SIMATIC Safety -
Getting Started
_
_________________
_
_
_________________
_
_
______
_
___________
_
_________________
_
_
_________________
_
_
_________________
_
SIMATIC Safety - Getting Started
Getting Started
08/2011
A5E02714463-01
Introduction to example
1
Configuring
2
Programming
3
Setting up access protection
A
Modifying the safety program
B
Typical configuring and
programming errors and their
causes
C
Legal information
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
with a safety alert symbol, indicates that minor personal injury can result if proper precautions are not taken.
CAUTION
without a safety alert symbol, indicates that property damage can result if proper precautions are not taken.
NOTICE
indicates that an unintended result or situation can occur if the relevant information is not taken into account.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.
Siemens AG
Industry Sector
Postfach 48 48
90026 NÜRNBERG
GERMANY
A5E02714463-01
Ⓟ 08/2011
Copyright © Siemens AG 2011.
Technical data subject to change
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 3
Table of contents
1 Introduction to example ............................................................................................................................. 5
1.1 Requirements for configuring and programming ...........................................................................5
1.2 Example Structure and Task Definition .........................................................................................7
1.3 Procedure.......................................................................................................................................8
2 Configuring .............................................................................................................................................. 11
2.1 Introduction ..................................................................................................................................11
2.2 Step 1: Configuring the CPU 315F-2 PN/DP...............................................................................12
2.3 Step 2: Configuring an ET 200S distributed I/O system on a PROFINET subnet.......................13
2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position
switches, and the laser scanner...................................................................................................14
2.5 Step 4: Configuring an F-DO module for connecting a motor .....................................................17
2.6 Step 5: Configuring a standard DI module for user acknowledgement, feedback circuit,
and start pushbutton ....................................................................................................................18
2.7 Summary: Configuring the Hardware ..........................................................................................18
3 Programming ........................................................................................................................................... 19
3.1 Introduction ..................................................................................................................................19
3.2 Step 6: Specifying the centralized settings for the safety program..............................................21
3.3 Step 7: Creating an F-FB.............................................................................................................23
3.4 Step 8: Programming the safety door function ............................................................................24
3.5 Step 9: Programming the emergency stop function.....................................................................26
3.6 Step 10: Programming the feedback monitoring .........................................................................28
3.7 Step 11: Programming the user acknowledgment for reintegration of the F-I/O.........................30
3.8 Step 12: Programming of the main safety block..........................................................................31
3.9 Step 13: Compiling the safety program .......................................................................................32
3.10 Step 14: Assigning device names................................................................................................34
3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety
mode ............................................................................................................................................35
A Setting up access protection.................................................................................................................... 39
B Modifying the safety program................................................................................................................... 41
C Typical configuring and programming errors and their causes................................................................. 45
Table of contents
SIMATIC Safety - Getting Started
4 Getting Started, 08/2011, A5E02714463-01
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 5
Introduction to example 1
1.1 Requirements for configuring and programming
Introduction
These instructions will guide you step-by-step through a specific example for configuring and
programming with
STEP 7 Safety Advanced V11
.
You will become acquainted with the basic functions and special features of
STEP 7
Safety Advanced V11
.
It should take one or two hours to work through this example, depending on your experience.
Requirements for the example
The following requirements must be met:
Adobe Reader Version 9 or higher is required for the multi-media content.
In order to understand these Getting Started instructions, you need general knowledge of
automation technology. You also need to be familiar with
STEP 7 Professional V11
.
You need an S7-300 station consisting of:
Power supply (PS) with 2 A
CPU 315F-2 PN/DP with inserted SIMATIC Micro Memory Card
ET 200S distributed I/O system with:
- Interface module IM 151-3 PN HIGH FEATURE
- Power module PM-E DC24V
- Terminal modules, e.g., TM-E30S44-01, TM-E30C44-01
- ET 200S fail-safe digital input module 4/8 F-DI DC24V
- ET 200S fail-safe digital output module 4 F-DO DC24V/2A
- Digital electronic module 4DI DC24V ST
- Termination module
Laser scanner
The following software packages must be correctly installed on your programming device
or PC with Ethernet interface:
STEP 7 Professional V11
STEP 7 Safety Advanced V11
Introduction to example
1.1 Requirements for configuring and programming
SIMATIC Safety - Getting Started
6 Getting Started, 08/2011, A5E02714463-01
If you do not have any hardware components available, you can also use the optional
package S7-PLCSIM (hardware simulation program) V5.4 SP4 or higher. This optional
package will enable you to simulate the hardware components as described in these
Getting Started instructions.
The programming device or PC must be connected to the F-CPU via the PROFINET
interface.
The hardware must be fully installed and wired. Instructions for this can be found in the
ET 200S Distributed I/O System; Fail-Safe Modules
(http://support.automation.siemens.com/WW/view/en/34474892) manual.
The installation and wiring of the CPU 315F-2 DP/PN is described in the S7-300
Automation System, Getting Started Collection
(http://support.automation.siemens.com/WW/view/en/49368678/134200) manual.
WARNING
As a component in plants and systems, the S7-300 is subject to specific standards and
regulations depending on the area of application. Please note the applicable safety and
accident prevention regulations, e.g., IEC 60204-1 (General Requirements for Safety of
Machinery).
