Max. 0.5 mA
Max. 7.5 A Max. 5 A Max. 5 A
At signal 0 (residual current)
Data for Selecting an Actuator (Continued)

Load resistance range Up to 40 C Up to 60 C Lamp load Parallel connection of 2 outputs For redundant control of a load 12 to 3,4 k 24 to 3,4 k 5 W, maximum
Max. 5 A Max. 4 A Max. 4 A Yes Yes
For an increase in power Control of a digital input
Only outputs with series diode; outputs must have the same reference potential Not possible Possible
Yes 5
9-85
Digital Modules
Switching frequency With resistive load In the case of an inductive load To IEC 947-5-1, 13 DC With lamp load Short-circuit protection of the output Response threshold Response threshold for redundant interconnections
Time, Frequency
10 Hz, maximum 2 Hz, maximum Internal processing time for Standard Mode Safety Mode Acknowledgment Time in safety mode Max. 22 ms 24 ms 20 ms, maximum
10 Hz, maximum Yes, electronically 2.6 to 4.5 A 5.2 to 9 A
9-86
10
10.1
Overview
Analog Module
Introduction
The SM 336; AI 6 13 Bit, a fail-safe, redundancy-capable analog input module of the S7-300 module family, is available for connecting analog sensors/encoders. This section presents the following information on this fail-safe analog module: Properties Module view and block diagram Applications with connection diagrams and parameter assignment Diagnostic messages with remedies Technical specifications Warning The fail-safe performance characteristics in the technical specifications are valid for a proof-test interval of 10 years a planned outage time of 72 hours.
10-1
Analog Module
10.2
Analog Value Representation
Measured Value Ranges

Table 10-1 Measuring Range 0 to 20 mA Measured value ranges for SM 336; AI 6 Measuring Range 4 to 20 mA Measuring Range 0 to 10 V As a percentage of nominal range 13 Bit Unit Decimal Hexade cimal Range
Standard mode > 23.515 mA 23.515 mA . . 20.007 mA 20 mA . . 2.89 A 0 mA, typical
Safety mode > 22.814 mA 22.814 mA . . 20.007 mA 20 mA . . 4 mA + 2.315 A 4.00 mA, typical
Standard mode > 11.7593 V 11.7589 V . . > 10.0004 V 10 V . . 1.45 mV 0V > 117.589 117.589 . . 100.004 100 . . 0.014 0 32767 32511 . . 27649 27648 . . 4 0 7FFFH* 7EFFH . . 6C01H 6C00H
. .
Operating mode Overflow Overrange
Nominal range
4H 0H
-0.0007 mA . . -3.518 mA < -3.518 mA
3.9995 mA . . 1.185512 mA < 1.185 mA (see below)
-0.36 mV . . -1.759 V < - 1.759 V
-0.0036 . . -17.593 < -17.593
-1 . . -4864 -32768
FFFFH
. .
Underrange
ED00H 8000H* Underflow
In S7 F/FH systems, a fail-safe value is output for this value in the safety program in the event of overflow or underflow.
Units in decimal and hexadecimal format can only assume values that are multiples of 4.
Wire break test and underflow test in the range of 4 to 20 mA

In the 4 to 20 mA range, it becomes apparent whether parameters have been assigned for a wire break test If wire break test parameters have been assigned, an underflow test is not performed. A wire break is reported at < 3.6 mA with 7FFFH.
If a wire break test is not configured, then underflow is reported at < 1.18 mA
with 8000H.
10-2
Analog Module
Measured Value Resolution

The SM 336; AI 6 13 Bit has a 13-bit resolution. This means that the last two bits are set to 0. Thus, only values that are multiples of 4 can be assumed. 1 digit (13-bit measuring range) corresponds to 4 digits Simatic.
Table 10-2 Bit number Bit significance Example
Bit pattern representation 15 Sign 0 14 2 1

15
13 2 0
14
12 2 0
13
11 2 1
12
10 2 1
10
9 2 0
9
8 2 0
8
7 2 1
7
6 2 1
6
5 2 1
5
4 2 1
4
3 2 1
3
2 2 1
2
1 2 0
1
0 20 0
Table 10-3
Resolution % of Nominal Range 0.014 0.014 0.014 Resolution 2.89 A 2.32 A 1.45 mV
Measuring Range 0 to 20 mA 4 to 20 mA 0 to 10 V
Warning Only a measuring range of 4 to 20 mA is permitted in safety mode.
10-3
Analog Module
10.3
10.3.1
SM 336; AI 6
13 Bit
Order Number
6ES7 336-1HE00-0AB0
Properties
SM 336; AI 6 13 Bit has the following properties: Six analog inputs with electrical isolation between the channels and the backplane bus Input ranges: 0 to 20 mA or 4 to 20 mA, 0 to 10 V in standard mode 4 to 20 mA in safety mode
Short-circuit-proof power supply of 2- or 4-wire measuring transducers over the module External sensor supply possible Group error display (SF) Safety mode display (SAFE) Sensor supply display (Vs) Assignable diagnostics Diagnostic alarm with assignable parameters Can be operated in both standard mode and safety mode
Use of Inputs
You can use the inputs as follows: In standard mode All 6 channels for current measurement, 0 to 20 mA or 4 to 20 mA Up to 4 channels for voltage measurement, 0 to 10 V, and the remaining two for current measurement Other combinations of current measurement and voltage measurement, taking into account the above-mentioned limitation for voltage measurement. In safety mode: All 6 channels for current measurement, 4 to 20 mA.
10-4
Analog Module
Address Assignment
The figure below shows the assignment of channels to addresses.
Addressing the inputs in the user program:
IW x IW x+2 IW x+4
0 1 2
IW x+6 IW x+8 IW x+10
3 4 5
x = module-start address
Figure 10-1 Address assignment for SM 336; AI 6
13 Bit
Front View
Common error indicator - red Sensor supply indicator green (for all 6 channels)
SF
Vs
SAFE
Vs
Safety mode indicator - green
Front connector assignment (behind the front panel): for connecting the inputs and power supply
Figure 10-2 Front view of SM 336; AI 6
13 Bit
10-5
Analog Module

The figure below shows the connection and block diagram of the SM 336; AI 6 13 Bit. The internal protective circuit of the connections on the left side of the figure corresponds to the protective circuit of the connections on the right. The interconnection of analog sensors for the different applications is presented in the sections that follow.
Electrical isolation Overvoltage protection L+ Multiplexer Sensor Supply Logic and backplane bus interface M Vs Monitor ADU Test DAU U Monitor
C M M
CH0
5 6 8 9 10 M 12 13 15 16 17 18 19 20
CH1
A N A
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
L+ M Vs V A V A
24 V
CH0
CH1
A N A
CH2
V A V A A A
A A A A
CH2
CH3
CH3
CH4 CH5
CH4 CH5
Address switch SF M
SAFE M
Figure 10-3 Connection and dlock diagram of the SM 336; AI 6
13 Bit and internal sensor supply
Key: A - current measurement V - voltage measurement
10-6
Analog Module
Channel Numbers
Channel numbers are used to uniquely designate the inputs and to assign the channel-specific diagnostic messages.
Channel number:
0 1 2
0 1 2
3 4 5
3 4 5
Figure 10-4 Channel numbers for SM 336; AI 6
13 Bit
External Sensor Supply

The following figures show how the sensors can be supplied by means of an external sensor supply (e.g., by means of another module: 1L+).
Analog input module
21 22 VS M+ MMANA
L+ M P 2 DMU 1M recommended 1L+
Figure 10-5 External sensor supply, 2-wire measuring transducer for SM 336; AI 6
Sensor e.g. pressure gauge P 4 DMU 1M recommended
13 Bit
Analog input module
21 22 VS M+ MMANA
L+ M
1L+
Figure 10-6 External sensor supply, 4-wire measuring transducer for SM 336; AI 6
13 Bit
10-7
Analog Module
Warning The stability of the external sensor supply must correspond to the desired safety requirement class AK 4, 5, 6 or SIL 2, 3. If this is not the case, we recommend either one of the following two options:

Redundant external sensor supply Monitoring of the external sensor supply for overvoltage/undervoltage, including disconnection of the sensor supply in the event of a fault (singlechannel for SIL 2 and 2-channel for SIL 3).
Recommendation for Internal Sensor Supply

We recommend that you always use the short-circuit-protected internal sensor supply of the module. The internal sensor supply is monitored, and its state is displayed by the Vs LED (see Figure 10-2).
Isolated Measuring Sensor

The isolated measuring sensors are not connected to the local potential to ground. They can be operated potential-free. Due to local conditions or disturbances, potential differences UCM (static or dynamic) can occur between the measuring leads M of the input channels and the reference point of the measuring circuit MANA . To prevent the permitted value for UCM from being exceeded during implementation in environments with high levels of electromagnetic disturbances, we recommend that you connect M to MANA .
Non-Isolated Measuring Sensors

The non-isolated measuring sensors are connected to the local potential to ground. You must connect MANA to the potential to ground. Due to local conditions or disturbances, potential differences UCM (static or dynamic) can occur between the locally distributed measuring points. If the permitted value for UCM is exceeded, you must provide equipotential bonding conductors between the measuring points.
10-8
Analog Module
Improving Accuracy of Current Measurement on Channels 0 through 3 of the Analog Input Module
If you are using channel 1, 2, or 3 of SM 336; AI 6 13 Bit for current measurements, we recommend that you connect the non-protected voltage input to the associated current input, as shown in Figure 10-7 and Figure 10-8. This improves accuracy by approximately 0.2%.
Analog input module
21 22 VS MVn+ MIn+ MUMANA
L+ M
2 DMU
recommended
N=0 to 3
Figure 10-7 Improving accuracy of current measurement on channels 0 to 3 with 2-wire measuring transducer
Analog inputmodule
21 22 VS MVn+ MIn+ MnMANA
L+ M
recommended
4 DMU
+ -
n= 0 to 3
recommended
Figure 10-8 Improving accuracy of current measurement on channels 0 to 3 with 4-wire measuring transducer
10-9
Analog Module
10.3.2
Applications for SM 336; AI 6
13 Bit

