Failure scenario
① Primary CPU (CPU 1518HF-4 PN) → Data corruption in the safety program due to incorrect pro
gramming
② Backup CPU (CPU 1518HF-4 PN)
③ Two fiber-optic cables (redundancy connections)
④ IO device ET 200SP
⑤ IO device ET 200MP
⑥ ET 200MP IO device with fail-safe modules
⑦ ET 200SP IO device with fail-safe modules
⑧ PROFINET cables (PROFINET ring)
Figure 5-44Failure of the redundant system through safe state of the 1518HF-4 PN CPUs
Sequence of events
1.
Data corruption in the safety program of the primary CPU occurs due to incorrect
programming (DIV instruction = 0 if enable output ENO is not connected).
2.
The error response state switches all fail-safe inputs/outputs to the safe state. The HF-
system then switches to STOP system state.
3.
System redundancy has failed. The process is no longer controlled by the redundant
system.
141
Application planning
5.5 Failure scenarios
S7-1500R/H redundant system
System Manual, 11/2022, A5E41814787-AD
To Next Page
Loading...