The example in these Getting Started instructions serves as an introduction to configuring
and programming of
STEP 7 Safety Advanced V11
. It does not lead to actual live operation
in every case. Before you do this, it is essential that you refer to the current version of the
"SIMATIC Safety - Configuring and Programming
(http://support.automation.siemens.com/WW/view/en/49368678)" manual. The warnings
and other notes contained in that manual must be heeded at all times even if they are not
repeated in this document!
Serious injury and damage to machines and equipment may result if these regulations are
ignored.
Introduction to example
1.2 Example Structure and Task Definition
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 7
1.2 Example Structure and Task Definition
Production cell with access protection
4
3
2
1
Emergency Stop
Laser scanner
Safety door
Control panel with start and acknowledgement pushbuttons
The entry to the production area is monitored with a laser scanner. The service area is
secured by a safety door.
Entering the production area or opening the safety door results in a stop or shutdown of the
production cell similar to an emergency stop.
The system can only be started when the emergency stop is cancelled, the safety door is
closed, and the laser scanner detects no one in the protected area. On-site user
acknowledgment is required to restart production after the emergency stop has been
activated or the safety door has been opened.
Introduction to example
1.3 Procedure
SIMATIC Safety - Getting Started
8 Getting Started, 08/2011, A5E02714463-01
1.3 Procedure
The example in these Getting Started instructions consists of the following chapters:
Configuring
You configure:
An ET 200S fail-safe digital input module for connecting an emergency stop switch, the
position switches for monitoring a safety door, and the laser scanner for monitoring the
entry area.
An ET 200S fail-safe digital output module for connecting a motor.
An ET 200S standard electronic module for user acknowledgment, feedback loop, and
start pushbutton.
The configuration is described in the "Configuring (Page 11)" chapter.
Programming
Once the configuration is successfully completed, you can program your safety program.
In our example, a fail-safe block is programmed with an emergency stop, a safety door
function, a feedback loop (as restart protection when there is an incorrect load), and a user
acknowledgment for reintegration. The block is then compiled to form a safety program.
The programming is described in the "Programming (Page 19)" chapter.
Installation on PROFINET IO
(76
&38)31'3
352),1(7,2
Introduction to example
1.3 Procedure
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 9
Wiring overview for ET 200S
This interactive graphic gives you the opportunity to become familiar with how the example
functions in this Getting Started. To do so, move your cursor over the operator control
elements.




$8;



















(PHUJHQF\
6WRS
6DIHW\GRRU
FRQWDFWV
9VV
9VV
9VV
9VV
)HHGEDFNORRS
/RDG
/DVHUVFDQQHU
8VHUDFNQRZOHGJH
PHQW
.
.
30('&99 )', )'2
',
,031
+,*+)($785(
Introduction to example
1.3 Procedure
SIMATIC Safety - Getting Started
10 Getting Started, 08/2011, A5E02714463-01
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 11
Configuring 2
2.1 Introduction
Introduction
WARNING
You may come into contact with live electrical wires connected to the mains power supply.
Only wire the S7-300 and ET 200S when they are disconnected from the mains power
supply.
The installation and wiring of the CPU 315F-2 PN/DP is described in S7-300 Automation
System, Getting Started Collection
(http://support.automation.siemens.com/WW/view/en/49368678/134200).
Configuring the Hardware
In
STEP 7 Professional
you configure:
A CPU 315F-2 PN/DP
An ET 200S distributed I/O system consisting of:
An interface module IM151-3 PN HIGH FEATURE
An ET 200S fail-safe digital input module for connecting an emergency stop switch
and position switches for monitoring a safety door and the laser scanner
An ET 200S fail-safe digital output module for connecting a motor
An ET 200S standard digital electronic module for user acknowledgment, feedback
loop, and start pushbutton
Configuring
2.2 Step 1: Configuring the CPU 315F-2 PN/DP
SIMATIC Safety - Getting Started
12 Getting Started, 08/2011, A5E02714463-01
2.2 Step 1: Configuring the CPU 315F-2 PN/DP
Introduction
In this step, you create a new project, add an F-CPU, and assign parameters for it.
Procedure
1. In the portal view of
STEP 7 Professional V11
, create a new project named
"S7_Safety_V11_GS"
2. Use "Add new device" to add a CPU 315F-2 PN/DP.
Result: The device view containing the CPU 315F-2 PN/DP opens.
3. Change to the "F-parameter" area.
Here, you can change the following parameters or accept the default setting:
"Basis for PROFIsafe addresses"
"Default F-monitoring time for F-I/O of this interface"
4. Leave the default values unchanged for this example.
Result
The new project has been created and the F-CPU has been configured.
Configuring
2.3 Step 2: Configuring an ET 200S distributed I/O system on a PROFINET subnet
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 13
2.3 Step 2: Configuring an ET 200S distributed I/O system on a
PROFINET subnet
Introduction
In this step, you configure the interface module for the ET 200S distributed I/O system and a
PROFINET subnet.
Procedure
1. In the project view, click the "Network view" tab.
2. In the hardware catalog, enter "IM151-3 PN HF" in the search field, and start the search.
3. Drag the module with order number 6ES7151-3BA23-0AB0 from the search results to the
graphical area of the network view.
4. While holding the mouse button down, drag a line from the PROFINET interface of the
IM151-3 PN HIGH FEATURE to the green PROFINET interface of the F-CPU to create a
PROFINET connection.
