Safety Getting Started en-US

7/22/2019 Safety Getting Started en-US

1/46

SIMATIC Safety - Getting Started ______________________________________

___________________

___________________

___________________

___________________

SIMATIC Safety - Getting Started

Getting Started

08/2011A5E02714463-01

Introduction to example 1

Configuring 2

Programming 3

Setting up access protection A

Modifying the safety program B

Typical configuring andprogramming errors and theircauses C


2/46

Legal informationLegal informationWarning notice system

This manual contains notices you have to observe in order to ensure your personal safety, as well as to preventdamage to property. The notices referring to your personal safety are highlighted in the manual by a safety alertsymbol, notices referring only to property damage have no safety alert symbol. These notices shown below aregraded according to the degree of danger.

DANGERindicates that death or severe personal injury willresult if proper precautions are not taken.

WARNINGindicates that death or severe personal injury mayresult if proper precautions are not taken.

CAUTIONwith a safety alert symbol, indicates that minor personal injury can result if proper precautions are not taken.

CAUTIONwithout a safety alert symbol, indicates that property damage can result if proper precautions are not taken.

NOTICEindicates that an unintended result or situation can occur if the relevant information is not taken into account.

If more than one degree of danger is present, the warning notice representing the highest degree of danger willbe used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating toproperty damage.

Qualified PersonnelThe product/system described in this documentation may be operated only by personnel qualifiedfor the specifictask in accordance with the relevant documentation, in particular its warning notices and safety instructions.Qualified personnel are those who, based on their training and experience, are capable of identifying risks andavoiding potential hazards when working with these products/systems.

Proper use of Siemens productsNote the following:

WARNINGSiemens products may only be used for the applications described in the catalog and in the relevant technicaldocumentation. If products and components from other manufacturers are used, these must be recommendedor approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation andmaintenance are required to ensure that the products operate safely and without any problems. The permissibleambient conditions must be complied with. The information in the relevant documentation must be observed.

TrademarksAll names identified by are registered trademarks of Siemens AG. The remaining trademarks in this publicationmay be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of LiabilityWe have reviewed the contents of this publication to ensure consistency with the hardware and softwaredescribed. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, theinformation in this publication is reviewed regularly and any necessary corrections are included in subsequenteditions.

Siemens AGIndustry SectorPostfach 48 48

90026 NRNBERGGERMANY

A5E02714463-01 08/2011

Copyright Siemens AG 2011.Technical data subject to change


3/46


Getting Started, 08/2011, A5E02714463-01 3

Table of contents

1 Introduction to example ............................................................................................................................. 51.1 Requirements for configuring and programming ...........................................................................5

1.2 Example Structure and Task Definition .........................................................................................7

1.3 Procedure.......................................................................................................................................8

2 Configuring .............................................................................................................................................. 112.1 Introduction ..................................................................................................................................11

2.2 Step 1: Configuring the CPU 315F-2 PN/DP...............................................................................122.3 Step 2: Configuring an ET 200S distributed I/O system on a PROFINET subnet.......................13

2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, positionswitches, and the laser scanner...................................................................................................14

2.5 Step 4: Configuring an F-DO module for connecting a motor .....................................................17

2.6 Step 5: Configuring a standard DI module for user acknowledgement, feedback circuit,and start pushbutton ....................................................................................................................18

2.7 Summary: Configuring the Hardware ..........................................................................................18

3 Programming ........................................................................................................................................... 193.1 Introduction ..................................................................................................................................193.2 Step 6: Specifying the centralized settings for the safety program..............................................21

3.3 Step 7: Creating an F-FB .............................................................................................................23

3.4 Step 8: Programming the safety door function ............................................................................24

3.5 Step 9: Programming the emergency stop function.....................................................................26

3.6 Step 10: Programming the feedback monitoring .........................................................................28

3.7 Step 11: Programming the user acknowledgment for reintegration of the F-I/O .........................30

3.8 Step 12: Programming of the main safety block ..........................................................................31

3.9 Step 13: Compiling the safety program .......................................................................................323.10 Step 14: Assigning device names................................................................................................34

3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safetymode ............................................................................................................................................35

A Setting up access protection.................................................................................................................... 39B Modifying the safety program................................................................................................................... 41C Typical configuring and programming errors and their causes................................................................. 45


4/46

Table of contents


4 Getting Started, 08/2011, A5E02714463-01


5/46



Introduction to example 11.1 Requirements for configuring and programmingIntroduction

These instructions will guide you step-by-step through a specific example for configuring andprogramming with STEP 7 Safety Advanced V11.

You will become acquainted with the basic functions and special features of STEP 7Safety Advanced V11.

It should take one or two hours to work through this example, depending on your experience.

Requirements for the exampleThe following requirements must be met:

Adobe Reader Version 9 or higher is required for the multi-media content. In order to understand these Getting Started instructions, you need general knowledge of

automation technology. You also need to be familiar with STEP 7 Professional V11.

