Siemens Safety Integrated - Failsafe PLCs

kapitel 4

Controllers: Fail-Safe Control Systems (SIMATIC)

4.1 Introduction

4.2 SIMATIC S7-400F/FH

4.3 SIMATIC S7-300F

Fail-safe systems are used whereverthe highest degree of safety must beguaranteed for humans, machines andthe environment. This means thataccidents and damage as a result of a fault must be avoided at all costs.

SIMATIC fail-safe control systemsimmediately go into a safe conditionafter a fault occurs, or they remain in a safe condition. They combine thestandard operating automation andsafety technology in a single system.The safety-related and standard com-munications between the central CPUand the safety-related and standardI/O modules are established throughPROFIBUS DP and the PROFIsafeprofile.

The SIMATIC range has various fail-safe control systems:

SIMATIC S7-400F/FH for largerapplications in the production and process industries

SIMATIC S7-300F for central anddistributed applications with thefocus on production technology and furnace controls

SIMATIC ET 200S PROFIsafe-CPUfor distributed applications with thefocus on production technology

The range of fail-safe control systemshas been expanded by distributed fail-safe I/O modules. The fully harmonizedsystem solution comprises a fail-safeCPU, appropriate F signal modules ofthe distributed ET200 remote I/O, fail-safe F motor starters and specialdrivers which are used to couple othersafety-related field devices.

Communications

The safety-related and standard com-munications between the centralcontroller (CPU) and I/O are establishedvia PROFIBUS DP. The PROFIsafeprofile is characterized by the fact thatthe safety functions are implementedin the safe end terminals, using stan-dard PROFIBUS functions.

The net data of the safety functionand the safety measures are in astandard data telegram. No additionalhardware components are required.Standard communications and safety-related communications therefore use the same hardware platform: The automation and safety technologygrow close together.

PROFIsafe is transferred independent-ly of the data transfer medium, e.g.using copper or fiber-optic cables.

Totally Integrated Automation

The safety technology (Safety Integrat-ed) is a component of Totally Integrat-ed Automation fully integrated withthe safety and standard automation(SIMATIC S7).

Where today, standard automation(classic PLCs) and safety automation(electromechanical systems) areseparate, with these systems, both of these environments are merging to form a unified, integrated overallsystem.

This means that Siemens can clearlypresent itself as a full-line supplier forautomation technology - where thesafety technology is a fully integratedcomponent of the standard automa-tion. This guarantees a high degree ofunification and integration across thecomplete system.

There are some significant advantageswhen compared to conventionalsolutions by integrating the safetytechnology into the standard automa-tion. Machinery construction compa-nies (OEMs, plant builders) as well asplant and system operating companies(end customers) can benefit fromthese advantages.

Advantages

Some basic benefits are obtained dueto the fact that the fail-safe controlsystems essentially comprise standardcomponents and are part of TotallyIntegrated Automation (TIA).

The following table indicates theessential advantages for machineryconstruction OEMs and plant operat-ing companies when using fail-safeSIMATIC control systems.

4/2 Safety Integrated Application Manual Siemens AG

4.1 Introduction

Safety Integrated Application Manual Siemens AG 4/3

444

S7-400F/FH

The SIMATIC S7-400F/FH implementsthe safety-related functions using an F-CPU as well as fail-safe modules forthe distributed ET 200M I/O system.A special library includes basic functionblocks which have been certified bythe German Inspectorate (TV). A func-tion is programmed by interconnectingthe blocks from the F library using CFC.

The S7-400F/FH is based on the fault-tolerant S7-400H. This means thatextremely simple fail-safe systemswith high availability can be configured.

S7-300F

The SIMATIC S7-300F implements the safety-related functions using an F-CPU as well as fail-safe modules,which can be used both in the S7-300as well as in the distributed ET 200Mand ET 200S I/O systems. A speciallibrary includes basic function blockswhich have been certified by the Ger-man Inspectorate (TV). The standardprogramming languages are LAD andFBD.

