S7300 Fail-Safe Modules e

s
Contents
Preface 1
Product Overview 2
SIMATIC
Configuration Options 3
Configuring and
Automation System S7-300 Assigning Parameters 4
Fail-Safe Signal Modules 5
Addressing and Installing
Manual Wiring 6
Fault Reactions and
Diagnostics 7
General Technical
Specifications 8
Digital Modules 9
Analog Module 10
Safety Protector 11
Appendices
Diagnostic Data of
Signal Modules 12
Dimension Drawings 13
Accessories and Order
Numbers 14
Response Times 15
Type Examination Certificate
and Declaration of Conformity 16
Glossary 17
Index
Edition 04/2006
A5E0085586-08
Safety Guidelines
This manual contains notices you have to observe in order to ensure your personal safety, as well as to
prevent damage to property. The notices referring to your personal safety are highlighted in the manual
by a safety alert symbol, notices referring to property damage only have no safety alert symbol. The
notices shown below are graded according to the degree of danger.
Danger
! indicates that death or severe personal injury will result if proper precautions are not taken.
Warning
! indicates that death or severe personal injury may result if proper precautions are not taken.
Caution
! with a safety alert symbol indicates that minor personal injury can result if proper precautions are not
taken.
Caution
without a safety alert symbol indicates that property damage can result if proper precautions are not
taken.
Notice
indicates that an unintended result or situation can occur if the corresponding notice is not taken into
account.
If more than one degree of danger is present, the warning notice representing the highest degree of
danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a
warning relating to property damage.
Qualified Personnel
The device/system may only be set up and used in conjunction with this documentation. Commissioning
and operation of a device/system may only be performed by qualified personnel. Within the context of
the safety notices in this documentation qualified persons are defined as persons who are authorized to
commission, ground and label devices, systems and circuits in accordance with established safety
practices and standards.
Prescribed Usage
Note the following:
Warning
! This device and its components may only be used for the applications described in the catalog or the
technical description, and only in connection with devices or components from other manufacturers
which have been approved or recommended by Siemens.
Correct, reliable operation of the product requires proper transport, storage, positioning and assembly
as well as careful operation and maintenance.
Trademarks
All names identified by ® are registered trademarks of the Siemens AG.
The remaining trademarks in this publication may be trademarks whose use by third parties for their
own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and
software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency.
However, the information in this publication is reviewed regularly and any necessary corrections are
included in subsequent editions.
Siemens AG
A5E0085586-08 Copyright © Siemens AG 2006
Automation and Drives
04/2006 Technical data subject to change
Postfach 4848
90437 NÜRNBERG
GERMANY
Contents
1 Preface ............................................................................................................................ 1-1
2 Product Overview........................................................................................................... 2-1

2.1 Introduction ....................................................................................................... 2-1
2.2 Using Fail-Safe Signal Modules ....................................................................... 2-2
2.3 Guide to Commissioning Fail-Safe Signal Modules ......................................... 2-5
3 Configuration Options ................................................................................................... 3-1
3.1 Introduction ....................................................................................................... 3-1
3.2 Configuration with F-SMs in Standard Mode.................................................... 3-2
3.3 Configuration with F-SMs in Safety Mode ........................................................ 3-3
4 Configuring and Assigning Parameters ...................................................................... 4-1
5 Addressing and Installing ............................................................................................. 5-1

5.1 Introduction ....................................................................................................... 5-1
5.2 Address Assignments in the CPU .................................................................... 5-1
5.3 Addressing the Channels.................................................................................. 5-3
5.4 Assigning PROFIsafe Address ......................................................................... 5-4
5.4.1 Assigning PROFIsafe Address (Starting Address of F-SM) ............................. 5-5
5.4.2 Assigning PROFIsafe Address (F_destination_address) ................................. 5-7
5.5 Installing............................................................................................................ 5-9
6 Wiring .............................................................................................................................. 6-1
6.1 Introduction ....................................................................................................... 6-1
6.2 Safe Functional Extra-Low Voltage for Fail-Safe Signal Modules.................... 6-2
6.3 Wiring Fail-Safe Signal Modules ...................................................................... 6-3
6.4 Replacing Fail-Safe Signal Modules................................................................. 6-4
6.5 Sensor and Actuator Requirements for F-SMs in Safety Mode ...................... 6-5
7 Fault Reactions and Diagnostics ................................................................................. 7-1
7.1 Introduction ....................................................................................................... 7-1
7.2 Reactions to Faults in F-SMs ........................................................................... 7-2
7.2.1 Reactions to Faults in Standard Mode ............................................................. 7-2
7.2.2 Reactions to Faults in Safety Mode.................................................................. 7-3
7.3 Diagnosis of Faults of F-SMs ........................................................................... 7-6
8 General Technical Specifications................................................................................. 8-1
8.1 Introduction ....................................................................................................... 8-1
8.2 Standards and Approvals ................................................................................. 8-2
8.3 Electromagnetic Compatibility .......................................................................... 8-6
8.4 Transport and Storage Conditions.................................................................. 8-10
8.5 Mechanical and Climatic Environmental Conditions ...................................... 8-11
8.6 Specifications for Nominal Line Voltages, Isolation Tests,
Protection Class, and Degree of Protection ................................................... 8-13
Fail-Safe Signal Modules

A5E00085586-08 iii
Contents
9 Digital Modules............................................................................................................... 9-1

9.1 Introduction ....................................................................................................... 9-1
9.2 Discrepancy Analysis for Fail-safe Digital Input Modules................................. 9-2
9.3 SM 326; DI 24 × DC 24V .................................................................................. 9-5
9.3.1 Properties, Front View, Connection Diagram, and Block Diagram .................. 9-5
9.3.2 Applications for SM 326; DI 24 × DC 24V ...................................................... 9-10
9.3.3 Application 1: Standard Mode ........................................................................ 9-11
9.3.4 Application 2: Standard Mode with High Availability ...................................... 9-13
9.3.5 Application 3: Safety Mode, SIL 2 (AK 4, Category 3) ................................... 9-15
9.3.6 Application 4: Safety Mode, SIL 2 (AK 4, Category 3)
with High Availability (only in S7 F/FH Systems)............................................ 9-17
with High Availability (only in S7 F/FH Systems)............................................ 9-25
9.3.9 Diagnostic Messages for the SM 326; DI 24 × DC 24V.................................. 9-30
9.3.10 Technical Specifications - SM 326; DI 24 × DC 24V ...................................... 9-33
9.4 SM 326; DI 8 ×NAMUR................................................................................... 9-35
9.4.1 Properties, Front View, Connection Diagram, and Block Diagram ................ 9-35
9.4.2 Special Features when Wiring SM 326; DI 8 ×NAMUR for
Hazardous Areas ............................................................................................ 9-38
9.4.3 Applications of SM 326; DI 8 ×NAMUR: ......................................................... 9-41
9.4.4 Application 1: Standard Mode and Application 3: Safety Mode SIL 2
(Safety Level AK 4, Category 3) ..................................................................... 9-42
9.4.5 Application 2: Standard Mode with High Availability and Application 4:
Safety Mode SIL 2 (Safety Level AK 4, Category 3) with High Availability
(only in S7 F/FH Systems).............................................................................. 9-43
9.4.7 Application 6: Safety Mode, SIL 3 (AK 6, Category 4) with
High Availability (only in S7 F/FH Systems) ................................................... 9-46
9.4.8 Diagnostic Messages for SM 326; DI 8 ×NAMUR:......................................... 9-49
9.4.9 Technical Specifications - SM 326; DI 8 ×NAMUR......................................... 9-52
9.5 SM 326; DO 8 × DC 24V/2A PM .................................................................... 9-54
9.5.2 Applications of the SM SM 326; DO 8 × DC 24V/2A PM ............................... 9-58
9.5.3 Application 1: Safety Mode SIL 2 (Safety Level AK 4, Category 3) and
Application 2: Safety Mode SIL 3 (Safety Level AK 6, Category 4) .............. 9-59
9.5.4 Diagnostic Messages for SM 326; DO 8 × DC 24V/2A PM........................... 9-63
9.5.5 Technical Specifications - SM 326; DO 8 × DC 24V/2A PM ......................... 9-67
9.6 SM 326; DO 10 × DC 24V/2A ......................................................................... 9-69
9.6.2 Applications for SM 326; DO 10 × DC 24V/2A ............................................... 9-74
9.6.3 Application 1: Standard Mode, Application 3: Safety Mode SIL 2
(Safety Level AK 4, Category 3) and Application 5: Safety Mode SIL 3
(Safety Level AK 6, Category 4) ..................................................................... 9-75
9.6.4 Application 2: Standard Mode with High Availability and Application 4:
Safety Mode SIL 2 (Safety Level AK 4, Category 3) with High Availability
and Application 6: Safety Mode SIL 3 (Safety Level AK 6, Category 4)
with High Availability (only in S7 F/FH Systems)........................................... 9-78
9.6.5 Parallel Connection of Two Outputs for Dark Period Suppression................. 9-80
9.6.6 Diagnostic Messages of SM 326; DO 10 × DC 24V/2A ................................. 9-81
9.6.7 Technical Specifications - SM 326; DO 10 × DC 24V/2A.............................. 9-86

iv A5E00085586-08
Contents
10 Analog Module ............................................................................................................. 10-1

10.1 Introduction ..................................................................................................... 10-1
10.2 Analog Value Representation......................................................................... 10-2
10.3 SM 336; AI 6 × 13 Bit...................................................................................... 10-4
10.3.2 Applications for SM 336; AI 6 × 13 Bit .......................................................... 10-10
10.3.3 Application 1: Standard Mode ...................................................................... 10-12
10.3.4 Application 2: Standard Mode with High Availability
(only in S7 F/FH Systems)............................................................................ 10-15
10.3.5 Application 3: Safety Mode, SIL 2 (AK 4, Category 3) ................................. 10-20
with High Availability (only in S7 F/FH Systems).......................................... 10-22
10.3.7 Application 5: Safety Mode, SIL 3 (AK 6, Category 4) ................................. 10-26
with High Availability (only in S7 F/FH Systems).......................................... 10-29
10.3.9 Diagnostic Messages for SM 336; AI 6 × 13 Bit ........................................... 10-33
10.3.10 Technical Specifications - SM 336; AI 6 × 13 Bit.......................................... 10-36
11 Safety Protector ........................................................................................................... 11-1
11.1 Introduction ..................................................................................................... 11-1
11.2 Properties, Front View, and Block Diagram.................................................... 11-2
11.3 Configuration Variants .................................................................................... 11-4
11.4 Technical Specifications ................................................................................. 11-6
12 Diagnostic Data of Signal Modules ............................................................................ 12-1
13 Dimension Drawings.................................................................................................... 13-1
14 Accessories and Order Numbers ............................................................................... 14-1
15 Response times............................................................................................................ 15-1
16 Type Examination Certificate and Declaration of Conformity................................. 16-1
17 Glossary........................................................................................................................ 17-1
Index

A5E00085586-08 v
Contents

vi A5E00085586-08
1 Preface
Purpose of the Manual

The information in this manual is a reference source for operations, function
descriptions, and technical specifications of the S7-300 fail-safe signal modules.
Audience
You require a general knowledge in the field of automation engineering to be able
to understand this manual. In addition, you should be familiar with the STEP 7
basic software, the S7-300 automation system, and the ET 200M distributed I/O
device.
Scope of the Manual
Module Order Number Release Version and

Higher
Safety protector 6ES7195-7KF00-0XA0 03
Bus module for safety protector 6ES7195-7HG00-0XA0 01
SM 326; DI 24 × DC 24V 6ES7326-1BK01-0AB0 01
SM 326; DI 8 × NAMUR 6ES7326-1RF00-0AB0 05
SM 326; DO 8 × DC 24V /2A PM 6ES7326-2BF40-0AB0 01

SM 326; DO 10 × DC 24V /2A 6ES7326-2BF01-0AB0 01
SM 336; AI 6 × 13 Bit 6ES7336-1HE00-0AB0 04
What's New
The following descriptions have been added to this manual:
• New functions of SM 326; DI 24 × DC 24V
• New SM 326; DO 8 × DC 24V /2A PM
In addition, the names of the fail-safe systems have been changed as follows:
"S7-300F" is now "S7 Distributed Safety" and "S7-400F/FH" is now
"S7 F/FH Systems".