You need an S7-300 station consisting of: Power supply (PS) with 2 A CPU 315F-2 PN/DP with inserted SIMATIC Micro Memory Card ET 200S distributed I/O system with:

- Interface module IM 151-3 PN HIGH FEATURE

- Power module PM-E DC24V

- Terminal modules, e.g., TM-E30S44-01, TM-E30C44-01

- ET 200S fail-safe digital input module 4/8 F-DI DC24V

- ET 200S fail-safe digital output module 4 F-DO DC24V/2A

- Digital electronic module 4DI DC24V ST- Termination module

Laser scanner The following software packages must be correctly installed on your programming device

or PC with Ethernet interface:

STEP 7 Professional V11 STEP 7 Safety Advanced V11


6/46

Introduction to example

1.1 Requirements for configuring and programming



If you do not have any hardware components available, you can also use the optionalpackage S7-PLCSIM (hardware simulation program) V5.4 SP4 or higher. This optionalpackage will enable you to simulate the hardware components as described in theseGetting Started instructions.

The programming device or PC must be connected to the F-CPU via the PROFINETinterface.

The hardware must be fully installed and wired. Instructions for this can be found in theET 200S Distributed I/O System; Fail-Safe Modules(http://support.automation.siemens.com/WW/view/en/34474892) manual.

The installation and wiring of the CPU 315F-2 DP/PN is described in the S7-300Automation System, Getting Started Collection(http://support.automation.siemens.com/WW/view/en/49368678/134200) manual.

WARNINGAs a component in plants and systems, the S7-300 is subject to specific standards andregulations depending on the area of application. Please note the applicable safety andaccident prevention regulations, e.g., IEC 60204-1 (General Requirements for Safety ofMachinery).

The example in these Getting Started instructions serves as an introduction to configuringand programming of STEP 7 Safety Advanced V11. It does not lead to actual live operationin every case. Before you do this, it is essential that you refer to the current version of the"SIMATIC Safety - Configuring and Programming(http://support.automation.siemens.com/WW/view/en/49368678)" manual. The warningsand other notes contained in that manual must be heeded at all times even if they are notrepeated in this document!

Serious injury and damage to machines and equipment may result if these regulations areignored.
http://support.automation.siemens.com/WW/view/en/34474892http://support.automation.siemens.com/WW/view/en/48077635http://support.automation.siemens.com/WW/view/en/49368678/133300http://support.automation.siemens.com/WW/view/en/49368678/133300http://support.automation.siemens.com/WW/view/en/48077635http://support.automation.siemens.com/WW/view/en/34474892


7/46


1.2 Example Structure and Task Definition



1.2 Example Structure and Task DefinitionProduction cell with access protection

4

3

2

1

Emergency Stop Laser scanner

Safety door Control panel with start and acknowledgement pushbuttons

The entry to the production area is monitored with a laser scanner. The service area issecured by a safety door.

Entering the production area or opening the safety door results in a stop or shutdown of theproduction cell similar to an emergency stop.

The system can only be started when the emergency stop is cancelled, the safety door isclosed, and the laser scanner detects no one in the protected area. On-site useracknowledgment is required to restart production after the emergency stop has beenactivated or the safety door has been opened.


8/46


1.3 Procedure



1.3 ProcedureThe example in these Getting Started instructions consists of the following chapters:

ConfiguringYou configure:

An ET 200S fail-safe digital input module for connecting an emergency stop switch, theposition switches for monitoring a safety door, and the laser scanner for monitoring theentry area.

An ET 200S fail-safe digital output module for connecting a motor. An ET 200S standard electronic module for user acknowledgment, feedback loop, and

start pushbutton.

The configuration is described in the "Configuring(Page 11)" chapter.

ProgrammingOnce the configuration is successfully completed, you can program your safety program.

In our example, a fail-safe block is programmed with an emergency stop, a safety doorfunction, a feedback loop (as restart protection when there is an incorrect load), and a useracknowledgment for reintegration. The block is then compiled to form a safety program.

The programming is described in the "Programming(Page 19)" chapter.

Installation on PROFINET IO


9/46


1.3 Procedure



Wiring overview for ET 200SThis interactive graphic gives you the opportunity to become familiar with how the example

functions in this Getting Started. To do so, move your cursor over the operator controlelements.


10/46


1.3 Procedure




11/46



Configuring 22.1 IntroductionIntroduction

WARNINGYou may come into contact with live electrical wires connected to the mains power supply.

Only wire the S7-300 and ET 200S when they are disconnected from the mains powersupply.

The installation and wiring of the CPU 315F-2 PN/DP is described in S7-300 AutomationSystem, Getting Started Collection(http://support.automation.siemens.com/WW/view/en/49368678/134200).

Configuring the HardwareIn STEP 7 Professionalyou configure:

A CPU 315F-2 PN/DP An ET 200S distributed I/O system consisting of:

An interface module IM151-3 PN HIGH FEATURE An ET 200S fail-safe digital input module for connecting an emergency stop switch

and position switches for monitoring a safety door and the laser scanner

An ET 200S fail-safe digital output module for connecting a motor An ET 200S standard digital electronic module for user acknowledgment, feedback

loop, and start pushbutton
http://support.automation.siemens.com/WW/view/en/48077635http://support.automation.siemens.com/WW/view/en/48077635


12/46

Configuring

2.2 Step 1: Configuring the CPU 315F-2 PN/DP



2.2 Step 1: Configuring the CPU 315F-2 PN/DPIntroduction

In this step, you create a new project, add an F-CPU, and assign parameters for it.