The following figure helps you to select a application according to the requirements for high availability and availability. On the following pages, you will learn how to wire the module for each application and which parameters you will need to set in STEP 7.
Standard mode
all measurement areas No Safety mode?
Safety mode
Yes Required safety level? SIL 2 (AK 4, Cat. 3) Yes Module redundant? Module redundant? Yes Module redundant? Yes SIL3 (AK 6, Cat. 4)
No
No
No
Standard mode
SIL 2 Safety mode
SIL 3 Safety mode
Applications 1 to 6
1
see Chap. 10.3.3
2
see Chap. 10.3.4
3
see Chap. 10.3.5
4
see Chap. 10.3.6
5
see Chap. 10.3.7
6
see Chap. 10.3.8
Figure 10-9 Selecting a application - SM 336; AI 6
13 Bit
Warning The achievable safety class depends on the sensor quality and the duration of the proof test interval in accordance with IEC 61508. If the quality of the sensor is lower than the quality stipulated in the required safety class, the sensor must be set up redundantly with a two-channel connection.
10-10
Analog Module
Wiring Schemes
Each application has three wiring schematics, depending on the measurement type.
Table 10-4 Wiring Scheme A Wiring schematic for SM 336; AI 6 Measurement Type Current measurement with 2-wire measuring transducer Current measurement with 4-wire measuring transducer Voltage measurement* Range 4 to 20 mA 13 Bit Channels 0 to 5 Abbreviation in HW Config 2 WMC
4 to 20 mA 0 to 20 mA* 0 to 10 V
0 to 5
4 WMC
0 to 3
* Current measurement, 0 to 20 mA, and voltage measurement are only possible in standard mode. Note In the following wiring scheme figures, connections to the reference point of measuring circuit MANA are represented by a dashed line. This means that these connections are optional but recommended (see "Improving Accuracy of Current Measurement on Channels 0 to 3 of the Analog Module" in Section 10.3.1). A dashed connection between two or four sensors means that the sensors are measuring the same variable.
10-11
Analog Module
10.3.3
Application 1: Standard Mode

The wiring schemes and the parameter assignment of the SM 336; AI 6 are presented below for: Application 1: standard mode For diagnostic messages, possible causes of faults, and fault remedies, refer to Tables 10-11 and 10-12. 13 Bit
Wiring Schematic A, Current Measurement, 4 to 20 mA, 2-Wire Measuring Transducer, for Application 1
Six (6) process signals can be connected to an analog module. Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-5).
L+ M
SM 336; AI 6 x 13Bit
2-wire measuring transducer - +
Figure 10-10 Current measurement, 4 to 20 mA, 2-wire measuring transducer, for application 1 with SM 336; AI 6 13 Bit
10-12
Analog Module
Wiring Schematic B, Current Measurement, 0 to 20 mA, 4-Wire Measuring Transducer, for Application 1
Six (6) process signals can be connected to an analog module. Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-6). With wire-break monitoring, the measuring range decreases to 4 to 20 mA.
L+ M
4-wire meas. transducer + -
Figure 10-11 Current measurement, 4 to 20 mA, 4-wire measuring transducer, for application 1 with SM 336; AI 6 13 Bit
10-13
Analog Module
Wiring Schematic C, Voltage Measurement 0 to 10 V, for Application 1

Four (4) process signals can be connected to an analog module. Sensor supply VS is provided for 4 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-6).
L+ M
Figure 10-12 Voltage measurement, 0 to 10 V for application 1 with SM 336; AI 6
13 Bit
10-14
Analog Module

Table 10-5 Parameter "Inputs 1" Tab Enable for diagnostic interrupt Interference frequency Group diagnostics Wire-break test (only for 4 to 20 mA) Measurement type Yes/No 50 Hz/60 Hz Yes/No Yes/No Deactivated 4WMC 2WMC U 4 to 20 mA 0 to 20 mA 0 to 10 V No (standard mode) None Static Static Static Static Static Module Module Channel Channel Channel Parameters for application 1 SM 336; AI 6 Value Range in Standard Mode 13 Bit Type Scope of Action
Measuring range
Static
Channel
"Inputs 2" Tab Safety mode Monitoring time "Redundancy" Tab Redundancy Static Module Static Static Module Module
10.3.4
Application 2: Standard Mode with High Availability (only in S7 F/FH Systems)

The wiring schemes and the parameter assignment of the SM 336; AI 6 are presented below for: Application 2: standard mode with high availability For diagnostic messages, possible causes of faults, and fault remedies, refer to Tables 10-11 and 10-12. 13 Bit
10-15
Analog Module
Six (6) process signals can be connected to two redundant analog modules. For each process signal, two sensors are connected using 1 channel to the two analog modules. Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-5).
2-wire meas, transducer - +
1L+ 1M
Acquires the same process variables with mechanically separated sensors
2 wire meas. transducer - +
2L+ 2M
10-16
Analog Module
Six (6) process signals can be connected to two redundant analog modules. For each process signal, two sensors are connected using 1 channel to the two analog modules. Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-6). With wire-break monitoring, the measuring range decreases to 4 to 20 mA.
4 wire meas. transducer + -
1L+ 1M
4 wire meas. transducer + -
2L+ 2M
10-17
Analog Module
Wiring Schematic A, Voltage Measurement, 0 to 10 V, 4-Wire Measuring Transducer, for Application 2

Four (4) process signals can be connected to two redundant analog modules. For each process signal, two sensors are connected using 1 channel to the two analog modules. Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-6).
4 wire meas. trransducer + -
1L+ 1M
4 wire meas. trransducer + -
2L+ 2M
10-18
Analog Module

Table 10-6 Parameter "Inputs 1" Tab Enable diagnostic interrupt Interference frequency Group diagnostics Wire-break test (only for 4 to 20 mA) Measurement Type Yes/No 50 Hz/60 Hz Yes/No Yes/No Deactivated 4WMC 2WMC U 4 to 20 mA 0 to 20 mA 0 to 10 V No (standard mode) 2 modules Selection of another available module of the same type Static Static Static Static Static Module Module Channel Channel Channel Parameters for application 2 SM 336; AI 6 Value Range in Standard Mode 13 Bit Type Scope of Action
Measuring Range
Static
Channel
"Inputs 2" Tab Safety mode Monitoring time "Redundancy" Tab* Redundancy Redundant module * Static Static Module Redundant module pair Static Static Module Module
With redundant configuration in standard mode, there are two analog values that have to be evaluated in the standard user program.
10-19
Analog Module
10.3.5

The wiring schemes and the parameter assignment of the SM 336; AI 6 presented below for: Application 3: safety mode, SIL 2 (AK 4, category 3) For diagnostic messages, possible causes of faults, and fault remedies, refer to Tables 10-11 and 10-12. 13 Bit is
1 2 3 MI0+ M0MI1+ M1MANA MI2+ M2MI3+ M3MI4+ M 4MI5+ M 55 6 8 9 10 12 13 15 16 17 18 19 20 2 wire meas. transducer - +
L+ M
CH0
CH1
CH2
CH3 CH4 CH5
Figure 10-16 Current measurement, 4 to 20 mA, 2-wire measuring transducer for application 3 with SM 336; AI 6 13 Bit
10-20
Analog Module
1 2 3 MI0+ M0MI1+ M1MANA MI2+ M2MI3+ M3MI4+ M 4MI5+ M 55 6 8 9 10 12 13 15 16 17 18 19 20 4 wire meas. transducer + -
L+ M
CH0
CH1
CH2
CH3 CH4 CH5
10-21
Analog Module

Table 10-7 Parameter "Inputs 1" Tab Enable diagnostic interrupt Interference frequency Group diagnostics Wire-break test (only for 4 to 20 mA) Measurement Type Yes/No 50 Hz/60 Hz Yes/No Yes/No Deactivated 4WMC 2WMC 4 to 20 mA In accordance with SIL 2 / AK 4 1 sensor Monitoring time "Redundancy" Tab Redundancy None Static Module 10 to 10,000 ms Static Module Static Static Static Static Static Module Module Channel Channel Channel Parameters for application 3 SM 336; AI 6 Value Range in Safety Mode 13 Bit Type Scope of Action
Measuring Range "Inputs 2" Tab Safety mode
Static Static
Channel Module
10.3.6
The wiring schemes and the parameter assignment of the SM 336; AI 6 presented below for: 13 Bit is
Application 4: safety mode, SIL 2 (AK 4, Category 3) with fault tolerance For diagnostic messages, possible causes of faults, and fault remedies, refer to Tables 10-11 and 10-12.
10-22
Analog Module
1 2 3 MI0+ M0MI1+ M1MANA MI2+ M2MI3+ M3MI4+ M 4MI5+ M 55 6 8 9 10 12 13 15 16 17 18 19 20
2-wire meas. transducer - +
1L+ 1M
CH0
CH1
CH2
CH3
Acquires the same process variables with 2 mechanically separated sensors
CH4 CH5
2-wire meas. transducer - +
2L+ 2M
CH0
CH1
CH2
CH3 CH4 CH5
10-23
Analog Module
1L+ 1M
CH0
CH1
CH2
CH3
Acquires the same process variables with 2 mechanically separated sensors
CH4 CH5
1 2 3 MI0+ M0MI1+ M1MANA 5 6 8 9 10 12 13 15 16 17 18 19 20
2L+ 2M
CH0
CH1
CH2A MI2+ M2CH3A MI3+ M3MI4+ CH4A M 4CH5A MI5+ M 5-
10-24
Analog Module

Table 10-8 Parameter "Inputs 1" Tab Enable for diagnostic Yes/No interrupt Interference frequency Group diagnostics Wire-break test (only for 4 to 20 mA) Measurement type 50 Hz/60 Hz Yes/No Yes/No Deactivated 4WMC 2WMC 4 to 20 mA Static Static Static Static Static Module Module Channel Channel Channel Parameters for application 4 SM 336; AI 6 Value Range in Safety Mode 13 Bit Type Scope of Action
Measuring range "Inputs 2" Tab Safety mode Monitoring time "Redundancy" Tab Redundancy Redundant module
Static
Channel
In accordance with SIL 2 / AK 4 1 sensor 10 to 10,000 ms 2 modules Selection of another available module of the same type
Module Module Module Redundant module pair
10-25
Analog Module
10.3.7

The wiring schemes and the parameter assignment of the SM 336; AI 6 are presented below for: Application 5: safety mode, SIL 3 (AK 6, Category 4) For diagnostic messages, possible causes of faults, and fault remedies, refer to Tables 10-11 and 10-12. 13 Bit
Six (6) process signals can be connected to an analog module. For each process signal, two redundant sensors are connected to two opposite inputs of the analog module (1oo2 evaluation). Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-5).
2-wire meas. transducer + M
2-wire meas. transducer +
L+ M
CH0
CH1
CH2
CH3 CH4 CH5
10-26
Analog Module
Six (6) process signals can be connected to an analog module. For each process signal, two redundant sensors are connected to two opposite inputs of the analog module (1oo2 evaluation). Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-6).
L+ M
CH0
CH1
CH2
CH3 CH4 CH5
10-27
Analog Module