Result: A PROFINET subnet between the F-CPU and the IM151-3 PN HIGH FEATURE is
created automatically.
5. In the graphics work area of the network view, double-click the IM151-3 PN HIGH
FEATURE.
Result: The IM151-3 PN HIGH FEATRUE is opened in the device view.
6. Use drag-and-drop to add a PM-E DC24V power module from the hardware catalog to
slot 1.
Configuring
2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position switches, and the
laser scanner
SIMATIC Safety - Getting Started
14 Getting Started, 08/2011, A5E02714463-01
Result
The configuration of the interface module for the ET 200S distributed I/O system and the
PROFINET subnet is now complete.
2.4 Step 3: Configuring an F-DI module for connecting an emergency
stop switch, position switches, and the laser scanner
Introduction
In this step, you configure an F-DI module for connecting an emergency stop switch, the
position switches for monitoring a safety door, and the laser scanner for monitoring the entry
area.
Procedure
1. In the device view of the ET 200S, use drag-and-drop to add a 4/8 F-DI DC24V
PROFIsafe digital electronic module from the hardware catalog to slot 2.
2. Choose the "I/O addresses" area.
Leave the default addresses unchanged at "0" for this example.
3. Change to the "F-parameter" area. Here, you can change the following parameters or
apply the default settings:
"F-destination address"
"F-monitoring time"
"Behavior after channel faults"
"F-I/O DB-name"
The PROFIsafe addresses must be unique network-wide and station-wide. The
addresses are assigned automatically to prevent parameter assignment errors.
Note
The PROFIsafe destination address must be set via a DIP switch on the F-module.
Configuring
2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position switches, and the laser scann
er
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 15
A valid current safety message frame must be received from the F-CPU within the F-
monitoring time. Otherwise, the F-module goes to safe state.
The F-monitoring time must be set high enough that message frame delays are tolerated
and, at the same time, low enough that the process can react as quickly as possible
when a fault occurs and run without impairment. The Excel file for calculating response
times serves an aid in calculating this time. You can find this file in Internet
(http://support.automation.siemens.com/WW/view/en/49368678/133100).
By default, the F-monitoring time is taken from the "Default F-monitoring time for F-I/O of
this interface" parameter of the F-CPU.
Leave the settings unchanged for the F-parameters for this example.
4. Switch to the "DI parameter" area.
Deactivate the "Short-circuit test" parameter.
5. In this example, a two-channel emergency stop switch (emergency stop) will be
connected to channels 0 and 4.
Enter the settings as shown in the following figure:
6. In this example, the position switches for monitoring a two-channel safety door will be
connected to channels 1 and 5.
Make the settings as shown in the following figure:
Configuring
2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position switches, and the
laser scanner
SIMATIC Safety - Getting Started
16 Getting Started, 08/2011, A5E02714463-01
7. In this example, the laser scanner for monitoring the accessible entry area will be
connected to channels 2 and 6.
Make the settings as shown in the following figure:
8. Disable the unused DI channels 3 and 7 by clearing the "Activated" check box.
Result
The configuration of the F-input module is now complete.
Configuring
2.5 Step 4: Configuring an F-DO module for connecting a motor
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 17
2.5 Step 4: Configuring an F-DO module for connecting a motor
Introduction
In this step, you configure an F-DO module for indirect connection of a motor to channel 0
via 2 contactors.
Procedure
1. In the device view of the ET 200S, use drag-and-drop to add a 4 F-DO DC24V/2A
PROFIsafe digital electronic module from the hardware catalog to slot 3.
2. Select the "Input/output addresses" tab.
Leave the default addresses unchanged at "6" for this example.
3. Change to the "F-parameter" area. Here, you can change the following parameters or
accept the default settings:
"F-destination address"
"F-monitoring time"
Leave the settings unchanged for the F-parameters for this example.
Note
The PROFIsafe destination address must be set via a DIP switch on the F-module.
4. Change to the "DO parameter" area. Here, you can change channel-specific parameters
or apply the default settings.
Enter the settings for the example as shown in the following figure:
5. Disable the unused DO channels 1, 2, and 3 by clearing the "Activated" check box.
Result
The configuration of the F-output module is now complete.
Configuring
2.6 Step 5: Configuring a standard DI module for user acknowledgement, feedback circuit, and start pushbutton
SIMATIC Safety - Getting Started
18 Getting Started, 08/2011, A5E02714463-01
2.6 Step 5: Configuring a standard DI module for user
acknowledgement, feedback circuit, and start pushbutton
Introduction
In this step, you assign parameters of a standard 4DI module for the non-fail-safe signals
(user acknowledgement, feedback loop, and start pushbutton).
Procedure
1. Use drag-and-drop to add a 4DI DC24V ST digital electronic module from the hardware
catalog to slot 4.
2. Assign the input address of the standard DI module to "11" for this example.
Result
The configuration of the electronic module 4DI DC24V ST is now complete.
2.7 Summary: Configuring the Hardware
Summary:
So far, you have configured the following according to the task definition for the example:
The CPU 315F-2 PN/DP
ET 200S distributed I/O system with:
Interface module IM151-3 PN HIGH FEATURE
ET 200S fail-safe digital input module for connecting an emergency stop switch,
position switches for monitoring a safety door, and the laser scanner for monitoring the
accessible production area.