Procedure

1. In the portal view of STEP 7 Professional V11, create a new project named"S7_Safety_V11_GS"

2. Use "Add new device" to add a CPU 315F-2 PN/DP.Result:The device view containing the CPU 315F-2 PN/DP opens.

3. Change to the "F-parameter" area.Here, you can change the following parameters or accept the default setting:

"Basis for PROFIsafe addresses" "Default F-monitoring time for F-I/O of this interface"

4. Leave the default values unchanged for this example.

ResultThe new project has been created and the F-CPU has been configured.


13/46

Configuring

2.3 Step 2: Configuring an ET 200S distributed I/O system on a PROFINET subnet



2.3 Step 2: Configuring an ET 200S distributed I/O system on aPROFINET subnet

IntroductionIn this step, you configure the interface module for the ET 200S distributed I/O system and aPROFINET subnet.

Procedure

1. In the project view, click the "Network view" tab.2. In the hardware catalog, enter "IM151-3 PN HF" in the search field, and start the search.3. Drag the module with order number 6ES7151-3BA23-0AB0 from the search results to the

graphical area of the network view.

4. While holding the mouse button down, drag a line from the PROFINET interface of theIM151-3 PN HIGH FEATURE to the green PROFINET interface of the F-CPU to create aPROFINET connection.

Result:A PROFINET subnet between the F-CPU and the IM151-3 PN HIGH FEATURE iscreated automatically.

5. In the graphics work area of the network view, double-click the IM151-3 PN HIGHFEATURE.

Result:The IM151-3 PN HIGH FEATRUE is opened in the device view.6. Use drag-and-drop to add a PM-E DC24V power module from the hardware catalog to

slot 1.


14/46

Configuring

2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position switches, and the

laser scanner



ResultThe configuration of the interface module for the ET 200S distributed I/O system and thePROFINET subnet is now complete.

2.4 Step 3: Configuring an F-DI module for connecting an emergencystop switch, position switches, and the laser scanner

IntroductionIn this step, you configure an F-DI module for connecting an emergency stop switch, the

position switches for monitoring a safety door, and the laser scanner for monitoring the entryarea.

Procedure1. In the device view of the ET 200S, use drag-and-drop to add a 4/8 F-DI DC24V

PROFIsafe digital electronic module from the hardware catalog to slot 2.

2. Choose the "I/O addresses" area.Leave the default addresses unchanged at "0" for this example.

3. Change to the "F-parameter" area. Here, you can change the following parameters orapply the default settings: "F-destination address" "F-monitoring time" "Behavior after channel faults" "F-I/O DB-name"The PROFIsafe addresses must be unique network-wide and station-wide. Theaddresses are assigned automatically to prevent parameter assignment errors.

NoteThe PROFIsafe destination address must be set via a DIP switch on the F-module.


15/46

Configuring

2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position switches, and the laser scanne



A valid current safety message frame must be received from the F-CPU within the F-

monitoring time. Otherwise, the F-module goes to safe state.

The F-monitoring time must be set high enough that message frame delays are toleratedand, at the same time, low enough that the process can react as quickly as possible

when a fault occurs and run without impairment. The Excel file for calculating response

times serves an aid in calculating this time. You can find this file in Internet

(http://support.automation.siemens.com/WW/view/en/49368678/133100).

By default, the F-monitoring time is taken from the "Default F-monitoring time for F-I/O of

this interface" parameter of the F-CPU.

Leave the settings unchanged for the F-parameters for this example.

4. Switch to the "DI parameter" area.Deactivate the "Short-circuit test" parameter.

5. In this example, a two-channel emergency stop switch (emergency stop) will beconnected to channels 0 and 4.

Enter the settings as shown in the following figure:

6. In this example, the position switches for monitoring a two-channel safety door will beconnected to channels 1 and 5.

Make the settings as shown in the following figure:
http://support.automation.siemens.com/WW/view/en/49368678/133100http://support.automation.siemens.com/WW/view/en/49368678/133100http://support.automation.siemens.com/WW/view/en/49368678/133100


16/46

Configuring

2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position switches, and the

laser scanner



7. In this example, the laser scanner for monitoring the accessible entry area will beconnected to channels 2 and 6.

Make the settings as shown in the following figure:

8. Disable the unused DI channels 3 and 7 by clearing the "Activated" check box.

ResultThe configuration of the F-input module is now complete.


17/46

Configuring

2.5 Step 4: Configuring an F-DO module for connecting a motor



2.5 Step 4: Configuring an F-DO module for connecting a motorIntroduction

In this step, you configure an F-DO module for indirect connection of a motor to channel 0via 2 contactors.

Procedure1. In the device view of the ET 200S, use drag-and-drop to add a 4 F-DO DC24V/2A

PROFIsafe digital electronic module from the hardware catalog to slot 3.

2. Select the "Input/output addresses" tab.Leave the default addresses unchanged at "6" for this example.

3. Change to the "F-parameter" area. Here, you can change the following parameters oraccept the default settings:

"F-destination address" "F-monitoring time"Leave the settings unchanged for the F-parameters for this example.

NoteThe PROFIsafe destination address must be set via a DIP switch on the F-module.

4.

Change to the "DO parameter" area. Here, you can change channel-specific parametersor apply the default settings.

Enter the settings for the example as shown in the following figure:

5. Disable the unused DO channels 1, 2, and 3 by clearing the "Activated" check box.Result

The configuration of the F-output module is now complete.