Table 10-9 Parameter "Inputs 1" Tab Enable for diagnostic interrupt Interference frequency Group diagnostics Wire-break test Measurement type Yes/No 50 Hz/60 Hz Yes/No Yes/No Deactivated 4WMC 2WMC 4 to 20 mA Measured. SIL 3 / AK 6 2 sensors Monitoring time Discrepancy time Tolerance window with reference to measuring range Standard value "Redundancy" Tab Redundancy None Static Module 10 to 10,000 ms 10 to 10,000 ms 0 to 20% in 1% increments Static Static Static Module Module Module Static Static Static Static Static Module Module Channel Channel Channel Parameters for application 5 SM 336; AI 6 Value Range in Safety Mode 13 Bit Type Scope of Action
Measuring range "Inputs 2" Tab Safety mode
Static Static
Channel Module
MIN/MAX
Static
Module
Discrepancy Analysis for Fail-Safe Analog Input Modules

If you have configured safety mode in accordance with SIL3/AK 6, you can configure a discrepancy time and an absolute tolerance window in % with reference to the measuring range of 4 mA to 20 mA for each input of the analog input module. You also configure the standard value (MIN = the smaller value / MAX= the larger value) that is to be accepted and passed on to the CPU. If the difference between the two measured values is outside of the tolerance window longer than the configured discrepancy time, a fault is signaled and the standard value is accepted
10-28
Analog Module
10.3.8
The wiring schemes and the parameter assignment of the SM 336; AI 6 are presented below for: 13 Bit
Application 6: safety mode, SIL 3 (AK 6, Category 4) with fault tolerance For diagnostic messages, possible causes of faults, and fault remedies, refer to Tables 10-11 and 10-12.
10-29
Analog Module
Six (6) process signals can be connected to two redundant analog modules. Four (4) redundant sensors are required per process signal. For each module, two redundant sensors are connected using two channels to two opposite inputs of the analog module (1oo2 evaluation). Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-5).
1L+ M1
CH0
M1
CH1
CH2
CH3 CH4 CH5
2L+ M2
CH0
M2
CH1
CH2
CH3 CH4 CH5
10-30
Analog Module
Six (6) process signals can be connected to two redundant analog modules. Four (4) redundant sensors are required per process signal. For each module, two sensors are connected using 2 channels to two opposite inputs of the analog module (1oo2 evaluation). Sensor supply VS is provided for 6 channels by the analog module. The sensors can also be supplied by means of an external sensor supply (see Figure 10-6).
L1+ M1
CH0
CH1
CH2
CH3 CH4 CH5
4-wire meas.transducer + -
L2+ M2
CH0
CH1
CH2
CH3 CH4 CH5
10-31
Analog Module

Table 10-10 Parameter "Inputs 1" Tab Enable diagnostic interrupt Interference frequency Group diagnostics Wire-break test (only for 4 to 20 mA) Measurement type Yes/No 50 Hz/60 Hz Yes/No Yes/No Deactivated 4WMC 2WMC 4 to 20 mA Measured. SIL 3 / AK 6 2 sensors Monitoring time Discrepancy time Tolerance window with reference to measuring range Standard value "Redundancy" Tab Redundancy Redundant module 2 modules Selection of another available module of the same type Static Static Module Redundant module pair 10 to 10,000 ms 0 to 30,000 ms 1 to 20% in 1% increments Static Static Static Module Module Module Static Static Static Static Static Module Module Channel Channel Channel Parameters for application 6 SM 336; AI 6 Value Range in Safety Mode 13 Bit Type Scope of Action
Measuring range "Inputs 2" Tab Safety mode
Static Static
Channel Module
MIN/MAX
Static
Module
Discrepancy Analysis for Fail-Safe Analog Input Modules

If you have configured safety mode in accordance with SIL3/AK 6, you can configure a discrepancy time and an absolute tolerance window in % with reference to the measuring range of 4 mA to 20 mA for each input of the analog input module. You also configure the standard value (MIN = the smaller value / MAX= the larger value) that is to be accepted and passed on to the CPU. If the difference between the two measured values is outside of the tolerance window longer than the configured discrepancy time, a fault is signaled and the standard value is accepted
10-32
Analog Module
10.3.9
Diagnostic Messages for SM 336; AI 6
13 Bit

Table 10-11 provides an overview of the diagnostic messages for SM 336; AI 6 13 Bit. Diagnostic messages are assigned either to one channel or to the entire module. Some diagnostic messages occur only in particular applications.
Table 10-11 Diagnostic messages for SM 336; AI 6 Diagnostic Message 13 Bit Effective Range of Diagnostic A, B A, B, C A, B, C Channel No Channel Assignable Parameter?
Relevant Application 1, 2, 3, 4, 5, 6 4, 6 1, 2, 3, 4, 5, 6 1, 2, 3, 4, 5, 6
Wire break Discrepancy error Common mode error Overflow or underflow of measured value (see "Wire break and Underflow" on page 10-2 ) Wrong parameters in the module Parameter assignment error (with specification of a serial number) ADC/DAC error No external auxiliary voltage Communications problem (CPU Stop) Time monitoring addressed EPROM fault, RAM fault Processor failure Error in test value (CRC) Monitoring time for safety message frame exceeded Message frame general fault
Yes
1, 2, 3, 4, 5, 6
A, B, C
Module
3, 4, 5, 6 1, 2
A, B, C
10-33
Analog Module
Causes of Faults and Corrective Measures

In Table 10-12, you will find a list of possible causes of for each SM 336; AI 6 x 13 Bit diagnostic message, as well as appropriate remedies.
Table 10-12 Diagnostic messages and remedies for SM 336; AI 6 Possible Causes 13 Bit
Diagnostic Message
Remedy Reconnect lead Set measuring range to 4 to 20 mA Assign a larger tolerance window and/or discrepancy window, as required Repair wire break as required Check process signal,. Connect M- to MANA
Wire break (only in measuring Interruption of measuring lead range of 4 to 20 mA) between module and sensor Incorrect measuring range set Discrepancy error Assigned tolerance window parameters exceeded after discrepancy time expired Wire break Common mode error Potential difference UCM between the inputs (M-) and reference potential of the measuring circuit (MANA) is too high Measuring range fallen below Measuring range exceeded Faulty parameters transferred to the module
Overflow or underflow of measured value (see "Wire break and Underflow" on page 10-2 ) Wrong parameters in the module Parameter assignment error (with specification of a serial number; e.g., "16": Wrong address) ADC/DAC error
Use an appropriate sensor; check wiring (sensor polarity reversed) Use an appropriate sensor; sensor polarity reversed Reassign module parameters
Error during dynamic reassignment Parameter assignment check in of parameters user program Contact SIMATIC Customer Support, if necessary Internal error during analog value test Deviation of two inputs too large in safety mode in accordance with SIL 2 Internal voltage monitor has reported a fault Replace module Wiring fault; wire analog signal to both inputs or replace module
No external auxiliary voltage Communications problem
Supply voltage L+ for module missing Problem in communication between CPU and module, e.g., due to defective PROFIBUS connection or interference in excess of permitted levels
Feed in supply L+ Check the PROFIBUS connection Eliminate the interference
Monitoring time for safety message Check parameter assignment for frame exceeded monitoring time Test value error (CRC), e.g., due to Eliminate the interference interference in excess of permitted levels CPU has gone into STOP mode Read out diagnostic buffer
10-34
Analog Module
Diagnostic Message Time monitoring addressed (watchdog) EPROM fault, RAM fault
Possible Causes Electromagnetic interference occasionally too high Module defective Occasionally high electromagnetic interference Module defective
Remedy Eliminate the interference Replace module Eliminate the interference and cycle ON/OFF the supply voltage of the CPU Replace module Eliminate the interference Replace module
Processor failure
Interference in excess of permitted levels Module defective
Error in test value (CRC)
Test value error occurred during Eliminate the interference communication between CPU and module, e.g., due to interference in excess of permitted levels or due to an error during sign-of-life monitoring Assigned monitoring time exceeded Startup of fail-safe signal module Sign-of-life and/or test value entered in the data message frame Check parameter assignment for monitoring time Check the data message frame for the entry "0" for sign-of-life and test value
Monitoring time for safety message frame exceeded Message frame general fault
10-35
Analog Module
10.3.10
Technical Specifications - SM 336; AI 6

13 Bit
6,0 VDC 75 VDC, 60 VAC DC500V/AC350V for 1 min or DC600V for 1s 90 mA, maximum 160 mA, typical 6 V, maximum
Permitted potential difference 80 125 120 Approx. 480 g 6 16 bytes 4 bytes 200 m, maximum Current consumption

Dimensions W Weight
D (mm)
Between inputs and MANA (UCM) Between MANA and Minternal (UISO)
Number of inputs Assigned address range

Isolation tested with:
In I/O range for inputs In I/O range for outputs Shielded
Length of cable Maximum achievable safety class in safety mode

From backplane bus From supply voltage L+ Permitted common-mode voltage between inputs (UCM) Monitoring for commonmode voltage
Common-mode voltage SIL 3, maximum AK 6, maximum Cat. 4, maximum
In accordance with IEC 61508 In Accordance with DIN V 19250 In Accordance with EN 954-1
Yes, operating range > 6 V and < -6 V 4.25 W, typical Integrating Yes 20.00 ms 16.66 ms 13 bit + sign
Power loss of module

Analog Value Generation
Fail-safe performance characteristics
Measurement principle 4.96 E-08 Integration/conversion time
Low demand mode (average probability of failure on demand) SIL 3 High demand / continuous mode (probability of a dangerous failure per hour) SIL 3
Assignable Integration time at 50 Hz at 60 Hz Resolution, including overrange
5.66 E-13
Surge protection of supply voltages L+ and Lext in accordance with IEC 1000-4-5 (internal) Surge protection of analog inputs and sensor supply voltage in accordance with IEC 1000-4-5 (internal)
Voltage, Currents, Potentials
0.5 kV, 1.2/50 s
2 kV, 1.2/50 s
Response time per activated channel at 50 Hz at 60 Hz Basic response time 50 ms, maximum 44 ms, maximum
Rated supply voltage of electronics L+

