Rules for Failsafe Operation of an S5-95F
18.18 SINEC L1 LAN
Note the following when operating a SINEC L1 LAN:
•
The SINEC L1 master may be any SIMATIC U-range programmable controller, a PC with master
capability, or another device with that capability.
•
The SINEC L1 master may not have an interrupt list.
•
The SINEC L1 master may not initiate any safety-related actions (such as STARTing or
STOPping a slave).
•
A description of the entire data flow must be available for the SINEC L1 LAN. The approval
process is simplified e.g. when I/O signals do not travel several SINEC L1 paths in succession.
•
COM 530 may not be active in failsafe mode.
The keylock switch on the associated PLC must be set to LOCK.
A detailed description of SINEC L1 can be found in Chapter 13.
Length of the Receive Mailboxes for Non-Failsafe Data Interchange
Safety Note
Regardless of the intended frame length, the S5-95F's Receive mailbox for non-
failsafe data interchange must
•
either have a length of 66 bytes or
•
be located at the end of the flag area of data block
Conditions for failsafe input/output signals
Safety Note
If failsafe input/output signals are to be transmitted over the SINEC L1 network, a "0"
signal must always result in a safe system state ( quiescent current principle ). This
condition must be fulfilled because the S5-95F erases the contents of the Receive
mailboxes in the event of a data transmission error.
Inputs are in a safe state when the transmitted "0" signal brings the process to a safe quiescent
state. The input for an EMERGENCY STOP, for instance, must have a "1" signal during operation
and be activated by a "0" signal.
An output is in a safe state when the transmitted "0" signal resets the output and brings the actuator
to a safe state.
18-36
S5-95F
EWA 4NEB 812 6210-02