18/46

Configuring

2.6 Step 5: Configuring a standard DI module for user acknowledgement, feedback circuit, and start pushbutton



2.6 Step 5: Configuring a standard DI module for useracknowledgement, feedback circuit, and start pushbutton

IntroductionIn this step, you assign parameters of a standard 4DI module for the non-fail-safe signals(user acknowledgement, feedback loop, and start pushbutton).

Procedure1. Use drag-and-drop to add a 4DI DC24V ST digital electronic module from the hardware

catalog to slot 4.

2. Assign the input address of the standard DI module to "11" for this example.

ResultThe configuration of the electronic module 4DI DC24V ST is now complete.

2.7 Summary: Configuring the HardwareSummary:

So far, you have configured the following according to the task definition for the example:

The CPU 315F-2 PN/DP ET 200S distributed I/O system with:

Interface module IM151-3 PN HIGH FEATURE ET 200S fail-safe digital input module for connecting an emergency stop switch,

position switches for monitoring a safety door, and the laser scanner for monitoring theaccessible production area.

- Start addresses of the output and input data areas: both 0- Channels 0 and 4 for emergency stop

- Channels 1 and 5 for safety door position switches- Channels 2 and 6 for the laser scanner

An ET 200S fail-safe digital output module for connecting a motor- Start addresses of the output and input data areas: both 6- Channel 0 for indirect switching of a motor via 2 contactors

An ET 200S standard digital electronic module for user acknowledgment, feedbackloop, and start pushbutton

- Start address: 11

You can now continue with programming the safety program.


19/46



Programming 33.1 IntroductionIntroduction

In this example, a fail-safe block (F-FB) will be programmed with a safety door function, anemergency stop function (safety circuit for switch-off in case of emergency stop, open safetydoor, or someone entering the protected area monitored by the laser scanner), a feedbackcircuit (as protection against reclosing in case of faulty load), and a user acknowledgement

for reintegration. The programmed F-FB will then be compiled to form a safety program anddownloaded to the F-CPU.

F-I/O data blocksDuring compilation, an F-I/O DB is automatically generated for each F-I/O, and a name isentered for it in the block interface in the same time. The F-I/O DBs generated for theexample I/O are located in the "Program blocks" folder.


20/46

Programming

3.1 Introduction



The name of the F-I/O DB is formed from the fixed prefix "F", the start address of the F-I/O,the names entered in the properties for the F-I/O in the hardware and network editor, and theDB number.

Symbolic namesin this example: "F00000_4/8 F DI DC24V [DB512]": fail-safe digital input module 4/8 F-DI DC24V

PROFIsafe

"F00006_4 F DO DC24V 2A [DB513]": Fail-safe digital output module 4 F-DO DC24V/2APROFIsafe

You can access the tags of the F-I/O DB with a fully qualified DB access (that is, byspecifying the name of the F-I/O DB and by specifying the name of the tag).

F-shared DBThe F-shared DB (F_GLOBDB) is a fail-safe data block that is automatically inserted whenthe F-CPU is inserted and contains all of the shared data of the safety program andadditional information needed by the F-system.

ProgrammingYou can program the safety program in LAD and FBD. In so doing, the instructions, datatypes, and operand areas you can use are subject to certain restrictions (see the "Overviewof programming" chapter of the "SIMATIC Safety, Configuring and Programming(http://support.automation.siemens.com/WW/view/en/49368678)" manual).

The FBD programming language is used in this example.

NotePreconnection of enable input EN or evaluation of enable output ENO is not possible.

If you require the Boolean constants "0" and "1" in your safety program to assign parametersduring block calls, you can access the "VKE0" and "VKE1" tags in the F-shared DB using afully qualified DB access ("F_GLOBDB".VKE0 or "F_GLOBDB".VKE1).

NoteFail-safe signals are shown in yellow in the LAD/FBD Editor.

NoteNote the rules for the program structure in the "Specify F-runtime groups" chapter of the"SIMATIC Safety - Configuring and Programming(http://support.automation.siemens.com/WW/view/en/49368678)" manual.
http://support.automation.siemens.com/WW/view/en/49368678/133300http://support.automation.siemens.com/WW/view/en/49368678/133300http://support.automation.siemens.com/WW/view/en/49368678/133300http://support.automation.siemens.com/WW/view/en/49368678/133300


21/46

Programming

3.2 Step 6: Specifying the centralized settings for the safety program



3.2 Step 6: Specifying the centralized settings for the safety programIntroduction

The first step in programming of the safety program is the main safety block. The main safetyblock is an F-FC or F-FB (with instance DB), that when called from a standard block(recommendation: cyclic interrupt OB 35) becomes the main safety block. When this block iscompiled, additional instructions are added that call the remaining F-blocks of the safetyprogram.

You must assign the main safety block to an F-runtime group in order for it to be identified assuch.

When the F-CPU is inserted, an F-runtime group and the associated main safety block werecreated by default and assigned to the F-runtime group.

The cyclic interrupt OB (CYC_INT5 [OB35]) calls the main safety block (Main_Safety [FB1])by default. The F-blocks created by the user are called from the main safety block. You canchange the calling block and the called block at any time.

After the safety program is executed, the standard user program will resume.

Opening the Safety dministration Editor1. In the project tree of the F-CPU, double-click on "Safety Administration".

Result:The Safety Administration Editoropens.You make central settings for the safety program in the Safety Administration Editor.

2. In the area navigation of the Safety Administration Editors, switch to "F-runtime group".The F-runtime group created automatically when the F-CPU was created and the associatedmain safety block are displayed.