24 VDC Yes 5 ms Yes Yes, only for external supply of sensors No No
at 50 Hz at 60 Hz
50 ms, maximum 44 ms, maximum
Reverse polarity protection Voltage failure ride-through Between channels and backplane bus Between channels and voltage supply of electronics Between the channels Between voltage supply and sensor supply
Acknowledgment time corresponds to maximum response time = maximum response time per channel N + maximum basic response time (N = number of activated channels)
Electrical isolation
10-36
Analog Module
Noise Suppression, Limits of Error
Sensor Supply Output
Noise suppression for f=n (50/60 Hz1%), n=1, 2, etc.. Common mode noise (Ucm 6 Veff) Crosstalk between inputs Basic error limit (operational limits at 25 C with reference to input range)

38 dB, minimum
Number of outputs Output voltage
1 Minimum L+ (-1.5 V) 1.0 A 0 to 1.3 A Yes, electronic
75 dB, minimum 75 dB, minimum
Loaded
Output current

Rated value Permissible range
Short-circuit protection
0.40% 0.40% 0.002%/K
Current input Voltage input
Electrical isolation in accordance with DIN VDE 0160
Temperature error (with reference to input range)
Between output Vs and backplane bus Between output Vs and L+ Test voltage Nominal circuit voltage
Yes No 600 VDC 75 VDC/60 VAC
Linearity error (with reference to 0.05% input range) Repeat accuracy (in steadystate condition at 25C with reference to input range) Operational limits (in entire temperature range with reference to input range)
0.05%
Specifications for Sensor Selection
Input range (rated values)/input resistance in standard mode

0.48% 0.48%
Voltage Current
0 to 10 V / 59 k 0 to 20 mA 4 to 20 mA/107
Current Voltage
Interrupts

Input range (rated values)/input resistance in safety mode No Yes, assignable parameter Yes, assignable parameter Green LED (SAFE) Green LED (Vs) Red LED (SF) Yes Programmable in safety program Permitted input current for current input (destruction limit) Signal sensor connection

Hardware interrupt Diagnostic interrupt
Current
4 to 20 mA/107 Maximum 30 V continuous; Maximum 38 V for maximum 1 s (pulse duty factor 1:20) 40 mA, maximum
Permitted input voltage for voltage input (destruction limit)
Diagnostic functions

Display of fail-safe operation Sensor supply monitor Group error display Diagnostic information can be read out
For voltage measurement For current measurement As 4-wire measuring transducer As 2-wire measuring transducer Load of 2-wire measuring transducer
Possible Possible Possible Possible Maximum 600
Fail-safe values can be applied
10-37
Analog Module
10-38
11
11.1
Overview
Safety Protector
Introduction
The safety protector protects the F-SMs from possible overvoltages in the event of a fault. This section provides the following information on the safety protector: Properties Module view and block diagram Configuration variants Technical specifications
11-1
Safety Protector
11.2
Properties, Front View, and Block Diagram
Order Number
6ES7 195-7KF00-0XA0
Properties
The safety protector protects the fail-safe signal modules from possible overvoltages in the event of a fault. The safety protector does not occupy an address, does not supply diagnostic messages, and is not assigned parameters with STEP 7. Note The safety protector controls overvoltages up to a maximum of 230 V.
Safety Class AK6/SIL3/Cat.4 with Safety Protector

Note the following for applications in safety class AK6/SIL3/Cat.4: Warning The safety protector must be used for AK6/SIL3/Cat. 4 applications:

Generally, if the F-SMs are used locally in an S7-300 Generally, if the PROFIBUS DP is set up with copper cable If the PROFIBUS DP is set up with fiber optic cable and joint operation of standard SMs and F-SMs is required in one ET 200M.
Safety Class AK4/SIL2/Cat.3 without Safety Protector

If you comply with the safe functional extra-low voltage (see Section 6.2) for all components connected on the PROFIBUS DP, the safety protector is not required for applications in safety class AK4/SIL2/Cat.3.
11-2
Safety Protector
Front View
Safety Protector
Do not remove with power on
Figure 11-1 Front view of safety protector
Block Diagram
The following figure shows the block diagram of the safety protector.
Backplane bus interface Fuse
Overvoltage protection
Backplane bus interface
Figure 11-2 Block diagram of safety protector
11-3
Safety Protector
11.3
Configuration Variants
Introduction
There are two possible ways of configuring an S7-300/ET 200M with an safety protector, depending on whether or not it is necessary to replace modules during operation.
Configuration of an S7-300/ET 200M with an Safety Protector (No Module Replacement during Operation)
The safety protector increases the width of the S7-300/ET 200M by 40 mm. However, you can still insert a maximum of 8 signal modules. The following figure shows an example configuration with seven signal modules.
Power supply IM 153-2
Standard signal modules
Safety protector
Fail-safe signal modules
Figure 11-3 Configuration of an ET 200M with an safety protector (no module replacement during operation)
Note To ensure that overvoltage protection is maintained in safety mode, you must do the following:
Always insert the standard signal modules to the left of the safety protector and the fail-safe signal modules to the right of the safety protector. Ground the mounting rail. Connect the safety protector to the functional ground. To do so, connect pins 19 and 20 of the safety protector to the mounting rail using one cable each of the shortest possible length (cable cross section of 1.5 mm2).
11-4
Safety Protector
Replacing Modules in ET 200M in Safety Mode

If you use active bus modules to set up the safety protector and the other modules in an ET 200M, you can then insert and remove any of the modules - except the safety protector - during operation. Warning The bus module for the safety protector (order no. 6ES7 195-7HG00-0XA0) can only be used if the safety protector is inserted. The sole purpose of the bus module is to connect the safety protector to the active backplane bus. The safety protector itself must not be inserted or removed during operation! (Insertion or removal would cause the ET 200M to fail.)
Configuration of an ET 200M with the Safety Protector on the Active Backplane Bus
The bus module for the safety protector increases the width of the ET 200M by 80 mm. However, you can still insert a maximum of 8 signal modules. Note that the mounting rail designed for "Module replacement during operation" (order no. 6ES7 195-1GX00) is required for installation. The following figure shows an example configuration with seven signal modules.
Power supply
Standard signal modules
Safety Protector
Fail-safe signal modules
IM 153-2
Bus module for safety protector
Figure 11-4 Configuration of an ET 200M with the safety protector on the active backplane bus
Note To ensure that overvoltage protection is maintained in safety mode, you must do the following:
Always insert the standard signal modules to the left of the safety protector and the fail-safe signal modules to the right of the safety protector. Ground the mounting rail. Connect the safety protector to the functional ground. To do so, connect pins 19 and 20 of the safety protector to the mounting rail using one cable each of the shortest possible length (cable cross section of 1.5 mm2).
11-5
Safety Protector
11.4
Technical Specifications
Dimensions and Weight Dimensions W Weight Voltages, Currents, Potentials Power loss of module None H D (mm) 40 125 120 Approx. 230 g
11-6
12
Diagnostic Data of Signal Modules
Introduction
This appendix describes the structure of diagnostic data in the system data. You need to know this structure if you want to evaluate diagnostic data of fail-safe signal modules in the standard user program.
Further Reading
The System and Standard Functions reference manual describes in detail the principles of evaluating diagnostic data of signal modules in the standard user program and describes the SFCs used for this.
Reading Out SFCs for Diagnostics

The following SFCs are available for reading out diagnostic data of fail-safe signal modules in the standard user program:
Table 12-1 SFCs for Reading Out Diagnostic Data SFC No. 59 13 Identifier RD_REC DPNRM_DG Application Reading out data records of S7 diagnostics (storing in data area of the standard user program) Reading out slave diagnostics (storing in data area of the standard user program)
Position in the Diagnostic Message Frame of the Slave Diagnostics

When fail-safe modules are being used in a distributed configuration in the ET 200M and a diagnostic interrupt occurs, data records 0 and 1 are entered in the slave diagnostics of the ET 200M (interrupt section). The position of the interrupt section in the slave diagnostics depends on the structure of the diagnostic message frame and the length of the channel-related diagnostics. A detailed description of the structure of the diagnostic message frame and the position of the interrupt section in accordance with the PROFIBUS standard can be found in the section on "Commissioning and Diagnostics" in the Distributed I/O Device ET 200M manual.
12-1
Data Records 0 and 1 of the System Data

The diagnostic data of a module can be up to 16 bytes long and are located in data records 0 and 1 of the system data area: Data record 0 contains 4 bytes of diagnostic data describing the state of the signal module Data record 1 contains 4 bytes of diagnostic data of the signal module, which are also found in data record 0 Up to 12 bytes of channel-related diagnostic data
Structure and Content of Diagnostic Data

