w788 simatic safety factory

Functional Example AS-FE-I-016-V10-EN

SIMATIC Safety Integrated for Factory Automation

Implementation of a safety function (SIL 3 / PL e) with PROFINET IO via IWLAN

www.neteon.net

1-888-908-3330 [email protected]

Safety with PROFINET IO over IWLAN ID number: 28609440

Safety Integrated /106 AS-FE-I-016-V10-EN

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Preliminary remarks Functional examples for the topic "Safety Integrated" are fully-functioning and tested automation configurations based on standard products (Sie-mens AG, I IA) for simple, fast and low-cost implementation of automation tasks in safety engineering. Each of the functional examples presented deals with a typical problem that occurs in safety engineering.

Besides listing all the necessary software and hardware components, and describing their interconnection, the functional examples also include tested and commented code. This means the functionalities described here can be set up within a short time and can thus be used as the basis for individ-ual expansions.

Important note The safety functional examples are non-binding and do not claim to be complete in respect of configuration, equipment or practical contingencies. The safety functional examples are not customer-specific solutions and are only intended to facilitate the performance of typical tasks. You yourself are responsible for the proper operation of the described products.

These safety functional examples do not relieve you of the obligation to use the products safely during application, installation, operation and mainte-nance. By using these safety functional examples, you acknowledge the fact that Siemens cannot be held liable for any claims or damages above and beyond the liability described above. We reserve the right to make changes to these safety functional examples at any time without prior no-tice. If there are any differences between the suggestions made in these safety functional examples and other Siemens publications such as cata-logs, the contents of the other document(s) take priority.

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Contents

1 Warranty, liability and support ...................................................................... 7

2 Structure of the document............................................................................. 8

3 Automation functions................................................................................... 10 3.1 Task and solution............................................................................................ 10 3.2 Functionality of the functional example........................................................... 12 3.2.1 Description...................................................................................................... 12 3.2.2 Status diagram................................................................................................ 13 3.3 Customer benefits........................................................................................... 14 3.3.1 SIMATIC Safety Integrated for Factory Automation ....................................... 14 3.3.2 SCALANCE W (components for IWLAN) ....................................................... 15 3.3.3 IWLAN in automation engineering .................................................................. 16

4 Necessary components ............................................................................... 17 4.1 Hardware components.................................................................................... 17 4.2 Software components ..................................................................................... 18

5 Configuring and wiring ................................................................................ 19 5.1 Overview of configuration ............................................................................... 19 5.2 Wiring.............................................................................................................. 21

6 Downloading a STEP 7 project and configuration files ............................ 24 6.1 Initial conditions .............................................................................................. 24 6.2 Overview of the necessary steps.................................................................... 25 6.3 Downloading from HTML page to PD/PC ....................................................... 26 6.4 Setting the PD/PC interface............................................................................ 26 6.5 Configuring IWLAN components .................................................................... 28 6.5.1 Access point ................................................................................................... 28 6.5.2 Ethernet client module .................................................................................... 28 6.5.3 Overview of the para. for access point and Ethernet client module................ 28 6.5.4 Access to IWLAN components on completion of the configuration ................ 29 6.6 Processing PROFINET IO stations................................................................. 30 6.6.1 CPU315F ........................................................................................................ 30 6.6.2 IM151-3X1 ...................................................................................................... 30 6.6.3 IM151-3X2 ...................................................................................................... 30 6.6.4 Overview of the parameters for CPU315F, IM151-3X1, IM151-3X2............... 30 6.7 Load STEP 7 project into S7 CPU.................................................................. 31 6.8 Overview of IP addresses and device names................................................. 31 6.9 PD/PC with two LAN interfaces ...................................................................... 32

7 Function test and operation of the configuration...................................... 33

8 Key performance data .................................................................................. 35 8.1 Load memory and RAM of the S7 CPU.......................................................... 35 8.2 Cycle time S7 CPU ......................................................................................... 35

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

8.3 Maximum response time................................................................................. 35

9 Important settings ........................................................................................ 36

10 Settings with STEP 7 .................................................................................... 38 10.1 Overview of the Hardware Configuration........................................................ 38 10.2 S7 CPU settings ............................................................................................. 39 10.3 Settings for IM151-3X1 and IM151-3X2 ......................................................... 42 10.4 Settings F-DI................................................................................................... 43 10.5 Settings F-DO ................................................................................................. 45 10.6 Setting in the safety program.......................................................................... 47

11 Settings with WBM: Basic Wizard............................................................... 48 11.1 IP Settings ...................................................................................................... 48 11.2 System name.................................................................................................. 50 11.3 Country code .................................................................................................. 51 11.4 Wireless settings............................................................................................. 52 11.5 Channel settings ............................................................................................. 53 11.6 Adopt MAC address settings .......................................................................... 54 11.7 Summary of Basic Wizard .............................................................................. 55

12 Settings with WBM: Security Wizard .......................................................... 56 12.1 Security settings ............................................................................................. 56 12.2 Security settings for the management interfaces............................................ 57 12.3 Security settings for IWLAN............................................................................ 58 12.3.1 Access point only............................................................................................ 58 12.3.2 Access point and Ethernet client module........................................................ 59 12.4 Settings for the Medium security level ............................................................ 60 12.5 Summary of Security Wizard .......................................................................... 61

13 Settings with WBM: Security menu ............................................................ 62 13.1 Access rights for the wireless interface .......................................................... 62 13.2 Access rights for IP addresses ....................................................................... 63

14 Settings with WBM: System menu.............................................................. 64 14.1 Services .......................................................................................................... 64

15 Example code: Overview ............................................................................. 65 15.1 Preliminary remarks........................................................................................ 65 15.2 Structure of the example code........................................................................ 66

16 Example code: Standard program .............................................................. 67 16.1 Block OB1....................................................................................................... 67 16.1.1 Network 1........................................................................................................ 67 16.1.2 Network 2........................................................................................................ 68 16.2 Block OB35..................................................................................................... 69

17 Example code: safety program ................................................................... 70 17.1 Block FB SAFETY_PRG (FB1)....................................................................... 70 17.1.1 Network 1........................................................................................................ 70

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

17.1.2 Network 2........................................................................................................ 71

18 Safety function.............................................................................................. 72 18.1 Information about the standards ..................................................................... 72 18.2 Safety function of the functional example ....................................................... 72

19 Assessment of the safety function ............................................................. 73 19.1 Representation of the safety function ............................................................. 73 19.2 Assessment of "Acquisition" ........................................................................... 74 19.2.1 Assessment in accordance with EN 62061: 2005 .......................................... 74 19.2.2 Assessment in accordance with EN ISO 13849-1: 2006 ................................ 75 19.3 Assessment of "Evaluation" ............................................................................ 76 19.3.1 Assessment in accordance with EN 62061: 2005 .......................................... 76 19.3.2 Assessment in accordance with EN ISO 13849-1: 2006 ................................ 76 19.4 Assessment of "Reaction"............................................................................... 77 19.4.1 Assessment in accordance with EN 62061: 2005 .......................................... 77 19.4.2 Assessment in accordance with EN ISO 13849-1: 2006 ................................ 78 19.5 Assessment of the ENTIRE safety function.................................................... 79 19.5.1 Overview: "Acquisition", "Evaluation", "Reaction"........................................... 79 19.5.2 Assessment in accordance with EN 62061: 2005 .......................................... 79 19.5.3 Assessment in accordance with EN ISO 13849-1: 2006 ................................ 79

20 BACKGROUND INFORMATION ................................................................... 80

21 Information on PROFIsafe ........................................................................... 81 21.1 Functional safety of PLCs and PROFIsafe ..................................................... 81 21.2 PROFIsafe properties ..................................................................................... 81 21.3 PROFIsafe principle........................................................................................ 82 21.4 PROFIsafe benefits ........................................................................................ 82

22 Safety function via IWLAN ........................................................................... 83 22.1 Wireless link requirements.............................................................................. 83 22.2 Sufficient availability ....................................................................................... 83 22.2.1 General information ........................................................................................ 83 22.2.2 Measures for sufficient availability .................................................................. 83 22.2.3 Assessing the quality of a connection............................................................. 84 22.3 Sufficient security............................................................................................ 85 22.3.1 General information ........................................................................................ 85 22.3.2 Measures for sufficient security ...................................................................... 85

23 Tools in the IWLAN environment ................................................................ 87 23.1 Information direct from the IWLAN components............................................. 87 23.1.1 Clients list ....................................................................................................... 88 23.1.2 Available WLAN.............................................................................................. 89 23.1.3 Errors (access point)....................................................................................... 90 23.1.4 Errors (Ethernet client module)....................................................................... 91 23.1.5 Overlap AP ..................................................................................................... 92 23.1.6 Signal.............................................................................................................. 93

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

23.2 SINEMA E configuration software for WLANs ................................................ 94

24 Specific measurements with IWLAN........................................................... 96

25 Calculation of the max. response time ( s7fcotix table)............................ 97 25.1 Influence of IWLAN components on the refresh time ..................................... 97 25.2 Structure of the s7fcotix table ......................................................................... 98 25.3 Use in the functional example......................................................................... 99 25.3.1 Overview......................................................................................................... 99 25.3.2 Parameter overview...................................................................................... 100 25.3.3 Overview of results ....................................................................................... 102

26 Glossary ...................................................................................................... 103

27 References .................................................................................................. 105 27.1 Articles from the Service & Support Portal ................................................... 105 27.2 Other articles or links .................................................................................... 106

28 History of the functional example ............................................................. 106

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

1 Warranty, liability and support

We do not guarantee any of the information contained in this document.

We accept no liability for any damage or loss caused by the use of the sa-fety functional examples, information, programs, planning data or perform-ance data described in this document, irrespective of the legal basis for claims arising from such damage or loss, unless liability is mandatory, for example, according to the product liability law, in cases of gross intent or negligence, endangering of life, the body or health, warranty for a product's characteristics, malicious concealment of a defect, or violation of basic con-tractual obligations. Any claims for damages caused by violation of basic contractual obligations, however, shall be limited to the foreseeable dam-age or loss which is typically envisaged in contracts unless there has been gross negligence or unless liability is mandatory due to endangering of life, the body or health. This does not entail a change in the burden of proof to your disadvantage.

Copyright© 2008 Siemens AG, I IA. Any form of duplication of these appli-cation examples or excerpts hereof is not permitted without the express consent of Siemens AG, I IA.