Leave the preset blocks for this example.

For additional information on the Safety Administration Editor, refer to the "SIMATIC Safety -Configuring and Programming(http://support.automation.siemens.com/WW/view/en/49368678)" manual.

Numbering ranges of F-system blocksWhen the safety program is compiled, F-blocks are automatically added in order to generatean executable safety program.

By default, the system automatically manages the numbering range, which is displayed inthe Safety Administration Editorunder "Settings".

Keep the preassigned settings for this example.
http://support.automation.siemens.com/WW/view/en/49368678/133300http://support.automation.siemens.com/WW/view/en/49368678/133300


22/46

Programming

3.2 Step 6: Specifying the centralized settings for the safety program



Specifying inputs and outputs for the safety programAfter configuring the hardware as described in Steps 1 to 5, the following fail-safe I/O DBs

are available for programming the example:

Configured hardware Startaddress

Symbolic name

Fail-safe digital input module 4/8 F-DI DC24V PROFIsafe 0 F00000_4/8 F DI DC24V [DB512]

Fail-safe digital output module 4 F-DO DC24V/2A PROFIsafe 6 F00006_4 F DO DC24V 2A [DB513]

Assign the following symbolic names for the fail-safe inputs and outputs:

Inputs and outputs in the safety program Symbolic nameI0.0 for emergency stop ESTOP

I0.1 for safety door position switch Safety_Door_SW1

I0.5 for safety door position switch Safety_Door_SW2

I0.2 for laser scanner Laserscanner

Q6.0 for motor starter Motor

I11.0 for acknowledgment Quit

I11.1 for feedback loop Feedback

I11.2 for start pushbutton START

M10.0 for operational switching Standard_Program_On_Off


23/46

Programming

3.3 Step 7: Creating an F-FB



3.3 Step 7: Creating an F-FBIntroduction

In this step, you create an F-FB in which you program the safety functions for this example inthe next steps.

Procedure

1. Insert an F-FB. Go to the "Program blocks" folder of the F-CPU and double-click "Addnew block".

The "Add new block" dialog opens.

2. Under "Name" enter "Safety_Interlock" for the name of the F-FB.3. Click the "Function block" button on the left.4. Under "Number" choose the "Manual" option, and enter 100.5. Choose "FBD" as the language for the F-FB.6. Close the dialog box with "OK"

ResultThe F-FB "Safety_Interlock" is created in the "Program blocks" folder and opensautomatically in the LAD/FBD Editor.

You can now continue with programming the safety functions in the next step.


24/46

Programming

3.4 Step 8: Programming the safety door function



3.4 Step 8: Programming the safety door functionIntroduction

In this step, you program the safety door function for this example.

Procedure

1. Create the following static tag of data type BOOL in the interface of the "Safety_Interlock"F-FB:

"EN_Safety_Door" (Enable safety door)2. Insert the "SFDOOR" instruction from the "Safety functions" subfolder of the "Instructions"

task card.

3. Click "OK" to confirm the "Call options" dialog.4. Initialize the inputs and outputs with parameters as described in the table below.

ResultThe programming of the safety door function is now complete.


25/46

Programming

3.4 Step 8: Programming the safety door function



Parameter assignment of the SFDOOR instructionInputs/outputs Parameter Data type Description Default"Safety_Door_SW1" IN1 BOOL Input 1 FALSE

"Safety_Door_SW2" IN2 BOOL Input 2 FALSE

"F00006_4/8 F-DIDC24V_1".QBAD_I_01

QBAD_ IN1 BOOL QBAD signal from F-I/O DB of input IN1 * FALSE

"F00006_4/8 F-DIDC24V_1".QBAD_I_05

QBAD_ IN2 BOOL QBAD signal from F-I/O DB of input IN2 * FALSE

TRUE OPEN_NEC BOOL TRUE = Opening required on startup TRUE

TRUE ACK_NEC BOOL TRUE = Acknowledgment required TRUE

"Quit" ACK BOOL User acknowledgement (via pushbutton) FALSE

#EN_Safety_Door Q BOOL Output (Enable safety door) FALSE

ACK_REQ BOOL Acknowledgement prompt FALSE

DIAG BYTE Service information B#16#0

* The two inputs QBAD_IN1 and QBAD_IN2 must be interconnected. In this example, both are interconnected with theQBAD signal of the F-I/O DB of the 4/8 F-DI to which the safety door position switches are connected.


26/46

Programming

3.5 Step 9: Programming the emergency stop function



3.5 Step 9: Programming the emergency stop functionIntroduction

In this step, you program the emergency stop function for this example.

Procedure

1. Create the following static tag of data type BOOL in the interface of the "Safety_Interlock"F-FB:

"EN_Safety" (Enable safety circuit).2. Insert a new network.3. Insert the "AND logic operation" instruction from the "Bit logic operations" subfolder of the

"Instructions" task card.

4. Insert a third input to the "AND logic operation" instruction and initialize the inputs of theinstruction with parameters as described in the table below.

5. Insert the "ESTOP1" instruction from the "Safety functions" subfolder of the "Instructions"task card.

6. Click "OK" to confirm the "Call options" dialog.7. Initialize the inputs and outputs of the instruction with parameters as described in the

table below.