The structure and content of the individual diagnostic data bytes are described below. The following applies generally: If a fault occurs, the corresponding bit is set to "1".
Bytes 0 and 1
The following figure shows the content of bytes 0 and 1 of the diagnostic data.
7 6 5 4 3 2 1 0 Byte 0 0 Module fault Internal fault External fault Channel fault exists External auxiliary voltage missing Module not assigned parameters Wrong parameters on module 7 6 5 4 3 2 1 0 Byte 1 0 0 0 1 0 0 0
Module class: FM Channel information available Figure 12-1 Bytes 0 and 1 of diagnostic data
12-2
Bytes 2 and 3
The following figure shows the content of bytes 2 and 3 of the diagnostic data.
7 6 5 4 3 2 1 0 Byte 2 0 0 0 0 0
Loss of communication Time monitoring responded (watchdog) Module-internal supply voltage failed 7 6 5 4 3 2 1 0 Byte 3 0 0 0 0
Processor failure EPROM fault RAM fault ADC/DAC fault Figure 12-2 Bytes 2 and 3 of diagnostic data
12-3
Bytes 4 to 6
The following figure shows the content of bytes 4 to 6 of the diagnostic data.
7 6 5 4 3 2 1 0 Byte 4 0
Channel type
B#16#30: fail-safe digital input module B#16#31: fail-safe digital output module B#16#32: fail-safe analog input module
7 Byte 5
0 0 0 0 0 0 0 0
7 0
Byte 6 Number of channels 24: SM 326; DI 24 x DC 24V; with diagnostic interrupt 8: SM 326; DI 8 x NAMUR; with diagnostic interrupt 10: SM 326; DO 10 x DC 24V /2A; with diagnostic interrupt 6: SM 336; AI 6 x 13Bit; with diagnostic interrupt Figure 12-3 Bytes 4 to 6 of diagnostic data
12-4
Bytes 7 to 9 for SM 326; DI 24
DC 24V
The following figure shows the content of bytes 7 to 9 of the diagnostic data for SM 326; DI 24 DC 24V.
7 6 5 4 3 2 1 0 Byte 7 Channel fault on channel 0 Channel fault on channel 1 Channel fault on channel 2 Channel fault on channel 3 Channel fault on channel 4 Channel fault on channel 5 Channel fault on channel 6 Channel fault on channel 7 7 6 5 4 3 2 1 0 Byte 8 Channel fault on channel 8 Channel fault on channel 9 Channel fault on channel 10 Channel fault on channel 11 Channel fault on channel 12 Channel fault on channel 13 Channel fault on channel 14 Channel fault on channel 15 7 6 5 4 3 2 1 0 Byte 9 Channel fault on channel 16 Channel fault on channel 17 Channel fault on channel 18 Channel fault on channel 19 Channel fault on channel 20 Channel fault on channel 21 Channel fault on channel 22 Channel fault on channel 23 Figure 12-4 Bytes 7 to 9 of diagnostic data for SM 326; DI 24 DC 24V
12-5
Byte 7 for SM 326; DI 8
NAMUR
The following figure shows the content of byte 7 of the diagnostic data for SM 326; DI 8 NAMUR.
7 6 5 4 3 2 1 0 Byte 7 Channel fault on channel 0 Channel fault on channel 1 Channel fault on channel 2 Channel fault on channel 3 Channel fault on channel 4 Channel fault on channel 5 Channel fault on channel 6 Channel fault on channel 7 Figure 12-5 Byte 7 of diagnostic data for SM 326 DI 8 NAMUR
Byte 7 for SM 326; DO 8
DC 24V/2A PM
The following figure shows the content of byte 7 of the diagnostic data for the SM 326; DO 8 DC 24V/2A PM.
7 6 5 4 3 2 1 0 Byte 7 Channel fault on channel 0 Channel fault on channel 1 Channel fault on channel 2 Channel fault on channel 3 Channel fault on channel 4 Channel fault on channel 5 Channel fault on channel 6 Channel fault on channel 7 Figure 12-6 Byte 7 of diagnostic data for SM 326 DO 8 DC 24V/2A PM
12-6
Bytes 7 and 8 for SM 326; DO 10
DC 24V/2A
The following figure shows the content of bytes 7 and 8 of the diagnostic data for SM 326; DO 10 DC 24V/2A.
7 6 5 4 3 2 1 0 Byte 7 Channel fault on channel 0 Channel fault on channel 1 Channel fault on channel 2 Channel fault on channel 3 Channel fault on channel 4 Channel fault on channel 5 Channel fault on channel 6 Channel fault on channel 7 7 6 5 4 3 2 1 0 Byte 8 0 0 0 0 0 0 Channel fault on channel 8 Channel fault on channel 9 Figure 12-7 Bytes 7 and 8 of diagnostic data for SM 326; DO 10 DC 24V/2A
12-7
Byte 7 for SM 336; AI 6
13 Bit
The following figure shows the content of byte 7 of the diagnostic data for the SM 336; AI 6 13 Bit.
7 6 5 4 3 2 1 0 Byte 7 Channel fault on channel 0 Channel fault on channel 1 Channel fault on channel 2 Channel fault on channel 3 Channel fault on channel 4 Channel fault on channel 5
Figure 12-8 Byte 7 of diagnostic data for SM 336; AI 6
13 Bit
12-8
13
Dimension Drawings
Signal Module
The following figure shows the dimension drawing of the signal modules (without functionality for removal/insertion during operation). The different signal modules can vary in appearance, but the specified dimensions are always the same.
hbjhb
80
120
SF SAFE
Figure 13-1
Dimension drawing of signal module
125
13-1
Dimension Drawings
Signal Module with Active Bus Module

The following figure shows the dimension drawing (side view) of a signal module with "removal and insertion" functionality with active bus module, S7-300 module, and explosion barrier. The specified dimensions are the same for all signal modules on the active backplane bus.
active bus module Rail for the "Insertion and Removal function S7-300 module Intrinsically safe partition
155 125 122
59 152 166
Figure 13-2 Dimension drawing of a signal module with active bus module, S7-300 module, and explosion barrier
13-2
Dimension Drawings
Saftey Protector
The following figure shows the dimension drawing of the safety protector.
hbjhb125
40
117
Safety Protector
Figure 13-3 Dimension drawing of the safety protector
125
13-3
Dimension Drawings
Bus Module for the Safety Protector

The following figure shows the dimension drawing of the bus module for the safety protector.
hbjhb9
92
97
Figure 13-4 Dimension drawing of the bus module for the safety protector
13-4
14
Accessories and Order Numbers

The following table lists the order numbers of the fail-safe signal modules, the safety protector, and additional parts you can order for fail-safe signal modules.
Table 14-1 Accessories and Order Numbers Component Fail-safe signal modules SM 326; DI 24 SM 326; DI 8 SM 326; DO 8 SM 326; DO 10 SM 336; AI 6 DC 24V NAMUR DC 24V/2A PM DC 24V/2A 13 Bit 6ES7 326-1BK01-0AB0 6ES7 326-1RF00-0AB0 6ES7 326-2BF40-0AB0 6ES7 326-2BF01-0AB0 6ES7 336-1HE00-0AB0 6ES7 195-7KF00-0XA0 6ES7 195-7HG00-0XA0 NAMUR (5) 6ES7 393-4AA10-0AA0 6ES7 392-2XX20-0AA0 6ES7 392-2XY20-0AA0 6ES7 392-1AM00-0AA0 6ES7 392-1BM00-0AA0 6ES7 390-0AA00-0AA0 Order Number
Safety Protector Bus module for safety protector Wiring chamber for SM 326; DI 8 Labeling plate Yellow labeling strips (10) Yellow cover plates, transparent yellow (10) Screw-type connection system Spring-type connection system
Front panel connector, 40-pin
Bus connector
14-1
14-2
Fehlersichere Signalbaugruppen A5E00048969-05
15
Response times
Introduction
This appendix presents the response times of the fail-safe modules. The response times of the fail-safe modules enter into the calculation of the response time of the F-system. You will find information about the calculation of the F-system response time in the Safety Engineering in SIMATIC S7 system description. Individual elements of the formulas below are taken from the technical specifications for the respective module in Sections 9 and 10.
Definition of Response time

For fail-safe digital inputs: the response time represents the time between a signal change at the digital input and safe delivery of the safety message frame on the backplane bus. For fail-safe digital outputs: the response time represents the time between an arriving safety message frame from the backplane bus and the signal change at the digital output.
Response time of SM 326; DI 8
NAMUR
NAMUR (with or without presence of a fault) is
Response time of SM 326; DI 8 calculated as the following: Example SM 326; DI 8
Response time = internal processing time + input delay NAMUR: Response time = 55 ms + 3 ms = 58 ms When a fault is present, the response time is increased by the amount of the parameterized discrepancy time, provided 1oo2 evaluation was selected. Note The maximum response time is calculated by applying the maximum values from the technical specifications for the fail-safe signal modules in the formulas above.
15-1
Response times
Response time of SM 326; DO 10 X DC 24V/2A

The response time of the SM 326; DO 10 X DC 24V/2A (with or without a fault present) is calculated using the following formula: Response time = internal processing time + output delay Whereby the output delay is always negligible Example SM 326; DO 10 DC 24V/2 A in safety mode: Response time = 24 ms + 0 ms = 24 ms Note The maximum response time is calculated by applying the maximum values from the technical specifications for the fail-safe signal modules in the formulas above.
Maximum Response time of SM 326; DI 24
DC 24V
Formula for calculating maximum response time when no fault is present: Maximum response time when no fault is present = Tmax + 3 ms* + 6 ms** *
Input delay
** Short-circuit test duration = 2 x input delay You assign parameters for the short-circuit test in STEP 7 (see Section 9.5).
Table 15-1 SM 326; DI 24 DC 24V: Internal Processing Times Minimum Internal Processing Time Tmin to be determined Maximum Internal Processing Time Tmax to be determined
Sensor Evaluation 1oo1 and 1oo2
Maximum Response time When a Fault is Present: The following table contains the maximum response times for the SM 326; DI 24 DC 24V when a fault is present, according to the parameter assignment in STEP 7 and the type of sense evaluation.
Table 15-2 SM 326; DI 24 Present DC 24V: Maximum Response time When a Fault is 1oo2 Evaluation*** to be determined to be determined
Short-Circuit Test Parameter Short-circuit test disabled Short-circuit test enabled
1oo1 Evaluation to be determined to be determined
*** In the case of 1oo2 evaluation, the response times also depend on the assigned discrepancy
behavior: Provide a value of 0: The times in the table above apply. Provide last valid value: The times in the table above are increased by the parameterized discrepancy time.
15-2
Response times
Maximum Response time of SM 326; DO 8
DC 24V/2 A PM
The maximum response time of the SM 326; DO 8 DC 24V/2 A PM (with or without a fault present) corresponds to the maximum internal processing time Tmax. Minimum internal processing time Tmin = to be determined Maximum internal processing time Tmax = to be determined
Response time of Fail-Safe Analog Input Modules

The response time (conversion time) of fail-safe analog input modules (with or without a fault present) is calculated using the following formula: Response time = response time per channel Where N = number of enabled channels Example SM 336; AI 6 frequency of 50 Hz: Response time = 6 13 Bit, all channels connected (N = 6), interference N + base response time
50 ms + 50 ms = 350 ms
When a fault is present, the response time is increased by the parameterized discrepancy time, provided 2 sensors were selected and the failure direction of the signal is unsafe (or the unit value was not assigned in accordance with the safe failure direction). Note The maximum response time is calculated by applying the maximum values from the technical specifications for the fail-safe signal modules in the formulas above.
Note on Calculation of Response times

Note The MS Excel files for calculating maximum response times (s7fcotib.xls or s7ftimeb.xls) provided with the S7 Distributed Safety and S7 F/FH Systems optional packages support calculation of the maximum response time when a fault is present by increasing the response time by the amount of the parameterized discrepancy time.
15-3
Response times
15-4
16
Type Examination Certificate and Declaration of Conformity