A5E00085586-08 1-1
Preface
Certification
The S7-300 complies with the requirements and criteria of IEC 1131, Part 2.
The S7-300 has earned CSA, UL, and FM approvals
(see Section 8.2 Standards and Approvals).
In addition, the S7-300 fail-safe signal modules are certified for use in safety mode
up to:
• Safety class SIL 3 (Safety Integrity Level) in accordance with IEC 61508
• Requirements class (AK) 6 in accordance with DIN V 19250 (DIN V VDE 0801)
• Category 4 in accordance with EN 954-1
CE Labeling
See Section 8.2 Standards and Approvals
Certification Mark for Australia (C-Tick Mark)

Standards
Position in the Information Landscape

When working with fail-safe modules, you will need to refer to the additional
documentation below according to your particular application.
References to additional documentation are included in this manual where
appropriate.
Documentation Brief Description of Relevant Contents

ET 200M Distributed I/O Device Describes the ET 200M hardware (including design, installation, and
manual wiring of IM 153 with modules from the S7-300 family)
S7-300 Automation System, Describes the configuration, installation, wiring, addressing, and
Hardware and Installation: CPU commissioning of S7-300 systems
31xC and CPU 31x installation
manual
S7-300, M7-300, ET 200M SM 326; DI 8 × NAMUR is part of the SIMATIC S7-Ex digital module
Automation Systems, family. It is to be implemented in accordance with the configuration
I/O Modules with Intrinsically- guidelines of a SIMATIC S7-Ex digital module.
Safe Signals reference manual This reference manual provides a detailed explanation of the
configuration guidelines
for a SIMATIC S7-Ex digital module.
S7-300, M7-300, ET 200M Describes the basic principles of explosion protection
Automation Systems, Principles
of Intrinsically-Safe Design
manual

1-2 A5E00085586-08
Preface

Safety Engineering in • Provides an overview of the implementation, configuration, and
SIMATIC S7 system description method of operation of S7 Distributed Safety and S7 F/FH fail-safe
automation systems
• Contains a summary of detailed technical information concerning
fail-safe engineering
in S7-300 and S7-400
• Includes monitoring and response time calculations for
S7 Distributed Safety and S7 F/FH fail-safe systems
For integration in the S7 F/FH • The Programmable Controllers S7 F/FH Systems manual describes
fail-safe systems the tasks that must be performed to commission an
S7 F/FH fail-safe system.
• The S7-400, M7-400 Programmable Controllers Hardware and

Installation manual describes the installation and assembly of
S7-400 systems.
• The S7-400H Programmable Controllers, Fault-Tolerant Systems
manual describes the CPU 41x-H central modules and the tasks
required to set up and commission an S7-400H fault-tolerant
system.
• The CFC for SIMATIC S7 manual/online help provides a description
of programming with CFC.
For integration in the S7 The following elements are described in the S7 Distributed Safety,
Distributed Safety fail-safe Configuring and Programming manual and online help:
system • Configuration of the fail-safe CPU and the fail-safe I/O
• Programming of the fail-safe CPU in fail-safe FBD or LAD
Depending on which F-CPU you use, you will need the following
documentation:
• The CPU Specifications: CPU 31xC and
CPU 31x reference manual describes the standard functions of the
CPU 315F-2 DP and the CPU 317F-2 DP.
• The product information for CPU 315F-2 DP describes only the
deviations from the standard CPU 315-2 DP.
• The S7-400, CPU Data reference manual described the standard
functions of the CPU 416F-2.
• The ET 200S, Interface Module IM151-7 CPU manual describes the
151-7 CPU standard IM.
• The product information for the IM 151-7 F-CPU describes only the
deviations from the standard IM 151-7 CPU.

A5E00085586-08 1-3
Preface

STEP 7 manuals • The Configuring Hardware and Communication Connections with
STEP 7 V5.x manual describes operation of the standard tools of
STEP 7.
• The System and Standard Functions reference manual describes
functions for distributed I/O access and diagnostics.
STEP 7 online help • Describes how to operate the standard tools in STEP 7
• Contains information about how to configure and assign parameters
to modules and intelligent slaves with HW Config
• Contains a description of the FBD and LAD programming languages
PCS 7 manuals • Describes operation of the PCS 7 control system (required if a fail-
safe I/O module is integrated in a higher-level control system)
The entire SIMATIC S7 documentation is available on CD-ROM.
How to Use this Documentation

This manual describes the S7-300 fail-safe signal modules. It consists of
instructions and reference material (technical specifications and appendices)
and contains the following basic information about fail-safe signal modules:
• Design and use
• Configuring and assigning parameters
• Addressing, mounting, and wiring
• Diagnostic evaluation
• Technical specifications
• Order numbers
Conventions
In this manual, the terms "safety engineering" and "fail-safe engineering" are used
synonymously. The same applies to the terms "fail-safe" and "F-." "F-SM"
means"fail-safe signal module."
"S7 Distributed Safety" and "S7 F Systems" in italics refer to the optional packages
for the two fail-safe systems: "S7 Distributed Safety" and
"S7 F/FH Systems".
Recycling and Disposal

Because the S7-300 contains very little hazardous material, it is recyclable. For proper
recycling and disposal of your old device, consult a certified disposal facility for
electronic scrap.

1-4 A5E00085586-08
Preface
Additional Support
If you have any additional questions about the use of products presented in this
manual, contact your local Siemens representative:
http://www.siemens.com/automation/partner
Training Center
We offer a number of courses to help you get started with the SIMATIC S7
automation system. For more information, contact your regional training center or
the main training center in Nuremberg, Germany D-90327.
Telephone: +49 (911) 895-3200
Internet: http://www.sitrain.com
H/F Competence Center
The H/F Competence Center in Nuremberg offers special workshops on SIMATIC
S7 fail-safe and fault tolerant (high availability) automation systems. The H/F
Competence Center can also provide assistance with onsite configuration,
commissioning, and troubleshooting.
Telephone: +49 (911) 895-4759
Fax: +49 (911) 895-5193
For questions about workshops, etc.: hf-cc@siemens.com

A5E00085586-08 1-5
Preface
Technical Support
You can reach the Technical Support for all A&D products
• Via the Web formula for the Support Request
http://www.siemens.com/automation/support-request
• Phone: + 49 180 5050 222
• Fax: + 49 180 5050 223
Additional information about our Technical Support can be found on the Internet
pages http://www.siemens.com/automation/service
Service & Support on the Internet

In addition to our paper documentation, we also provide all of our technical
information on the Internet at:
http://www.siemens.com/automation/service&support
Here, you will find the following information:
• Newsletter providing the latest information on your products
• Exactly the right documents for your needs, which you can access by
performing an online search in Service & Support
• Forum in which users and experts worldwide exchange ideas
• Your local Automation & Drives contact person, who can be accessed in our
Contacts database
• Information about local service, repair, and replacement parts. Much more
information can be found under "Services“.

1-6 A5E00085586-08
Preface
Important Note for Maintaining Operational Safety of Your System
Note
Systems with safety-related characteristics are governed by operational safety
requirements on the operator's side. The supplier is also obliged to comply with
special product monitoring measures. For this reason, a special newsletter is
available containing information on product developments and properties that are
important (or potentially important) for operating systems where safety is an
issue. Accordingly, by subscribing to the appropriate newsletter, you will ensure
that you are always up-to-date and able to make changes to your system, when
necessary. Please go to Internet at
http://my.ad.siemens.de/myAnD/guiThemes2Select.asp?subjectID=2&lang=en
and register for the following newsletters:
• SIMATIC S7-300
• SIMATIC S7-400
• Distributed I/O
• SIMATIC Industrial Software
Select the "Add" check box for each newsletter“.

A5E00085586-08 1-7
Preface

1-8 A5E00085586-08
2 Product Overview
2.1 Introduction
Overview
This section provides information on the following topics:
• How fail-safe signal modules fit into SIMATIC S7 fail-safe automation systems
• Which fail-safe signal modules are available
• What steps you must take, from selection to commissioning of fail-safe modules

A5E00085586-08 2-1
Product Overview
2.2 Using Fail-Safe Signal Modules
What is a Fail-Safe Automation System?

Fail-safe automation systems (F-systems) are used in systems with stricter safety
requirements. F-systems are used to control processes with a safe state that can
be achieved immediately after shutdown. That is, F-systems control processes in
which an immediate shutdown does not endanger humans or the environment.
What Are Fail-Safe Signal Modules?

The main distinction between fail-safe signal modules and standard modules in the
S7-300 module family is that fail-safe modules have a two-channel internal design.
The two integrated processors monitor each other, automatically test the input and
output wiring, and place the fail-safe signal module in a safe state in the event of a
fault. The F-CPU communicates with the fail-safe signal module by means of the
PROFIsafe safety-related bus profile.
What Fail-Safe Signal Modules Are Available?

The following fail-safe signal modules (F-SM for short) are available:
• SM 326; DI 24 × DC 24V
• SM 326; DI 8 × NAMUR
• SM 326; DO 8 × DC 24V/2A PM
• SM 326; DO 10 × DC 24V/2A
• SM 336; AI 6 × 13 Bit
With which interface modules can the fail-safe signal modules be used?
The fail-safe signal modules can be used with the interface modules in the
following table:
Table 2-1 Useable interface modules
Interface module Order number

IM 153-2 as of 6ES7 153-2AA02 (as of version 05, firmware version V1.1.0)
IM 153-2 FO as of 6ES7 153-2AB01 (as of version 04, firmware version V1.1.0)
IM 153-2 / IM 153-2 FO 6ES7 153-2B...
Possible Use of Fail-Safe Signal Modules

S7-300 fail-safe signal modules can be used in the following systems:
• S7-300 automation systems (centrally in S7-300; distributed in ET 200M)
• S7-400 automation systems (distributed in ET 200M)

2-2 A5E00085586-08
Product Overview
F-System with Fail-Safe Signal Modules

The following figure shows an example configuration of an S7 Distributed Safety
F-system with fail-safe signal modules/submodules in S7-300, ET 200M, and
ET 200S.
S7-300 with Fail-safe

CPU 315F-2 DP Signal Modules
Fail-safe
Signal Modules
ET 200M
Fail-safe
Modules
PROFIBUS DP
ET 200S
Figure 2-1 S7 Distributed Safety Fail-Safe Automation System
Use in Standard Mode

With the exception of the SM 326; DO 8 × DC 24V/2A PM, you can use all other
fail-safe signal modules in standard mode with stricter diagnostic requirements.
Fail-safe signal modules in standard mode behave exactly like standard S7-300 I/O
modules.
Use in Safety Mode

Fail-safe signal modules can be used in safety mode. Safety mode is enabled via
STEP 7 in HW Config and an address switch on the back of the fail-safe signal
module (see Section 5). When the signal module is in safety mode, the "SAFE"
LED illuminates.

A5E00085586-08 2-3
Product Overview
Achievable Safety Classes

Fail-safe signal modules are equipped with integrated safety functions for use in
safety mode. The following safety classes can be achieved in safety mode by
assigning appropriate parameters to the safety functions in STEP 7 with the S7
Distributed Safety or S7 F Systems option package and by arranging and wiring
the sensors and actuators in a specific manner:
Table 2-2 Achievable Safety Classes in Safety Mode
Safety Class in Safety Mode

In Accordance with IEC 61508 In Accordance with In Accordance with
DIN V 19250 EN 954-1
SIL 2 AK 4 Category 3
SIL 3 AK 6 Category 4
Increased Availability in Standard Mode and Safety Mode

In standard mode F-SMs can be operated redundantly for increased availability
(except for SM 326; DO 8 × DC 24V/2A PM).
In safety mode, F-SMs can be operated redundantly in S7 FH Systems (except
for SM 326; DO 8 × DC 24V/ 2A PM).
Depending on the availability requirement, redundant signal modules can be
inserted as follows (for an example configuration, refer to Safety Engineering in
SIMATIC S7, System Description):
• Separately in two ET 200M distributed I/O devices
• Together in the same ET 200M distributed I/O device
The software requirements for redundant operation of F-SMs are described in
chapter 4.