If you have any questions about this article, please send an e-mail to the following address:

[email protected]

mailto:[email protected]�

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

2 Structure of the document

The documentation for the functional example has the following structure: Table 2-1

Section Contents

Description of the origins and aims of the functional example: Automation functions • Task of the functional example and solution

with SIMATIC components • Functionality of the functional example • Customer benefits

Description of the test configuration: Necessary components Hardware and software required for configuring

the functional example Configuring and wiring Configuring and wiring of the components Downloading a STEP 7 project and configu-ration files

Downloading the functional example to the con-figuration

Function test and operation of the configu-ratio

Testing and operating the configuration

Key performance data • Reserved memory in the S7 CPU • Maximum runtime of the safety program,

calculated with the s7fcotix table Description of important settings and of the example code: Important settings

Settings with STEP 7 Settings with WBM: Basic Wizard

Settings with WBM: Security Wizard

Settings with WBM: Security menu

Important settings of the components with regard to: • Safety (machine safety) • Security (protection against unauthorized

access to data)

Example code: Overview Example code: Standard program Example code: safety program

• Structure of the example code • Structure of the standard program • Structure of the safety program

Assessment of the safety function implemented in the functional example: Safety function Description of the safety function Assessment of the safety function Assessment of the safety function

• In accordance with EN 62061: 2005 • In accordance with EN ISO 13849 -1: 2006

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Section Contents

Background information: Information on PROFIsafe Safety function via IWLAN Tools in the IWLAN environment Specific measurements with IWLAN Calculation of the max. response time ( s7fcotix table)

Information is made available here that aids understanding of the functional example. The focus is on PROFIsafe and IWLAN.

Appendix: Glossary Important terms and abbreviations in the context

of the functional example Interesting information on the topic of the func-tional example

References

Note: References to information are indicated in the text with: /x/

History Versions of the functional example

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

3 Automation functions

3.1 Task and solution

Description of the task Many modern automation systems are characterized by the following fea-tures:

• S7 CPU and ET 200 distributed I/O, connected over the Industrial Ethernet / PROFINET IO bus

• Safety program and standard program in the same S7 CPU

• Normal signals (e.g. Switch motor on) and safety-related signals (e.g. Emergency-off motor) are transferred over the same bus

For many applications, wireless communication is more cost-effective than communication using cable. In some cases, it is the only way of connecting an S7 CPU with distributed ET 200 stations. This applies, for example, to communication between moving parts of an automation system or between areas that are difficult to access.

Solution In the present functional example, the cable connecting two areas of an au-tomation system is replaced by wireless (PROFINET IO over IWLAN). Figure 3-1

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

The following functionality is implemented using wireless (PROFINET IO over IWLAN):

• Normal switching duty of a motor (start, stop)

• Safety-related motor switch-off (emergency stop)

• Safety function (emergency-stop) in SIL 3 / PL e

Standard and safety-related communication thus takes place via IWLAN. The safety-related communication complies with SIL 3 / PL e. This is en-abled by PROFIsafe (see Chapter 21).

The following hardware components are used in the functional example, as well as standard components:

• Safety-related components: SIMATIC Safety Integrated for Factory Automation (CPU315F-2 PN/DP, ET 200S with F-DI and F-DO)

• Components for IWLAN: SCALANCE W (SCALANCE W788-1PRO access point, SCALANCE W744-1PRO Ethernet client module)

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

3.2 Functionality of the functional example

3.2.1 Description

Implementation of a safety function The functional example shows the safety-related shutdown of a motor in Stop Category 0.

This function is called "Safe stop in accordance with Stop Category 0". This is shortened to "Safe stop" below.

The motor is simulated in the functional example by an indicator light.

Functionality of the safety function Safety-related shutdown of the motor (here: indicator light) is effected via an emergency-stop pushbutton. Shutdown is carried out via 2 contactors. The readback signals of the contactors are evaluated.

The safety function achieves SIL 3 / PL e.

Functionality for normal operation A motor (here: indicator light) is normally switched on or off via a Start pushbutton or Stop pushbutton.

Acknowledgment by the user An acknowledgment from the user (press of the acknowledgment pushbut-ton) is required in the following cases:

• Before starting the motor

• After unlocking the emergency-stop pushbutton

• For reintegration of an F module (after fault correction)

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

3.2.2 Status diagram

The diagram below provides an overview of the functionality of the func-tional example.

Figure 3-2

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

3.3 Customer benefits

3.3.1 SIMATIC Safety Integrated for Factory Automation

Reduction in inventory through saving components:

• One S7 CPU for standard and safety-related automation: Standard program and safety program on one S7 CPU

• One PROFIBUS or PROFINET transmission medium for standard and safety-related communication to SIL 3 / PL e

• One distributed I/O configuration with standard and safety-related I/O modules

Faster system installation and commissioning:

• Integrated engineering for standard and safety-related control section

• Use of existing PROFIBUS or PROFINET transmission media also for safety-related communication

• Simple expansion of existing PROFIBUS architectures by PROFINET, e.g. using IE/PB-Link

More flexibility:

• The logic of the safety functions is implemented in software, not by means of wiring:

– Easy to modify, expand and document

– Implementation of complex safety functions

Fast reproducibility:

• The software solution can be easily reproduced, in contrast to the hard-ware solution

• Acceptance-tested, certified solutions can be used frequently as self-contained blocks

Enhanced plant availability

• Earlier fault detection thanks to extensive diagnostic functions

Investment protection

• Simple migration from PROFIBUS to PROFINET

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

3.3.2 SCALANCE W (components for IWLAN)

• Reliable wireless link, e.g. through redundant connection, automatic roaming in event of an interruption of the connection to Industrial Ethernet (Forced Roaming), cyclic monitoring of radio link (Link Check) or monitoring of IP connections (IP Alive)

• Solution for wireless safety systems based on standard components, e.g. IWLAN (IEEE 802.11), PROFINET (IEEE 802.3) or PROFIsafe (IEC 61508 / EN 954-1)

• Protection against unauthorized access, espionage, tapping and falsifi-cation thanks to WPA2/IEEE 802.11i and 128-bit encoding

• Redundant power supply via Power-over-Ethernet (48V DC in accor-dance with IEEE 802.3af and 12-32V DC or 100-240V AC)

• C-PLUG: Swap medium for rapid device replacement without the need for a programming device. This prevents downtimes and cuts engineer-ing costs in the event of access point failure. The time required for maintenance is reduced; no trained personnel is required in case of dis-turbances.

• Wireless communication also for time-critical applications, such as PROFINET IO communication. Two modes in one device: IEEE 802.11-compliant or iPCF (industrial point coordinated function) for applications with high real-time requirements

• Shorter downtimes and reduced engineering overhead. Time savings when service calls are made. No qualified personnel is required in case of disturbances.

• All components are silicone-free and certified for the explosion protec-tion zone 2 (Atex Directive 94/9/EC)

• Different product versions in IP30 and IP65 for different uses. Operation with a HiPath WLAN Controller from Siemens Enterprise Communica-tion GmbH&Co.KG is possible.

• FOC (multi mode) connection for large distances

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

3.3.3 IWLAN in automation engineering

The benefits of Wireless LAN technology lie in the mobility of individual components and their flexible use. Thanks to this mobility, work processes can be re-structured and innovate solutions implemented.

Automation systems offer many possible applications in which users can benefit from wireless communication between individual stations.

IWLAN from Siemens satisfies the stringent reliability and performance re-quirements for wireless communication by defining predictable throughput times and data rates.

IWLAN can also be used for safety-related communication via PROFIsafe (see Chapter 21). The safety-related communication complies with SIL 3 / PL e.

Customers are especially likely to choose IWLAN in situations where it of-fers clear advantages over cable. The examples below will explain this:

Communication with moving stations Connecting moving devices into a data network involves significant cost. Wireless communication saves on the complete busbar layout for the data on electric monorail overhead conveyors, and on automated guided vehicle systems, it avoids optical systems that are easily soiled. In addition, the routes can be easily changed in both applications, providing a high degree of flexibility.

If rotating equipment is incorporated in a data network, wear on the slip rings is avoided. The same advantage applies to substitution of cable carri-ers.

Configurations limited by time It is no longer acceptable for assembly lines to be rigid units that can only be retooled for new applications at high cost. Factory layouts are subject to high-speed changes especially in automobile production. Flexible produc-tion enables customer demands to be implemented quickly without signifi-cant retrofit times.

Production units can be quickly integrated into the data network without significant wiring effort using wireless data networking. Moreover, test con-figurations can be implemented quickly and without high costs.

Communication with remote units An IWLAN wireless network allows low-cost connection of remote ma-chines and controllers installed in very inaccessible locations. This avoids costly cabling.

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

4 Necessary components

The following tables show the components essential to configuring the functional example:

• Hardware components for Area 1 of the automation system

• Hardware components for Area 2 of the automation system

• Software components

The manufacturer of all components is Siemens AG, I IA.

4.1 Hardware components

Area 1 of the automation system Table 4-1

Component Type MLFB No. Explanation

IO Controller

Power supply PS307 5A 6ES73071EA00-0AA0 1 ---

S7 CPU (safety-related) CPU315F-2 PN/DP 6ES7315-2FH13-0AB0 1 ---

Storage medium MMC 8MB 6ES7953-8LP20-0AA0 1 For example code and hardware configuration

IO Device

Interface module ET 200S IM151-3 PN HF 6ES7151-3BA22-0AB0 1 PROFINET IO

Storage medium MMC 64KB 6ES7953-8LF20-0AA0 For device name

Power module PM-E 24 to 48 V DC 24 to 230 V AC 6ES7138-4CB11-0AB0 2 ---

Electronic module 4DI HF 24VDC 6ES7131-4BD01-0AB0 1 Connection: Start, Stop, Acknowledge pushbuttons

Electronics module (safety-related) 4/8 F-DI PROFIsafe, 24VDC 6ES7138-4FA03-0AB0 1 Connection:

Emergency stop button

Terminal module TM-P15C22-01 6ES7193-4CE10-0AA0 1 Power module

Terminal module TM-E15C23-01 6ES7193-4CB10-0AA0 1 For 4DI

Terminal module TM-P15C23-A0 6ES7193-4CD30-0AA0 1 Power module

Terminal module TM-E30C44-01 6ES7193-4CG30-0AA0 1 For 4/8 F-DI

PROFINET IO

IE switch SCALANCE X005 6GK5005-0BA00-1AA3 1 ---

IWLAN

Access point SCALANCE W788-1PRO 6GK5788-1AA60-2AA0 For USA (*1): 6GK5788-1AA60-2AB0

1 Important: See Note *1.

Peripherals

Start pushbutton 1 NO contact --- 1 ---

Stop pushbutton 1 NC contact --- 1 ---

Acknowledgment pushbutton 1 NO contact --- 1 ---

Emergency stop button 2 NC contacts 3SB3801-0EG3 1 ---

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Area 2 of the automation system Table 4-2


IO Device

Power supply PS307 5A 6ES73071EA00-0AA0 1 ---

Interface module ET 200S IM151-3 PN HF 6ES7151-3BA22-0AB0 1 PROFINET IO

Storage medium MMC 64KB 6ES7953-8LF20-0AA0 1 For device name

Power module PM-E 24 to 48V DC 24 to 230 V AC 6ES7138-4CB11-0AB0 2 ---

Electronic module 2DI HF 24VDC 6ES7131-4BB01-0AB0 1 Connection: Readback signal

Electronics module (safety-related) 4 F-DO PROFIsafe, 24VDC/2A 6ES7138-4FB02-0AB0 1 Connection:

2 contactors

Terminal module TM-P15C22-01 6ES7193-4CE10-0AA0 1 Power module

Terminal module TM-E15C23-01 6ES7193-4CB10-0AA0 1 For 2DI

Terminal module TM-P15C23-A0 6ES7193-4CD30-0AA0 1 Power module

Terminal module TM-E30C44-01 6ES7193-4CG30-0AA0 1 For 4 F-DO

IWLAN

Ethernet client module SCALANCE W744-1PRO

6GK5744-1AA60-2AA0 For USA (*1): 6GK5744-1AA60-2AB0

1 Important: See Note *1.

Peripherals

Contactor with auxil-iary contacts for read-back

AC-3, 3KW/400V, 1NC, 24VDC 3RT1015-2BB42 2 For switching the indi-cator lights

Indicator light (actua-tor) Yellow --- 1 For simulating a motor

Note *1:

The present functional example uses the country code GERMANY (Chap-ter 11.3).