8. Connect the output of the "AND logic operation" instruction to the "ON" input of the"ESTOP1" instruction.


27/46

Programming

3.5 Step 9: Programming the emergency stop function



ResultThe programming of the emergency stop function (shutdown in case of emergency stop,

open safety door, or someone entering the protected area monitored by the laser scanner) isnow complete.

Parameter assignment of the AND logic operation instructionInputs Parameter Data type Description Default"ESTOP" Input 1 BOOL Emergency STOP FALSE

#EN_Safety_Door Input 2 BOOL Enable safety door FALSE

"Laserscanner" Input 3 BOOL Laser scanner FALSE

Parameter assignment of the ESTOP1 instructionInputs/outputs Parameter Data type Description DefaultTRUE ACK_NEC BOOL TRUE = Acknowledgment required TRUE

"Quit" ACK BOOL User acknowledgement (via pushbutton) FALSE

T#0MS TIME_DEL TIME Time delay T#0MS

#EN_Safety Q BOOL Enable safety circuit FALSE

Q_DELAY BOOL Enable is OFF delayed FALSE




28/46

Programming

3.6 Step 10: Programming the feedback monitoring



3.6 Step 10: Programming the feedback monitoringIntroduction

In this step, you program the feedback circuit monitoring for this example.

Procedure

1. Insert a new network.2. Insert the "AND logic operation" instruction from the "Bit logic operations" subfolder of the

"Instructions" task card.

3. Initialize the inputs of the instruction with parameters as described in the table below.4. Insert the "FDBACK" instruction from the "Safety functions" subfolder of the "Instructions"

task card.

5. Click "OK" to confirm the "Call options" dialog.6. Initialize the inputs and outputs of the instruction with parameters as described in the

table below.

7. Connect the output of the "AND logic operation" instruction to the "ON" input of the"FDBACK" instruction.

ResultThe programming of the feedback monitoring is now complete.


29/46

Programming

3.6 Step 10: Programming the feedback monitoring



Parameter assignment of the AND logic operation instructionInputs Parameter Data type Description Default"Standard_Program_On_Off" Input 1 BOOL TRUE = Switch on output FALSE

#EN_Safety Input 2 BOOL Enable safety circuit FALSE

Parameter assignment of the FDBACK instructionInputs/outputs Parameter Data type Description Default"Feedback" FEEDBACK BOOL Readback input FALSE

"F00006_4 F-DoDC24V_1".QBAD

QBAD_FIO BOOL QBAD signal from F-I/O DB of outputQ*

FALSE

TRUE ACK_NEC BOOL TRUE = Acknowledgment required TRUE

"Quit" ACK BOOL User acknowledgement (viapushbutton)

FALSE

T#500MS FDB_TIME TIME Readback time T#0MS

"Motor" Q BOOL Output FALSE

ERROR BOOL Readback error FALSE



* In this example, this is the QBAD signal from the F-I/O DB of the F-DO to which the load (the contactors) is connected.


30/46

Programming

3.7 Step 11: Programming the user acknowledgment for reintegration of the F-I/O



3.7 Step 11: Programming the user acknowledgment for reintegration ofthe F-I/O

IntroductionIn this step, you program the user acknowledgement for reintegration of the F-I/O for thisexample.

ProcedureIn your safety program, you must provide a user acknowledgment for the reintegration for theF-I/O. In order to acknowledge nevertheless in the event of passivated F-I/O, theacknowledgement pushbutton is evaluated using a standard input. In this example, this is the"Quit" input.

You can use the ACK_GL instruction to reintegrate all F-I/O of an F-runtime group.

NoteA user acknowledgment with a positive edge at the ACK_GL instruction is required for areintegration of the F-I/O (i.e., for switching from fail-safe values (0) to process data) after afault is corrected:

After every communication error After F-I/O faults or channel faults when parameter ACK_NEC = 1

1. Insert a new network.2. Insert the "ACK_GL" instruction from the "Safety functions" subfolder of the "Instructions"

task card.

3. Click "OK" to confirm the "Call options" dialog.4. Initialize the input with parameters as described in the table below.


31/46

Programming

3.8 Step 12: Programming of the main safety block



ResultThe programming of the user acknowledgment is now complete.

Parameter assignment of the ACK_GL instructionInput Parameter Data type Description Default"Quit" ACK_GLOB BOOL Acknowledgement for reintegration FALSE

3.8 Step 12: Programming of the main safety blockIntroduction

In this step, you program the main safety block for this example.

Procedure

1. Double-click in the project navigation to open the main safety block "Main_Safety".2. Use drag-and-drop to insert the F-FB "Safety_Interlock" in Network 1 of the main safety

block.

3. Click "OK" to confirm the "Call options" dialog.


32/46

Programming

3.9 Step 13: Compiling the safety program



ResultThe F-FB "Safety_Interlock" will now be called cyclically by the main safety block.

You have now programmed the functionality according to the task definition of the example.You can now proceed with the next steps to compile the safety program, assign devicenames, and download the safety program along with the hardware configuration to the F-CPU.

3.9 Step 13: Compiling the safety programIntroduction

In this step, you compile the hardware configuration and the safety program.A consistency check is performed on the execution-relevant F-blocks when the safetyprogram is compiled, that is, the safety program is checked for errors. Any error messagesare output in an error window. After a successful consistency check, the additionally requiredF-system blocks are generated automatically and added to the F-runtime group in order togenerate an executable safety program.