Fail-safe motor starters with connec-tion to ET 200S ideally complementthe S7-300F in distributed applica-tions.

In the future, the S7-400F will also beable to be connected to the ET 200SPROFIsafe. Not only this, but we willalso extend the existing range by a fail-safe IM 151/F-CPU interface module.

4.2.1 StructureAdvantages For machinery For plant oper- Highlights of the SIMATIC solution construction OEMs ating companies for fail-safe control systems with

distributed peripherals (remote I/O)

Significantly faster X PLCs for standard and safety automation andmounting/installation communications via the standard bus system / commissioning PROFIBUS and PROFIsafe profile instead of

using a dedicated an F-PLC for the fail-safe program with its own separate wiring

Up to 90% less control/safety wiring due to thesafety technology integrated in the ET 200 and the data-related coupling to S7-300F via PROFIsafe (only for S7-300F)

Extremely fast ET 200S installation with the energy bus which establishes itself

Low configuring The STEP7 standard tool is used for programming-and engineering costs X and parameterization and to incorporate programs

of non-safety-relevant systems All of the control functions are configured using

the PLC Pre-configured programming examples for the

safety functions No separate safety relay technology

Simpler, more favorably- X X Function blocks and programming priced acceptance examples certified by the German Inspectorateprocedures (TV) (F library)(Machinery Directive)

Siimipler service/ X X The STEP7 standard tool is used to implement maintenance and software solutions and parameterization insteadconfiguring changes of additional wiring (electromechanical system)

or programming (F-PLC)

Less costs for X Fewer components for the safety functions spare parts inventory (instead of many electromechanical components,

proportional to the complexity of the F functions,there are just a few components, independent of the complexity of the F functions)

The safety-relevant functions of theS7-400F/FH are incorporated in the F range of the CPUs and in the fail-safe signal modules. Further, in addi-tion to the fail-safe modules, standardmodules can also be used in the S7-400F/FH. This means that it ispossible to create a fully integratedcontrol system for a plant where thereare both safety-related and standardareas. The whole plant can be config-ured and programmed using the samestandard tools.

This means that the SIMATIC S7-400F/FH can now be used in automationenvironments which were, up to a fewyears ago, the exclusive domain ofelectromechanical controllers, e.g.automobile shell construction withpresses and robots, burner manage-ment systems, transportation ofpersons on cableways and, last butnot least, process automation.

The S7-400F/FH fulfills the followingsafety requirements:

Safety Requirement Class: SIL 1 to SIL 3 acc. to IEC 61508

Category: 2 to 4 acc. to EN 954-1

Requirement Class: AK 1 to AK 6acc. to DIN V 19250/DIN V VDE 0801

The hardware of the S7-400F/FH isbased on the CPUs of the fault-toler-ance, redundant SIMATIC S7-400Hwhich is supplemented by an F library.This F library contains pre-configuredbasic function blocks which have beenapproved by the German Inspectorate(TV) as well as a parameterizationtool for the fail-safe I/O modules. Inorder to be able to run the S7-400F/FH, the F Copy License needs to be loaded into the CPU.

The CPU checks that the controller isrunning properly by means of regularself-test routines, instruction tests anda program execution test. The resultingsafety functions enable responsetimes from 100 ms upwards, which is completely adequate for most appli-cations in the process industry and formany applications in the manufactur-ing industry with manually actuatedEmergency Stop devices.

The S7-400F/FH also incorporatessafety-related modules for the SIMATIC ET 200M distributed I/Osystem. These fail-safe I/O modulesare parameterized using the parame-terization tool, connected toPROFIBUS and controlled using thenew PROFIsafe PROFIBUS profile for safety-related applications.

At the present time, 4 modules areavailable:

Digital input modules: 24 x 24 V

Digital input modules: 8 x NAMUR

Digital output modules: 10 x 24 V/2 A

Analog input modules: 6 x 13 bit

These modules can diagnose internaland external faults/errors and havecomplete internal redundancy, i.e. out-puts have, for example, a second inte-grated disconnection facility.