Please note that this cannot be set in the case of IWLAN components for the U.S..

4.2 Software components

Table 4-3


STEP 7 V5.4 + SP3 6ES7810-4CC07-0YA5 1 ---

S7 Distributed Safety programming V5.4 + SP4 6ES7833-1FC02-0YA5 1 Option package for STEP 7

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

5 Configuring and wiring

5.1 Overview of configuration

Area 1 and area 2 of the automation system The following figure shows the basic design of the functional example. The design comprises two completely separate areas of an automation system:

• Area 1 contains the operator elements for operation and safety of the motor (here: indicator light).

• Area 2 contains the motor (here: indicator light)

• Area 1 and 2 communicate via wireless

Communication between area 1 and 2 takes place using PROFINET IO via IWLAN. Normal data and safety-related data are transferred by wireless. Safety-related communication takes place via PROFIsafe (see Chapter 21). Figure 5-1

Explanations for the figure:

• Blue background: Standard functionality

• Yellow background: Safety-related functionality

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Connection of motor in area 2 The figure shoes the basic connection of the motor in area 2 of the automa-tion system Figure 5-2:


• F-DO: Safety-related output module of ET 200S

• DI: Standard input module of ET 200S

• M: Motor (here: indicator light)

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

5.2 Wiring

The wiring of the components of the functional example is represented in two separate figures (see the following pages in landscape view):

• Wiring for area 1

• Wiring for area 2

Explanations of the figures on the following pages • Both power supplies (in area 1 and 2) must be supplied with 230 V AC.

• The bus cables for Industrial Ethernet / PROFINET IO are not marked.

• The relationships of the terminal blocks to the ET 200S modules can be found in the figure below (Numbers 1 to 8)

Figure 5-3

DIP switches of the F modules PROFIsafe addresses are assigned automatically when configuring the F modules in STEP 7 (Hardware Configuration). These addresses must be set on the F modules using DIP switches. Table 5-1

Safety-related module DIP switch setting (Bit 9 – Bit 0)

For configuring instructions, see ...

F-DI 0011001000 Chapter 10.4 F-DO 0011000111 Chapter 10.5

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Wiring for area 1

SCALANCE W788-1PRO

3

2

X1

X2 4

1

L1

N

P

PS 307 / CPU 315F-2 PN/DP

L+ M

L+ M L + M L + M

L1N

L L M M

IM151-3 PN HF

PM-E

51

62

7 3

84A A

AUX1

1

51

62

7 3

84A A

AUX1

3

PM-E

Emergency stop button

2

1

2

1

5 1 13 9

6 2 14 10

7 3 15 11

8 4 16 12

8 4 A

16 12 A

7 3 A

15 11 A

F-DI

4

3Start

4 DI HF

5 1

6 2

7 3

2

1Stop

3Acknowledge

4

8 4 A A

2

4

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Wiring for area 2

A1+

A2-

21

22Contactor

L1

T1

A1+

A2-

21

22Contactor

L1

T1

L1

N

PE

L1 N L+

M L +M L +M

PS 307

L L M M

IM151-3 PN HF

PM-E

5 1

6 2

7 3

8 4A A

AUX1

5

51

62

73

84A A

AUX1

7

PM-E

51 139

6 2 1410

7 3 1511

8 4 1612

84A

1612A

7 3A

1511A

F-DO

2 DI HF

51

62

7 3

84A A

6

SCALANCE W744-1PRO

3

2

X1

X2 4

1

X2

X1

Indicator lights

8

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

6 Downloading a STEP 7 project and configuration files

6.1 Initial conditions

Status of the configuration • Configuration and wiring have been completed

• The components are set to their initial conditions (Table 6-1)

• S7 CPU in STOP mode (mode selector at STOP)

Component names The names used below for the automation system components are entered in the figure. Names in green correspond to the device names (PROFINET IO) of components Figure 6-1.

Initial conditions for the components Table 6-1

Component Initial conditions

IWLAN components: • Access point • Client

The components are in delivery condition. Note: "Client" stands for "Ethernet client module"

S7 CPU: • CPU315F

The S7 CPU is in delivery condition, and the memory submodule has been erased. Note: "CPU315F" stands for "CPU 315F-2 PN/DP"

ET 200 stations: • IM151-3X1 • IM151-3X2

The memory submodules have been erased.

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

6.2 Overview of the necessary steps

The table below shows the steps required to dowload the STEP 7 project and the two configuration files into the structure of the func-tional example.

The procedure for each step is explained in detail in the following sections. Table 6-2

Section Step Action Tool on PD/PC

6.3 Downloading from HTML page to PD/PC

Downloading: • Configuration files • Code "Code" contains the archived STEP 7 project. "Configuration files" contains the configuration files for the IWLAN components: • Access point • Ethernet client module

Web browser

Setting of: • IP address • Subnet mask

Windows XP (operating system of PD/PC)

6.4 Setting the PD/PC interface

Setting of: • Log

STEP 7

Setting of: • IP address • Subnet mask • Device name

STEP 7 6.5 Setting the IWLAN components: • Access point • Ethernet client module

Loading of: • Configuration file

Web browser

6.5.4 Processing PROFINET IO stations: • CPU315F • IM151-3X1 • IM151-3X2

Setting of: • IP address • Subnet mask • Device name

STEP 7

6.7 Loading the STEP 7 project into the S7 CPU

Loading of: • Hardware configuration • Sample code

STEP 7

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

6.3 Downloading from HTML page to PD/PC

Precondition: PD/PC is connected to the Internet

The following actions must be carried out: Table 6-3

No. Action Note

1 Downloading the files to any fol-der on the PD/PC

The files listed in Table 6-4 are found on the HTML page of the safety func-tional example /0/.

Table 6-4

File name Contents

28609440_as_fe_i_016_v10_conf_iwlan.zip Configuration files for • Access point • Ethernet client module

28609440_as_fe_i_016_v10_code_iwlan.zip Archived STEP 7 project for S7 CPU

6.4 Setting the PD/PC interface

Precondition: PD/PC connected at IE switch (LAN connection)


No. Action Note

Setting up the network connection 1 Under Windows XP: Call up "Network Connections"

("Start" > "Settings" > "Network Connections") 2 Mark the relevant connection (LAN connection) 3 Select "Change settings of this connection" 4 Highlight "Internet Protocol TCP/IP",

then click on "Properties"

See label with corresponding "No." in Figure 6-2.

5 Enter the IP address and subnet mask of the PD/PC Table 6-6 Select protocol

6 In SIMATIC Manager: Navigate to: "Options" - "Set PD/PC Interface"

7 Select "TCP/IP" protocol

See label with corresponding "No." in Figure 6-3

Table 6-6

PD/PC

IP address 192.168.0.111

Subnet mask 255.255.255.0

Default gateway Do not assign an address

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

The following screenshots are to be regarded as examples. The contents can vary depending on the PD/PC or network card.

Figure 6-2

Figure 6-3

1

4

3 2

5

7

6

www.neteon.net




Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

6.5 Configuring IWLAN components

6.5.1 Access point

Precondition: Connection of the PD/PC to the access point


No. Action Note

Assign IP address, subnet mask, and device name 1 In SIMATIC Manager: Navigate to:

"Target system" -> "Process Ethernet station"

2 Click the "Browse" button 3 Select line with MAC address of the access point and then click

"OK"

4 Enter the IP address and the subnet mask of the access point, then click "Assign IP configuration".

5 Enter the device name of the access point, then click "Assign na-me".

Table 6-8, Lines 1, 2, 3

Load configuration file 6 In the web browser: Enter the "Web address" of the access point.

This calls Web Based Management. (Information on the Web browser can be found in Chapter 6.9.)

Table 6-8, Line 4

7 In Web Based Management: Enter the password in the Login screen form: admin

8 Navigate to: "System" > "Load&Save" > "http" 9 Click "Browse" and select the configuration file of the access point:

*_accesspoint_*.cfg Table 6-8, Line 5

10 Click the "Load" button

6.5.2 Ethernet client module

Precondition: Connection of the PD/PC to the Ethernet client module

The procedure is as with the access point.

6.5.3 Overview of the para. for access point and Ethernet client module

Table 6-8

Parameter Access point Ethernet client module

1 IP address 192.168.0.2 192.168.0.5

2 Subnet mask 255.255.255.0 255.255.255.0

3 Device name Access point Client

4 Web address http://192.168.0.2 http://192.168.0.5

5 Configuration file *_accesspoint_*.cfg *_client_*.cfg



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

6.5.4 Access to IWLAN components on completion of the configuration

After the IWLAN components have been configured, they can be accessed only under the following marginal conditions:

• Connection of PD/PC via cable on the access point or Ethernet client module (Chapter 12.2)

• Access to access point or Ethernet client module via an encrypted con-nection (https, Chapter 14.1).

• Use of a password (Chapter 12.1)



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

6.6 Processing PROFINET IO stations

Precondition: Connection of PD/PC to the IE switch

6.6.1 CPU315F


No. Action Note

1 In SIMATIC Manager: Navigate to: "Target system" -> "Process Ethernet station"

2 Click the "Browse" button 3 Select line with CPU315F address of the access point and then

click "OK"

4 Enter the IP address and the subnet mask of the CPU315F, then click "Assign IP configuration".

5 Enter the device name of the CPU315F, then click "Assign name".

Table 6-10

6.6.2 IM151-3X1

The procedure is as with the CPU315F.

6.6.3 IM151-3X2

The procedure is as with the CPU315F.