- Start addresses of the output and input data areas: both 0
- Channels 0 and 4 for emergency stop
- Channels 1 and 5 for safety door position switches
- Channels 2 and 6 for the laser scanner
An ET 200S fail-safe digital output module for connecting a motor
- Start addresses of the output and input data areas: both 6
- Channel 0 for indirect switching of a motor via 2 contactors
An ET 200S standard digital electronic module for user acknowledgment, feedback
loop, and start pushbutton
- Start address: 11
You can now continue with programming the safety program.
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 19
Programming 3
3.1 Introduction
Introduction
In this example, a fail-safe block (F-FB) will be programmed with a safety door function, an
emergency stop function (safety circuit for switch-off in case of emergency stop, open safety
door, or someone entering the protected area monitored by the laser scanner), a feedback
circuit (as protection against reclosing in case of faulty load), and a user acknowledgement
for reintegration. The programmed F-FB will then be compiled to form a safety program and
downloaded to the F-CPU.
F-I/O data blocks
During compilation, an F-I/O DB is automatically generated for each F-I/O, and a name is
entered for it in the block interface in the same time. The F-I/O DBs generated for the
example I/O are located in the "Program blocks" folder.
Programming
3.1 Introduction
SIMATIC Safety - Getting Started
20 Getting Started, 08/2011, A5E02714463-01
The name of the F-I/O DB is formed from the fixed prefix "F", the start address of the F-I/O,
the names entered in the properties for the F-I/O in the hardware and network editor, and the
DB number.
Symbolic names in this example:
"F00000_4/8 F DI DC24V [DB512]": fail-safe digital input module 4/8 F-DI DC24V
PROFIsafe
"F00006_4 F DO DC24V 2A [DB513]": Fail-safe digital output module 4 F-DO DC24V/2A
PROFIsafe
You can access the tags of the F-I/O DB with a fully qualified DB access (that is, by
specifying the name of the F-I/O DB and by specifying the name of the tag).
F-shared DB
The F-shared DB (F_GLOBDB) is a fail-safe data block that is automatically inserted when
the F-CPU is inserted and contains all of the shared data of the safety program and
additional information needed by the F-system.
Programming
You can program the safety program in LAD and FBD. In so doing, the instructions, data
types, and operand areas you can use are subject to certain restrictions (see the "Overview
of programming" chapter of the "SIMATIC Safety, Configuring and Programming
(http://support.automation.siemens.com/WW/view/en/49368678)" manual).
The FBD programming language is used in this example.
Note
Preconnection of enable input EN or evaluation of enable output ENO is not possible.
If you require the Boolean constants "0" and "1" in your safety program to assign parameters
during block calls, you can access the "VKE0" and "VKE1" tags in the F-shared DB using a
fully qualified DB access ("F_GLOBDB".VKE0 or "F_GLOBDB".VKE1).
Note
Fail-safe signals are shown in yellow in the
LAD/FBD Editor
.
Note
Note the rules for the program structure in the "Specify F-runtime groups" chapter of the
"SIMATIC Safety - Configuring and Programming
(http://support.automation.siemens.com/WW/view/en/49368678)" manual.
Programming
3.2 Step 6: Specifying the centralized settings for the safety program
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 21
3.2 Step 6: Specifying the centralized settings for the safety program
Introduction
The first step in programming of the safety program is the main safety block. The main safety
block is an F-FC or F-FB (with instance DB), that when called from a standard block
(recommendation: cyclic interrupt OB 35) becomes the main safety block. When this block is
compiled, additional instructions are added that call the remaining F-blocks of the safety
program.
You must assign the main safety block to an F-runtime group in order for it to be identified as
such.
When the F-CPU is inserted, an F-runtime group and the associated main safety block were
created by default and assigned to the F-runtime group.
The cyclic interrupt OB (CYC_INT5 [OB35]) calls the main safety block (Main_Safety [FB1])
by default. The F-blocks created by the user are called from the main safety block. You can
change the calling block and the called block at any time.
After the safety program is executed, the standard user program will resume.
Opening the
Safety Administration Editor
1. In the project tree of the F-CPU, double-click on "Safety Administration".
Result:The
Safety Administration Editor
opens.
You make central settings for the safety program in the
Safety Administration Editor
.
2. In the area navigation of the
Safety Administration Editors
, switch to "F-runtime group".
The F-runtime group created automatically when the F-CPU was created and the associated
main safety block are displayed.
Leave the preset blocks for this example.
For additional information on the
Safety Administration Editor
, refer to the "SIMATIC Safety -
Configuring and Programming
(http://support.automation.siemens.com/WW/view/en/49368678)" manual.
Numbering ranges of F-system blocks
When the safety program is compiled, F-blocks are automatically added in order to generate
an executable safety program.
By default, the system automatically manages the numbering range, which is displayed in
the
Safety Administration Editor
under "Settings".
Keep the preassigned settings for this example.
