Fault reaction and diagnostics
6.1 Fault reactions of the F-SMs
Fail-safe signal modules
52 Installation and Operating Manual, 01/2010, A5E00085586-10
6.1.2 Reactions to Faults in Safety Mode
Safe state (safety concept)
The safety concept is based on the existence of a safe state at all process variables.
Note
For digital signal modules, this safe state is the value "0". This applies to sensors and
actuators.
Fault reactions and startup of the F-System
The safety function requires the use of fail-safe values (safe state) instead of process values
for a fail-safe signal module (passivation of fail-safe signal module) in the following cases:
● during startup of the F-system
● when errors in safety-oriented communication between the F-CPU and F-SM are
detected by means of the PROFIsafe safety protocol (communication error)
● when F-I/O or channel faults are detected, for example, wire break, short-circuit, or
discrepancy error
Faults are logged to the diagnostic buffers of the F-SM and of the CPU, and reported to the
safety program in the F-CPU.
WARNING
When assigning parameters for the F-SMs listed below in the object properties for the F-SM
in
HW Config
, do not forget to enable group diagnostics for each channel for the response
to channel errors, (refer to the corresponding chapters
Digital modules
and
Analog module
):
SM 326; DI 8 x NAMUR
SM 326; DO 10 x DC 24V/2A
SM 336; AI 6 x 13Bit
Output of fail-safe values for fail-safe signal modules
When fail-safe input modules are passivated, the F-System returns fail-safe values instead
of the process values set at the fail-safe inputs to the user program:
● In
S7 Distributed Safety
F-systems: Fail-safe value "0" is always output for fail-safe digital
input and analog input modules.
● In
S7 F/FH Systems
F-systems: Fail-safe value "0" is returned to the fail-safe digital input
modules. You can assign the fail-safe value in the safety program (in the F-channel
driver) for fail-safe analog input modules.
When fail-safe output modules are passivated, the F-system returns fail-safe value "0" to the
fail-safe outputs instead of the output values provided by the safety program. The output
channels are powered down. This also applies when the F-CPU goes into STOP. You assign
the fail-safe values.
Fail-safe values are used only for the affected channel or for all channels of the relevant fail-
safe signal module, depending on the configuration and the type of fault (F-I/O fault, channel
fault, or communication error).
To Next Page
Loading...