Procedure

1. Select the F-CPU in the project tree.2. In the shortcut menu for the F-CPU, select "Compile > All".

The safety program is now compiled.


33/46

Programming

3.9 Step 13: Compiling the safety program



ResultIf compilation is successful, the result is always a consistent and executable safety program

comprising all F-blocks with F-attribute. You are notified of this with the message "Safetyprogram is consistent".


34/46

Programming

3.10 Step 14: Assigning device names



3.10 Step 14: Assigning device namesIntroduction

In this step, you assign the F-CPU and the interface module a PROFINET device name.

The PROFINET device names are created automatically by STEP 7 Professional V11; youonly have to assign them.

For additional information on PROFINET IO, refer to the "SIMATIC PROFINET SystemDescription (http://support.automation.siemens.com/WW/view/en/49948856)".

You can find additional information on configuring PROFINET IO in the online help forSTEP 7 Professional V11under "Configurations for PROFINET IO".

Procedure

1. Change to the Network view.2. Connect the PG/PC to the Ethernet subnet via the PROFINET interface.3. In the Network view, select the subnet and choose the "Assign device name" command in

the shortcut menu.

4. In the "Assign PROFINET device name" dialog, select the appropriate PG/PC interface inorder to connect to the Ethernet subnet.

5. All configured PROFINET device names are displayed for selection in the upper drop-down list. Select a PROFINET device name from this list and select the interface modulethat is to receive this device name in the table below. You can filter the devices displayedin the table according to different criteria.

6. You can use the "Flash LED" button to easily identify the device.7. The F-CPU recognizes the interface module using its device name and automatically

assigns the configured IP address to it.
http://support.automation.siemens.com/WW/view/en/49948856http://support.automation.siemens.com/WW/view/en/49948856


35/46

Programming

3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety mode



ResultYou have assigned the device names of the F-CPU and the IM151-3 PN HIGH FEATURE.

3.11 Step 15: Downloading the complete safety program to the F-CPUand activating safety mode

IntroductionIn this step, you download the hardware configuration and the safety program to the F-CPU.

Procedure

1. Select the F-CPU in the project tree.2. In the shortcut menu for the F-CPU, select "Download to device > All". If an online

connection to the F-CPU does not yet exist, you will be prompted to establish thisconnection.

The "Load preview" dialog is displayed.


36/46

Programming




3. Select "Consistent download" in the "Action" column in each case.

NoteIf you are only downloading the F-blocks, the block in which the main safety block iscalled (cyclic interrupt OB 35 in this example) is not downloaded. You must thendownload this OB separately the same way as for a standard program.

NoteTo download the entire safety program, the F-CPU must be in STOP mode.

4. Click the "Load" button.Result:The "Load results" dialog is displayed.

5. Click the "Finish" button.6. In the Safety Administration Editor, check to see if the F-collective signatures of all F-

blocks with F-attribute match online and offline.

If so, the download operation was successful. If not, repeat the download operation.

7. To activate safety mode, switch the F-CPU from STOP to RUN mode.The Safety Administration Editordisplays the current safety mode status in the "General"area under "Safety Mode Status".

NoteOnce a safety program has been created, you must perform a full function test accordingto your automation task (see SIMATIC Safety Configuring and Programming(http://support.automation.siemens.com/WW/view/en/49368678) manual).


37/46

Programming




ResultYou have now finished creating the safety program according to the task definition of the

example.In the following appendices, we show you how easy it is to set up access protection for yoursafety program and the F-CPU. In addition, we show you how you can make changes toyour safety program, download changes to the F-CPU, and assess the consistency of thesafety program.

In this interactive graphic, you have the opportunity to become familiar with the functions youjust programmed. To do so, move your cursor over the operator control elements.


38/46

Programming





39/46



Setting up access protection A

IntroductionIt is essential to provide access protection in production mode for the access to the SIMATICSafety F-system.

No access protection is initially necessary for test purposes, commissioning, etc. That is, youcan execute all offline and online actions without access protection, i.e., without passwordprompt.

For additional information, refer to the "Access protection" chapter in the SIMATIC Safety -Configuring and Programming(http://support.automation.siemens.com/WW/view/en/49368678) manual.

ProcedureTo set up access protection for productive operation, follow these steps:

1. In the area navigation of the Safety Administration Editors, switch to "Access protection".2. Under "Offline safety program protection" click "Set up". Enter the password in the dialog

that appears, and enter it again to confirm.

3. Under "Online F-CPU protection", click the "Go to "Protection" area of the F-CPU" link.Result:You switch to the device view of the F-CPU.

4. Under "Protection", choose the "Write protection for F-blocks" option. Under "Passwordfor write/read access", enter a password. Then enter the password again to confirm.

5. Download the hardware configuration to the F-CPU.

ResultYou can only make changes to the safety program offline if you enter the password fromStep 2.

You cannot overwrite the safety program in the F-CPU until you enter the password fromStep 4.

As the next step, acceptance testing of the system may be necessary for productiveoperation. For additional information regarding acceptance testing, refer to the "Systemacceptance" chapter in the "SIMATIC Safety - Configuring and Programming(http://support.automation.siemens.com/WW/view/en/49368678)" manual.
http://support.automation.siemens.com/WW/view/en/49368678/133300http://support.automation.siemens.com/WW/view/en/49368678/133300http://support.automation.siemens.com/WW/view/en/49368678/133300http://support.automation.siemens.com/WW/view/en/49368678/133300http://support.automation.siemens.com/WW/view/en/49368678/133300


40/46

Setting up access protection




41/46



Modifying the safety program B

IntroductionThis appendix shows you how you can change the safety program and download changes tothe F-CPU.