2-4 A5E00085586-08
Product Overview
2.3 Guide to Commissioning Fail-Safe Signal Modules
Introduction
The following table lists all of the essential steps for commissioning fail-safe signal
modules in S7-300 or ET 200M.
Sequence of Steps from Selecting to Commissioning F-SMs
Table 2-3 Sequence of Steps from Selecting to Commissioning F-SMs
Step Procedure See ...

1. Selecting F-SMs for configuration Product catalog; section on special
F-SMs (Sections 9 or 10)
2. Setting the operating mode (standard or Sections 4 and 5
safety mode) on F-SM, configuring and
assigning parameters for F-SM
3. Installing F-SMs Section 5
4. Wiring F-SMs Section 6
5. Commissioning F-SMs ET 200M Distributed I/O Device
manual and S7-300, CPU 31xC and
CPU 31x: Configuration operator's
guide
6. If commissioning was not successful, you Section 7 and section on special
must perform diagnostics F-SMs (Sections 9 or 10)

A5E00085586-08 2-5
Product Overview

2-6 A5E00085586-08
3 Configuration Options
3.1 Introduction
Overview
• Local and distributed configuration with F-SMs
• Components that can be used with F-SMs in standard mode
• Components that can be used with F-SMs in safety mode
• Options for combining F-SMs and standard modules in one configuration
Local and Distributed Configuration

All fail-safe signal modules can be used in standard and safety mode both as local
modules in S7-300 and as distributed modules in ET 200M distributed I/O devices.

A5E00085586-08 3-1
Configuration Options
3.2 Configuration with F-SMs in Standard Mode
Configuration Variants in Standard Mode

In standard mode, fail-safe signal modules behave in exactly the same way as
standard S7-300 I/O modules (standard modules for short). The configuration
variants are the same as for S7-300 or ET 200M configurations with standard
modules.
Permitted CPUs in S7-300 (Local Configuration)

When fail-safe signal modules are operated in standard mode, all CPUs from the
S7-300 family can be used in a local configuration.
Permitted IM 153 in ET 200M (Distributed Configuration)

When fail-safe signal modules are operated in standard mode, all IM 153-2/-2 FO
interface modules of the ET 200M distributed I/O device can be used.
Mixed Operation of F-SMs with Standard Modules in Standard Mode

In standard mode, fail-safe signal modules can be operated in combination with
standard modules in an S7-300/ET 200M without restrictions.
Additional Information
For a detailed description of the configuration variants of S7-300, refer to the
S7-300 Automation System, Hardware and Installation: CPU 31xC and CPU 31x
installation manual.
You will find a detailed description of ET 200M configuration in the ET 200M
Distributed I/O Device manual.
If you are implementing fail-safe signal modules as redundant I/O in S7 FH
systems,
consult the S7-400H Automation Systems; Fault-Tolerant Systems manual for
more information.

3-2 A5E00085586-08
3.3 Configuration with F-SMs in Safety Mode
Configuration Variants in Safety Mode

In safety mode, configuration variants with F-SMs are dependent on:
• Configuration (local or distributed)
• Safety class of the configuration
• Availability of the configuration
Permitted CPUs in S7-300 (Local Configuration)

When fail-safe signal modules are operated in safety mode, all F-CPUs from the
S7-300 family can be used in a local configuration.
Note
The SM 326; DO 8 × DC 24V/2A PM can be used locally in S7-300 with all
F-CPUs, however with:
• CPU 315F-2 DP, only as of order no. 6ES7 315-6FF01-0AB0, Firmware
version V2.0.9
• CPU 317F-2 DP, only as of order no. 6ES7 317-6FF00-0AB0, Firmware
version V2.1.4
Permitted IM 153 in ET 200M (Distributed Configuration)

When fail-safe signal modules are operated in safety mode, the IM 153-2/-2 FO
interface modules of the ET 200M distributed I/O device can be used.
Options for Combining F-SMs and Standard Modules in Safety Mode
Warning
! For applications with safety class AK4/SIL2/Category 3 and below, the same
protective measures against accidental contact can be applied as for standard
components (see S7-300, Module Specifications reference manual).
Applications with safety class AK6/SIL3/Category 4 require particular measures
beyond contact protection to prevent hazardous overvoltages of F-circuits via the
power supply and backplane bus, even in the event of a fault. For this reason, the
safety protector is available for protection from backplane bus interference for
local and distributed F-SM configurations.
For protection from power supply interference, we provide configuration rules for
supply devices, standard I/O, and F-I/O for your use (see Section 6.2).

A5E00085586-08 3-3
Rules for Using the Safety Protector

The safety protector protects the F-SMs from possible overvoltages in the event of
a fault.
Warning
! The safety protector must be used for AK6/SIL3/Cat. 4 applications:
• Generally, if the F-SMs are used locally in an S7-300
• Generally, if the PROFIBUS DP is set up with copper cable
• If the PROFIBUS DP is set up with fiber optic cable and joint operation of
standard SMs and F-SMs is required in one ET 200M.
Configuration Variants According to Availability
Table 3-2 Configuration Variants of F-Systems Contingent on Availability
System Configuration Variant Description Availability

S7 • Single-channel I/O Single-channel, fail-safe (one F-CPU Standard
Distributed and one F-SM) availability
Safety
S7 F/FH
Systems
S7 FH • Single-channel Single-channel switched, fail-safe Increased
Systems switched I/O (redundant F-CPU, one F-SM; in the availability
event of a fault, system switches to
other F-CPU)
• Redundant Multiple channel, fail-safe (F-CPU, Highest
switched I/O PROFIBUS DP, and F-SMs are availability
redundant)
The configuration variants according to availability are described using examples in
the Safety Engineering in SIMATIC S7 system description.
You can find detailed information about the safety protector in Section 11.
For a detailed description of the configuration variants of S7-300, refer to the
installation manual.
You can find a detailed description of the configuration of ET 200M in the
ET 200M Distributed I/O Device manual.
If you are implementing fail-safe signal modules as redundant I/O in S7 FH
systems,
consult the S7-400H Automation Systems; Fault-Tolerant Systems manual for
more information.

3-4 A5E00085586-08
4 Configuring and Assigning Parameters
Requirements
One of the following optional packages must be installed in order to configure and
assign parameters for fail-safe modules in STEP 7.
• S7 Distributed Safety
• S7 F Systems
The following requirements apply to the SM 326; DI 24 × DC 24V, starting with
order no. 6ES7 326-1BK01-0AB0, and the SM 326; DO 8 × DC 24V/2A PM:
• STEP 7 V 5.2 and higher
• F Configuration Pack V 5.3 service pack 3 and higher
The F Configuration Pack can be downloaded on the Internet at
http://www.siemens.com/automation/service&support.
Configuration
Fail-safe signal modules are configured in the customary way (same as standard
modules) with STEP 7 HW Config.
Configuration in RUN (CiR)

During standard operation of the SM 326; DI 24 × DC 24V (starting with order no.
6ES7 326-1BK01-0AB0), you can make configuration changes while the system is
operating (CiR).
Additional Information on CiR

Additional information on CiR can be found in:
• STEP 7 online help: "Making system changes during operation using CiR"
• Safety Engineering in SIMATIC S7 system description

A5E00085586-08 4-1
Configuring and Assigning Parameters
Higher Availability in Standard Mode and Safety Mode

To increase availability, you can operate the fail-safe signal modules redundantly in
standard mode (exception: SM 326; DO 8 × DC 24V/2A PM).
Requirements:
• STEP 7 V 5.3 and higher, or
• STEP 7 V 5.2 and higher, plus optional software S7 H Systems V 5.2 and
higher
In safety mode, F-SMs can be operated redundantly in S7 FH Systems

(except for SM 326; DO 8 × DC 24V/ 2A PM).
Requirements:
• STEP 7 V 5.3 and higher, or
• STEP 7 V 5.2 and higher, plus optional software S7 H Systems V 5.2 and
higher
• S7 F Systems optional software
• F Configuration Pack V 5.3 Service Pack 1 and higher
• For SM 326; DI 24 × DC 24V, starting with order no. 6ES7 326-1BK01-0AB0:
F Configuration Pack V 5.3 Service Pack 3 and higher
F Configuration Packs can be downloaded on the Internet at:
http://www.siemens.com/automation/service&support.
For higher availability of modules, parameters are assigned in the "Redundancy"
tab in the object properties of the modules.
Assigning Module Property Parameters

To assign parameters for fail-safe signal modules, select the module in STEP 7
HW Config and select the Edit > Object Properties menu command.
Parameters are downloaded from the programming device to the F-CPU, where
they are stored and then transferred to the fail-safe signal module.
Note
SFC 56 "WR_DPARM" (changing module parameters via the user program) is
not permissible for fail-safe signal modules.
Where to Find Parameter Descriptions

For a description of available parameter settings for fail-safe modules, refer to
Sections 9 and 10.
PROFIsafe Address and PROFIsafe Address Assignment

For a description of the PROFIsafe address and the procedure for assigning
addresses, refer to Section 5.

4-2 A5E00085586-08
5 Addressing and Installing
5.1 Introduction
Overview
• Address assignments of F-SMs in the CPU
• Addressing channels of F-SMs
• Assigning the PROFIsafe address for F-SMs
• Installing F-SMs
5.2 Address Assignments in the CPU
Address Assignment in Standard and Safety Modes

The fail-safe signal modules occupy the following address ranges in the CPU
• In standard mode: in the entire I/O range (inside and outside the process
image)
• In safety mode:
- For S7 Distributed Safety: in the process image range
- For S7 F/FH systems: in the process image range
Table 5-1 Address Assignment in Standard and Safety Modes
Module Occupied Bytes in the CPU:

In Input Range In Output Range
SM 326; DI 24 × DC 24V x + 0 to x + 9 x + 0 to x + 3
SM 326; DI 8 × NAMUR x + 0 to x + 5 x + 0 to x + 3
SM 326; DO 8 × DC 24V/2A PM x + 0 to x + 4 x + 0 to x + 4
SM 326; DO 10 × DC 24V/2A x + 0 to x + 5 x + 0 to x + 7
SM 336; AI 6 × 13 Bit x + 0 to x + 15 x + 0 to x + 3
x = Module starting address

A5E00085586-08 5-1
Addresses Occupied by Useful Data

Of the assigned addresses in standard and safety modes of the F-SMs, useful data
occupy the following addresses in the CPU.
Table 5-2 Address Assignment by Useful Data

Bytes in CPU Occupied Bits in CPU per Module:
7 6 5 4 3 2 1 0
SM 326; DI 24 × DC 24V:
x+0 Channel Channel Channel Channel Channel Channel Channel Channel
7 6 5 4 3 2 1 0
15 14 13 12 11 10 9 8
23 22 21 20 19 18 17 16
SM 326; DI 8 × NAMUR:
7 6 5 4 3 2 1 0
SM 326; DO 8 × DC 24V/2A PM:
7 6 5 4 3 2 1 0
SM 326; DO 10 × DC 24V/2A:
7 6 5 4 3 2 1 0
x+1 - - - - - - Channel Channel
9 8
SM 336; AI 6 × 13 Bit:
x + 0, x + 1 Channel 0
x + 10, x + 11 Channel 5
x = Module starting address
Warning
! In the standard user program as well as the safety program, you can access only
the addresses occupied by useful data.The other address ranges occupied by the
F-SMs are assigned for functions including safety-related communication
between the F-SMs and F-CPU in accordance with PROFIsafe.
In 1oo2 evaluation of sensors in module safety mode, only the less significant
channel of the channels that are grouped as a result of the 1oo2 sensor
evaluation can be accessed in the safety program.