Using the Safety Protector fail-safeand standard modules can be usedtogether in one rack.

4.2.1 Introduction

4.2.2 Hardware

Fig. 4/1Fail-safe S7-400F


4.2 SIMATIC S7-400F/FH

444


The S7-400F/FH is programmed inexactly the same way as a standardS7-400. The normal automation func-tions for the cyclic processing level(OB1) are programmed using standardprogramming languages.For CPUs 414-4H and 417-4H, the CFC and SCL Engineering Toolsare required to call blocks from the F library and to interconnect them.

These blocks are called in a time level(OB35) at a parameterizable time inter-val for reproducible disconnectiontimes. The use of CFC makes configur-ing and programming the plant, andthe final acceptance test significantlyeasier.

For programmers, there is a distinctadvantage in the fact that they canconcentrate on configuring the safety-related application. This noticeablyreduces engineering costs,

especially in conjunction with othercomponents, e.g. other programmablecontrollers or control and monitoringdevices.

In the future, the S7-400F with theCPUs 414-4H and 417-4H will also beable to be easily connected to the ET 200S PROFIsafe distributed I/O.

In the immediate future, the CPU 416Fwill be available which will be able tobe programmed, just like the S7-300Fusing the STEP7 languages LAD andFBD.

The S7-400F/FH has two basic config-urations:

Fail-safe S7-400F automation system(refer to Fig. 4/3): When a fault/errordevelops in the control system, theproduction process is brought into asafe condition and interrupted.

Fail-safe and fault-tolerantS7-400FH automation system (refer to Figs. 4/4 and 4/5): When afault/error develops in the controlsystem, redundant control compo-nents are involved and continue tocontrol the production process.

4.2.3 Programming

Fig.4/2 Graphic configuring of the S7-400/FH using the CFC Engineering Tool

4.2.4 Configuration


Fig. 4/3SIMATIC S7-400F with single-channel, single-sided I/O

Single-channel, single-sided distributed I/OET 200 M

S7-400F programmablecontroller

The plant requires a fail-safe controller.Fault tolerance is not required. Thefollowing are needed:

1 CPU 417-4H or CPU 414-4Hwith F Copy License

1 PROFIBUS DP line ET 200M with IM 153-2 Fail-safe signal modules

in a non-redundant design

In the event of a fault, the I/O is nolonger available. The fail-safe signalmodules are passivated.

Comment: This combination alreadyfulfills SIL 3, Cat. 4, AK 6.

Fail-safesignal modules

Fig. 4/4SIMATIC S7-400FH with single-channel switched I/O

The plant requires a fail-safe controller.Fault tolerance is required on the CPUside. The following are needed:

2 CPU 417-4H or CPUs 414-4Hwith F Copy License

2 PROFIBUS DP lines 1 ET 200M with 2 IM 153-2 (redundant) Fail-safe signal modules in a

non-redundant design

If the CPU, IM 153-2 or the PROFIBUS DPline fails, the control is still available. If thefail-safe signal modules or the ET 200Mfails, the I/O is no longer available. The fail-safe modules are passivated.

RedundantDP master systems

RedundantPROFIBUS DP

S7-400FH programmablecontroller

Single-channel, switcheddistributed I/O ET 200Mwith 2 x IM 153-2

Fail-safesignal modules

Fig. 4/5SIMATIC S7-400FH with redundant, switched I/O

The plant requires a fail-safe controller.Fault-tolerance is required on the CPUside and the I/O side. The following areneeded:

2 CPU 417-4H or CPUs 414-4Hwith F Copy License

2 PROFIBUS DP lines 1 ET 200M with 2 IM 153-2

(redundant) Fail-safe signal modules in a

redundant design

The controller is still available even if theCPU, IM 153-2, PROFIBUS DP line, fail-safe signal modules or the ET200M fail.