NAMUR
SM 326; DI 8
This appendix contains the EC type examination certificate and declaration of conformity for the SM 326; DI 8 NAMUR for connection of signals from potentially explosive locations.
16-1
EC Type Examination Certificate for SM 326; DI 8
NAMUR
16-2
NAMUR, Continued
16-3
NAMUR, Continued
16-4
NAMUR, Addendum
16-5
Declaration of Conformity for SM 326; DI 8
NAMUR
16-6
17
Glossary
-> Sensor evaluation method: In 1oo1 evaluation, there is one -> sensor and it is connected to the module via a single channel. -> Sensor evaluation method - In 1oo2 evaluation, two input channels are occupied, either by one 2-channel sensor or two single channel sensors. The input signals are compared internally for equality (equivalence) or non-equality (nonequivalence).
1oo1 Evaluation
1oo2 Evaluation
A
Acknowledgment Time During the acknowledgement time, the -> F-I/O acknowledge the sign of life specified by the -> F-CPU. The acknowledgement time enters into the calculation of the -> monitoring time and -> response time for the Fsystem as a whole. Actuators can be power relays or contactors for switching on consumers, or they can be consumers themselves (for example, directly controlled solenoid valves). Theprobability that a system is functional at a specific point in time. Availability can be increased by redundancy, e.g., by using redundant signal modules and/or by using multiple -> sensors at the same measuring point.
Actuator
Availability
C
Category Category in accordance with EN 954-01: With -> fail-safe signal modules, categories up to category 4 can be used in safety mode. Channel Fault A channel fault is a channel-related fault, such as a wire break or a short circuit. Channel numbers are used to uniquely identify the inputs and outputs of a module and to assign channel-specific diagnostic messages. In this passivation method, when a -> channel fault occurs, only the channel involved is passivated (method available in S7 F/FH systems only). In the case of a -> module fault, all channels of the -> fail-safe signal module are passivated.
Channel Number
Channel-Granular Passivation
17-1
Glossary
CiR
CiR stands for Configuration in RUN. System modification in RUN mode via CiR enables configuration changes in parts of the system with distributed I/O while in RUN mode. Process execution is thereby halted for a brief, assignable time period. The process inputs retain their last value during this time period.
Configuration CRC
Systematic arrangement of individual signal modules (configuration)

Cyclic Redundancy Check
CRC Signature
A CRC signature in the safety message frame is used to safeguard the validity of the process values in the safety message frame, the correctness of the assigned address references, and the safety-related parameters.
D
Dark Period Dark periods occur during switch-off tests and during complete bit pattern tests. This involves test-related 0 signals being switched to the output while the output is active. The output is then switched off briefly (dark period). A sufficiently slow -> actuator does not respond and remains switched on. Discrepancy analysis for equivalence or nonequivalence is used for failsafe inputs to determine faults based on the time characteristic of two signals with the same functionality. Discrepancy analysis is initiated when different levels are detected for two associated input signals (for nonequivalence testing, when the same levels are detected). After a programmable time interval (so-called -> discrepancy time) has elapsed, a check is made to determine whether the difference has disappeared (for nonequivalence testing, whether the agreement has disappeared). If not, this means that a discrepancy error exists.
There are two types of discrepancy analyses for fail-safe input modules:
Discrepancy Analysis
In the case of -> 1oo2 evaluation:

The discrepancy analysis is carried out between the two input signals of the 1oo2 evaluation in the fail-safe input module.
In the case of redundant I/O (S7 FH systems only):

The discrepancy analysis is performed between the two input signals of the redundant input modules by the fail-safe driver blocks of the S7 F Systems optional software.
Discrepancy Time
Discrepancy time is a period of time configured for the -> discrepancy analysis. If the discrepancy time is set too high, the times for fault detection and -> fault reaction are extended unnecessarily. If the discrepancy time is set too low, availability is decreased unnecessarily because a discrepancy error is detected when, in reality, no fault exists.
17-2
Glossary
F
Fail-Safe Signal Modules Signal modules of S7-300 that can be used for safety-related operation (-> safety mode) in S7 Distributed Safety or S7 F/FH fail-safe systems. These modules are equipped with integrated -> safety functions. Fail-safe systems (F-systems) are systems that remain in a safe state or immediately switch to another safe state as soon as particular failures occur.
Fail-Safe Systems
Fault Reaction Time The maximum fault reaction time for an F-system is the time between the occurrence of any fault and a safe response at all affected fail-safe outputs. For -> F-System in total: The maximum fault reaction time is the time between occurrence of any fault in any -> F-I/O and a safe response at the relevant fail-safe output. For inputs: The maximum fault reaction time is the time between the occurrence of a fault and a safe response at the backplane bus. For digital outputs: The maximum fault reaction time is the time between the occurrence of a fault and a safe response at the digital output. F-CPU An F-CPU is a central processing unit with fail-safe capability that is permitted for use in S7 Distributed Safety/S7 F/FH systems. For S7 F/FH systems, the F-copy license allows the central processing unit to be used as an F-CPU. That is, it can execute a -> safety program. For S7 Distributed Safety, an F-copy license is not required. A -> standard user program can also be run on the F-CPU.
F-I/O
F-I/O is a group designation for fail-safe inputs and outputs available in SIMATIC S7 for integration in S7 Distributed Safety and S7 F/FH systems. The following F-I/O modules are available: ET 200eco Distributed I/O Station

S7-300 fail-safe signal modules (F-SMs) ET 200S fail-safe modules Fail-safe DP standard slaves (for S7 Distributed Safety only)
F-monitoring time F-SM F-Systems
-> PROFIsafe monitoring time -> Fail-safe signal modules -> Fail-safe systems
17-3
Glossary
L
Light Period Light periods occur during complete bit pattern tests. This involves testrelated 1 signals being switched to the output while the output is inactive (output signal "0"). The output is then switched on briefly (light period). A sufficiently slow actuator does not respond to this and remains deactivated.
M
Module Fault Module-wide fault: A module fault can be an external fault (such as missing load voltage) or an internal fault (such as processor failure). An internal fault always necessitates a module replacement. An additional, identical module is operated redundantly to increase availability. -> PROFIsafe monitoring time In the SM 326 DO 8 24 VDC/2 A PM, every fail-safe digital output consists of a P-switch DOx P (current sourcing) and an M-switch DOx M (current sinking). The load is connected between the P and M-switches. The two switches are always controlled so that voltage is applied to the load.
Module Redundancy Monitoring Time M-Switch (Current Sinking)
N
Nonequivalent Sensor A nonequivalent -> sensor is a reversing switch that is connected to two inputs of an -> F-I/O (via 2 channels) in -> fail-safe systems (for -> 1oo2 evaluation of sensor signals).
P
Parameter Assignment Parameter assignment via PROFIBUS DP: Transfer of slave parameters from the DP master to the DP slave Parameter assignment of modules: Setting the module behavior using the STEP 7 configuration software Passivation If an -> F-I/O module detects a fault, it switches either the affected channel or all channels to a -> safe state; that is, the channels of the FI/O module are passivated. The F-I/O signals the detected faults to the > CPU. For an F-I/O with inputs, if passivation occurs, the F-system provides fail-safe values for the safety program instead of the process values pending at the fail-safe inputs. For an I/O module with outputs, if passivation occurs, the F-system transfers fail-safe values (0) to the fail-safe outputs instead of the output values provided by the safety program.
17-4
Glossary
PG
Programming devices (PGs) are compactly designed personal computers made especially for use in an industrial setting. A programming device (PG) is fully equipped for programming SIMATIC automation systems. The process image is a component of the system memory of the CPU. At the start of the cyclical program, the signal states of the input modules are transferred to the process image of the inputs. At the end of the cyclic program, the process image of the outputs is transferred to the output modules as the signal state. The process safety time of a process is a time interval during which the process can be left on its own without risk to life and limb of the operating personnel or damage to the environment. Within the process safety time, any type of F-system process control is tolerated. That is, during this time, the -> F-system can control its process incorrectly or it can even exercise no control at all. The process safety time depends on the process type and must be determined on a case-by-case basis.
Process Image
Process Safety Time
PROFIBUS
PROcess FIeld BUS, German process and fieldbus standard specified in IEC 61784-1:2002 Ed1 CP 3/1. This standard specifies functional, electrical, and mechanical properties for a bit-serial field bus system. PROFIBUS is available with the following protocols: DP (= distributed I/O), FMS (= Fieldbus message specification), PA (= Process automation), or TF (= Technological functions).
PROFIsafe
Safety-related PROFIBUS DP/PA for communication between the > safety program and the -> F-I/O in an -> F-system.
PROFIsafe Address Every -> F-I/O module has a PROFIsafe address You must configure the PROFIsafe address in STEP 7 HW Config and set it on the F-I/O using a switch. PROFIsafe Monitoring Time Proof-Test Interval Monitoring time for safety-related communication between the F-CPU and F-I/O A component must be set in the fail-safe state following the proof-test interval. That is, it is replaced by an unused component or it is proven to be completely without faults. -> See M-Switch.
P-Switch
17-5
Glossary
R
Response time Response time starts with the detection of an input signal and ends with the modification of a gated output signal. The actual response time is between the shortest and the longest response time. The longest response time must always be anticipated. For fail-safe inputs: the response time represents the time between a signal change at the input and safe delivery of the safety message frame on the backplane bus. For fail-safe digital outputs: the response time represents the time between an arriving safety message frame from the backplane bus and the signal change at the digital output. Redundancy, AvailabilityEnhancing Redundancy, Safety-Enhancing Availability-enhancing redundancy means multiple availability of components to ensure that components continue to function even in the event of hardware faults. Multiple availability of components with the aim of exposing hardware faults based on comparison (for example, -> 1oo2 evaluation in -> failsafe signal modules. Redundant switched I/O are a configuration variant of S7 FH systems in -> safety mode for increasing availability. -> F-CPU, PROFIBUS DP, and -> F-I/O are redundant. In the event of a fault, the F-I/O are no longer available. Once a fault has been eliminated, the -> F-I/O must be reintegrated (depassivated). The reintegration (switchover from fail-safe values to process values) occurs either automatically or only after user acknowledgement in the safety program. For an F-I/O module with inputs, the process values pending at the failsafe inputs are provided again for the -> safety program after reintegration. For an F-I/O module with outputs, the -> F-system again transfers the output values provided in the safety program to the fail-safe outputs.
Redundant switched I/O
Reintegration
S
Safe State The basis of the safety concept for fail-safe systems is that there is a safe state for all process variables. For digital signal modules, the safe state is, for example, the value 0. Safety function is a mechanism built into the -> F-CPU and -> F-I/O that allows them to be used in -> S7 Distributed Safety or S7 F/FH systems. IEC 61508: Function implemented by a safety system to ensure that the system is kept in a safe state or brought to a safe state in the event of a particular fault.
Safety Function
17-6
Glossary
Safety Integrity Level
The safety integrity level (SIL) is a safety class in accordance with IEC 61508 and prEN 50129. The higher the safety integrity level, the stricter the measures must be to prevent and eliminate systematic faults and to remedy hardware failures. With fail-safe signal modules, safety-integrity levels up to SIL 3 can be used in safety mode.
Safety Message Frame Safety Mode
In safety mode, data are transferred between the -> F-CPU and -> the fail-safe signal module in a safety message frame. Safety mode is the operating mode of the -> F-I/O that allows -> safetyrelated communication by means of -> safety message frames. -> ET 200S fail-safe modules can only be used in safety mode. -> S7-300 FSMs can be used in -> standard mode or safety mode. The safety program is a safety-related user program.
Safety Program
Safety Requirement Safety requirement class (AK) in accordance with DIN V 19250 (DIN V VDE 0801): Class (AK) Safety requirement classes are a means of categorizing safety requirements for preventing and remedying faults. With -> fail-safe signal modules, safety requirement classes up to A6 can be used in -> safety mode. Safety-Related Communication Sensor Safety-related communication is used to exchange fail-safe data.
Sensors permit exact acquisition of digital and analog signals and exact measurement of routes, positions, velocities, rotational speeds, weights, etc. There are two types of sensor evaluation:

Sensor Evaluation
-> 1oo1 evaluation Sensor signal is read out once -> 1oo2 evaluation: To increase availability, the sensor signal is read twice by the same module and compared internally.
Single-channel I/O
Single-channel I/O are a configuration variant of S7 Distributed Safety/S7 F systems in -> safety mode. The -> F-CPU and -> F-I/O are not redundant. In the event of a fault, the F-I/O are no longer available.
17-7
Glossary
Single-channel switched I/O
Redundant switched I/O are a configuration variant of S7 FH systems in -> safety mode for increasing availability. -> F-CPU is redundant, -> F-I/O are not redundant; if a fault occurs, a switch is made to the other -> F-CPU. In the event of a fault, the F-I/O are no longer available. Operating mode of F-I/O, in which standard communication is possible but not -> safety-related communication by means of -> safety message frames. Fail-safe signal modules of S7-300 can be used in standard mode or -> safety mode. Fail-safe modules of ET 200S are designed for safety mode only.
Standard mode
Static Parameter
Static parameters can only be set when the CPU is in STOP mode and cannot be changed by means of SFC (system function) while the user program is running.
T
Thread length Air clearance and creepage distance in air (Air clearance is the shortest distance between two components in air. Creepage distance in air is the shortest distance in air between two conductive parts along the surface of an insulating material)
17-8
Index
1
1oo1 evaluation............................................ 17-1 1oo2 evaluation..................................... 5-2, 17-1 Changes from previous version .................................1-1 Changes in manual ........................................1-1 Channel fault ................................................17-1 Channel number ...........................................17-1 CiR ................................................ 4-1, 9-6, 17-2 Commissioning fail-safe signal modules ..............................2-5 Communication safety-related............................................17-7 Conditions of Use ...........................................8-9 Configuration .........................................4-1, 17-2 distributed...................................................3-1 local ............................................................3-1 redundant ...................................................5-9 Configuration in RUN.............................4-1, 17-2 Configuration variants according to availability ..............................3-4 in safety mode ............................................3-3 in standard mode........................................3-2 Conventions in manual....................................................1-4 CPU permitted .............................................3-2, 3-3 CRC..............................................................17-2 Cross circuit Avoidance.................................................9-59
A
Accessories.................................................. 14-1 Acknowledgment time.................................. 17-1 Actuator ....................................................... 17-1 requirements .............................................. 6-5 Address PROFIsafe .......................................... 5-4, 5-7 Address assignment ...................................... 9-6 Address assignment in standard and safety modes ........................................................ 5-1 Address range permissible................................................. 5-3 Address switch........................................ 5-5, 5-7 for PROFIsafe addresses .......................... 5-7 setting ................................................. 5-6, 5-8 Addresses occupied by useful data ............... 5-2 Addressing of channels in standard mode .................... 5-3 rules .................................................... 5-6, 5-8 AK 4, AK 6 ..................................................... 2-4 Analog input module measured value resolution ....................... 10-3 Analog value representation measured value range ............................. 10-2 Assigning parameters .................................... 4-2 Availability .................................................... 17-1 according to F-I/O ...................................... 3-4 higher......................................................... 4-2
D
Dark Period ...........................................6-7, 17-2 Dark Period Suppression..............................9-79 Data records 0 and 1 diagnostic data .........................................12-1 Degree of protection .....................................8-11 Degree of protection IP 20............................8-11 Diagnostic buffer ............................................7-3 Diagnostic data.............................................12-1 Diagnostic evaluation .....................................7-6 Diagnostic functions .......................................7-6 Diagnostic interrupt ........................................7-7 assigning ....................................................7-7 Diagnostic LEDs.............................................7-7 Diagnostic messages SM 326, DI 24 DC 24V.........................9-30 SM 326, DI 8 NAMUR ...........................9-49 SM 326, DO 10 DC 24V/2A..................9-80 SM 326, DO 8 DC 24V/2A PM .............9-62 SM 336, AI 6 13 Bit ............................10-33 Diagnostic messages and corrective measures....................................................7-7 Diagnostics by LED display ............................7-7 Digital Modules...............................................9-1 Dimension drawing of bus module for safety protector.........................................13-4
B
Basic knowledge requirements .............................................. 1-1
C
Capacitive loads Connecting............................................... 9-70 Category ............................................... 3-4, 17-1 Category 3 and 4 ........................................... 2-4 Causes of errors in SM 326, DI 24 DC 24V..................... 9-31 in SM 326, DI 8 NAMUR....................... 9-50 in SM 326, DO 8 DC 24V/2A PM ......... 9-63 in SM 336, AI 6 13 Bit ........................ 10-34 in the SM 326, DO 10 DC 24V/2A ....... 9-81 Certification .................................................... 1-2
Index-1
Index
Dimension drawing of safety protector......... 13-3 Dimension drawing of signal module ........... 13-1 DIN V 19250 .................................................. 2-4 DIP switch ............................................... 5-5, 5-7 Discrepancy Analysis................. 9-2, 10-32, 17-2 Discrepancy Behavior .................................... 9-2 Discrepancy time ......................................... 17-2 Distributed configuration ................................ 3-1 Documentation additional ................................................... 1-2 Duration of Sensor Signals Requirement for ......................................... 6-6
IM 153 permitted .............................................3-2, 3-3 Increased availability ......................................2-4 Input delay....................................................15-2 Insertion/removal............................................6-4 Installing .........................................................5-9 Interferences pulse-shaped.......................................8-5, 8-6 sinusoidal ...................................................8-6 IP 20 .............................................................8-11 Isolation test .................................................8-11
E
Electromagnetic Compatibility........................ 8-5 EMC............................................................... 8-5 EMC guidelines.............................................. 8-7 EN 954-1........................................................ 2-4 Environmental Requirements......................... 8-9 mechanical................................................. 8-9
L
Light period...................................................17-4 Loads, capacitive Connecting ...............................................9-70 Local configuration .........................................3-1 Logical base address......................................5-5
M
Manual contents......................................................1-4 Measuring sensor analog input module .................................10-8 Module fault..................................................17-4 Module redundancy ......................................17-4 Module starting address .................. 5-1, 5-4, 5-5 Monitoring time.............................................17-4 M-switch (current sinking).............................17-4
F
F Configuration Pack ..................................... 4-1 F_destination_address................................... 5-4 assigning.................................................... 5-7 Fail-safe automation system .......................... 2-2 Fail-safe signal module .................................. 2-2 Fail-Safe Signal Modules in a Zone 2 .......... 8-12 Fail-safe systems ......................................... 17-3 Fault reaction time ....................................... 17-3 Fault reactions ............................................... 7-2 F-CPU.......................................................... 17-3 F-I/O.................................................... 17-3, 17-5 Field of Application......................................... 8-4 F-monitoring time ......................................... 17-3 Front panel connector .................................... 6-3 F-SM .............................................................. 2-2 F-System ....................................................... 2-2 example configuration................................ 2-3 Functional extra-low voltage safe ............................................................ 6-2
N
Namur sensors ...............................................6-5 Nominal line voltages ...................................8-11 Nonequivalent sensor...................................17-4
O
Operation safety of system ....................................................2-1 Order number ........................................1-1, 14-1 Overvoltage protection .................................11-4
G
General Techical Specifications..................... 8-1 Group diagnostics .......................................... 7-5
P
Parameter assignment .................................17-4 Parameter Reassignment in RUN ..................9-6 Parameters.....................................................4-2 Passivation ............................................7-3, 17-4 Channel-granular......................................17-1 Power supplies ...............................................6-3 Process image..............................................17-5 Process safety time ......................................17-5 PROFIBUS ...................................................17-5 PROFIsafe....................................................17-5 address...................................... 5-4, 5-7, 17-5 address assignment ...................................5-7 -Monitoring time........................................17-5 Programming device.....................................17-5 Proof-test interval ................................9-11, 17-5
H
H/F Competence Center ................................ 1-5 Hazardous Areas ......................................... 9-35 Higher availability........................................... 4-2 How to use manual ....................................................... 1-4
I
IEC 1131 ........................................................ 8-4 IEC 61508 ............................................. 2-4, 9-11
Index-2
Index
Protection Class........................................... 8-11 P-switch ....................................................... 17-5 Pulse-Shaped Interference ..................... 8-5, 8-6 Purpose of manual......................................... 1-1
R
Radio interferences emission of................................................. 8-7 Reading out diagnostic messages with STEP 7....................................................... 7-8 Recycling and disposal .................................. 1-4 Redundancy availability-enhancing............................... 17-6 safety-enhancing...................................... 17-6 Redundant Configuration ........................ 5-9, 8-7 Redundant I/O......................................... 2-4, 4-2 Redundant switched I/O........................ 3-4, 17-6 References additional ................................................... 1-2 Reintegration......................................... 7-4, 17-6 Replacing modules ........................................ 6-4 Requirement class ......................... 2-4, 3-4, 17-7 Requirements software ..................................................... 4-1 Response time ............................................. 17-6 fail-safe analog input modules ................. 15-3 fail-safe digital modules ........................... 15-1
S
Safe extra-low voltage ................................... 6-2 Safe state....................................... 2-2, 7-3, 17-6 Safety class ............................................ 2-4, 3-4 Safety function ............................................. 17-6 Safety integrity level.............................. 6-5, 17-7 Safety message frame ................................. 17-7 Safety mode............................2-3, 2-4, 5-7, 17-7 replacing modules............................. 6-4, 11-5 Safety program ............................................ 17-7 Safety protector.............................................. 3-4 block diagram........................................... 11-3 front view ............................................... 11-3 Order No. ................................................. 11-2 set up in ET 200M/S7-300 ....................... 11-4 technical specifications ............................ 11-6 Scope of manual ................................................... 1-1 DIN V VDE 0801 ............................................ 2-4 Sensor ......................................................... 17-7 requirements .............................................. 6-5 Sensor evaluation ........................................ 17-7 Sensor Signal Requirement for Duration........................... 6-6 Sensor Supply internal ..................................................... 9-20 Service........................................................... 1-6 Setting safety mode ................................ 5-5, 5-7 Short-circuit test ........................................... 15-2 Signal module fail-safe ...................................................... 2-2
SIL 2, SIL 3 Requirement classes ..................................2-4 Safety classes ............................................2-4 Single-channel I/O.................................3-4, 17-7 Single-channel switched I/O ..................3-4, 17-8 SM 326, DI 24 DC 24V Applications ..............................................9-10 Causes of Errors and Remedies ..............9-31 Channel numbers .......................................9-8 Connection and block diagram ...................9-9 Diagnostic messages ...............................9-30 External Sensor Supply ..............................9-9 Features .....................................................9-5 Front View ..................................................9-7 internal sensor supply...............................9-20 Order number .............................................9-5 Parameter.................................................9-24 Short Circuit to M and L+..........................9-31 Sinusoidal Interferences .............................8-6 SM 326, DI 8 NAMUR Address Assignment ................................9-36 Applications ..............................................9-41 Causes of Errors and Remedies ..............9-50 Channel numbers .....................................9-38 Connectable Sensors ...............................9-37 Connection and block diagram .................9-37 Diagnostic messages ...............................9-49 Features ...................................................9-35 Front View ................................................9-36 Order number ...........................................9-35 Technical specifications............................9-52 SM 326, DO 10 DC 24V/2A Address Assignment ................................9-71 Applications ..............................................9-73 Causes of Errors and Remedies ..............9-81 Channel Numbers ....................................9-72 Connection and block diagram .................9-72 Diagnostic messages ...............................9-80 Features ...................................................9-68 Front View ................................................9-71 Order Number ..........................................9-68 SM 326, DO 8 DC 24V/2A PM Address Assignment ................................9-55 Applications ..............................................9-57 Causes of Errors and Remedies ..............9-63 Channel numbers .....................................9-56 Connection and block diagram .................9-56 Diagnostic messages ...............................9-62 Front View ................................................9-55 Order number ...........................................9-54 Properties .................................................9-54 Technical specifications............................9-66 SM 336, AI 6 13 Bit ................................10-36 address assignment .................................10-5 applications ............................................10-10 causes of errors and corrective measures............................................10-34 Channel numbers .....................................10-7 connection and block diagram..................10-6 diagnostic messages ..............................10-33 external sensor supply..............................10-7 front view ..................................................10-5 order number............................................10-4 properties .................................................10-4
Index-3
Index
Software requirements................................... 4-1 Standard mode ..................................... 2-3, 17-8 addressing of channels .............................. 5-3 Static parameter........................................... 17-8 STEP 7 .......................................................... 4-1 Substitute value ............................................. 7-2 Substitute value output ........................... 7-2, 7-4 Support .......................................................... 1-6 additional ................................................... 1-5 Switching capacitive loads ........................... 9-70
Training center ...............................................1-5 Transport and storage conditions ...................8-8 TV certificate................................................8-4
U
Underflow .....................................................10-2
V
Vibration .........................................................8-9 Voltages nominal line ..............................................8-11
T
Technical specifications general ....................................................... 8-1 Safety protector........................................ 11-6 SM 326, DI 8 NAMUR........................... 9-52 SM 326, DO 8 DC 24V/2A PM............. 9-66 SM 336, AI 6 13 Bit............................ 10-36 Test Voltages ............................................... 8-11 Thread length...................................... 9-40, 17-8
W
Wire break ....................................................10-2 Wire Chamber .....................................9-35, 9-38 Wiring .............................................................6-3
Index-4
Your Address: Name: Siemens AG A&D AS SM ID Postfach 1963 D-92209 Amberg Telefax: +49(9621)80-3103 mailto:doku@ad.siemens.de Company: Position: Street: Postal code / Place: Email: Phone: Fax:
Your Feedback as regards the S7 Distributed Safety (Version 03/2004)