Programming
3.2 Step 6: Specifying the centralized settings for the safety program
SIMATIC Safety - Getting Started
22 Getting Started, 08/2011, A5E02714463-01
Specifying inputs and outputs for the safety program
After configuring the hardware as described in Steps 1 to 5, the following fail-safe I/O DBs
are available for programming the example:
Configured hardware Start
addr
ess
Symbolic name
Fail-safe digital input module 4/8 F-DI DC24V PROFIsafe 0 F00000_4/8 F DI DC24V [DB512]
Fail-safe digital output module 4 F-DO DC24V/2A PROFIsafe 6 F00006_4 F DO DC24V 2A [DB513]
Assign the following symbolic names for the fail-safe inputs and outputs:
Inputs and outputs in the safety program Symbolic name
I0.0 for emergency stop ESTOP
I0.1 for safety door position switch Safety_Door_SW1
I0.5 for safety door position switch Safety_Door_SW2
I0.2 for laser scanner Laserscanner
Q6.0 for motor starter Motor
I11.0 for acknowledgment Quit
I11.1 for feedback loop Feedback
I11.2 for start pushbutton START
M10.0 for operational switching Standard_Program_On_Off
Programming
3.3 Step 7: Creating an F-FB
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 23
3.3 Step 7: Creating an F-FB
Introduction
In this step, you create an F-FB in which you program the safety functions for this example in
the next steps.
Procedure
1. Insert an F-FB. Go to the "Program blocks" folder of the F-CPU and double-click "Add
new block".
The "Add new block" dialog opens.
2. Under "Name" enter "Safety_Interlock" for the name of the F-FB.
3. Click the "Function block" button on the left.
4. Under "Number" choose the "Manual" option, and enter 100.
5. Choose "FBD" as the language for the F-FB.
6. Close the dialog box with "OK"
Result
The F-FB "Safety_Interlock" is created in the "Program blocks" folder and opens
automatically in the
LAD/FBD Editor
.
You can now continue with programming the safety functions in the next step.
Programming
3.4 Step 8: Programming the safety door function
SIMATIC Safety - Getting Started
24 Getting Started, 08/2011, A5E02714463-01
3.4 Step 8: Programming the safety door function
Introduction
In this step, you program the safety door function for this example.
Procedure
1. Create the following static tag of data type BOOL in the interface of the "Safety_Interlock"
F-FB:
"EN_Safety_Door" (Enable safety door)
2. Insert the "SFDOOR" instruction from the "Safety functions" subfolder of the "Instructions"
task card.
3. Click "OK" to confirm the "Call options" dialog.
4. Initialize the inputs and outputs with parameters as described in the table below.
Result
The programming of the safety door function is now complete.
Programming
3.4 Step 8: Programming the safety door function
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 25
Parameter assignment of the "SFDOOR" instruction
Inputs/outputs Parameter Data type Description Default
"Safety_Door_SW1" IN1 BOOL Input 1 FALSE
"Safety_Door_SW2" IN2 BOOL Input 2 FALSE
"F00006_4/8 F-DI
DC24V_1".QBAD_I_01
QBAD_ IN1 BOOL QBAD signal from F-I/O DB of input IN1 * FALSE
"F00006_4/8 F-DI
DC24V_1".QBAD_I_05
QBAD_ IN2 BOOL QBAD signal from F-I/O DB of input IN2 * FALSE
TRUE OPEN_NEC BOOL TRUE = Opening required on startup TRUE
TRUE ACK_NEC BOOL TRUE = Acknowledgment required TRUE
"Quit" ACK BOOL User acknowledgement (via pushbutton) FALSE
#EN_Safety_Door Q BOOL Output (Enable safety door) FALSE
ACK_REQ BOOL Acknowledgement prompt FALSE
DIAG BYTE Service information B#16#0
* The two inputs QBAD_IN1 and QBAD_IN2 must be interconnected. In this example, both are interconnected with the
QBAD signal of the F-I/O DB of the 4/8 F-DI to which the safety door position switches are connected.
Programming
3.5 Step 9: Programming the emergency stop function
SIMATIC Safety - Getting Started
26 Getting Started, 08/2011, A5E02714463-01
3.5 Step 9: Programming the emergency stop function
Introduction
In this step, you program the emergency stop function for this example.
Procedure
1. Create the following static tag of data type BOOL in the interface of the "Safety_Interlock"
F-FB:
"EN_Safety" (Enable safety circuit).
2. Insert a new network.
3. Insert the "AND logic operation" instruction from the "Bit logic operations" subfolder of the
"Instructions" task card.
4. Insert a third input to the "AND logic operation" instruction and initialize the inputs of the
instruction with parameters as described in the table below.
5. Insert the "ESTOP1" instruction from the "Safety functions" subfolder of the "Instructions"
task card.
6. Click "OK" to confirm the "Call options" dialog.
7. Initialize the inputs and outputs of the instruction with parameters as described in the
table below.
8. Connect the output of the "AND logic operation" instruction to the "ON" input of the
"ESTOP1" instruction.
Programming
3.5 Step 9: Programming the emergency stop function
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 27
Result
The programming of the emergency stop function (shutdown in case of emergency stop,
open safety door, or someone entering the protected area monitored by the laser scanner) is
now complete.
Parameter assignment of the "AND logic operation" instruction
Inputs Parameter Data type Description Default
"ESTOP" Input 1 BOOL Emergency STOP FALSE
#EN_Safety_Door Input 2 BOOL Enable safety door FALSE
"Laserscanner" Input 3 BOOL Laser scanner FALSE
Parameter assignment of the "ESTOP1" instruction
Inputs/outputs Parameter Data type Description Default
TRUE ACK_NEC BOOL TRUE = Acknowledgment required TRUE
"Quit" ACK BOOL User acknowledgement (via pushbutton) FALSE
T#0MS TIME_DEL TIME Time delay T#0MS
#EN_Safety Q BOOL Enable safety circuit FALSE
Q_DELAY BOOL Enable is OFF delayed FALSE
ACK_REQ BOOL Acknowledgement prompt FALSE
DIAG BYTE Service information B#16#0
Programming
3.6 Step 10: Programming the feedback monitoring
SIMATIC Safety - Getting Started
28 Getting Started, 08/2011, A5E02714463-01
3.6 Step 10: Programming the feedback monitoring
Introduction
In this step, you program the feedback circuit monitoring for this example.