6.6.4 Overview of the parameters for CPU315F, IM151-3X1, IM151-3X2

Table 6-10

Station Parameter

CPU315F IM151-3X1 IM151-3X2

IP address 192.168.0.1 192.168.0.3 192.168.0.4

Subnet mask 255.255.255.0 255.255.255.0 255.255.255.0

Device name CPU315F IM151-3X1 IM151-3X2



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

6.7 Load STEP 7 project into S7 CPU

Precondition: Connection of PD/PC to the IE switch


No. Action Note

Download hardware configuration 1 In the SIMATIC Manager: Navigate to: "File" > "Dearchive"

Dearchive the STEP 7 project for the functional example (see Table 6-4)

2 Open the dearchived STEP 7 project 3 Open HW configuration 4 Load hardware configuration into S7 CPU Load example code

5 In SIMATIC Manager: Mark block container of the S7 CPU

6 Navigate to: "Options" > "Process Safety Program" 7 Click on "Load" on the "Safety Program" tab. 8 Answer "Yes" to the question "Load standard blocks too?" 9 For "Password", enter: siemens

The S7 CPU can now be set to "RUN" mode.

6.8 Overview of IP addresses and device names

The figure shows the configured IP addresses and device names. Figure 6-4



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

6.9 PD/PC with two LAN interfaces

The chapter gives tips on setting the Web browser on the PD/PC.

Assumptions:

• The PU/PC is connected via one LAN interface to the Internet from which the downloads are fetched.

• The same PD/PC is connected to the automation system via the other LAN interface.

• Microsoft Internet Explorer is installed on the PD/PC as the Web browser

Then the following settings must be made for the Web browser:

• "Options" > "Internet Options" > "Connections"

• "LAN Settings" > "Settings"

• Activate "Automatic search of the settings" (select only this option)



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

7 Function test and operation of the configuration

The configuration is now function-tested. The following is required for this:

• The components must be wired

• The configuration files must have been loaded into the access point and the Ethernet client module

• The STEP 7 project must have been loaded into the S7 CPU

• The S7 CPU must be in RUN mode

• The PD/PC must be connected to the IE switch

The term "machine" always refers to the indicator light in this chapter.

Overview of Ethernet stations Navigate as follows in the SIMATIC Manager to check whether all Ethernet stations in the configuration are accessible:

• "Target system" > "Process Ethernet station" > "Browse"

Figure 7-1

If the configuration is correct, the values shown above must appear in all columns except the MAC address column.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Overview of inputs and outputs The following signals must be available without any operator input:

Table 7-1

No. HW component Address Symbol Signal Function

1 Start pushbutton (NO) I 0.0 START “0” Start "machine" 2 Stop pushbutton (NC) I 0.1 STOP “1” Stop "machine" 3 Acknowledge pushbut-

ton (NO) I 0.2 ACK “0“ Acknowledgement

5 Series connection of the auxiliary contacts (NC) of both contactors

I 7.0 K1_K2_HELP “1“ Readback signal

7 Emergency stop push-button (NC)

I 1.0 ESTP “1“ Emergency stop "ma-chine"

9 Parallel switching of the coils of both contactors

Q 8.0 K1_K2 “0“ Connect "Machine" to network.

Operator input The function test involves the following operator actions.

Table 7-2

Response No.

Action

Q 8.0 "Machine"

Explanations

1 No action “0“ Off --- 2 Press and release the

acknowledge pushbutton “0“ Off An acknowledgment is required

before the first start of the "ma-chine"

3 Press and release the start pushbutton

“1“ On Contactors K1 and K2 pick up and connect the "machine" to the network.

4 Press the emergency stop but-ton

“0“ Off Contactors K1 and K2 drop out and disconnect the "machine" from the network.

5 Release the emergency-stop pushbutton and repeat Nos. 2 and 3

“1“ On Restarting of the "machine"



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

8 Key performance data

8.1 Load memory and RAM of the S7 CPU

The STEP 7 project occupies the following memory space in the S7 CPU: Table 8-1

Total Of which: Standard blocks

Of which: F-blocks

Load memory 60.4 KB 1.0 KB 59.4 KB Work memory 37.9 KB 0.4 KB 37.5 KB

8.2 Cycle time S7 CPU

Cycle time (OB1 runtime) of the S7 CPU:

• Shortest measured cycle time: 1 ms

• Longest measured cycle time: 8 ms

The cycle time has been read out of the S7 CPU online:

Hardware configuration > Target system > CPU module status > Cycle time

8.3 Maximum response time

Maximum response time in case of error-free operation:

• 212 ms

The maximum response time is the maximum time (worst case):

• between acquisition of the pressed emergency-stop at the input termi-nal F-DI

• and the signal "Switch off contactors" at the output terminal F-DO.

The above value was determined using the s7fcotix table (Chapter 25).



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

9 Important settings

This chapter describes the most important settings for the present func-tional example.

All settings are already included in the downloads for the present functional example:

• STEP 7 project (hardware configuration and example code)

• Access point configuration file

• Ethernet client module configuration file

The settings were made with two different tools: Table 9-1

Tool on PD/PC PD/PC connection Objective

STEP 7, Hardware configuration

IE switch Configuration of: • S7 CPU • IM151-3X1 • IM151-3X2

F-DI • F-DO

Access point Configuration of: • Access point

Web browser, Web Based Management

Ethernet client module Configuration of: • Ethernet client module

The settings of the functional example can serve users as a basis (exam-ple) for their own specific implementations. Please note the following infor-mation when changing the settings.

CAUTION The settings shown below contribute to compliance with SIL 3 / PL e. Changing the settings may result in loss of the safety function.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

The table provides an overview of the subsequent chapters: Table 9-2

Secti-on

Contents Tool on program-ming device/PC

Components

Settings with regard to Sa-fety (*1) that influence the SIL or PL that can be achie-ved.

STEP 7 • S7 CPU • F-DI • F-DO

10

Settings that influence the availability of the wireless network.

STEP 7 • IM151-3X1 • IM151-3X2

Basic settings for the wire-less network.

11

Settings that influence the availability of the wireless network.

Web Based Man-agement (WBM): Basic Wizard

12 Settings that influence the Security (*1) of the wireless network.

Web Based Man-agement (WBM): Security Wizard

13 Additional settings that in-fluence the Security (*1) of the wireless network.

Web Based Man-agement (WBM): Security menu

14 Additional settings that in-fluence the Security (*1) of the wireless network.

Web Based Man-agement (WBM): System menu

• Access point • Ethernet client

module

Note *1

The terms "Safety" and "Security" are distinguished in the functional exam-ple as follows:

• Safety:

– Functional safety of machinery

– Protection of personnel, machinery and environment

• Security:

– Protection of data against unauthorized access

– Security is a requirement for safety



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

10 Settings with STEP 7

Note The settings are already included in the downloads.

10.1 Overview of the Hardware Configuration

Overview screen of the Hardware Configuration of STEP 7 Figure 10-1

IWLAN components The Hardware Configuration of STEP 7 (see figure above) does not include the components for IWLAN (access point and Ethernet client module). The figure below shows where the IWLAN components take effect physically. Figure 10-2



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

10.2 S7 CPU settings

Location of the settings SIMATIC Manager > HW Configuration:

• Double-click on "CPU 315F-2 PN/DP"

Cyclic interrupts Figure 10-3

Table 10-1

Parameter Execution of OB35

Meaning The safety program is called in the S7 CPU at the call interval of OB35.

Note ---



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Protection Figure 10-4

Table 10-2

Parameter Protection level

Meaning A password must be assigned to enable selection of the option "CPU contains safety program". Password used here: siemens

Note When compiling the HW Configuration of STEP 7, F blocks are automatically generated for safe operation of the F modules.

Table 10-3

Parameter Mode

Meaning In process mode, test functions such as program status or monitor/modify tags are restricted so that the set permissible cycle time is not exceeded. Testing by means of breakpoints and step-by-step program execution cannot be carried out. In test mode, all test functions can be used without restriction via PD/PC. Even test functions that can result in a greater ex-tension of the cycle time.

Note If the S7 CPU is in test mode, you must ensure that any exten-sions to the cycle time do not have a negative effect on the process.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

F parameter Figure 10-5

This tab contains all the safely-related parameters of the S7 CPU. The tab can therefore only be accessed using the password.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

10.3 Settings for IM151-3X1 and IM151-3X2


• Click on IM151-3X1 or IM 151-3X2 (in the graphic)

• Double-click on the line "X1" (in the table)

IM151-3X1: IO cycle Figure 10-6

IM151-3X2: IO cycle Figure 10-7

Explanations Table 10-4

Parameter IO cycle

Meaning All inputs and outputs of the IO Devices are updated within the update time. If an IO Device is not supplied by the IO Controller with in-put/output data (IO data) within the threshold monitoring time, it switches to the safe state.

Note Minimum update time for the IM151-3X2: A minimum update time is necessary when using IWLAN com-ponents (see Chapter 25.1). The choice of this update time (here: 32 ms) influences the availability of the wireless network.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

10.4 Settings F-DI


• Click on IM151-3X1 (in the graphic)

• Double-click on the line "4/8 F-DI DC24V" (in the table)

Screenshot Figure 10-8


Parameter 1 F_dest_address

Meaning This is the PROFIsafe address of the module (default value) in decimal form.

Note The PROFIsafe address is assigned automatically. The address can be changed here if desired.

Table 10-6

Parameter 2 DIP switch setting (9…0)

Meaning The PROFIsafe address of the module is shown here in binary. This value must be set on the DIP switch of the F module.

Note ---

2 3

4 5

6 7

8 9

10

1

The numbers refer to the parameters in the follow-ing explanations: Here: "Parameter 1"



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Table 10-7

Parameter 3 F monitoring time (ms)

Meaning Monitoring time for safety-related communication between S7 CPU and fail-safe I/O (PROFIsafe monitoring time).

Note A "minimum F monitoring time" is defined in the s7fcotix table. This time is the basis for the F monitoring time configured here.

Table 10-8

Parameter 4 Short-circuit test

Meaning The F module carries out a cyclic short-circuit test. Note To comply with SIL 3 / PL e, cross-circuit detection must be

carried out. The following must be activated for this: • Cyclic short-circuit test • Encoder supply via the F module

Table 10-9

Parameter 5 Behavior after channel faults

Meaning In the case of channel faults, the relevant channel of the F mo-dule is passivated.

Note ---

Table 10-10

Parameter 6 Activated

Meaning Both NC contacts of the emergency-off pushbutton are con-nected to channels 0 and 4.

Note Used channels are activated, unused channels are deactivated.

Table 10-11

Parameter 7 Sensor supply

Meaning The emergency-off pushbutton receives its voltage supply via the F module.

Note See note at "Parameter 4".

Table 10-12

Parameter 8 Evaluation of the sensors

Meaning Both NC contacts of the emergency-off pushbutton are scanned using 1oo2 evaluation.