5-2 A5E00085586-08
5.3 Addressing the Channels
Addresses of Fail-Safe Signal Modules

Channels of fail-safe signal modules are addressed the same way as S7-300
standard I/O modules.
e. g. A 16.2
outpu t byte address bit addre ss (0 to 7)
The byte address conforms to the module starting address that you set in the
object properties for the module using STEP 7 HW Config. The bit address results
from the position of the channel on the module. Eight channels are always
consecutively assigned to one byte address.
Permissible Address Range in Standard Mode

Permissible address range for byte address:
• S7 Distributed Safety and S7 F/FH systems: in entire I/O range (inside and
outside the process image) according to which CPU is used
For SM 326; DI 24 × DC 24V (Order No. 6ES7326-1BK00-0AB0),
SM 326; DI 8 × Namur, SM 326 DO 10 × DC 24V/2A, and
SM 336; AI 6 × 13 Bit, the following also applies: 8 to 8184 in increments of 8
Permissible Address Range in Safety Mode

Permissible address range for byte address:
• S7 Distributed Safety: in range of process image according to which F-CPU is
used
SM 336; AI 6 × 13 Bit, the following also applies: 8 to 8184 increments of 8
• S7 F/FH systems: in range of process image according to which F-CPU is used
SM 336; AI 6 × 13 Bit, the following also applies: 8 to 8184 in increments of 8

A5E00085586-08 5-3
Access to Channels of F-SMs in Standard Mode

Channels of F-SMs are accessed the same way as for S7-300 standard I/O
modules.
Access to Channels of F-SMs in Safety Program

In S7 Distributed Safety, you access the channels of the F-I/O via the process
image in the F-CPU, while in S7 F/FH systems, access is via F driver blocks.
Address assignment of individual channels can be found in the module description
in Sections 9 and 10.
Detailed information on F-I/O access can be found in the S7 Distributed Safety,
Configuring and Programming manual or the S7 F/FH Automation Systems
manual.
5.4 Assigning PROFIsafe Address
PROFIsafe Address
Every fail-safe signal module has its own PROFIsafe address. For safety mode,
you must configure the PROFIsafe address in STEP 7 HW Config and set it on the
module using a switch.
Overview: Assigning PROFIsafe Address

Depending on the module, two methods are used to assign the PROFIsafe address
of the F-SMs in safety mode. These two addressing methods are described in the
following sections.
Table 5-3 Overview: Assigning PROFIsafe Address
Module Assigning PROFIsafe Assigning PROFIsafe

Address (Starting Address
Address of F-SM) (F_destination_address)
SM 326; DI 24 × DC 24V x -
6ES7326-1BK00-0AB0
SM 326; DI 24 × DC 24V - x
6ES7326-1BK01-0AB0
SM 326; DI 8 × NAMUR x -
SM 326; DO 8 × DC 24V/2A PM - x
SM 326; DO 10 × DC 24V/2A x -
SM 336; AI 6 × 13 Bit x -

5-4 A5E00085586-08
5.4.1 Assigning PROFIsafe Address (Starting Address of F-SM)
Introduction
In order to use SM 326; DI 24 × DC 24V (Order No. 6ES7326-1BK00-0AB0),
SM 326; DI 8 × Namur, SM 326 DO 10 × DC 24V/2A and
SM 336; AI 6 × 13 Bit in safety mode, you must:
1. Set the module starting address
2. Set safety mode
3. Set the module starting address on the address switch of the module before
installing the fail-safe signal module.
Setting Module Starting Address

The module starting address is set the same as for S7-300 standard I/O modules in
the object properties for the module in STEP 7 HW Config (for permissible address
range, see Section 5.3).
Setting Safety Mode

Set "Safety mode" in the object properties for the module in HW Config.
Address switch
An address switch (10-pin DIP switch) is located on the back of the fail-safe signal
modules. The address switch is used to specify:
• Whether the module is set to safety mode or standard mode
• In safety mode: the module starting address (PROFIsafe address = starting
address/8 of F-SM)
The F-SMs are supplied with “standard mode“ setting (all switches set in the up
position; alternatively, you can set all switches in the down position for safety
mode; see Figure 5-2).

A5E00085586-08 5-5
Setting the Address Switch

Prior to installation, verify that the address switch setting is correct.
Standard mode: Safety mode:

All possible combinations not
corresponding to standard
mode. Here, by way of
example, address 4096:
or
4096
1024
512
246
64
32
16
2048
128
8
512
32
4096
2048
1024
246
128
64
16
8
ON
ON
Figure 5-2 Example of Setting the Address Switch (DIP Switch)
Rules for Address Assignment
Warning
! • Make sure that the address switch setting on the F-SM matches the module
starting address in HW Config.
• In order for the module starting address to be unique on the PROFIBUS DP,
a fail-safe signal module may only be addressed by one CPU.
Exception: switched I/O in S7 FH systems (one signal module is always
addressed with the same address by one of two F-CPUs, i.e., the current DP
bus master)
• The address switch setting of the F-SMs, i.e., its PROFIsafe destination
address, must be unique from all others on the network* and station **
(systemwide). A maximum of 1,022 PROFIsafe destination addresses can be
assigned in one system. That is, a maximum of 1,022 F-modules can be
addressed using PROFIsafe.
• F-CPUs in S7 FH systems must address the same fail-safe signal modules in
the case of switched I/O.
* A network consists of one or more subnets. Address setting is unique across PROFIBUS subnet
boundaries
** Address setting is unique for one station in HW Config (e.g., one S7-300 station or even one
I-slave)
Incorrect Address Reference

If the address reference is incorrect, e.g., a different address is set than the
address in HW Config, a parameter assignment error occurs. The module does not
go into safety mode.

5-6 A5E00085586-08
5.4.2 Assigning PROFIsafe Address (F_destination_address)
Introduction
In order to use the SM 326; DI 24 × DC 24V (starting with order no.
6ES7326-1BK01-0AB0) and the SM 326; DO 8 × DC 24V/2A PM in safety mode,
the following steps must be performed:
1. For the SM 326; DI 24 × DC 24V, set the operating mode to "safety mode."
2. Set the PROFIsafe address =F_destination_address on the address switch of
the module before installing the fail-safe signal module
In contrast to the addressing method described in Section 5.4.1, there is no
correlation between the module starting address and the PROFIsafe address for
the modules indicated above. The module starting address is set the same way as
for standard I/O modules of S7-300, i.e., in the object properties for the module in
HW Config of STEP 7 .
Setting Safety Mode

For SM 326; DI 24 × DC 24V (starting with Order No. 6ES7326-1BK01-0AB0), set
"safety mode" in the object properties in HW Config.
The SM 326; DO 8 × DC 24V/2A PM can only be set to safety mode. Therefore,
the operating mode is permanently set to "safety mode."
PROFIsafe Address Assignment

The PROFIsafe addresses (F_source_address, F_destination_address) are
automatically assigned for the two F-SMs indicated above when they are
configured in STEP 7. The F_destination_address is shown in binary format in the
"DIP switch setting" parameter in the object properties for the F-SMs in HW Config.
You can change the configured F_destination_address in HW Config. To prevent
addressing errors, however, we recommend using the automatically assigned
F_destination_address.
Address switch
An address switch (10-pin DIP switch) is located on the back of the fail-safe signal
modules. The address switch is used to specify:
• Whether the module is set to safety mode or standard mode
• In safety mode: the PROFIsafe address = F_destination_address
The F-SMs are supplied with “standard mode“ setting (all switches set in the up
position; alternatively, you can set all switches in the down position for safety
mode; see Figure 5-3).

A5E00085586-08 5-7
Setting the Address Switch

Prior to installation of the F-SM, verify that the address switch setting is correct.
Standard mode:
Standardbetrieb: Safety Mode:
Sicherheitsbetrieb:
PROFIsafe addresses
alle möglichen from
Kombinationen,
1die
to 1022 are permitted.
nicht dem Standardbetrieb
Here, by way of
entsprechen, example,
hier address 1018
als Beispiel
(binary presentation
die Adresse 4096: of the
or
oder F_destination_Address):
ON
ON
512
32
512
32
4096
1024
256
64
16
4096
1024
256
64
16
2048
128
2048
128
8
9 87 6 5 4 3 2 1 0 9 87 6 5 4 3 2 1 0
Figure 5-3 Example of Setting the Address Switch (DIP Switch)
Rules for Address Assignment
Warning
! • Make sure that the address switch setting on the F-SM matches the "DIP
switch position" in HW Config.
• In order for the module starting address to be unique on the PROFIBUS DP,
a fail-safe signal module may only be addressed by one CPU.
Exception: switched I/O in S7 FH systems (one signal module is always
addressed with the same address by one of two F-CPUs, i.e., the current DP
bus master)
• The address switch setting of the F-SMs, i.e., its PROFIsafe destination
address, must be unique from all others on the network* and station **
(systemwide). A maximum of 1,022 PROFIsafe destination addresses can be
assigned in one system. That is, a maximum of 1,022 F-modules can be
addressed using PROFIsafe.
• F-CPUs in S7 FH systems must address the same fail-safe signal modules in
the case of switched I/O.
* A network consists of one or more subnets. Address setting is unique across PROFIBUS subnet
boundaries
** Address setting is unique for one station in HW Config (e.g., one S7-300 station or even one
I-slave)
Incorrect Address Reference

If the address reference is incorrect, e.g., a different address is set than the
address in HW Config, a parameter assignment error occurs. The module does not
go into safety mode.

5-8 A5E00085586-08
5.5 Installing
Installing Fail-Safe Signal Modules

The fail-safe signal modules are part of the S7-300 family of signal modules and
are suitable for use as local modules in S7-300 and as distributed I/O modules in
the ET 200M.
The fail-safe signal modules are installed the same way as all other S7-300 signal
modules in an S7-300 or ET 200M.
Therefore, you should read the detailed information regarding installation in the
installation manual or the Distributed I/O Device ET 200M manual.
Redundant Configuration of ET 200M
Note
If you use the ET 200M in a redundant configuration, it must be in a cabinet with
sufficient damping to ensure that the limit values for radio interference are
adhered to (see Section 8.3).

A5E00085586-08 5-9

5-10 A5E00085586-08
6 Wiring
6.1 Introduction
Warning
! In order to prevent hazardous threats to persons or the environment, you must
not under any circumstances override safety functions or implement measures
that cause safety functions to be bypassed or that result in the bypassing of
safety functions. The manufacturer is not liable for the consequences of such
manipulations or for damages that result from failure to heed this warning.
Overview
• Operation of F-SMs with safe functional extra-low voltage
• Special aspects to consider when wiring F-SMs
• Important information for replacing F-SMs
For wiring information that applies to both fail-safe signal modules and standard
signal modules, refer to the S7-300 Automation System, Hardware and Installation:
CPU 31xC and CPU 31x installation manual.

A5E00085586-08 6-1
Wiring
6.2 Safe Functional Extra-Low Voltage for

Safe Functional Extra-Low Voltage
Warning
! Fail-safe signal modules must be operated with safe functional extra-low voltage.
This means that fail-safe modules may only be exposed to a voltage of Um, even
in the event of a fault. The following applies to all fail-safe signal modules:
Um < 60.0 V
More information about safe functional extra-low voltage can be found, for
example, in the specification sheets of the power supplies to be used.
All components of the system that can supply electrical energy in any form must
satisfy this condition.
Every additional circuit (24V DC) that is used in the system must have a safe
functional extra-low voltage. Refer to the relevant data specification sheets or
contact the manufacturer for information.
Note also that sensors and actuators with an external power supply can be
connected to I/O modules Here, pay attention to the supply voltage from safe
functional extra-low voltage. The process signal of a 24 V digital module must not
exceed a fault voltage of Um , even in the event of a fault.
Warning
! All voltage sources, e.g., 24V DC internal load voltage supplies, 24V DC external
load voltage supplies, and 5V DC bus voltage must be galvanically
interconnected so as to prevent voltage accumulation from occurring in the
individual voltage sources, thus causing fault voltage Um to be exceeded, even
when there is a difference in potential.
Make sure that the wire cross-section for the galvanic connection is sufficient
according to the S7-300 configuration guidelines (see S7-300 Automation
System, Hardware and Installation: CPU 31xC and CPU 31x installation manual).
In standard and safety modes, fail-safe signal modules can be supplied with all
standard components from one or more shared power supply units.

