Table of Contents
Advertisement
Fail-Safe Blocks
TIMEOUT Parameter
It can only safely be guaranteed that a signal level to be transferred will be
detected on the sender side and transferred to the recipient if it is present for at
least as long as the specified monitoring time (TIMEOUT).
The input TIMEOUT cannot be interconnected and must be assigned a constant
value. See "Monitoring Safety-Related Communication Between CPUs".
Error Handling
If a connection partner (recipient) acknowledges receipt via an invalid safety frame
(e. g. due to a check value error (CRC) or watchdog error) or does not
acknowledge it within the TIMEOUT monitoring time, the outputs ERROR and
SUBS_ON are set. The recipient (F_RCVR) then outputs substitute values. An
error code is displayed at the output RETVAL. Communication between the
connection partners is reestablished.
Note
Once communication has been set up without errors, compliance with the assigned
monitoring time (TIMEOUT parameter) is checked.
In the event of an error that is critical to safety, the system function SFC F_CTRL
is called. This records the event in the Diagnostic Buffer and requests a switch to
the reserve CPU if the error occurred only on the master CPU. For non-redundant
systems or a common-cause error occurring in both CPUs, the shutdown logic can
be configured to either disable the erred F-run-time group or the entire Safety
Program.
Error Information in Diagnostic Buffer
Error Code (W#16#...)
75DAH
8-32
Description
Error in the safety data format (error due to online modification
of the Safety Program or internal CPU fault)
Fail-Safe Systems
A5E00085588-03
- Quick Links:
- Simatic
- S7 F/Fh Systems
- Programming
Hide quick links:
Advertisement
Chapters
Table of Contents