Note ---

Table 10-13

Parameter 9 Type of sensor interconnection

Meaning The emergency stop pushbutton is connected via 2 channels. Note ---



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Table 10-14

Parameter 10 Reintegration after discrepancy

Meaning After a discrepancy error, a full test of both contacts is not nec-essary.

Note

10.5 Settings F-DO


• Click on IM151-3X2 (in the graphic)

• Double-click on the line "4 F-DO DC24V/2A" (in the table)



Parameter 1 F_dest_address

Meaning This is the PROFIsafe address of the module (default value) in de-cimal form.

Note The PROFIsafe address is assigned automatically. The address can be changed here if desired.

2

3

4

5 6

1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Table 10-16

Parameter 2 DIP switch setting (9…0)

Meaning The PROFIsafe address of the module is shown here in binary. This value must be set on the DIP switch of the F module.

Note ---

Table 10-17

Parameter 3 F monitoring time (ms)

Meaning Monitoring time for safety-related communication between S7 CPU and fail-safe I/O (PROFIsafe monitoring time).

Note The "minimum F monitoring time" is defined in the s7fcotix table. This time is the basis for the F monitoring time parameterized here.

Table 10-18

Parameter 4 Behavior after channel faults

Meaning In the case of channel faults, the relevant channel of the F module is passivated.

Note ---

Table 10-19

Parameter 5 Activated

Meaning Channel 0 switches both contactors K1 and K2. Note Used channels are activated, unused channels are deactivated.

Table 10-20

Parameter 6 Read-back time

Meaning This time specifies the maximum duration of the turn off test for the corresponding channel and therefore also the readback time for turning off the channel.

Note Recommendation for the value of the readback time: • Sufficiently long when switching capacitive loads • As short as possible to keep the response time as short as

possible



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

10.6 Setting in the safety program

Location of the settings SIMATIC Manager -> Options -> Process safety program

• Click on "F-runtime groups ..."

• Enter password for the safety program: siemens



Parameter 1 Max. cycle time of the F-runtime in ms

Meaning The runtime of the F runtime group is monitored for the parameter-ized value.

Note ---

1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

11 Settings with WBM: Basic Wizard

The abbreviation WBM stands for: Web Based Management.

The IWLAN components are configured with the help of WBM. For this pur-pose, a Web browser is started and the IP address of the relevant IWLAN component is entered.


For further details on the settings: See /3/

11.1 IP Settings

Screenshot for access point Figure 11-1

Screenshot for Ethernet client module Figure 11-2

1

2

3



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c


Parameter Option fields 1

Meaning The IP addresses are assigned by the user. Note Background information (IP address, subnet, …): /10/

Table 11-2

Parameter Input field 2

Meaning IP address of access point or Ethernet client module. Note ---

Table 11-3


Meaning Subnet mask for the wireless network. Note ---



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

11.2 System name





Meaning System name for access point or Ethernet client module. Note ---

1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

11.3 Country code




Parameter Dropdown list box 1

Meaning The country code is set here. The access point and Ethernet client module are operated in the corresponding country.

Note ---

1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

11.4 Wireless settings





Meaning Name for the wireless network (SSID) Note ---

Table 11-7


Meaning The wireless standard is selected here. Note The selection influences the availability!

Table 11-8

Parameter Option field 3

Meaning Not activated: The Ethernet client module only links with the access point with the same SSID (hier: FE1).

Note The selection influences security!

1

2

3



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

11.5 Channel settings





Meaning Selection of a fixed channel (Automatic channel selection is not recommended)

Note The selection influences the availability!

1

2



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Table 11-10


Meaning Access point and Ethernet client module are operated with stan-dard antennas (no directional antennas or IWLAN RCoax leaky wave conductors).

Note The selection influences the availability!

11.6 Adopt MAC address settings

Screenshot for access point Omitted for the access point.




Meaning Automatic determination of the MAC address Note The Ethernet client module used in the functional example pro-

vides access to the wireless network for a single PROFINET de-vice (IM151-3X2). The MAC address of this PROFINET device is used for wireless communication with the access point.

1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

11.7 Summary of Basic Wizard

The screenshots below show an overview of all settings.





Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

12 Settings with WBM: Security Wizard



12.1 Security settings




Parameter Input fields 1

Meaning Assignment of passwords for the administrator. The following applies in the present example: • Password for access point: Simatic_1 • Password for Ethernet client module: Simatic_1


1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

12.2 Security settings for the management interfaces



Explanations

Table 12-2

Parameter Option fields 1

Meaning Configuration of access point and Ethernet client module is only possible using Web Based Management.


Table 12-3


Meaning Configuration is only possible through a PD/PC connected over a cable to the access point or Ethernet client module.


2

1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

12.3 Security settings for IWLAN

12.3.1 Access point only




Meaning Only the Ethernet client module on which this network name (SSID: FE1) is entered can communicate with the access point.


Table 12-5


Meaning The network name (SSID) of the access point is not visible to other devices.


2

1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

12.3.2 Access point and Ethernet client module





Meaning Recommended authentication: WPA2-PSK Note The selection influences security!

Table 12-7


Meaning Recommended encryption method: AES Note The selection influences security!

1

2



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

12.4 Settings for the Medium security level




Parameter Input fields 1

Meaning Pass phrase used here: Simatic_1 Note The selection influences security!

1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

12.5 Summary of Security Wizard

The screenshots below show an overview of all settings.





Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

13 Settings with WBM: Security menu



13.1 Access rights for the wireless interface



Parameter Dropdown list field 1

Meaning Only the MAC address entered below can access the access point.

Note ---

Table 13-2

Parameter Area 2

Meaning This is the MAC address of the IM151-3X2 used in the func-tional example. Thus, only the ET 200S in area 2 of the auto-mation system has access to the access point


2

1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

13.2 Access rights for IP addresses




Parameter Dropdown list field 1

Meaning For management access (configuration via Web Based Man-agement), no IP addresses are excluded.

Note ---

1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

14 Settings with WBM: System menu

Note The settings are already included in the downloads. For further details on the settings: See /3/

14.1 Services





Meaning Access to access point or Ethernet client module is only possi-ble via an encrypted connection.


Table 14-2


Meaning The Primary Setup Tool (PST) has read-only access. Note The selection influences security!

2

1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

15 Example code: Overview

15.1 Preliminary remarks

STEP 7 project with example code You can find the download with the STEP 7 project on the HTML page of the present functional example /0/. The STEP 7 project contains:

• Hardware configuration

• Example code (standard program and safety program)

Password In all cases, the password for the safety-related part of the example code is: siemens

Changes to the example code The example code of the functional example can serve users as a basis (example) for their own specific implementations. Please note the following information when changing the example code.

CAUTION The example code shown below contributes to compliance with SIL 3 / PL e. Changing the example code may result in loss of the safety function.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

15.2 Structure of the example code

The following figure shows:

• Linking of the example code to the process

• Interaction of standard program and safety program

Figure 15-1


Table 15-1

Symbol (No. in figure) Meaning

Signals on standard modules of the ET 200S K1_K2_HELP Readback signal of the two contactors START Signal from start pushbutton (NO) STOP Signal from stop pushbutton (NC) ACK Signal from acknowledge pushbutton (NO) Signals on F modules of the ET 200S ESTP Signal from emergency stop pushbutton (NC) K1_K2 Signal for switching both contactors Information between standard program and safety program FEEDBACK (1) FEEDBACK1 (2)

Standard program -> safety program: Readback signal of the two contactors

COND (3) COND1 (4)

Standard program -> safety program: Power up condition

INSTANCE_FB1_EN (5) Safety program -> Standard program: Enable_safety_circuit



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

16 Example code: Standard program

Structure of the standard program: See Figure 15-1.

16.1 Block OB1

Block function • Normal switching duty of the "motor"

Overview of networks Table 16-1

Network Function

1 Acquisition of the readback signal 2 Generating the power up condition for the "machine"

16.1.1 Network 1

Figure 16-1

The readback signal K1_K2_HELP is applied to the FEEDBACK bit mem-ory. The bit memory is used in the safety program as input parameter of the function block F_FDBACK. The function block is a certified block from the library of Distributed Safety. The readback signal is monitored with the function block.

The bit memory FEEDBACK is assigned to the bit memory FEEDBACK1 in OB35. This bit memory is evaluated in the safety program.

This assignment has the following reason: In the safety program, if data (here: FEEDBACK) that can be modified dur-ing the runtime of an F runtime group by the standard program or an HMI system is read from the standard program (bit memory or PII of the stan-dard I/O), dedicated bit memories (here: FEEDBACK1) must be used. The-se bit memories must be written with the data from the standard program immediately before calling the F runtime group (here: in the OB35). Only these bit memories may be accessed in the safety program.

Note If the above procedure is not observed, the S7 CPU can go to STOP.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

16.1.2 Network 2

Figure 16-2

The COND power up condition is generated for the "machine" in the net-work. The power up condition is evaluated in the safety program.

The safety circuit must be enabled (INSTANCE_FB1.EN="1") as a re-quirement for switching on the "machine" (COND="1").

INSTANCE_FB1.EN (Enable_safety_circuit) becomes "1", if all the following conditions are met:

• Emergency off pushbutton unlocked

• No readback error pending

• An acknowledgment is given (Acknowledge pushbutton) before starting the "machine"

INSTANCE_FB1.EN (Enable_safety_circuit) is determined in the safety program: FB SAFETY_PRG (Chapter 17.1.1)



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

16.2 Block OB35

Functions of the block • Provides information for the safety program:

– Readback signal

– Power up condition

• Calls the safety program

All networks of the block Figure 16-3



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

17 Example code: safety program

Structure of the safety program: See Figure 15-1.

17.1 Block FB SAFETY_PRG (FB1)

Functions of the block • Starts/stops the "machine" depending on the power up condition

(COND1) from the standard program (OB1)

• Safe stop of the "machine" (safety-related switching)

• Reintegration of the F I/O, following passivation Table 17-1

Network Function

1 • Implementation of the "safe stop" (freely programmed) • Monitoring of the feedback loop

2 • Reintegration of the F I/O

17.1.1 Network 1

Figure 17-1

The "safe stop" function is freely programmed.

The function block F_FDBACK handles monitoring of the feedback loop. This function block is a certified block from the library of Distributed Safety.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Acknowledgment ACK_REQ="1" means an acknowledgment is required before output Q can be reset to "1".

ACK_NEC="1" means a readback error must be acknowledged by means of a rising edge on input ACK of the FB F_FDBACK. This is implemented in this way in the functional example.

After acknowledgment, ACK_REQ="0". !

WARNING

The parameter assignment ACK_NEC="0" is only permissible if an automatic restart of the process after a readback error can be pre-cluded.