RedundantDP master systems

RedundantPROFIBUS DP

S7-400FH programmablecontroller

Redundant, switcheddistributed I/O 2 x ET 200Meach with 2 x IM 153-2

Redundantfail-safesignal modules


4444.2.5 Technical data

Main memory

Integral (program/data) 2 Mbyte each 384 Kbyte eachExpandable (program/data) 8 Mbyte each -

Load memory

Integral 256 Kbyte RAM 256 Kbyte RAMexpandable FEPROM up to 64 Mbyte up to 64 Mbyteexpandable RAM up to 64 Mbyte up to 64 Mbyte

FBs/FCs, max. 6144/6144 2048/2048

Data blocks, max. 8191 4095

I/O address range 16/16 Kbyte 8/8 Kbyte

of which, distributed MPI/DP interface 2/2 Kbyte 2/2 Kbyte DP interface 8/8 Kbyte 6/6 Kbyte

Process image (adjustable) 16/16 Kbyte 8/8 Kbyte

Default setting 1024/1024 byte 256/256 byte

Digital channels 131072/131072 65536/65536

of which, centralized 131072/131072 65536/65536

Analog channels 8192/8192 4096/4096

of which, centralized 8192/8192 4096/4096

1st interface

MPI yesDP master yesDP slave noDefault setting MPIIsolated yes

2nd interface

DP master yesDP slave noPoint-to-point noDefault setting DP masterIsolated yes

Programming languages STEP7 V5, from SP1 (LAD, FBD, STL); SCL, CFC, GRAPH, HiGraph

Order No. group 6ES7417-4H... 6ES7414-4H...

CPU CPU 417-4H CPU 414-4H


Number of inputs 24 (single-channel), 12 (two-channel)

Input voltage 24 V DC

Alarms Diagnostics alarm

Order No. group 6ES7326-1BK...

SM 326 F fail-safe digital input module

Number of outputs 10

Output voltage 24 V DC


Output current with 1 signal 2 A per channel

Order No. group 6ES7326-1BF...

SM 326 F fail-safe digital output module

Number of inputs 8 (single-channel)4 (two-channel)

Input voltage in accordance with DIN 19234 or NAMUR


Output current with 1 signal 2 A per channel

Order No. group 6ES7326-1RF...

SM 326 Namur fail-safe Ex input module

F library Approx. 50 certified basic function blocks

F Tool To parameterize fail-safe SMs

Requirements STEP 7 from V5.1 CFC from V5.2 S7-SCL from V5.0 S7 H Systems V5.1 (option for S7-400FH)

Order No. group 6ES7833-1CC...

Option packages for S7 F systems

Number of inputs 6, with voltage measurement max. 4(single-channel), 3/2 (two-channel)


Integration time 20/16.66 ms

Resolution 13 bits + size

Order No. group 6ES7326-1HE...

SM 336 F fail-safe analog input module


444

The fail-safe control system comprisesfail-safe controllers and fail-safe distrib-uted I/O modules. All of these compo-nents communicate throughPROFIBUS DP with the PROFIsafeprofile. The system is programmedusing LAD and FBD.

The new solution with SIMATIC S7-300F and fail-safe SIMATIC ET 200SPROFIsafe signal modules or fail-safeET 200M signal modules has beenspecifically developed for distributedsafety-related applications in the pro-duction environment. Thanks to thefinely scalable F I/O modules, safetytechnology only has to be used whereit is actually required. Even third-partysystems can be easily connected.This solution replaces traditionalelectromechanical components anddistinguishes itself as a result of thefollowing properties and features:

Freely programmable safe linking of sensors with actuators

Selective safe shutdown of actuators

Mixed configuration of F (fail-safe)modules and standard modules inone station

1-bus concept, F signals and stan-dard signals are transferred usingone bus medium (PROFIBUS DP)

The main applications for SIMATICS7-300F are in the following indus-tries:

Automobile industry

Standard machinery construction

Machine tools (in conjunction withSINUMERIK/SIMOTION)

Special machinery construction

Conveyor systems

Logistics (airports, warehouses)

Burner management systems

The S7-300F with the fail-safe ET 200M or ET 200S PROFIsafe I/Omodules fulfill the following require-ments:

IEC/EN 61508 (SIL 1 to SIL 3)

EN 954-1 (Cat. 2 to Cat. 4)

4.3.1 Introduction

4.3 SIMATIC S7-300F

Fig. 4/6SIMATIC S7-300F with fail-safe distributed ET 200S remote PROFIsafe I/Os

All of the field devices are directlyconnected to PROFIBUS. The standardI/O modules are shown in blue andthe safety-related modules in yellow.It is important to note that the motorstarter is also a safety-related device.(details: refer to Page 4/13). ThePROFIsafe safety-related profile isused to communicate via PROFIBUS.

S7-300F with CPU 315F

The CPU 315F-2 DP is based on a standard CPU, whose operatingsystem was expanded by variousprotective mechanisms to permitsafety related user programs to be run.

There are no restrictions when it comes to processing standard programs.

Third-party field devices can bedirectly connected to PROFIBUS using generic drivers.

ET 200S PROFIsafe CPU

The ET 200S PROFIsafe CPU(IM151/F-CPU) can be used to imple-ment distributed safety-related tasks.The PROFIBUS master CPU views thisCPU as slave. Several IM151/F-CPUscan be operated in a PROFIBUS line.

Structure

The S7-300 with the fail-safe CPU315F couples the distributed ET 200SPROFIsafe I/O via PROFIBUS DP.

Further, the fail-safe ET 200M I/O can be connected in both central and distributed configurations.

PROFIsafe

Communication between I/O modulesand the CPU takes place exclusivelyvia PROFIBUS DP. Data is encapsulat-ed in accordance with the PROFIsafeprofile, so that it can be transmittedvia the standard fieldbus withoutbeing corrupted by any standarddevices connected to the bus.

Diagnostics and messaging concept

The S7-300F offers the same diagnos-tic and messaging functions as astandard SIMATIC PLC. None of thedevices are subject to diagnosticrestrictions.


4.3.2 Typical configura-tions S7-300F with standardand F I/O

PROFIBUS/PROFIsafe

Light curtain

Laser scanner

ET 200M withstandard I/O Operator Panel

ET 200M with standardI/O, F I/O and motor starter

ET 200Mwith F I/O

Fig. 4/7Example of a configuration (F I/O is yellow, standard I/O is blue)

ET 200S and ET 200M F modulesinclude fail-safe input and output mod-ules as well as fail-safe motor starters:

Fail-safe input modules detectinformation from sensors.

Fail-safe output modules controlactuators.

Fail-safe motor starters control and monitor drives.

All F modules can diagnose internaland external errors and are configuredwith internal redundancy. They havededicated self-test functions and meetthe relevant safety requirements.

I/O modules are available in the ET 200S / ET 200M packaging design.The ET 200S electronic modules are30 mm wide and are marked with ayellow labeling strip and have twointernal channels. They can be with-drawn and plugged-in during liveoperation.

The following fail-safe ET 200Smodules are available:

4/8 F-DI 24 V DC, fail-safe digitalinput with 4 inputs, 2-channel, SIL 3sensors (Cat. 4) or 8 inputs, 1-chan-nel, SIL 2 sensors (Cat. 3) for 24 V

4 F-DO 24 V /2 A DC, fail-safe digitaloutput with 4 outputs for 24 V and 2A (up to SIL 3/Cat. 4)

PM-E F 24 V DC, Power Modulewith 2 (SIL 3, Cat. 4) outputs for 24V/2 A and an additional relay output(max. 10 A, SIL 3, Cat. 4), which isavailable at 2 terminals and alsoprovides the load power supply forsubsequent modules (SIL 2, Cat. 3)

PM-D F, fail-safe Power ModulePROFIsafe with 6 integrated safeshutdown rails (SIL 3), 24 V and 3 Ato safely shut down downstream fail-safe motor starters/contact multi-pliers when internally controlled viaPROFIsafe

PM-D F X1, Power Module (supplyterminal module) with 6 integratedsafety-related shutdown rails (SIL 3),24 V and 2 A to safely shut downdownstream fail-safe motor starters/contact multipliers when shut downusing external safety-related switch-ing devices with electrically isolatedcontacts (e.g. 3TK28, Monitor fromAS-Interface Safety at Work). In thiscase, a PROFIsafe connection is notrequired.