6-2 A5E00085586-08
Wiring
Power Supply Requirements in Compliance with NAMUR Recommendations
Note
For compliance with NAMUR Recommendation NE 21, IEC 61131-2, and EN 298,
use only power packs/power supply units (230V AC --> 24V DC) with a power loss
ride-through of at least 20 ms. To accomplish this, the following SV components
are available, e.g.:
S7-400:
• 6ES7 407-0KA01-0AA0 for 10 A
• 6ES7 407-0KR00-0AA0 for 10 A,
S7-300:
• 6ES7 307-1BA00-0AA0 for 2 A
• 6ES7 307-1EA00-0AA0 for 5 A
• 6ES7 307-1KA00-0AA0 for 10 A
These requirements also apply to power packs/power supply units that are not
made using S7-300/400 mounting technology.
6.3 Wiring Fail-Safe Signal Modules
same wiring as for standard signal modules

Fail-safe signal modules are a component of the S7-300 module family. They are
wired in the same way as all standard signal modules in an S7-300 or an ET 200M.
You can therefore refer to the S7-300 Automation System, Hardware and
Installation: CPU 31xC and CPU 31x installation manual for information on wiring
signal modules.
In Sections 9 and 10 you will find additional information you will need to know when
wiring special F-SMs, as well as connection diagrams for various use cases with
F-SMs.
Warning
! Note that when signals of fail-safe digital input modules are assigned, signals
should only be routed within a cable or a nonmetallic sheathed cable if:
• A short circuit in the signals does not conceal a serious safety risk
• Signals are supplied by different sensor supplies of this F-DI module
Front Panel Connector Design

You will use a 40-pin front panel connector to wire fail-safe signal modules. There
are two types of 40-pin front panel connector available: a spring-type connector
and a screw-type connector (refer to Section 14 for order numbers).
Consult the S7-300 Automation System, Hardware and Installation: CPU 31xC and
CPU 31x installation manual for information about how to wire a 40-pin front panel
connector.

A5E00085586-08 6-3
Wiring
6.4 Replacing Fail-Safe Signal Modules
Inserting and Removing F-SMs in Standard Mode

Fail-safe signal modules can be inserted and removed just like all standard signal
modules in S7-300 and ET 200M.
If you configure the ET 200M with active bus modules , you can insert and
remove the F-SMs while the ET 200M is in operation.
Inserting and Removing F-SMs in Safety Mode

Fail-safe signal modules can be inserted and removed just like all standard signal
modules in S7-300 and ET 200M.
If you configure the ET 200M with active bus modules, you can insert and remove
the F-SMs during operation. If you are using an safety protector, you must use a
special bus module to couple the safety protector with the active backplane bus
(refer to Section 14 for the order number).
Irrespective of whether or not active bus modules are used, a module replacement
in safety mode results in an error in safety-related communication (communication
error) between the F-CPU and the replaced F-SM.
For additional information on the consequences of communication errors, refer to
the S7 Distributed Safety, Configuring and Programming manual or Programmable
Controllers S7 F/FH Systems manual.
Warning
! The safety protector may not be inserted or removed during operation! (Insertion
or removal would cause the ET 200M to fail.)
Note Address Setting for Module Replacement in Safety Mode

When replacing a module, make sure that the address switch (DIP switch) on the
backside of the F-SM has the same setting!
Section 11.3 describes a configuration with an safety protector on the active
backplane bus. The S7-300 Automation System, Configuration manual explains
how to replace modules within an S7-300.
The ET 200M Distributed I/O Device manual explains how to replace modules
within an ET 200M and describes the "module replacement during operation"
function.

6-4 A5E00085586-08
Wiring
6.5 Sensor and Actuator Requirements for F-SMs in

Safety Mode
General Requirements for Sensors and Actuators

Note the following important information for fail-safe use of sensors and actuators:
Warning
! We cannot control the use of sensors and actuators. We have equipped our
electronics from a safety engineering perspective such that we can leave 85% of
the residual error probability for the sensors and actuators up to you. (This
corresponds to the recommended load distribution between sensor devices,
actuator devices, and electronic circuits for input, processing, and output in safety
engineering).
Note, therefore, that instrumentation with sensors and actuators entails a
considerable safety responsibility. Consider also that sensors and actuators
generally do not endure a proof test interval of 10 years with IEC 61508 without a
considerable safety degradation.
The probability of hazardous faults and the rate of occurrence of hazardous faults
of a safety function must comply with an upper limit determined by a safety
integrity level (SIL). You will find the values achieved by the F-SMs under "Safety
Parameters" in the technical specifications for F-SMs, in Sections 9 and 10.
Sensors and actuators with relevant qualifications are required to achieve SIL 3
(AK 6, Category 4).
Additional Sensor Requirements

In general, a single-channel sensor is sufficient to achieve AK4/SIL2/Cat.3,
whereas sensors must be connected with two channels to achieve AK6/SIL3/Cat.4.
However, to achieve AK4/SIL2/Cat.3 with a single-channel sensor, the sensor itself
must have AK4/SIL2/Cat.3 capability, otherwise, this safety level can only be
achieved with a two-channel sensor connection.
Additional Requirement for Sensors and NAMUR Sensors
Warning
! When faults are detected in fail-safe input modules, a value of "0" is passed to
the F-CPU. You must therefore ensure that the sensors are implemented such
that a safe response from the safety program is achieved when a "0" state occurs
Example: In its safety program, an emergency OFF sensor must cause the
respective actuator to switch off with "0" state (emergency OFF button pressed).
In order for pulses to be detected with certainty, the time between two signal
changes (pulse duration) must be greater than the PROFIsafe monitoring time.

A5E00085586-08 6-5
Wiring
Requirement for Duration of Sensor Signals for SM 326; DI 24 × DC 24V
Warning
! To guarantee proper acquisition of sensor signals by the
SM 326; DI 24 × DC 24V, you must ensure that the sensor signals exhibit a
certain minimum duration.
Safe Acquisition by SM 326; DI 24 X DC 24V

The minimum sensor signal duration for proper acquisition by the
SM 326; DI 24 × DC 24V is dependent on the parameter assignment for the short-
circuit test in STEP 7 (see Section 9.3).
Table 6-1 Minimum Duration of Sensor Signals for Proper Signal Acquisition by
SM 326; DI 24 X DC 24V
Short-Circuit Test Parameter Minimum Duration of Sensor Signals

disabled 20 ms
enabled 20 ms
Safe Acquisition by Safety Program in the F-CPU

For information on the times for proper acquisition of sensor signals in the safety
program, refer to Section 9 of the Safety Engineering in SIMATIC S7 system
description.
Additional Requirements for Actuators

Fail-safe output modules test the outputs at regular intervals. To do so, the module
briefly switches off activated outputs and briefly switches on any outputs that are
switched off. These test pulses have the following duration:
• Dark period < 1 ms
• Bright period < 1 ms
Fast-responding actuators can briefly drop out or be activated during this test. If
your process does not tolerate this, you must use actuators with a sufficient lag
(> 1 ms).
Warning
! If the actuators are operated at voltages higher than 24V DC (for example,
230 VDC) or if the actuators clear higher voltages, safe isolation must be ensured
between the outputs of a fail-safe output module and the components carrying a
higher voltage (in accordance with EN 50178).
This is generally the case for relays and contactors. Particular attention must be
paid to this aspect for semiconductor switching devices.

6-6 A5E00085586-08
Wiring
Avoiding Dark Periods in Safety Mode
Warning
! If you are using actuators that respond too quickly exclusively during "dark
period" test signal injection (i.e., < 1 ms), you can still use the internal test
coordination by parallel-switching two opposite outputs (with a series diode) at a
time. This parallel switching suppresses the dark periods (see "Parallel Switching
of Two Outputs for Dark Period Suppression" in Section 9.6.4).
Technical Specifications for Sensors and Actuators

You should also refer to Sections 9 and 10 for technical specifications for selecting
sensors and actuators.

A5E00085586-08 6-7
Wiring

6-8 A5E00085586-08
7 Fault Reactions and Diagnostics
7.1 Introduction
Overview
• Reactions to faults in F-SMs in standard mode
• Reactions to faults in F-SMs in safety mode
• Diagnostics for F-SMs in the event of a fault

A5E00085586-08 7-1
Fault Reactions and Diagnostics
7.2 Reactions to Faults in F-SMs
7.2.1 Reactions to Faults in Standard Mode
Reactions to Faults
In standard mode, the fail-safe signal modules react to faults the same way as
standard modules in S7-300 or ET 200M. When a fault or interrupt event occurs,
either the CPU goes into STOP mode or the user program can react to the fault by
means of an error OB or interrupt OB (see S7-300 Automation System,
Hardware and Installation: CPU 31xC and CPU 31x installation manual).
Substitute Values
Substitute values are assignable values that the fail-safe modules supply to the
process, for example, when the following occur:
• CPU goes into STOP mode (or the CP goes into STOP mode, if a CP is the
DP master)
• IM 153-2/-2 FO (ET 200M) goes into STOP mode
• PROFIBUS DP is disconnected
Substitute Value Output for Output Modules

In safety mode, it is possible to apply substitute values "0", "1", or "Keep last value"
in the case of fail-safe digital output modules. The substitute value is assigned in
the object properties of the F-SM in HW Config (see Section 9).

7-2 A5E00085586-08
7.2.2 Reactions to Faults in Safety Mode
Safe State (Safety Concept)

The basic principle behind the safety concept is the existence of a safe state for all
process variables. For digital signal modules, the safe state is, for example, the
value "0". This applies to both sensors and actuators.
Reactions to Faults and Startup of F-System

The safety function requires that fail-safe values (safe state) be used for a signal
module instead of process values (passivation of fail-safe signal modules) in the
following cases:
• When the F-system is started up
• In the case of errors during safety-related communication between the F-CPU
and F-SM via the PROFIsafe safety protocol (communication error).
• In the case of F-I/O or channel faults (e.g., wire break, short circuit,
discrepancy error)
Identified faults are entered in the diagnostic buffers of the F-SM and the CPU, and
communicated to the safety program in the F-CPU.
Warning
! For reaction to channel faults, remember during parameter assignment to enable
group diagnostics on a channel-by-channel basis in the object properties dialog of
the F-SM in HW Config for the following F-SMs (see Sections 9 and 10):
• SM 326; DO 10 × DC 24V/2A
• SM 336; AI 6 × 13 Bit

A5E00085586-08 7-3
Fail-safe value Output for Fail-Safe Signal Modules

For fail-safe input modules, if passivation occurs, the F-system provides fail-safe
values for the safety program instead of the process values pending at the fail-safe
inputs:
• In S7 Distributed Safety F-systems: The fail-safe value is always (0) for
fail-safe digital input and analog input modules.
• In S7 F/FH F-systems: The fail-safe value is always (0) for fail-safe digital input
modules. The fail-safe value can be assigned in the safety program (in the fail-
safe driver block) for fail-safe analog input modules.
For fail-safe output modules, if passivation occurs, the F-system transfers
fail-safe values (0) to the fail-safe outputs instead of the output values provided by
the safety program. The output channels go to the zero current and zero voltage
state. This also applies when the F-CPU goes into STOP mode. It is not necessary
to assign parameters for fail-safe values.
Depending on which F-system is used and the type of fault that occurred (F-I/O,
channel, or communication error), fail-safe values are used either for the affected
channel only or for all channels of the fail-safe signal module involved.
Reintegration of a Fail-Safe Signal Module

Switchover from fail-safe values to process values (reintegration of an F-SM)
occurs either automatically or only after user acknowledgement in the safety
program. After reintegration, the following occurs:
• For a fail-safe input module, the process values pending at the fail-safe inputs
are provided for the safety program
• For a fail-safe output module, the output values provided in the safety program
are again transferred to the fail-safe outputs
Additional Information on Passivation and Reintegration

For additional information on passivation and reintegration of F-I/O, refer to the S7 Distributed
Safety, Configuring and Programming manual or S7 F/FH Automation Systems manual.

7-4 A5E00085586-08
Disabling Group Diagnostics?