The Acknowledge pushbutton (ACK signal) is used for acknowledging. The ACK signal takes effect at the following points:

• ACK input of the FB F_FDBACK: Acknowledgment after removal of cause for readback error

• Wiring of the ON input of FB F_FDBACK: Acknowledgment following unlocking of the emergency stop pushbut-ton.

• ACK_REI_GLOB input of FB F_ACK_GL: Reintegration of all F modules (see below, Network 2)

17.1.2 Network 2

Figure 17-2

The reintegration of all F modules is implemented with the function block F_ACK_GL. The user must acknowledge reintegration.

This function block is a certified block from the library of Distributed Safety.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

18 Safety function

A safety function is implemented in the functional example. This safety function is evaluated below in accordance with the two standards EN 62061: 2005 and EN ISO 13849-1: 2005

18.1 Information about the standards

Overview of EN 62061: 2005

• Safety functional example: /4/

Overview of EN ISO 13849: 2006

• Technical book: /105/

18.2 Safety function of the functional example

Preliminary remarks • Emergency stop is not a means of reducing risk.

• Emergency stop is not a "safety function" but a "supplementary safety function"

For simplicity's sake, the term "safety function" is used in the documenta-tion instead of "supplementary safety function".

Safety function The following safety function SF1 is taken as the basis for further consid-eration: Table 18-1

Safety function Description

SF1 If the emergency stop is actuated, the motor must be switched off immediately (stop category 0).

In the present functional example, the entire safety function is examined: Table 18-2

Tasks Safety function

Acquisition Evaluation Reaction

SF1 x x x

In the next chapter, the above-listed tasks of the safety function (acquisi-tion, evaluation, reaction) are evaluated according to the standards.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

19 Assessment of the safety function

It is a requirement for the following approaches that communication via IWLAN meets the following conditions (see Chapter 22):

• Sufficient availability (if possible, no spurious tripping due to brief con-nection breaks)

• Sufficient security (no data corruption (if possible) by protecting data against unauthorized access)

19.1 Representation of the safety function

The figure shows the assignment of the components to the tasks of the safety function.

Figure 19-1

"Evaluation"

"Acquisition" "Reaction"



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

19.2 Assessment of "Acquisition"

19.2.1 Assessment in accordance with EN 62061: 2005

Result:

Result Reason

SILCL 3 Hardware fault tolerance: HFT = 1

Proportion of safe failures: SFF ≥ 0.99 (99%)

PFHD 1,2 * 10-10 Architecture: basic subsystem architecture D, with identical subsystem elements

The values of the calculation can be found in the following table.

Values for calculating PFHD:

Parameter Value Reason Definition

B10 B10 values Emergency stop control device

1 * 105 Manufacturer´s specifications

Proportion of hazardous failures Emergency stop control device

0.2 (20%) Manufacturer´s specifications

T1 Duration of use

175.200 h (20 years)

Expected service life

Siemens AG

C Number of operations Emergency stop control device

6 * 10-3 / h Assumptions: An operation (emergency stop test) takes place once per week (7*24 hours). Operations can take place on all days of the year (365 days).

T2 Diagnostics test interval

168 h A defective contact is detected in the F-DI when operating the emergency stop. Operation takes place once per week (7*24 hours) (see "C").

β (CCF factor) Susceptibility to failures resulting from a common cause

0,1 (10%) If installed in accordance with EN 62061, a CCF factor of 0.1 (10%) is achieved. This value keeps you on the safe side ("conserva-tive value").

DC Diagnostics coverage

≥ 0.99 (99%) Cross-check in F-DI

User



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

19.2.2 Assessment in accordance with EN ISO 13849-1: 2006

Result:

Result Reason

PL e The values for determining can be found in the following table.

Follows from Appendix K of EN ISO 13849-1: 2006.

Note: The MTTFd is limited to a maximum of 100 years!

Average probability of one dangerous failure per hour

2.47 * 10-8

Note: For a more precise result, an approach in accor-dance with EN 62061: 2005 is recommended.

Values for determining PL:

Parameter Value Reason

MTTFd

Every chan-nel

High MTTFd ≥ 30 years The values of the calculation can be found in the following table.

DC High

DC = 99% Cross-check in F-DI

Measures against CCF

Fulfilled It is assumed that the user will take the necessary measures.

Category 4 System behavior: One fault does not result in the loss of the safety function. The individual fault is detected. MTTFd: High, DC: high, measures against CCF: Fulfilled

Values for calculating MTTFd of each channel:


B10 B10 value emergency stop command device

1 * 105 Manufacturer´s spe-cifications

Proportion of hazardous failures Emergency stop control device

0,2 (20%) Manufacturer´s spe-cifications

Siemens AG

dop Mean operating time in days per year

365 units per year

hop Mean operating time in hours per day

24 hours per day

Assumption: Operations can take place on all days of the year.

tCycle Mean time between the start of two con-secutive cycles of the component

168 hours per cycle

Assumption: There is a week (7*24 hours) be-tween operations of the emergency stop (test emergency stop).

User



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

19.3 Assessment of "Evaluation"


Result:

Result Reason

SILCL 3 Specification of the manufacturer Siemens AG

PFHD 2,29 * 10-9 The values of the calculation can be found in the following table.


Parameter Component Value Definition

PFHD (S7 CPU) CPU315F 1,09 * 10-9

F-DI of ET 200S in area 1 1 * 10-10 PFHD (F I/O) F-DO of ET 200S in area 2 1 * 10-10

PTE (safety-related communication)

Safety-related communication be-tween: S7 CPU and ET 200S in area 1 and 2 This value contains the wireless link with the IWLAN components (Chapter 21.3).

1 * 10-9

Siemens AG


Result:

Result Reason

PL e


2,29 * 10-9

Derived from assessment in accordance with IEC 61508.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

19.4 Assessment of "Reaction"


Result:

Result Reason

SILCL 3 Hardware fault tolerance: HFT = 1

Proportion of safe failures: SFF ≥ 0.99 (99%)

PFHD 9,4 * 10-10 Architecture: basic subsystem architecture D, with different subsystem elements.

The values of the calculation can be found in the following table.



B10 B10 value contactor


Proportion of hazardous failures Contactor

0,75 (75%) Manufacturer´s specifications

T1 Duration of use

175.200 h (20 years)

Expected service life

Siemens AG

C Number of contactor opera-tions

0.125/h Assumptions: An operation takes place once per shift, that is, every 8 hours. Operations take place on all days of the year (365 days).

T2 Diagnostics test interval

8 h When operated, a defective contactor is detected in the S7 CPU. Operation takes place once per shift, that is, every 8 hours (see "C").

β (CCF factor) Susceptibility to failures resulting from a common cause

0,1 (10%) If installed in accordance with EN 62061, a CCF factor of 0.1 (10%) is achieved. This value keeps you on the safe side ("conservative value").

DC Diagnostics coverage

≥ 0,99 (99%)

Direct monitoring by means of forced auxiliary contacts

User



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c


Result:

Result Reason

PL e The values for determining can be found in the following table.

Follows from Appendix K of EN ISO 13849-1: 2006.

Note: The MTTFd is limited to a maximum of 100 years.


2,47 * 10-8

Note: For a more precise result, an approach is accor-dance with EN 62061: 2005 is recommended.

Values for determining PL:

Parameter Values Reason

MTTFd

Every chan-nel

High MTTFd ≥ 30 years The values of the calculation can be found in the following table.

DC High

DC = 99% Direct monitoring by means of forced auxiliary contacts

Measures against CCF

Fulfil-led

It is assumed that the user will take the necessary measures.

Category 4 System behavior: One fault does not result in the loss of the safety function. The individual fault is detected. MTTFd: High, DC: high, measures against CCF: Fulfilled

Values for calculating MTTFd of each channel:


B10 B10 value contactor


Proportion of hazardous failures Contactor

0,75 (75%) Manufacturer´s specifications

Siemens AG

dop Mean operating time in days per year

365 days per year

hop Mean operating time in hours per day

24 hours per day

Assumption: Operations can take place on all days of the year.

tCycle Mean time between the start of two con-secutive cycles of the component

8 hours per cycle

Assumption: There is one shift between opera-tions of the contac-tor (8 hours).

User



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

19.5 Assessment of the ENTIRE safety function

19.5.1 Overview: "Acquisition", "Evaluation", "Reaction"

The table shows the result of evaluating the tasks:

EN 62061: 2005 EN ISO 13849 -1: 2006

SILCL PFHD PL Average probability of one dangerous failure per hour

Acquisition 3 1.2 * 10-10 e 2.47 * 10-8

Evaluation 3 2,29 * 10-9 e 2,29 * 10-9

Reaction 3 9,4 * 10-10 e 2,47 * 10-8


Result Reason

SIL 3 SILCL of all tasks of the safety function is at least 3.

PFHD (= 3.35 * 10-9) of the overall safety function complies with SIL 3.


Result Reason

PL e PL of all tasks of the safety function is at least e.

Number of tasks is less than 3.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

20 BACKGROUND INFORMATION

The following subjects are covered: Table 20-1

Section Contents

Information on PROFIsafe • Functional safety of PLC and PROFIsafe • PROFIsafe properties • PROFIsafe principle • PROFIsafe benefits

Safety function via IWLAN • Wireless link requirements • Sufficient availability • Sufficient security

Tools in the IWLAN environment • Internal functions of the IWLAN components • SINEMA E

Specific measurements with IWLAN • Performance data Calculation of the max. response time ( s7fcotix table)

• Influence of IWLAN on the PROFINET IO refresh time

• Structure of the s7fcotix table • Specific use of the s7fcotix table



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

21 Information on PROFIsafe

Details: See /103/

21.1 Functional safety of PLCs and PROFIsafe

The use of PLCs with digital communication between the components has proved its worth in millions of applications. The prerequisites for using a PLC in safety-related applications are created with the publication of the in-ternational IEC 61508 standard.

The mechanisms for fault detection were examined in many digital commu-nication systems. In 1999, the specification for "functionally safe communi-cation" was created by PI /102/. The name for this technology is PROFIs-afe.

With the help of PROFIsafe, safety-related data (e.g. process image of F modules) is transferred over a shared medium together with standard data (e.g. process image of standard modules).

21.2 PROFIsafe properties

Key points:

• PROFIsafe is an open standard for communication between the F host (e.g. safety-related S7 CPU) and the F device (e.g. ET 200 with F mod-ules)

• PROFIsafe is an international standard (like PROFINET and PROFIBUS)

• PROFIsafe is an additional layer above the PROFIBUS and PROFINET protocols, without provoking reactions in these protocols.

• PROFIsafe is independent of the transmission channel:

– Communication via cable (fiber optic cable, backplane bus)

– Wireless communication (see Chapter 22)

• PROFIsafe reduces the probability of errors in digital communication between an F host and an F device to a level demanded by the stan-dards.