Procedure
1. Insert a new network.
2. Insert the "AND logic operation" instruction from the "Bit logic operations" subfolder of the
"Instructions" task card.
3. Initialize the inputs of the instruction with parameters as described in the table below.
4. Insert the "FDBACK" instruction from the "Safety functions" subfolder of the "Instructions"
task card.
5. Click "OK" to confirm the "Call options" dialog.
6. Initialize the inputs and outputs of the instruction with parameters as described in the
table below.
7. Connect the output of the "AND logic operation" instruction to the "ON" input of the
"FDBACK" instruction.
Result
The programming of the feedback monitoring is now complete.
Programming
3.6 Step 10: Programming the feedback monitoring
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 29
Parameter assignment of the "AND logic operation" instruction
Inputs Parameter Data type Description Default
"Standard_Program_On_Off" Input 1 BOOL TRUE = Switch on output FALSE
#EN_Safety Input 2 BOOL Enable safety circuit FALSE
Parameter assignment of the "FDBACK" instruction
Inputs/outputs Parameter Data type Description Default
"Feedback" FEEDBACK BOOL Readback input FALSE
"F00006_4 F-Do
DC24V_1".QBAD
QBAD_FIO BOOL QBAD signal from F-I/O DB of output
Q*
FALSE
TRUE ACK_NEC BOOL TRUE = Acknowledgment required TRUE
"Quit" ACK BOOL User acknowledgement (via
pushbutton)
FALSE
T#500MS FDB_TIME TIME Readback time T#0MS
"Motor" Q BOOL Output FALSE
ERROR BOOL Readback error FALSE
ACK_REQ BOOL Acknowledgement prompt FALSE
DIAG BYTE Service information B#16#0
* In this example, this is the QBAD signal from the F-I/O DB of the F-DO to which the load (the contactors) is connected.
Programming
3.7 Step 11: Programming the user acknowledgment for reintegration of the F-I/O
SIMATIC Safety - Getting Started
30 Getting Started, 08/2011, A5E02714463-01
3.7 Step 11: Programming the user acknowledgment for reintegration of
the F-I/O
Introduction
In this step, you program the user acknowledgement for reintegration of the F-I/O for this
example.
Procedure
In your safety program, you must provide a user acknowledgment for the reintegration for the
F-I/O. In order to acknowledge nevertheless in the event of passivated F-I/O, the
acknowledgement pushbutton is evaluated using a standard input. In this example, this is the
"Quit" input.
You can use the ACK_GL instruction to reintegrate all F-I/O of an F-runtime group.
Note
A user acknowledgment with a positive edge at the ACK_GL instruction is required for a
reintegration of the F-I/O (i.e., for switching from fail-safe values (0) to process data) after a
fault is corrected:
After every communication error
After F-I/O faults or channel faults when parameter ACK_NEC = 1
1. Insert a new network.
2. Insert the "ACK_GL" instruction from the "Safety functions" subfolder of the "Instructions"
task card.
3. Click "OK" to confirm the "Call options" dialog.
4. Initialize the input with parameters as described in the table below.
Programming
3.8 Step 12: Programming of the main safety block
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 31
Result
The programming of the user acknowledgment is now complete.
Parameter assignment of the "ACK_GL" instruction
Input Parameter Data type Description Default
"Quit" ACK_GLOB BOOL Acknowledgement for reintegration FALSE
3.8 Step 12: Programming of the main safety block
Introduction
In this step, you program the main safety block for this example.
Procedure
1. Double-click in the project navigation to open the main safety block "Main_Safety".
2. Use drag-and-drop to insert the F-FB "Safety_Interlock" in Network 1 of the main safety
block.
3. Click "OK" to confirm the "Call options" dialog.
Programming
3.9 Step 13: Compiling the safety program
SIMATIC Safety - Getting Started
32 Getting Started, 08/2011, A5E02714463-01
Result
The F-FB "Safety_Interlock" will now be called cyclically by the main safety block.
You have now programmed the functionality according to the task definition of the example.
You can now proceed with the next steps to compile the safety program, assign device
names, and download the safety program along with the hardware configuration to the F-
CPU.
3.9 Step 13: Compiling the safety program
Introduction
In this step, you compile the hardware configuration and the safety program.
A consistency check is performed on the execution-relevant F-blocks when the safety
program is compiled, that is, the safety program is checked for errors. Any error messages
are output in an error window. After a successful consistency check, the additionally required
F-system blocks are generated automatically and added to the F-runtime group in order to
generate an executable safety program.
Procedure
1. Select the F-CPU in the project tree.
2. In the shortcut menu for the F-CPU, select "Compile > All".
The safety program is now compiled.
Programming
3.9 Step 13: Compiling the safety program
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 33
Result
If compilation is successful, the result is always a consistent and executable safety program
comprising all F-blocks with F-attribute. You are notified of this with the message "Safety
program is consistent".