The "Group diagnostics" parameter is used to enable and disable transfer of
channel-specific diagnostic messages (e.g., wire break, short circuit) for the
module to the CPU. For availability reasons, you should disable the group
diagnostics on nonutilized input or output channels of the following F-SMs:
• SM 326; DO 10 × DC 24V/2A
• SM 336; AI 6 × 13 Bit
Warning
! In safety mode, group diagnostics must be enabled on all connected channels
of fail-safe input and output modules.
Verify that group diagnostics has been disabled only on nonutilized input and
output channels.
For SM 326; DI 24 × DC 24V and SM 326; DO 8 × DC 24V/2A PM, the following

applies:
If you disable a channel in STEP 7 HW Config, the group diagnostic for this
channel is simultaneously disabled.

A5E00085586-08 7-5
7.3 Diagnosis of Faults of F-SMs
Definition
Diagnostics can be used to determine whether faults occurred during signal
acquisition by the fail-safe signal modules. Diagnostic information is assigned
either to a channel or to the module as a whole.
Diagnostic Functions Are Not Critical with Respect to Safety

None of the diagnostic functions (displays and messages) are critical with respect
to safety, and, thus, these functions are not implemented with fail-safe
characteristics. That is, the diagnostic functions are not tested internally.
Diagnostic Options for Fail-Safe Signal Modules

The following diagnostic options are available for fail-safe signal modules:
• LED display on front panel of module
• Diagnostic messages of fail-safe signal modules
Assignable and Nonassignable Diagnostic Messages

For diagnostic evaluation, there is a distinction between assignable and
nonassignable diagnostic messages.
Warning
! Diagnostic functions must be enabled or disabled in coordination with the
application.

7-6 A5E00085586-08
Diagnostics by LED Display

Diagnostic messages always result in illumination of the SF LED (group fault LED).
The SF LED illuminates as soon as a diagnostic message is triggered by the F-SM.
It is extinguished when all faults have been eliminated.
Limitation for the Following F-SMs:
• SM 326; DO 10 × DC 24V/2A
• SM 336; AI 6 × 13 Bit
In the case of assignable diagnostic messages (for example, wire break or short
circuit), the SF LED only illuminates if you enabled the diagnostics when assigning
parameters ("Group diagnostics" parameter in the object properties of the F-SM in
HW Config) (see Sections 9 and 10).
Diagnostic LEDs of F-SMs
Table 7-1 Diagnostic LEDs of F-SMs
LED Safety Mode Standard mode

Channel or Module Channel or Module Module
Module Fault Defective Fault Defective
SF (red) On On On On
SAFE On Off Off Off
(green)
Diagnostic Interrupt
When a fault is detected (for example, a short circuit), the fail-safe signal modules
trigger a diagnostic interrupt, provided a diagnostic interrupt is enabled. The
F-CPU interrupts execution of the user program (standard or safety) or the lower
priority classes and executes the diagnostic interrupt block (OB82).
Assigning the Diagnostic Interrupt Enable

The diagnostic interrupt is disabled by default. You can assign the diagnostic
interrupt enable it in the object properties dialog for the F-SM in HW Config
(see Sections 9 and 10).
Special Information on Diagnostic Messages

All module-specific diagnostic messages and their possible causes and corrective
measures are described in Sections 9 and 10.
Information is also included on which diagnostic messages have to be assigned
and which are displayed on a channel-specific basis.

A5E00085586-08 7-7
Reading Out Diagnostic Messages

The cause of a fault can be read out with STEP 7 in the following ways:
• From the diagnostic buffer of the CPU or the diagnostic buffer of the module
(STEP 7 function "Diagnose Hardware").
• In the standard user program with SFC 59 (see Section 12 and the System and
Standard Functions reference manual).

7-8 A5E00085586-08
8 General Technical Specifications
8.1 Introduction
Overview
This section contains the following information on the fail-safe signal modules:
• Most important standards and approvals
• General technical specifications
This information applies to all standard products of the SIMATIC S7-300 and
S7-400.
What are General Technical Specifications?

The general technical specifications include the standards that were adhered to
and the test values that were satisfied by the fail-safe signal modules when used in
an S7-300/ET 200M, or the test criteria that were used when testing the signal
modules.

A5E00085586-08 8-1
General Technical Specifications
8.2 Standards and Approvals
CE Certification
Siemens products satisfy the requirements and safety objectives of the

following European Community directives and comply with the harmonized
European standards (EN) for programmable logic controllers published in the
Gazette of the European Community:
• 89/336/EWG ”Electromagnetic Compatibility” (EMC Guideline)
• 73/23/EEC ”Electrical Equipment Designed for Use within Certain Voltage
Limits” (low voltage directive)
The EC declarations of conformity are kept available for the relevant authorities at:
Siemens Aktiengesellschaft
Bereich Automatisierungstechnik
A&D AS RD4
Postfach 1963
D-92209 Amberg
UL approval
Underwriters Laboratories Inc., in accordance with

• UL 508 (Industrial Control Equipment)
• CSA C22.2 No. 142 (Process Control Equipment)
• UL 1604 (Hazardous Location)
• CSA-213 (Hazardous Location)
APPROVED for use in Class I, Division 2, Group A, B, C, D Tx;
Class I, Zone 2, Group IIC Tx
Note
The nameplate of the module indicates the currently valid approvals.

8-2 A5E00085586-08
FM approval
Factory Mutual Research (FM) in accordance with

Approval Standard Class Number 3611, 3600, 3810
APPROVED for use in
Class I, Division 2, Group A, B, C, D Tx;
Class I, Zone 2, Group IIC Tx
Warning
! There is a risk of personal injury or property damage.
In areas exposed to explosion hazard, personal injury or property damage can
occur if plug-in connections are disconnected during operation.
Before disconnecting plug-in connections in areas exposed to explosion hazard,
always deenergize the distributed I/O.
In accordance with EN 50021 (Electrical Apparatus for Potentially Explosive
Atmospheres; Type of Protection "n“)
II (3) G EEx nA II T3 to T6 (except for SM 326; DI 8 × NAMUR)
II 3 (2) G EEx nA [ib] IIC T4 (SM 326; DI 8 × NAMUR only)

For SM 326; DI 8 × NAMUR:
94/9/EC “Equipment and Protective Systems Intended for Use in Potentially
Explosive Atmospheres" (Explosion Protection Guideline):
II (2) G [EEx ib] IIC
This approval applies to explosive gas mixtures of Group IIC (see S7-300,
M7-300, ET 200M Automation Systems, Principles of Intrinsically-Safe
Design manual). The safety-related limit values can be obtained from the
certificate of conformity (see Section 16).
Note
Modules with II (2) G [EEx ib] IIC approval are considered to be associated items
of equipment and must therefore be installed outside the potentially explosive
area. Intrinsically-safe electrical equipment items for Zones 1 and 2 may be
connected.

A5E00085586-08 8-3
Overview of UL and FM Approvals

The table below provides an overview of the fail-safe signal modules including
detailed information on approvals and fields of application.
Approval for:
Component UL 508 FM 3611, ATEX 2671 X ATEX
CSA C 22.2 No. 142 3600, 3810 Guideline EN 50021: 1999
UL 1604 CI. I Div. 2 94/9/EG
CSA–213 CI. I Zone 2
SM 326; DI 24 × 24 VDC Yes Yes No II (3) G EEx nA II
T3 to T6
available
SM 326; DI 8 × NAMUR Yes Yes II (2) G [EEx ib] II 3 (2) G EEx nA
IIC [ib] IIC T4
available available
SM 326; DO 8 × 24 Yes Yes No Yes
VDC/2 A PM
SM 326; DO 10 × 24 Yes Yes No II (3) G EEx nA II
VDC/2 A T3 to T6
available
SM 336; AI 6 × 13 Bit Yes Yes No II (3) G EEx nA II
T3 to T6
available
Marking for Australia
The fail-safe signal modules satisfy the requirements of AS/NZS 2064

(Class A).
IEC 61131
The fail-safe signal modules satisfy the requirements and criteria of IEC 61131-2
(Programmable Controllers - Part 2: Equipment Requirements and Tests).
Field of Application
SIMATIC products are designed for use in industrial environments.
Field of Application Requirement Relating to

Emitted Interference Immunity to Interference
Industry EN 50081-2 :1993 EN 50082-2 :1995

8-4 A5E00085586-08
TÜV Certificate and Standards

The fail-safe signal modules are certified for the following standards, in that these
standards are directly applicable to the PLC. Refer to the report accompanying the
TÜV certificate for the current version/edition of the standard.
Standard/Guideline Description
Functional Safety Standards/Guidelines IEC 61508-1 to 7
EN 50159-1 and 2
UL 1998
Process Engineering Standards/Guidelines DIN V 19251
VDI/VDE 2180-1, 2, 3 and 5
NE 31
ISA S 84.01
IEC 61511
Machine Safety Standards/Guidelines 98/37/EC
EN 60204-1
EN 954-1 and 2
Combustion Engineering NFPA 79
Standards/Guidelines
NFPA 85
DIN V ENV 1954
DIN VDE 0116 Clause 8.7
IEC 61496-1
IEC 62061
EN 50156-1
EN 230 Clause 7.3
EN 298* Nos. 7, 8, 9 and 10
Presses Standards/Guidelines EN 692
EN 693
EN 12622
Other Standards/Guidelines DIN VDE 0110-1
73/23/EWG
93/68/EWG
EN 55011
EN 50081-2
EN 50082-2
EN 61131-2
EN 50178
EN 60068
* Restriction: 20.4 V to 28.8 V

An additional load current power supply is necessary for the standard required voltage range.

A5E00085586-08 8-5
Requesting TÜV Certificate

You can request copies of the TÜV certificate and the accompanying report at the
following address:
Siemens Aktiengesellschaft
Bereich Automatisierungstechnik
A&D AS RD ST
Postfach 1963
D-92209 Amberg
8.3 Electromagnetic Compatibility
Introduction
This section presents information on the interference immunity of fail-safe signal
modules and information on radio interference suppression.
The fail-safe signal modules satisfy the requirements of the EMC legislation for the
internal European market.
Definition of EMC
Electromagnetic compatibility is the ability of an electrical device to function in its
electromagnetic environment in a satisfactory manner without affecting this
environment.

8-6 A5E00085586-08
Pulse-Shaped Interference
The table below shows the electromagnetic compatibility of the fail-safe signal
modules with respect to pulse-shaped interferences. As a prerequisite, the
S7-300/M7-300/ET 200M system must comply with the specifications and
guidelines for electrical installation.
Pulse-Shaped Interference Tested With Degree of Severity

Electrostatic discharge in accordance with 8 kV 3
IEC 61000-4-2 (DIN VDE 0843 Part 2) (air discharge)
6 kV 3
(contact discharge)
Burst pulse (rapid transient interference) in 2 kV 3
accordance with IEC 61000-4-4 (supply line)
(DIN VDE 0843 Part 4) 2 kV 4
(signal line)
Surge in accordance with IEC 61000-4-5 (DIN VDE 0839 Part 10)
No external surge filter required (see S7-300 Automation System,
Hardware and Installation:CPU 31xC and CPU 31x installation
manual, Section “Lightning and Surge Voltage Protection”)*
Asymmetrical connection 1 kV 2*
(supply line)
1 kV
(signal line/
data line)
Symmetrical connection 0.5 kV
(supply line)
0.5 kV
(signal line/
data line)
* An external surge filter is required for severity level 3. The test value is then 2 kV for
unsymmetrical connections and 1 kV for symmetrical connections.