• PROFIsafe has been tested by the German BGIA and TÜV /107/

• Can be used in safety-related applications to:

– SIL 3 in accordance with IEC 61508 / IEC 62061

– PL e in accordance with ISO 13849-1

– Category 4 in accordance with EN 954-1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

21.3 PROFIsafe principle

The figure below explains the principle of PROFIsafe. Figure 21-1

The "Black Channel" shown in the figure can be:

• Cables

• Wireless (for example: 802.11 / IWLAN)

• VPN (Layer 2), with SCALANCE S612 and S613

21.4 PROFIsafe benefits

PROFIsafe means the user does not have to evaluate the safety of the communication system via PROFINET and PROFIBUS in a safety-related application. The functional safety of the complete path is guaranteed with PROFIsafe:

• from the transmitter of safety-related data (e.g. F module),

• to the receiver of safety-related data (F host),

• and vice versa



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

22 Safety function via IWLAN

Background information on IWLAN / SCALANCE W: /1/ and /13/

22.1 Wireless link requirements

Communication via IWLAN must meet the following requirements:

• Sufficient availability (if possible, no spurious tripping due to brief con-nection breaks)

• Sufficient security (no data corruption (if possible) by protecting data against unauthorized access)

Recommendations on how to meet these requirements are given below.

22.2 Sufficient availability

22.2.1 General information

"Sufficient" means:

• "Spurious trippings" are restricted to a tolerable minimum (*1)

• There is a "good" connection (*2)

Note *1: Spurious trippings can occur, for example, when the connection sporadically fails. Then PROFIsafe detects communication errors in the end stations, and the affected part of the automation system assumes a safe state (all outputs switched off).

Note *2: Chapter 22.2.3) explains what is meant by a "good" connection.

22.2.2 Measures for sufficient availability

Overview of measures for securing availability: Table 22-1

Keyword Remedy Note Section

Wireless stan-dard

The wireless network must be selected in accordance with local conditions. Selected here: 5 GHz (802.11a)

*1 11.4

Channel selecti-on

Automatic channel selection is not recommended. Permanently set here: Channel 40

---

Antenna The antenna must be selected in accordance with local conditions. Selected here: Omni-directional antenna

---

11.5



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Note *1

Advantage at 5 GHz:

• Lower disturbances since there are almost no other wireless technolo-gies available

• More non-overlapping channels available than in the 2.4 GHz band

Disadvantage at 2.4 GHz:

• Many potential sources of interference (examples: microwave ovens, cordless phones, Bluetooth devices)

22.2.3 Assessing the quality of a connection

When is a connection "good"? The following criteria must be met to make a connection good: Table 22-2

Criterion Value Meaning

Signal quality > 60% Measure of signal strength with which the Ethernet client module sees the access point and vice versa.

CRC errors < 3% Measure of data corruption Multiple retries < 10% Measure of persistent faults.

How can that be measured? The IWLAN components provide information with which the quality of a connection can be tested.

This information can be read out of the IWLAN components using Web Ba-sed Management (WBM) (see Chapter 23.1). Table 22-3

Criterion Menu in Web Based Management

Signal quality Clients list, available WLAN CRC errors, multiple retries Errors



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

22.3 Sufficient security

22.3.1 General information

"Sufficient" means:

• The probability of unauthorized access to data is as low as possible.

Threats to security in the IWLAN:

• Malicious modification of parameters:

– For F devices

– For the safety program

• Malicious corruption of data that is cyclically exchanged between the F host and the F device.

The IWLAN must be protected against these threats with certain measures. These measures and their implementation in the functional example are described below.

22.3.2 Measures for sufficient security

The measures are divided into:

• Configuring

• Design

• General information

Note Success results not from the individual measures but from the combination of measures.

The measures described below correspond to the recommendations of IEEE 802.11i. IEEE 802.11i specifies the security measures for wirelesss transmission in PROFIsafe networks.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Measure for sufficient security: Configuring An overview of the measures for guaranteeing security can be found in the table below. Taken together, all the measures hinder unauthorized access to the wireless network

Table 22-4

Keyword Remedy Note Chap.

Quality of the passwords for administration (man-agement)

Select a password that is as complex as pos-sible

*1 12.1

Restrict access options: • Access via WBM only • Access via cable only (not wireless)

--- 12.2 Administration of access point and Ethernet client module

Restrict access options: • Encrypted access only

(SSL or https) • Read only access with

Primary Setup Tool

--- 14.1

Concealed SSID Configure the access point in such a way that SSID is not transmitted. This hampers spying on the wireless network.

--- 12.3

Authentication: WPA2-PSK Encryption method: AES

*3 12.3.2 Authentication and encryption

Select a pass phrase that is as complex as possible Recommended: At least 22 characters, using special characters, numeric characters, lower-case and uppercase letters.

*1 12.4

Default passwords and pass phrases of the func-tional example

In specific applications of the functional exam-ple, all passwords and pass phrases of the functional example must be changed.

--- ---

Communication relation-ship between access point and Ethernet client module

The Ethernet client module connects only with a specific access point. Both must have the identical SSID.

--- 11.4 12.3

Access rights for the wire-less interface

Activate ACL access list. Only the entered MAC addresses obtain ac-cess to the access point.

--- 13.1

Note *1: For simplicity's sake, simple passwords/pass phrases are used in the functional example.

Note *3: Properties "WPA2-PSK" with "AES":

• Latest procedure, not yet cracked (April 2008)

• Comparatively high security for comparatively low computing perform-ance



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Measure for sufficient security: Design • Switch off IWLAN components while not in use

• Minimize the range of the IWLAN. This can be achieved by reducing the transmit power, for example.

Measure for sufficient security: General information • Regular updating of the firmware of the IWLAN components

• Select the SSID of the access point such that no conclusions can be drawn regarding the hardware, purpose or location of use

23 Tools in the IWLAN environment

Content of this chapter:

• Which tools help in practice?

23.1 Information direct from the IWLAN components

The IWLAN components provide information for assessing the quality of an IWLAN connection. This information is read out using Web Based Man-agement (WBM):

• "Information" menu

The pages of this menu display information on system events and on the behavior of the protocols (IP, TCP, UDP, ICMP, and SNMP).

This chapter presents the most important pages in condensed form. Details can be found in /3/.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

23.1.1 Clients list

Overview Table 23-1

IWLAN component: Access point PD/PC connection: IE switch (https://192.168.0.2) Benefits:

• The signal quality of the Ethernet client module can be read

• From the MAC address, you can see which Ethernet client module is currently logged on to the access point

Screenshot Figure 23-1 Indication of signal in %

Figure 23-2 Indication of signal in dBm

Evaluation One criterion for a good connection is fulfilled (Chapter 22.2.3):

• Signal quality > 60%



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

23.1.2 Available WLAN

Overview Table 23-2

IWLAN component: Ethernet client module PD/PC connection: IM 151-3X2 (https://192.168.0.4) Benefits:

• Signal quality of the access point can be read • You can see from the MAC address which access

point is involved • Interference from other access points is detectable

Screenshot Figure 23-3 Indication of signal in %

Figure 23-4 Indication of signal in dBm





Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

23.1.3 Errors (access point)

Overview Table 23-3

IWLAN component: Access point PD/PC connection: IE switch (https://192.168.0.2) Benefits:

• Detection of the qualilty of the data channel on Layer 1 (transmission layer)

• A high number of errors indicates a poor connection.

Screenshot In the screenshot, the following applies:

• "Header CRC errors" = CRC errors

• "Multiple retry count" = Multiple retries

Figure 23-5

Evaluation Two criteria for a good connection are fulfilled (Chapter 22.2.3):

• CRC errors < 3%

• Multiple retries < 10%



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

23.1.4 Errors (Ethernet client module)

Overview Table 23-4

IWLAN component: Ethernet client module PD/PC connection: IM 151-3X2 (https://192.168.0.4) Benefits:

• Detection of the qualilty of the data channel on Layer 1 (transmission layer)

• A high number of errors indicates a poor connection.

Screenshot In the screenshot, the following applies:

• "Header CRC errors" = CRC errors

• "Multiple retry count" = Multiple retries

Figure 23-6

Evaluation Two criteria for a good connection are fulfilled (Chapter 22.2.3):

• CRC errors < 3%

• Multiple retries < 10%



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

23.1.5 Overlap AP

Overview Table 23-5

IWLAN component: Access point PD/PC connection: IE switch (https://192.168.0.2) Benefits: • Detection of interference in the access point


Evaluation No interference



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

23.1.6 Signal

Overview Table 23-6

IWLAN component: Ethernet client module PD/PC connection: IM 151-3X2 (https://192.168.0.4) Benefits: • The signal strength of the access point can be re-

corded or displayed. • You can locate areas with insufficient signal strength

in this way






Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

23.2 SINEMA E configuration software for WLANs

Details: /1/, /104/

Statement of the Problem Precise prediction of the propagation of a wireless field depends on a host of factors. If a specific area is to be securely covered with a wireless field, there are two simple options:

• The transmit strength of the access point is increased until it can be re-ceived at every point, or

• in a process of trial and error, the access points moved to positions and reconfigured until the desired effect is achieved.

The first method almost certainly results in the actually covered area being much larger than necessary. Consequently, tapping by third parties is sim-plified, and interference can occur in neighboring WLANs.

The second method is extremely labor-intensive and it remains question-able as to whether this method achieves the optimal solution. In particular, there is an extremely high probability that the costs for the installed hard-ware will be significantly higher than actually required.

The SINEMA E application SINEMA E ("SIMATIC NEtwork MAnager Engineering") is a Windows ap-plication that avoids these problems back at the planning phase. At its core, SINEMA E is used to simulate a wireless field before any actual hardware is installed.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Point at which SINEMA E is used: Figure 23-9

Simulation of a wireless field with SINEMA E in the planning phase: Figure 23-10



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

24 Specific measurements with IWLAN

See PROFINET IO performance data: /2/

You can find there the results of measurements on typical configurations. Configurations with IWLAN components were also measured.

Example of a configuration: Figure 24-1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

25 Calculation of the max. response time ( s7fcotix table)

Marginal conditions of this chapter:

• no general description of the s7fcotix table

• specific use on the present functional example "only"

For details of the s7fcotix table, see:

• s7fcotix table as download (/6/)

• Use of the s7fcotix table: Safety functional example: (/11/)

• Safety engineering in SIMATIC S7 System Manual (/9/): Appendix A, Monitoring and response times of the F systems

25.1 Influence of IWLAN components on the refresh time

A minimum refresh time is necessary (for PROFINET IO) when using IWLAN components. The table below provides reference values. Table 25-1

Number of Ethernet client modules

Mode Minimum refresh time (without roaming)

iPCF 16 ms 1-4 DCF 32 ms

5-8 iPCF 32 ms 9-16 iPCF 32 ms 16-32 iPCF 64 ms 33-50 iPCF 128 ms

The line with "Mode = DCF" applies for the functional example. This means a minimum refresh time of 32 ms.