Dear SIMATIC user, Our goal is to provide you information with a high degree of quality and usability, and to continuously improve the SIMATIC documentation for you. To achieve this goal, we require your feedback and suggestions. Please take a few minutes to fill out this questionnaire and return it to me by Fax, e-mail or by post. We are giving out three presents every month in a raffle among the senders. Which present would you like to have?
SIMATIC Manual Collection Automation Value Card Laser pointer
Dr. Thomas Rubach, Head of Information & Documentation
General Questions
1.
Are you familiar with the SIMATIC Manual Collection?
3.
Do you use Getting Starteds?
yes yes no if yes, which:
no
2.
Have you ever downloaded manuals from the internet?
4.
How much experience do you have with the S7 Distributed Safety?
yes
no
Expert Experienced user Advanced user Beginner
SIMATIC S7 Distributed Safety: feedback for Version 03/2004 A5E00297771-01
Please specify the documents, for which you want to answer the questions below: A: Manual S7 Distributed Safety, Configuring and Programming B: Manual S7-300 Fail-Safe, Signal Modules D: Manual ET 200eco, Distributed I/O Fail-Safe I/O Module E: System Description Safety Engineering in SIMATIC S7
C: Manual ET 200S, Distributed I/O System Fail-Safe Modules
1.
In which project phase do you use this document frequently? Information Planning Configuration Assembly
Were able to find the required information? yes which was not: no
Commissioning Maintenance & Service others:
4.
What is the scope of the information? Just right Not enough - which topic:
Programming
2.
Finding the required information in the document: Too detailed which topic: How quickly can you find the desired information in the document? immediately after a brief search not at all after a long search if no, which was not: 5. Is the information easy to understand (texts, figures, tables)? yes no
Which search method do you prefer? Table of contents Full-text search Index others: 6. Are examples important to you? no, of less importance
Which supplements/improvements would you like in order to help you find the required information quickly?
yes, important were the examples enough? yes if no, on which topic: no
3.
Your judgement of the document as regards content. How satisfied are you with this document Totally satisfied Very satisfied Satisfied not very satisfied not satisfied 7. What are your suggestions as regards the contents of the document?
Thank you for your cooperation

SIMATIC S7 Distributed Safety: feedback for Version 03/2004 A5E00297771-01

S7-300 - Fail-Safe Signal Modules

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

S7-300 - Fail-Safe Signal Modules

Încărcat de

Drepturi de autor:

Formate disponibile

s

SIMATIC Automation System S7-300 Fail-Safe Signal Modules

Configuration Options ................................................................................................... 3-1

Wiring .............................................................................................................................. 6-1 6.1 6.2 6.3 6.4 6.5

Fail-Safe Signal Modules A5E00085586-05

Fail-Safe Signal Modules A5E00085586-05

9.5.3 9.5.4 9.5.5 9.6 9.6.1 9.6.2 9.6.3 9.6.4

Fail-Safe Signal Modules A5E00085586-05

Fail-Safe Signal Modules A5E00085586-05

Purpose of the Manual

Scope of the Manual

Fail-Safe Signal Modules A5E00085586-05

Certification Mark for Australia (C-Tick Mark)

Position in the Information Landscape

Fail-Safe Signal Modules A5E00085586-05

Documentation Safety Engineering in SIMATIC S7 system description

For integration in the S7 F/FH fail-safe systems

For integration in the S7 Distributed Safety fail-safe system

Fail-Safe Signal Modules A5E00085586-05

Documentation STEP 7 manuals

STEP 7 online help PCS 7 manuals

The entire SIMATIC S7 documentation is available on CD-ROM.

How to Use this Documentation

Recycling and Disposal

Fail-Safe Signal Modules A5E00085586-05

Fail-Safe Signal Modules A5E00085586-05

A&D Technical Support

Nuremberg Johnson City Beijing P ki

Worldwide (Nuernberg) Technical Support

Europe / Africa (Nuernberg) Authorization

United States (Johnson City) Technical Support and Authorization

Asia / Australia (Beijing) Technical Support and Authorization

Fail-Safe Signal Modules A5E00085586-05

Service & Support on the Internet

Fail-Safe Signal Modules A5E00085586-05

Fail-Safe Signal Modules A5E00085586-05

Important Note for Maintaining Operational Safety of Your System

SIMATIC S7-300 SIMATIC S7-400 Distributed I/O SIMATIC Industrial Software

Select the "Add" check box for each newsletter.

Fail-Safe Signal Modules A5E00085586-05

Using Fail-Safe Signal Modules

What is a Fail-Safe Automation System?

What Are Fail-Safe Signal Modules?

What Fail-Safe Signal Modules Are Available?

Possible Use of Fail-Safe Signal Modules

Fail-Safe Signal Modules A5E00085586-05

F-System with Fail-Safe Signal Modules

S7-300 with CPU 315F-2 DP

Fail-safe Signal Modules Fail-safe Signal Modules ET 200M Fail-safe Modules

Use in Standard Mode

Use in Safety Mode

Fail-Safe Signal Modules A5E00085586-05

Achievable Safety Classes

Increased Availability in Standard Mode and Safety Mode

Fail-Safe Signal Modules A5E00085586-05

Guide to Commissioning Fail-Safe Signal Modules

Sequence of Steps from Selecting to Commissioning F-SMs

If commissioning was not successful, you must perform diagnostics

Fail-Safe Signal Modules A5E00085586-05

Fail-Safe Signal Modules A5E00085586-05

Local and Distributed Configuration

Fail-Safe Signal Modules A5E00085586-05

Configuration with F-SMs in Standard Mode