A5E00085586-08 8-7
Overvoltage Protection for S7-300/ET 200M with Fail-Safe Signal Modules

If your system has to achieve a greater level of protection than severity level 2, we
recommend use of an external surge filter to ensure surge resistance in
S7-300/ET 200M with fail-safe signal modules.
The exact type designation can be obtained in the S7-300 Automation System,
Hardware and Installation:CPU 31xC and CPU 31x installation manual, Section
“Lightning and Surge Voltage Protection”).
Note
Lightning protection measures always require a case-by-case examination of
the entire system. Nearly complete protection from overvoltages, however,
can only be achieved if the entire building surroundings have been designed
for overvoltage protection. In particular, this involves structural measures in
the building design phase.
Therefore, for detailed information regarding overvoltage protection, we
recommend that you contact your Siemens representative or a company
specializing in lightning protection.
Sinusoidal Interferences
HF radiation of the device in accordance with IEC 61000-4-3:
• Electromagnetic HF field, amplitude-modulated
From 80 MHz to 1000 MHz; 10 V/m; 80% AM (1 kHz)
• Electromagnetic HF field, pulse-modulated
900 ± 5 MHz; 10 V/m; 50% ESD; 200 Hz repetition frequency
• GSM/ISM field interferences of different frequencies (EN 298: 1998):
System Frequency Test Level Modulation

GSM 890-915 MHz 20 V/m Pulse modulation
200Hz
GSM 1710-1785 MHz 20 V/m Pulse modulation
200Hz
ISM 6,765-6,795 MHz 20 V/m AM, 80% 1 kHz
ISM 13,553-13,567 MHz 20 V/m AM, 80% 1 kHz
ISM 26,957-27,283 MHz 20 V/m AM, 80% 1 kHz
ISM 40.66-40.70 MHz 20 V/m AM, 80% 1 kHz
ISM 433.05-434.79 MHz 20 V/m AM, 80% 1 kHz
ISM 3,370-3,410 MHz 20 V/m AM, 80% 1 kHz
ISM 13,533-13,533 MHz 20 V/m AM, 80% 1 kHz
ISM 13,567-13,587 MHz 20 V/m AM, 80% 1 kHz
ISM 83,996-84,004 MHz 20 V/m AM, 80% 1 kHz
ISM 167,992-168,008 MHz 20 V/m AM, 80% 1 kHz
ISM 886,000-906,000 MHz 20 V/m AM, 80% 1 kHz

8-8 A5E00085586-08
• HF interference on signal and data lines, etc., in accordance with

IEC 61000-4-6, high frequency, unsymmetrical, and amplitude modulated
From 0.15 MHz to 80 MHz; 10 V root-mean-square value, unmodulated; 80%
AM (1 kHz);
150 Ω Source impedance
Emission of Radio Interferences

Emitted interference of electromagnetic fields in accordance with EN 55011: Limit
class A, Group 1.
Between 20 MHz and 230 MHz < 30 dB (µV/m)Q

Between 230 MHz and 1000 MHz; < 37 dB (µV/m)Q
Measured at 30 m distance
Emitted interference over network AC power supply in accordance with EN 55011:

Limit class A, Group 1.
Between 0.15 MHz and 0.5 MHz; < 79 dB (µV)Q, < 66 dB (µV)M
Between 0.5 MHz and 5 MHz < 73 dB (µV)Q, < 60 dB (µV)M
Between 5 MHz and 30 MHz < 73 dB (µV)Q, < 60 dB (µV)M
Redundant Configuration of ET 200M
Note
If you use the ET 200M in a redundant configuration, it must be in a cabinet with
sufficient damping to ensure that the limit values for radio interferences are
adhered to.
Expanding the Field of Application

If you use the fail-safe signal modules in residential areas, you must ensure limit
class B (EN 55011) for emission of radio interferences.
Measures to achieve the limit class B radio interference level include:
• Installation in grounded control cabinets/switchboxes
• Use of filters in power supply lines

A5E00085586-08 8-9
8.4 Transport and Storage Conditions
Conditions for Fail-Safe Signal Modules

Fail-safe signal modules exceed the requirements for transport and storage
conditions specified in IEC 61131, Part 2. The information below applies to fail-safe
signal modules that are transported and stored in their original packaging.
Type of Condition Permitted Range

Free fall ≤1m
Temperature - 40 °C to + 70 °C
Air pressure 1080 hPA to 660 hPa
(corresponds to an altitude of -1000 m to 3500
m)
Relative humidity 5% to 95%, without condensation

8-10 A5E00085586-08
8.5 Mechanical and Climatic Environmental Conditions
Conditions of Use
The fail-safe signal modules are intended for weatherproof, stationary use. The
conditions of use exceed the requirements of IEC 61131-2.
The fail-safe signal modules satisfy the conditions of application of class 3C3 in
accordance with DIN EN 60721 3-3 (locations with high traffic intensity and in the
immediate vicinity of industrial plants with chemical emissions).
Restrictions
A fail-safe signal module must not be used without additional measures where the
following conditions apply:
• Locations with a high level of ionizing radiation
• Locations with severe operating conditions; for example, due to
- Dust
- Corrosive vapors or gases
• Systems that require special monitoring, such as:
- Electrical systems in particularly hazardous spaces
An example of an additional measure for use of a fail-safe signal module is cabinet
installation of the ET 200M/S7-300 with fail-safe signal modules.
Mechanical Environmental Conditions

The following table presents the mechanical environmental conditions for fail-safe
signal modules, expressed as sinusoidal vibrations.
Frequency Range (Hz) Continuous Intermittent

10 ≤ f ≤ 58 0.0375 mm amplitude 0.075 mm amplitude
58 ≤ f ≤ 150 0.5 g constant acceleration 1 g constant acceleration
Reduction of Vibration
If the fail-safe signal modules are exposed to greater shocks or vibration, you must
take suitable measures to reduce the acceleration and amplitude.
We recommend installation on dampening material (such as rubber-metal vibration
dampers).

A5E00085586-08 8-11
Testing for Mechanical Environmental Conditions

The following table provides information about the type and scope of testing for
mechanical environmental conditions.
Condition Test Standard Comments

Vibration Vibration test in Vibration method: frequency sweeps with a rate of
accordance with IEC change velocity of 1 octave per minute.
68 Part 2-6 (sine) 10 Hz ≤ f ≤ 58 Hz, constant amplitude 0.075 mm
58 Hz ≤ f ≤ 150 Hz, constant acceleration 1 g
Vibration duration: 10 frequency sweeps per axis
in each of three perpendicular axes
Shock pulse Shock pulse test in Shock method: half sine
accordance with IEC Shock intensity: 15 g peak value, 11 ms duration
68 Part 2-27
Shock direction: 3 shocks each in +/- direction in
each of three perpendicular axes
Climatic Environmental Conditions

The fail-safe signal modules may be used under the following climatic
environmental conditions:
Environmental Range of Application Comments

Requirements
Temperature: -
Horizontal installation: 0 to 60 °C
Vertical installation 0 to 40 °C
Relative humidity 5% to 95%, No condensation; corresponds
to relative humidity (RH) stress
level 2 in accordance with IEC
1131-2
Air pressure 1080 hPa to 795 hPa Corresponds to an altitude of
-1000 m to 2000 m
Pollutant concentration Test:
SO2: < 0.5 ppm; 10 ppm; 4 days
relative humidity < 60%, no
condensation
H2S: < 0.1 ppm; 1 ppm; 4 days
relative humidity < 60%,
no condensation

8-12 A5E00085586-08
8.6 Specifications for Nominal Line Voltages, Isolation

Tests, Protection Class, and Degree of Protection
Nominal Line Voltages for Operation

The fail-safe signal modules work with a nominal line voltage of 24 VDC. The
tolerance range is 20.4 VDC to 28.8 VDC.
We recommend use of the Siemens "SITOP power" line of power supplies for
supplying voltage.
Test Voltages
Isolation stability is proven in routine testing with the following test voltages in
accordance with IEC 1131 Part 2:
Circuits with Nominal Line Voltage Ue Test Voltage

against Other Circuits and against the
Ground
0 V < Ue ≤ 50 V 500 VDC
Protection Class
Protection class I in accordance with IEC 60536 (VDE 0106, Part 1), i.e., ground
terminal required on DIN rail!
Foreign Body and Water Protection

Degree of protection IP 20 in accordance with EN 60529, i.e., protection from
contact with standard test probes
Additional: Protected from foreign bodies with diameters over 12.5 mm.
No special protection from water.

A5E00085586-08 8-13

8-14 A5E00085586-08
9 Digital Modules
9.1 Introduction
Overview
Four fail-safe digital modules from the S7-300 module range are available for
connecting digital sensors and/or actuators.
This chapter contains the following information on each fail-safe digital module:
• Features
• Module view and block diagram
• Applications with connection diagrams and parameter assignments
• Diagnostic messages with remedies

A5E00085586-08 9-1
Digital Modules
9.2 Discrepancy Analysis for Fail-safe Digital Input Modules
Discrepancy Analyses
There are two types of discrepancy analyses for fail-safe input modules:
• for 1oo2 evaluation in a digital input module
• for redundant modules
Discrepancy Analysis for 1oo2 Evaluation in a Digital Input Module

The discrepancy analysis is carried out in the safety mode between the two input
signals of the 1oo2 evaluation in the fails-safe input module.
If the input signals do not match after the assigned discrepancy time has elapsed
(due to a broken wire in a sensor cable, for example), the input signal to the F-CPU
is set to “0.“ In addition, the diagnostic message “discrepancy error“ is generated
with information about the faulty channel in the diagnostic buffer of the module.
Note
The input signals from the process are considered to be correct process values
within the discrepancy time even if the two readings of the redundant input
signals are different.
While the discrepancy time is running inside the module, the following value is
sent to the F-CPU:
• for SM 326; DI 8 ×NAMUR: the last, valid value (old value) of the affected
input channel
• for SM 326; DI 24 × DC 24V: parameters can be assigned for the last valid
value (old value) of the affected input channel or the value "0" (parameters
"discrepancy behavior")
If, for example, a filling operation is being controlled with the sensor signal, the
filling will be stopped by the first of the two discrepancy signals after reading the
"0" signal if the value is "0". If the second signal is never read as "0", an error is
detected following the expiration of the discrepancy time. Select the last valid
value for this example.

9-2 A5E00085586-08
Digital Modules
"Provide last valid value"

The last valid value (old value) before discrepancy occurs is made available in the
safety program in F-CPU as soon as a discrepancy is determined between the
signals of the affected input channels. This value remains available until the
discrepancy disappears or until the discrepancy time expires and a discrepancy
error is detected. The sensor-actuator response time is extended according to the
this time.
This means the discrepancy time of a 2-channel sensor for fast reactions has to be
adjusted to short response times.
Thus, for example, it makes no sense for a time-critical deactivation to be triggered
by 2-channel sensors with a discrepancy time of 500 ms. In the worst case, the
sensor-actuator response time is extended by an amount approximately equal to
the discrepancy time:
• For this reason, position the sensor in the process in such a way to minimize
discrepancy.
• Then select the shortest possible discrepancy time that also has sufficient
back-up against false tripping of discrepancy errors.
"Provide 0 value"
The value "0" is immediately made available to the safety program in the F-CPU as
soon as a discrepancy is detected between the signals of the two affected input
channels.
If you assigned the parameter "Provide 0 value“, the sensor-actuator response time
will not be affected by the discrepancy time.

A5E00085586-08 9-3
Digital Modules
Discrepancy Analysis in Redundant Digital Input Modules (only in

F Systems S7 F/FH Systems)
The fail-safe driver blocks of the optional software S7 F Systems perform the
discrepancy analysis in F systems S7 F/FH system between both input signals of
the redundant input modules.
For the redundant digital input modules, both input signals are interconnected by
the OR fail-safe driver blocks so that the output signal of the driver block is set to
“1“ in the event of a discrepancy between the two input signals .
Since the signals of both modules can be considered safe, you can trust the value
"1" of the signal module and forward this signal to the driver output without taking
any safety risks. This way, the desired availability of the system is achieved.
In the event of discrepancy errors, diagnostic information is additionally issued at
the outputs DIAG_1/2 on the fail-safe module driver
(see the Programmable Controllers S7 F/FH Systems manual).
If the input signals do not correspond (discrepancy error) following the expiration of
the configured discrepancy time, corresponding diagnostic information is output on
the fail-safe module driver at the outputs DIAG_1/2
(see the Programmable Controllers S7 F/FH Systems manual).
Parameter Assignment
You assign parameters for the discrepancy time and the discrepancy behavior in
HW Config, in the object properties catalog of the fail-safe signal module
(Parameters see chapter 9.3 and 9.4).