The following configurations were therefore made with STEP 7 for the IM151-3X2 in the functional example (Chapter 10.3):

• Refresh time: 32 ms

• Response monitoring time: 3 * refresh time = 96 ms

In the s7fcotix table, the following term is used synonymously for the "re-sponse monitoring time":

• "Response time of the PROFINET IO Device (TWD)“

This is the only influence that IWLAN components have on calculating the maximum response time with the s7fcotix table.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

25.2 Structure of the s7fcotix table

The s7fcotix table (Excel file) comprises 3 worksheets.

Worksheet 1: Max. runtime F-run-time group The maximum runtime of the safety program is determined here.

Worksheet 2: Min. F monitoring times In Worksheet 2, the "minimum F monitoring time" is determined for each F module. The "minimum F monitoring time" is the basis for the "F monitoring time" configured in STEP 7. Communication between the S7 CPU and the F I/O is monitored with the "configured F monitoring time". When defining the "configured F monitoring time", a compromise must be made between the availability and the safety of the F system:

Availability: To ensure the time monitoring is not triggered when there is no error, the monitoring times selected must be sufficiently long.

Safety: The selected monitoring time must be sufficiently short to ensure the error tolerance of the process is not exceeded.

Worksheet 3: Max. response times The maximum response time is determined in Worksheet 3. The maximum response time is the maximum time (worst case):

• between acquisition of the pressed emergency-stop at the input termi-nal F-DI

• and the signal "Switch off contactors" at the output terminal F-DO.

The figure below explains the interrelationships: Figure 25-1



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

25.3 Use in the functional example

25.3.1 Overview

The s7fcotix table is used in 3 steps. Table 25-2

Step Worksheet Input information Result

Step 1 Max. runtime F runtime group

STEP 7 project Maximum runtime of the F runtime group TFPROG

Step 2 Min. F monitoring times

Parameter Minimum F monitoring time TPSTO for F-DI and F-DO

Max. runtime of F runtime group TFPROG (from Step 1) Configured F monitoring times TPSTO

* for F-DI and F-DO (derived from Step 2)

Step 3 Max. response times

Parameter

Maximum response time TREA

Comprising: • Input (In) • Processing in S7 CPU (Proc.) • Output (Out)

The figure below shows the interrelationships. The figure represents the fol-lowing: • Per step: Input information, result, worksheet used • Explanations of the parameters: See Chapter 25.3.2

Figure 25-2



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

25.3.2 Parameter overview

Specific values for the parameters must be entered in Worksheets 2 and 3 of the s7fcotix table. The table below shows the parameters, the values and their sources.

Table 25-3

Comp. Parameter Designation Source Value Note

TDIS Max. discrepancy time HW Config: Configuration of F I/O

0 ms *1

TRES_no_Fault Max. response time with no fault

ET 200S F Modules Manual /7/: Appendix D response times

20 ms *2

TRES_one_Fault Max. response time when there is a fault


20 ms

F-DI

TACK Max. acknowledgment time of the F I/O

ET 200S F Modules Manual /7/: F-DI > Technical data

12 ms

TRES_no_Fault Max. response time with no fault


55 ms *9

TRES_one_Fault Max. response time when there is a fault


55 ms *9

F-DO

TACK Max. acknowledgment time of the F I/O

ET 200S F Modules Manual /7/: F-DO > Technical data

8 ms

TSlave Max. response time of the ET 200S

IM151-3 PN Manual /8/: Response times

1 ms *3 IM151-3X1 TWD Response time of the

PROFINET IO devices (Response monitoring time)

HW Config: Object properties PROFINET IO system

3 * 1 ms *4

TSlave Max. response time of the ET 200S

IM151-3 PN Manual /8/: Chapter 5 Response times

1 ms *5 IM151-3X2 TWD Response time of the

PROFINET IO devices (Response monitoring time)

HW Config: Object properties PROFINET IO system

3 * 32 ms *6

TRTGmax Max. cycle time (monitoring time of the F runtime group)

SIMATIC Manager: Process F runtime group

40 ms *7 S7 CPU

TClmax Max. cycle time of the OB of the F runtime group

HW Config: CPU properties

30 ms *8

Abbreviations in the header of the table:

Comp.: Component



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Note *1

With "Discrepancy behavior: provide 0 value", TDIS is not relevant. For this reason, the value 0 ms is entered.

See Chapter 10.4: Screenshot

Note *2

Calculation: 11 ms + 3 ms+ 2*3 ms = 20 ms

Note *3

Calculation: 390 µs + (380 + 9*4) µs + (120 + 9*4) µs = 962 µs

Note *4 and *6

See Chapter 25.1.

Note *5

Calculation: 390 µs + (380 + 9*4+11) µs + (120 + 9*4) µs = 973 µs

Note *7

See Chapter 10.6: Screenshot, parameter 1

Note *8

See Chapter 10.2: "Watchdog interrupts" section.

Note *9

The value is determined by the parameterized readback time (here: 50 ms).

See Chapter 10.5: Screenshot, parameter 6



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

25.3.3 Overview of results

Table 25-4

Source Result Designation Value Note

Worksheet 1 TFPROG Maximum runtime of the runtime group

6 ms

TPSTO F-DI Minimum F monitoring time F-DI

50 ms Worksheet 2

TPSTO F-DO Minimum F monitoring time F-DO

232 ms

TPSTO* F-DI F monitoring time F-DI configured in STEP 7

60 ms *1 User

TPSTO* F-DO F monitoring time F-DO configured in STEP 7

240 ms *2

Worksheet 3 TREA Maximum response time in case of error-free operation

212 ms

Note *1:

See Chapter 10.4: Screenshot, parameter 3.

Note *2:

See Chapter 10.5: Screenshot, parameter 3.



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

26 Glossary Table 26-1

Term / abbreviation Meaning

Access point Ethernet client module

A (wireless) access point is an electronic device that functions as the interface between a mobile wireless network and a cabled com-puter network. Terminal devices establish a wireless connection to the wireless access point over a wireless adapter (Ethernet client module). The access point is connected to a permanently installed communication network over a cable /3/.

Authentication Providing verification of identity. Authentication protects the network against unwanted access.

Refresh time Time within which a PROFINET IO device has exchanged its user data with the associated IO controller

Response monitoring time

If an PROFINET IO device is not supplied by the IO controller with input/output data (IO data) within the response monitoring time, it switches to the safe state.

s7fcotix table Tool for determining the maximum response time for "S7 Distributed Safety". The language version of the tool is indicated by the last letter x (Example: s7cotia table is the German version).

F Fail-safe F-DI Safety-related digital input module F-DO Safety-related digital output module IEEE 802.11 Open Wireless Local Area Network (WLAN)

(Open WLAN standard) IWLAN Industrial Wireless Local Area Network (Industrial WLAN)

In addition to data communication to IEEE 802.11, IWLAN von Siemens Industry Automation (SCALANCE W device family) pro-vides a number of extremely useful enhancements for the industrial customer. IWLAN is ideally suited to demanding industrial applica-tions with requirements for reliable wireless communication.

IWLAN components Access point (here: SCALANCE W788-1PRO) Ethernet client module (here: SCALANCE W744-1PRO)

Configuring No distinction is made in this document between: configuring, parameterizing, setting



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

Term / abbreviation Meaning

PD/PC programming device / Personal computer PI PROFIBUS & PROFINET International PROFIsafe

PROFIsafe is a protocol extension for PROFIBUS and PROFINET for functionally safe communication.

PROFINET device Device on PROFINET: IO controller, IO device, ... PST Primary Setup Tool Safety/security Safety:

• Functional safety of machinery • Protection of personnel, machinery and environment Security: • Protection of data against unauthorized access • Security is a requirement for safety

Safety function Safety function as defined by the European Machinery Directive WBM Web Based Management



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

27 References

27.1 Articles from the Service & Support Portal

The following articels /x/ can be found in:

• "Industry Automation and Drive Technologies Service & Support"

http://support.automation.siemens.com

Enter the entry ID under "Search" (see figure). Figure 27-1

Table 27-1

/x/ Entry ID Content/title

0 28609440 This safety functional example 1 22681042 Setup of a Wireless LAN in the Industrial Environment 2 25209605 IWLAN measurements 3 28529396 SIMATIC NET SCALANCE

W788-xPRO/RR /SCALANCE W74x-1PRO/RR Operating Instructions 4 23996473 Safety functional example: Practical Application of IEC 62061 Illustrated

Using an Application Example with SIMATIC S7 Distributed Safety 5 19290251 SIMATIC PROFINET IO Getting Started: Manual Collection 6 25412441 Calculation of the monitoring and response times

using the Excel table s7cotia 7 12490437

SIMATIC Distributed I/O System Fail-Safe Engineering ET 200S Distributed I/O System - Fail-Safe Modules Installation and Op-erating Manual

8 25383650 SIMATIC ET 200S Distributed I/O IM151-3 PN Interface Module Manual 9 12490443 Safety Engineering in SIMATIC S7 System Description

10 19292127 PROFINET IO System Description 11 23926783 Safety Functional Example: Calculation of the Monitoring and Response

Times Using the Excel table s7cotia 12 22951334 More Areas of Operation for IWLAN in a PROFINET IO Environment 13 9975764 Basics of SIMATIC NET – Industrial Wireless LAN System Manual

Entry ID

http://support.automation.siemens.com/�



Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2860

9440

_as_

fe_i

_016

_v10

_en_

iwla

n.do

c

27.2 Other articles or links

Table 27-2

/x/ Content / title / link / source

101 Up-to-date information about PROFIsafe www.profisafe.net

102 General information about PROFIBUS or PROFINET www.profibus.com

103 PROFIsafe Web portal www.profisafe.net

104 Product information for SINEMA E http://www.automation.siemens.com/net/html_00/produkte/sinema.htm

105 Functional Safety of Machines and Systems. Implementation of the European Machinery Directive in practice. (ISBN-13: 978-3-89578-281-7, ISBN-10: 3-89578-281-5)

106 PROFIsafe – Profile for Safety Technology on PROFIBUS DP and PROFINET IO Profile part, related to IEC 61784-3-3 Version 2.4, March 2007 Order No: 3.192b

107 Condensed form of the Assessment Reports of the German TÜV Süd and BGIA for PROFIsafe www.profisafe.net

108 IWLAN components from Siemens AG, I IA www.siemens.com/iwlan

109 Safety Integrated from Siemens AG, I IA www.automation.siemens.com/cd/safety

28 History of the functional example

Table 28-1

Version Date Change

V1.0 08.10.08 First publication

http://www.profisafe.net/�

http://www.profibus.com/�


http://www.automation.siemens.com/net/html_00/produkte/sinema.htm�


http://www.siemens.com/iwlan�

http://www.automation.siemens.com/cd/safety�

w788 simatic safety factory

Documents