Procedure1. Modify the example safety program so that no user acknowledgmentis required for an

OSSD (Output Signal Switching Device) signal from the laser scanner.

To do this, program the emergency stop function as shown in the figure.


42/46

Modifying the safety program



NoteChanges to the safety program during operation (in RUN mode) can only be made in

deactivated safety mode. You make the changes to F-blocks offline in the usual way inSTEP 7 Professional. F-blocks cannot be modified online.

See also the "Compiling and commissioning safety program" chapter in the SIMATICSafety - Configuring and Programming manual.

2. Save the F-FB.NoteYou have modified and saved an F-block of the safety program and therefore created aninconsistent safety program. That is, the collective signature of all F-blocks with F-attribute in the block container differs from the collective signature of the safety program.

NoteTo download changes in the safety program in RUN mode, you must deactivate safetymode of the safety program. Safety mode remains deactivated until the F-CPU is nextswitched from STOP to RUN mode.

3. Check to see if "Current mode" in the "General" area of the Safety Administration Editorindicates "Safety mode activated". If so, click "Disable safety mode" and enter thepassword for the safety program.

Result:Another prompt will appear containing the F-collective signature of the safetyprogram in the F-CPU.

4. Confirm the prompt to deactivate safety mode with "OK".Result:Safety mode will be deactivated.

WARNINGDeactivation of safety mode is intended for test purposes, commissioning, etc.Whenever safety mode is deactivated, the safety of the system must be ensured byother organizational measures, such as monitored operation, manual safety shutdown,and access restrictions to certain areas.

5. Right-click the F-FB in the project tree, and choose "Download to device > Software" inthe shortcut menu.Result: The F-FB is downloaded to the F-CPU.

6. Test the changes on the system or by using "Program status online".Once the test has been successfully completed, continue by compiling the safetyprogram.


43/46




7. To apply the changes to the safety program and produce a consistent safety program,you must recompile the safety program. To do so, follow the procedure described in the"Step 13: Compiling the safety program(Page 32)" chapter.

The collective signature of all F-blocks with F-attribute in the block container and thecollective signature of the safety program match; that is, the safety program is consistentand ready for acceptance testing.

8. Right-click the F-CPU in the project tree, and choose "Download to device > Software" inthe shortcut menu.

All F-blocks with F-attribute belonging to the safety program are identified anddownloaded to the F-CPU.

9. Check the "Status" under "Program signature" in the "General" area of the SafetyAdministration Editor. If the symbol is displayed, the online and offline programs areconsistent.

If consistent, the download operation was successful. If not, repeat the downloadoperation.

To activate safety mode, switch the F-CPU from STOP to RUN mode.

NoteAfter creating a safety program, you must carry out a complete function test inaccordance with your automation task.

For changes made to a safety program that has already undergone a complete functiontest, only the changes need to be tested. For additional information, refer to the "Testingsafety program" chapter in the SIMATIC Safety - Configuring and Programming(http://support.automation.siemens.com/WW/view/en/49368678) manual.

ResultYou have now finished adapting the safety program for the modified task.


44/46





45/46



Typical configuring and programming errors and theircauses C

Errors, causes and remedy measuresType Error Possible causesConfiguration error F-blocks cannot be downloaded to the F-CPU. F-CPU parameter "F-activation" was not

activated in the "Fail-safe operation" area.

Configuration error SF LED on the F-module illuminates when the

safety program is not loaded.

The PROFIsafe address set on the DIP switch

does not match the hardware configuration.Configuration error SF-LED on the F-module illuminates and TIMEOUT

error in the DIAG byte of the F-I/O DBMonitoring time of the F-module max. cycletime of the F-runtime group.

Configuration error SF-LED on the F-module illuminates and CRCerror in the DIAG byte of the F-I/O DB

Loaded safety program is not consistent withthe loaded hardware configuration.

Safety program is inconsistent. PIQ/PII of the F-module is being overwritten

by the standard user program.

Configuration error SF-LED on the F-DI module illuminates andmodule signals a short circuit

Sensor connection does not match parameterassignment, for example:

Only one switching contact is connected to achannel with 1oo2 evaluation

A sensor with nonequivalent contacts isconnected to a channel assigned as "two-channel equivalent."

Two switching contacts of a single-channelor two-channel nonequivalent sensor aresupplied via VS1 andVS2


46/46

Typical configuring and programming errors and their causes

Type Error Possible causesProgramming error F-PIQ/PII is not being updated. The main safety block is not being called in the

cyclic OB3x.F-module has been passivated. Evaluate theQBAD and DIAG byte parameters in therespective F-I/O DB.

Programming error F-CPU goes to STOP due to data corruption in thesafety program.

Main safety block is being called more thanonce in the cyclic program.

Operands of F-DBs are being written to inthe standard user program.

Undeclared TEMP variables are being usedin the safety program.

Bit memory that is modified duringprocessing of the main safety block, e.g.,clock memory, is being read-accessed in thesafety program.

Overflow for arithmetic instructions is notchecked.

Safety Getting Started en-US

Documents

Transcript of Safety Getting Started en-US