F-CM, fail-safe contact multiplierwith 2 (SIL 3) outputs for 24 V and 2 A

F-MS, fail-safe direct and reversingstarter up to 7.5 kW switching powerwith redundant electrical isolation

The following fail-safe I/O modules are available for the ET 200M:

Digital input module 24 x 24 V DC

Digital input module 8 x NAMUR (Ex area)

Digital output module 10 x 24 V DC/2 A

Analog input module 6 x 4-20 mA/13 bit


4444.3.3 Fail-safe I/O ET 200S / ET 200M

The Distributed Safety softwarepackage is indispensable when pro-gramming. It includes all of the func-tionality which you require whenengineering your application. The STEP7 languages LAD and FBD are used toprogram the safety-related programsfor the CPU 315F. It is important tonote that this restricts the scope offunctions in terms of operations anddata types. A safety-oriented programis generated using a special input dur-ing compilation. In addition to the fail-safe program, a standard program,which is not subject to any restric-tions, can also run in parallel on theCPU (co-existence).

An additional integral component ofthis software package is the F librarywith pre-configured programmingexamples with safety functions whichhave been approved by the GermanInspectorate (TV). The user maymodify these programming examples;however, these modifications must bere-certified.

Programming example

The example opposite shows howstop functions can be set-up to takeimmediate effect (Category 0) or totake effect after a delay (Category 1).The acknowledge button serves as the start input.


4.3.4 Programming

Start

Immediate_Stop

Stop

Time 1

Stop 1

& =5

R

Q

& T1

8

8

Fig. 4/9Emergency Stop programming example

Fig. 4/8Programming using the function block diagram (FBD)


444

The new fail-safe motor starter isbased, regarding the performancefeatures, on the High Feature motorstarter.

The difference between the conven-tional ET 200S High Feature motorstarter is the fact that in addition to acontactor - circuit-breaker combination,a safe electronic evaluation circuit hasalso been integrated to detect errors.

If, in the event of an EMERGENCYSTOP, the contactor to be energizedfails, the evaluation electronics willdetect this as an error and safelytrigger the circuit-breaker in the motorstarter. The redundant second trigger-ing element is therefore no longer themain contactor, as would usually bethe case, but instead the circuit-break-er integrated in the motor starter.

The ET 200S fail-safe motor starteris predestined for use with ET 200SPROFIsafe. An additional application is in conjunction with AS-i Safety atWork or safety relay.

Safety technology with a highdegree of flexibility

Fail-safe motor starters for PROFIsafe:For emergency stop applications, fail-safe motor starters are selectivelydisabled using the upstreamPROFIsafe PM-D F Power Module.A total of 6 trip groups can be gener-ated for each Power Module. In thefirst delivery phase, the secureconnection between the assignedsafety sensors is generated via theSIMATIC controllers safe freely-pro-grammable combinational logic. TheET 200S PROFIsafe is interfaced tosystems with conventional safety

technology via the Fail-safe ContactMultiplier F-CM with 4 floating con-tacts.The emergency stop signals arerouted through safety-orientedinputs (ET 200S or ET 200M). Theseevaluate the selective shutdown ofthe fail-safe motor starters via thePower Module PM-D F PROFIsafe;the shutdown conditions can beprogrammed using blocks from theprogram library or in free code.(refer to Fig. 4/10)

4.3.5 ET 200S fail-safe motor starter

Fig. 4/10Direct control of motor starters through ET 200S PROFIsafe

S7-300

Emergency Stop

Fail-safe motor starter

Fail-safe motor starter with safetyrelay (variant 1) or AS-i Safety atwork (variant 2):Safety-related signals can be inputinto the ET 200S via an input termi-nal module PM-D F X1 using theenable circuit of the AS-i SafetyMonitor or the safety relay. Thismeans that the fail-safe motorstarter can be controlled whichselectively shuts down the connect-ed motors (refer to Fig. 4/11).