Programming
3.10 Step 14: Assigning device names
SIMATIC Safety - Getting Started
34 Getting Started, 08/2011, A5E02714463-01
3.10 Step 14: Assigning device names
Introduction
In this step, you assign the F-CPU and the interface module a PROFINET device name.
The PROFINET device names are created automatically by
STEP 7 Professional V11
; you
only have to assign them.
For additional information on PROFINET IO, refer to the "SIMATIC PROFINET System
Description (http://support.automation.siemens.com/WW/view/en/49948856)".
You can find additional information on configuring PROFINET IO in the online help for
STEP 7 Professional V11
under "Configurations for PROFINET IO".
Procedure
1. Change to the Network view.
2. Connect the PG/PC to the Ethernet subnet via the PROFINET interface.
3. In the Network view, select the subnet and choose the "Assign device name" command in
the shortcut menu.
4. In the "Assign PROFINET device name" dialog, select the appropriate PG/PC interface in
order to connect to the Ethernet subnet.
5. All configured PROFINET device names are displayed for selection in the upper drop-
down list. Select a PROFINET device name from this list and select the interface module
that is to receive this device name in the table below. You can filter the devices displayed
in the table according to different criteria.
6. You can use the "Flash LED" button to easily identify the device.
7. The F-CPU recognizes the interface module using its device name and automatically
assigns the configured IP address to it.
Programming
3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety mode
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 35
Result
You have assigned the device names of the F-CPU and the IM151-3 PN HIGH FEATURE.
3.11 Step 15: Downloading the complete safety program to the F-CPU
and activating safety mode
Introduction
In this step, you download the hardware configuration and the safety program to the F-CPU.
Procedure
1. Select the F-CPU in the project tree.
2. In the shortcut menu for the F-CPU, select "Download to device > All". If an online
connection to the F-CPU does not yet exist, you will be prompted to establish this
connection.
The "Load preview" dialog is displayed.
Programming
3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety mode
SIMATIC Safety - Getting Started
36 Getting Started, 08/2011, A5E02714463-01
3. Select "Consistent download" in the "Action" column in each case.
Note
If you are only downloading the F-blocks, the block in which the main safety block is
called (cyclic interrupt OB 35 in this example) is not downloaded. You must then
download this OB separately the same way as for a standard program.
Note
To download the entire safety program, the F-CPU must be in STOP mode.
4. Click the "Load" button.
Result: The "Load results" dialog is displayed.
5. Click the "Finish" button.
6. In the
Safety Administration Editor
, check to see if the F-collective signatures of all F-
blocks with F-attribute match online and offline.
If so, the download operation was successful. If not, repeat the download operation.
7. To activate safety mode, switch the F-CPU from STOP to RUN mode.
The
Safety Administration Editor
displays the current safety mode status in the "General"
area under "Safety Mode Status".
Note
Once a safety program has been created, you must perform a full function test according
to your automation task (see SIMATIC Safety Configuring and Programming
(http://support.automation.siemens.com/WW/view/en/49368678) manual).
Programming
3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety mode
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 37
Result
You have now finished creating the safety program according to the task definition of the
example.
In the following appendices, we show you how easy it is to set up access protection for your
safety program and the F-CPU. In addition, we show you how you can make changes to
your safety program, download changes to the F-CPU, and assess the consistency of the
safety program.
In this interactive graphic, you have the opportunity to become familiar with the functions you
just programmed. To do so, move your cursor over the operator control elements.
Programming
3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety mode
SIMATIC Safety - Getting Started
38 Getting Started, 08/2011, A5E02714463-01
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 39
Setting up access protection A
Introduction
It is essential to provide access protection in production mode for the access to the SIMATIC
Safety F-system.
No access protection is initially necessary for test purposes, commissioning, etc. That is, you
can execute all offline and online actions without access protection, i.e., without password
prompt.
For additional information, refer to the "Access protection" chapter in the SIMATIC Safety -
Configuring and Programming
(http://support.automation.siemens.com/WW/view/en/49368678) manual.
Procedure
To set up access protection for productive operation, follow these steps:
1. In the area navigation of the
Safety Administration Editors
, switch to "Access protection".
2. Under "Offline safety program protection" click "Set up". Enter the password in the dialog
that appears, and enter it again to confirm.
3. Under "Online F-CPU protection", click the "Go to "Protection" area of the F-CPU" link.
Result: You switch to the device view of the F-CPU.
4. Under "Protection", choose the "Write protection for F-blocks" option. Under "Password
for write/read access", enter a password. Then enter the password again to confirm.
5. Download the hardware configuration to the F-CPU.
Result
You can only make changes to the safety program offline if you enter the password from
Step 2.
You cannot overwrite the safety program in the F-CPU until you enter the password from
Step 4.
As the next step, acceptance testing of the system may be necessary for productive
operation. For additional information regarding acceptance testing, refer to the "System
acceptance" chapter in the "SIMATIC Safety - Configuring and Programming
(http://support.automation.siemens.com/WW/view/en/49368678)" manual.
Setting up access protection
SIMATIC Safety - Getting Started
40 Getting Started, 08/2011, A5E02714463-01
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 41
Modifying the safety program B
Introduction
This appendix shows you how you can change the safety program and download changes to
the F-CPU.
Procedure
1. Modify the example safety program so that no user acknowledgment is required for an
OSSD (Output Signal Switching Device) signal from the laser scanner.
