Siemens SIMATIC S7 Functional Safety Manual page 17

Hide thumbs Also See for SIMATIC S7:

System manual (866 pages)

User manual (134 pages)

Operating instructions manual (82 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

page of 212

/ 212
Contents
Table of Contents
Bookmarks

Table of Contents

Detection and response to faults

SIMATIC Safety systems detect and respond to faults in several different conditions:

● Faults in the fail-safe CPU hardware and firmware

● Faults in the fail-safe user program

● PROFIsafe communication errors caused by conditions in either the fail-safe CPU or SMs

● Fail-safe SM-wide errors such as microprocessor errors or memory errors

● Fail-safe SM channel errors such as discrepancy errors, wiring shorts, or internal channel

faults

Fail-safe CPU faults and fail-safe user program faults often result in the CPU operating mode

being set to STOP. You can reintegrate PROFIsafe communication faults once

communication is successfully restored. In most cases, you cannot reintegrate SM-wide

faults because these faults require the fail-safe SM to be power-cycled. You can often

reintegrate and return channel faults to proper operation by removing the fault and

reintegrating the channel.

Virtual monitoring number, cyclic interrupt time, and F-monitoring time

The following parameters are integral to fault reactions:

● Virtual monitoring number: The PROFIsafe protocol provides time monitoring and

detection of message sequence errors by means of a periodically-updated monitoring

number.

● Cyclic interrrupt time: The cyclic interrupt time is the interval by which the F-runtime group

executes and determines how often the fail-safe CPU sends the PROFIsafe frame to the

fail-safe SMs. When you add a fail-safe CPU to your project, STEP 7 creates Functional

Safety Organization Block 1 (FOB_1) (OB123 by default). FOB_1 contains the cyclic time

interrupt time, and you can configure the cyclic interrupt time (100ms by default).

● F-monitoring time: The F-monitoring time is the amount of time an SM or CPU waits for

an error-free communication including a new Virtual Monitoring Number before

passivating channels. You can configure the F-monitoring time. The fail-safe CPU and

SMs must receive a valid, current safety message frame with a valid monitoring number

within the configured F-monitoring time.

If the fail-safe system fails to detect a valid monitoring number within the F-monitoring time,

the fail-safe system passivates the fail-safe SM. Expiration of an SM's F-monitoring time

causes a transition to safe state for all F-inputs or F-outputs of the SM.

CRC (Cyclic Redundancy Check) signature

A CRC signature contained in the safety message frame protects the validity of the process

data in the safety message frame, the accuracy of the assigned address references, and the

safety-relevant parameters.

If a CRC signature error occurs during communication between the fail-safe CPU and fail-

safe SMs, the fail-safe system passivates the fail-safe SMs.

S7-1200 Functional Safety Manual

Manual, 02/2015, A5E03470344-AA

Product overview

1.3 S7-1200 Fail-Safe CPUs

Table of Contents

Show Quick Links

Quick Links:
Sm 1226 F-DI 16 X 24...

Hide quick links:

Table of Contents

This manual is also suitable for:

Simatic s7-1200

Siemens SIMATIC S7 Functional Safety Manual page 17

Hide quick links:

Related Manuals for Siemens SIMATIC S7

Related Products for Siemens SIMATIC S7

This manual is also suitable for:

Table of Contents