Advantages in comparison to conventional safety technology

The number of components requiredcan be considerably reduced (lesshardware)

Lower assembly and installationcosts

The motors starters are fail-safe andhave a high degree of availability

Simple coordination/coding of themotor starters on one of the 6 tripgroups (Safety Groups)


Fig. 4/11Fail-safe motor starters with safety relays (var. 1) or AS-i Safety at Work (var. 2)

444


4.3.6 Technical data

Integrated RAM 170 Kbyte *)

Pluggable load memory 64 Kbyte up to 4 Mbyte

Command execution times >= 0.1 ms

Alarm response time 400 ms

Bit memories/timers/counters 2048, 256, 256

Total I/O address space 3072 bytes each

Total digital I/O 1000/1000

Total analog I/O 248/124

MPI interface 187.5 kbits/s, max. 32 stations

PROFIBUS DP interface 12 Mbits/s, max. 32 stations, master/slave changeover

Dimensions (W x H x D) 40 x 125 x 130 mm

Order No. group 6 ES7315-6F..-

*) In comparison with a standard program, the number of fail-safe operations is limited due to the fail-safe-specific overheads; depending on the type of programming, approx. 34 K fail-safe operations are possible.

CPU 315F - 2DP

Number of inputs/outputs 4 (2-channel for SIL 3 sensors) 4 at 24 V/2 A 2 SIL 3 outputs for 24 V/2 A8 (1-channel for SIL 2 sensors) 1 relay output (10 A max.)

Input/output voltage 24 V DC 24 V DC 24 V DC

Order No. group 6ES7138-4FA..- 6ES7138-4FB..- 6ES7138-4CF..-

Fail-safe Digital input Digital output Power Module PM-E FET 200S modules 4/8 F-DI 4 F-DO

Number of inputs/ 24 (1-channel) 10 8 (1-channel) 6 (2-channel)12 (2-channel) 4 (2-channel)

Input/output- 24 V DC 24 V DC acc. to DIN 19234 voltage or NAMUR

Interrupts Diagnostics interrupt Diagnostics interrupt Diagnostics interrupt Diagnostics interrupt

Input/output current - 2 A per channel for a 1 signal - 4-20 mA

Order No. group 6ES7326-1BK..- 6ES7326-2BF..- 6ES7326-1RF..- 6ES7326-1HE..-

Fail-safe Digital input Digital output Ex-input module Analog input moduleET 200M modules SM 326 F SM 326 F SM 326 NAMUR SM 336 F

4/16 Siemens AG Safety Integrated Application Manual

Power at 500 V 7.5 kW

Rated operating current 16 A

Short-circuit-breaking capacity 50 kA at 400 V

Coding Assignment to 1 of 6 trip groups

Diagnostics The coding is displayed using an LED on the motor starter

Tripping class Class 10/20, can be parameterized

Coordination type 2 (16 A)

Order No. group, motor starter 3RK1301-0.B13-.AA2Order No. group, terminal module 3RK1903-3A..

Power Module PM-D F

No. of internal trip groups 6

Total current of the outputs 5 A

Order No.. 3RK1903-3BA00

Fail-safe Contact Multiplier F-CM

Contacts 4 NO

Diagnostics Power failure, device error

Switching capacity 1.5 A / 24 V

Order No. 3RK1903-3CA00

Power Module PM-D F X1 (Supply terminal module)

Operation Stand alone with external safety technology

Double terminals for trip groups 6

Self-diagnostics Power failure

Order No. group 3RK1903-3DA00

Distributed Safety software package

Order No. 6ES7883-1FC00-0YX0

ET 200S fail-safe motor starter

Engineering Tools

Siemens AG Safety Integrated Application Manual 4/17

444

Siemens Safety Integrated - Failsafe PLCs

Documents