To do this, program the emergency stop function as shown in the figure.
Modifying the safety program
SIMATIC Safety - Getting Started
42 Getting Started, 08/2011, A5E02714463-01
Note
Changes to the safety program during operation (in RUN mode) can only be made in
deactivated safety mode. You make the changes to F-blocks offline in the usual way in
STEP 7 Professional
. F-blocks cannot be modified online.
See also the "Compiling and commissioning safety program" chapter in the SIMATIC
Safety - Configuring and Programming manual.
2. Save the F-FB.
Note
You have modified and saved an F-block of the safety program and therefore created an
inconsistent safety program. That is, the collective signature of all F-blocks with F-
attribute in the block container differs from the collective signature of the safety program.
Note
To download changes in the safety program in RUN mode, you must deactivate safety
mode of the safety program. Safety mode remains deactivated until the F-CPU is next
switched from STOP to RUN mode.
3. Check to see if "Current mode" in the "General" area of the
Safety Administration Editor
indicates "Safety mode activated". If so, click "Disable safety mode" and enter the
password for the safety program.
Result:Another prompt will appear containing the F-collective signature of the safety
program in the F-CPU.
4. Confirm the prompt to deactivate safety mode with "OK".
Result: Safety mode will be deactivated.
WARNING
Deactivation of safety mode is intended for test purposes, commissioning, etc.
Whenever safety mode is deactivated, the safety of the system must be ensured by
other organizational measures, such as monitored operation, manual safety shutdown,
and access restrictions to certain areas.
5. Right-click the F-FB in the project tree, and choose "Download to device > Software" in
the shortcut menu.
Result: The F-FB is downloaded to the F-CPU.
6. Test the changes on the system or by using "Program status online".
Once the test has been successfully completed, continue by compiling the safety
program.
Modifying the safety program
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 43
7. To apply the changes to the safety program and produce a consistent safety program,
you must recompile the safety program. To do so, follow the procedure described in the
"Step 13: Compiling the safety program (Page 32)" chapter.
The collective signature of all F-blocks with F-attribute in the block container and the
collective signature of the safety program match; that is, the safety program is consistent
and ready for acceptance testing.
8. Right-click the F-CPU in the project tree, and choose "Download to device > Software" in
the shortcut menu.
All F-blocks with F-attribute belonging to the safety program are identified and
downloaded to the F-CPU.
9. Check the "Status" under "Program signature" in the "General" area of the
Safety
Administration Editor
. If the symbol is displayed, the online and offline programs are
consistent.
If consistent, the download operation was successful. If not, repeat the download
operation.
To activate safety mode, switch the F-CPU from STOP to RUN mode.
Note
After creating a safety program, you must carry out a complete function test in
accordance with your automation task.
For changes made to a safety program that has already undergone a complete function
test, only the changes need to be tested. For additional information, refer to the "Testing
safety program" chapter in the SIMATIC Safety - Configuring and Programming
(http://support.automation.siemens.com/WW/view/en/49368678) manual.
Result
You have now finished adapting the safety program for the modified task.
Modifying the safety program
SIMATIC Safety - Getting Started
44 Getting Started, 08/2011, A5E02714463-01
SIMATIC Safety - Getting Started
Getting Started, 08/2011, A5E02714463-01 45
Typical configuring and programming errors and their
causes C
Errors, causes and remedy measures
Type Error Possible causes
Configuration error F-blocks cannot be downloaded to the F-CPU. F-CPU parameter "F-activation" was not
activated in the "Fail-safe operation" area.
Configuration error SF LED on the F-module illuminates when the
safety program is not loaded.
The PROFIsafe address set on the DIP switch
does not match the hardware configuration.
Configuration error SF-LED on the F-module illuminates and TIMEOUT
error in the DIAG byte of the F-I/O DB
Monitoring time of the F-module ≤ max. cycle
time of the F-runtime group.
Configuration error SF-LED on the F-module illuminates and CRC
error in the DIAG byte of the F-I/O DB Loaded safety program is not consistent with
the loaded hardware configuration.
Safety program is inconsistent.
PIQ/PII of the F-module is being overwritten
by the standard user program.
Configuration error SF-LED on the F-DI module illuminates and
module signals a short circuit
Sensor connection does not match parameter
assignment, for example:
Only one switching contact is connected to a
channel with 1oo2 evaluation
A sensor with nonequivalent contacts is
connected to a channel assigned as "two-
channel equivalent."
Two switching contacts of a single-channel
or two-channel nonequivalent sensor are
supplied via VS1 and VS2
Typical configuring and programming errors and their causes
SIMATIC Safety - Getting Started
46 Getting Started, 08/2011, A5E02714463-01
Type Error Possible causes
Programming error F-PIQ/PII is not being updated. The main safety block is not being called in the
cyclic OB3x.
F-module has been passivated. Evaluate the
QBAD and DIAG byte parameters in the
respective F-I/O DB.
Programming error F-CPU goes to STOP due to data corruption in the
safety program. Main safety block is being called more than
once in the cyclic program.
Operands of F-DBs are being written to in
the standard user program.
Undeclared TEMP variables are being used
in the safety program.
Bit memory that is modified during
processing of the main safety block, e.g.,
clock memory, is being read-accessed in the
safety program.
Overflow for arithmetic instructions is not
checked.