9-4 A5E00085586-08
Digital Modules
9.3 SM 326; DI 24 × DC 24V
9.3.1 Properties, Front View, Connection Diagram, and Block Diagram
Order Number
6ES7 326-1BK01-0AB0
Features
The SM 326; DI 24 × DC 24V has the following features:
• 24 inputs, isolated in groups of 12
• 24V DC rated input voltage
• Suitable for switches and 2-/3-/4-wire proximity switches (BEROs)
• 4 short circuit-proof sensor supplies for 6 channels in each case,
isolated in groups of 2
• External sensor supply possible
• Group error display (SF)
• Safety mode display (SAFE)
• Status indicator for each channel (green LED)
• Reconfiguration in Run (CiR) – possible in standard mode
• Assignable diagnostics
• Diagnostic alarm with assignable parameters
• Usable in standard and safety modes
• Configure 1oo1 and 1oo2 for each channel
• simplified PROFIsafe address assignment
Warning
! The fail-safe performance characteristics in the technical specifications are valid
for a proof-test interval of 10 years a planned outage time of 100 hours.

A5E00085586-08 9-5
Digital Modules
Address Assignment
The following figure shows the allocation of channels to addresses.
Addressing of the I x.0 I x+1.4

inputs in the user Ix.1 I x+1.5
0 4
program I x.2 1 5
I x+1.6
I x.3 2 6 I x+1.7
3 7
Ix.4 4 0
I x+2.0
I x.5 5 1 I x+2.1
I x.6 6 2 I x+2.2
I x.7 7 3 I x+2.3
0 4
I x+1.0 1 5 I x+2.4
I x+1.1 2 6 I x+2.5
3 7
I x+1.2 I x+2.6
I x+1.3 I x+2.7
x = module start address
Figure 9-1 Address assignment for SM 326; DI 24 × DC 24V
Configuration in RUN (CiR)

During standard operation of the SM 326; DI 24 × DC 24V (starting with order no.
6ES7 326-1BK01-0AB0), you can make configuration changes while the plant is
operating (CiR).
Additional Information on CiR

For further information on CiR refer to:
• the STEP 7 Online Help: "System Modification in RUN Mode via CiR"
• in the Safety Engineering in SIMATIC S7 system description

9-6 A5E00085586-08
Digital Modules
Front View
Common error Sensor supply

indicator – red SF indicator – green
Vs (for 6 channels)
SAFE
4 Status indicator -
Vs Vs green (per channel)
Safety mode
0 4
indicator – green
1 5
2 6
Channel number
3 7
4 0
5 1
Use of front connector
(behind the front door): for
connecting the inputs and
Vs Vs
power supply
6 2
7 3
0 4
1 5
2 6
3 7
Figure 9-2 Ffront view SM 326; DI 24 × DC 24V

A5E00085586-08 9-7
Digital Modules
Channel Numbers
The inputs are identified uniquely by means of the channel numbers and the
channel-specific diagnostic messages are assigned. For a module you can
configure a 1oo1 and 1oo2 evaluation of the sensor (example see table 9-2) in a
channel or channel pair granular.
Left Right
Channel 1oo1 1oo2 1oo1 1oo2
number: 0 0 12 0
1 1 13 1
0 4
2 2 1 5
14 2
3 3 2 6 15 3
3 7
4 4 4 0
16 4
5 5 5 1 17 5
6 6 6 2 18 6
7 7 7
0
3
4
19 7
8 8 1 5 20 8
9 9 2
3
6
7
21 9
10 10 22 10
11 11 23 11
Figure 9-3 F Channel numbers for SM 326; DI 24 × DC 24V
Table 9-2 SM 326; DI 24 × 24V : Example of a channel configuration
Left Right Evaluation Description

Channels Channels of sensors
0 12 1oo2 Channel pair configured for 1oo2, channel 0
exists as E x.0 in the I/O area for inputs in the
F-CPU
F-CPU
2 14 1oo1 Single channels configured for 1oo1, channels 2
and 14 exist as E x.2 and E x+1.6 in the I/O
area for inputs in the F-CPU
3 15 1oo1 Single channels configured for 1oo1, channels 3
and 15 exist as E x.3 and E x+1.7 in the I/O
area for inputs in the F-CPU
F-CPU

9-8 A5E00085586-08
Digital Modules
Connection and Block Diagram

The following figure shows the terminal assignment and block diagram of the
SM 326; DI 24 × DC 24V.
Over-
1L+ 1 21 2L+
voltage
24 V 1M 2 22 2M 24 V
protection
1Vs 4 L+ 24 3Vs
* *
5 25
6 26
7 Sensor 27
8 M 28
supply
9 29
10 30
2Vs 11 Logic and Test 31 4Vs

bus
12 32
interface
13 33
14 34
15 Status 35
16 36
17 M 37
Address switch SF SAFE

M M
* The representation of the normally open contacts corresponds to the printing on the module. However, the typical
encoder contacts used are normally closed contacts (to keep process variables in a safe state)
Bild 9-4 Terminal assignment and block diagram of the SM 326; DI 24 × DC 24V and internal sensor
supply
External Sensor Supply

The following figure shows how the sensors can be supplied via an external sensor
supply (for example, via another module: L+). All 6 channels of a channel group (0
to 5; 6 to 11; 12 to 17 or 18 to 23) must be supplied via the same external sensor
supply.
2L+
2M
L+
Vs
Digital input DI
module
Figure 9-5 External sensor supply for the SM 326; DI 24 × DC 24V

A5E00085586-08 9-9
Digital Modules
Note
Note that the following faults cannot be detected during an external sensor
supply:
• Short circuit to L+ on the unswitched sensor line (contact open)
• Cross circuit between the channels of a channel group
• Cross circuit between the channels in different channel groups
9.3.2 Applications for SM 326; DI 24 × DC 24V
Selecting the Application

The following figure helps you to select an application according to the
requirements for high availability and availability. On the following pages you can
find out how to wire the module for each application and which parameters you
must set with STEP 7 using the S7 Distributed Safety or F Systems optional
package.
Standard mode Safety mode
No
Safety mode?
Yes
SIL3
Required (AK 6, Cat. 4)
safety level?
SIL 2
(AK 4, Cat. 3)
Yes Yes Yes

Module redundant? Module redundant? Module redundant?
No No No
SIL 2 SIL 2 SIL 3 SIL 3

Standard Standard Safety mode Safety mode, Safety mode Safety mode,
mode mode, fault fault fault
tolerance tolerance tolerance
Applications 1 to 6
1 2 3 4 5 6
see see see see see see
Chap. 9.3.3 Chap. 9.3.4 Chap. 9.3.5 Chap. 9.3.6 Chap. 9.3.7 Chap. 9.3.8
Figure 9-6 Selecting the application - SM 326; DI 24 × DC 24V

9-10 A5E00085586-08
Digital Modules
Warning
! The achievable safety class is dependent on the quality of the sensor and the
magnitude of the proof-test interval in accordance with IEC 61508. If the quality of
the sensor is lower than the quality stipulated in the required safety class, the
sensors must be applied redundantly with a two-channel connection.
Note
You can configure a 1oo1 and 1oo2 evaluation of the sensor for a module
(example see table 9-2).
9.3.3 Application 1: Standard Mode
Below you can find the wiring diagram and the parameter assignment of SM 326;
DI 24 × DC 24V for the
• Application 1: Standard Mode
For diagnostic messages, possible causes of error and their remedies, refer to
Tables 9-9 and 9-10.
Wiring Diagram for Application 1 – Connecting a Sensor to One Channel

A sensor is connected via a single channel for each process signal. The sensors
can also be supplied via an external sensor supply.
1L+
1M
Vs
Digital input DI
module
Figure 9-7 Wiring diagram for the SM 326; DI 24 × DC 24V; for application 1 – Connecting
a sensor to one channel

A5E00085586-08 9-11
Digital Modules
Assignable Parameters for Application 1
Table 9-3 Parameters SM 326; DI 24 × DC 24V for application 1
Parameter Value Range in Standard Mode Type Effective in

"Parameter" tab
Operating mode Standard Mode Static Module
Module Parameters:
Diagnostic Interrupt Activated/deactivated Static Module
Module Parameters for a Supply Group:
Sensor Supply via Activated/deactivated Static Supply group
Module
Short-circuit test Activated/deactivated (only if Static Supply group
"Sensor Supply via Module" is
activated)
For Single Channels or Channel Pairs:
Activated Activated/deactivated Static Channel
Time-of-day stamp
Time stamp Activated/deactivated Static Module
Edge evaluation Falling edge 1 -> 0/ Static Module
incoming rising edge 0 -> 1(only if "time
stamp" is activated)

9-12 A5E00085586-08
Digital Modules
Below you can find the wiring diagrams and the parameter assignment of SM 326;
DI 24 × DC 24V for
• Application 2: standard mode with high availability
Wiring Diagram for Application 2 – Connecting a Sensor to One Channel

One sensor is connected via a single channel to the two digital modules for
each process signal. The sensors must be supplied via an external sensor supply.
1L+
1M
Vs L+
Digital input DI
module
1L+
1M
Vs
M
Digital input DI
module
a sensor to one channel

A5E00085586-08 9-13
Digital Modules
Wiring Diagram for Application 2 – Connecting Two Redundant Sensors to

One Channel
Two redundant sensors are connected via one channel to the two digital modules
for each process signal. The sensors can also be supplied via an external sensor
supply.
1L+
1M
Vs
Digital input DI
module
Acquires the same process
1L+
variable with mechanically
separated sensors
1M
Vs
Digital input DI
module
Figure 9-9 Wiring diagram for SM 326; DI 24 × DC 24V; for application 2 – Connecting two
redundant sensors to one channel
Table 9-4 Parameters SM 326; DI 24 DC 24V× for application 2

"Parameter" tab
Operating mode Standard Mode Static Module
Module Parameters:
Sensor Supply via • deactivated (with single-channel Static Supply group
Module sensor)
• activated/deactivated
(with redundant sensor)
activated)
Time-of-day stamp

9-14 A5E00085586-08
Digital Modules

"Redundancy" Tab
Redundancy Two Modules Static Module
Redundant module (Selection of an existing additional Static Redundant
module of the same type) module pair
Discrepancy Time 10 to 30000 ms Static Redundant
module pair
Reaction after • Connect "AND" signals Static Redundant
discrepancy • Connect "OR" signals module pair
• Use last valid value
* For a redundant configuration in the standard mode, there are two digital values which you have to
evaluate in the standard user program.
Below you can find the wiring diagram and the parameter assignment of the
SM 326; DI 24 × DC 24V; digital module for:
• Application 3: safety mode, SIL 2 (AK 4, Category 3)
Wiring Diagram for Application 3 – Connecting a

One-channel Sensor to One Channel
One sensor is connected via one channel (1oo1 evaluation) for each process
signal. The sensors can also be supplied via an external sensor supply.
1L+
1M
Vs
Digital input DI
module
Figure 9-10 Wiring diagram for SM 326; DI 24 × DC 24V; for application 3 – Connecting one
sensor to one channel
Warning
! A suitable sensor is required to attain SIL 2 wiring (safety level AK 4, category 3)
with this interface module.

A5E00085586-08 9-15
Digital Modules
Parameter Value Range in Safety Mode Type Effective in

"Parameter" tab
Operating mode Safety Mode Static Module
F-Parameter:
F-monitoring time 10 to 10000 ms Static Module
Module Parameters:
Module
activated)
Evaluation of 1oo1 Evaluation Static Channel/channel
sensors pair
Time-of-day stamp

9-16 A5E00085586-08
Digital Modules
9.3.6 Application 4: Safety Mode, SIL 2 (AK 4, Category 3) with High

Availability (only in S7 F/FH Systems)
Below you can find the wiring diagrams and the parameter assignment of SM 326;
DI 24 × DC 24V; digital module for:
• Application 4: safety mode, SIL 2 (AK 4, Category 3) with fault tolerance
Wiring Diagram for Application 4 – Connecting One Sensor to One Channel

One sensor is connected via a single channel (1oo1 evaluation) to the two digital
modules for each process signal. The sensors must be supplied via an external
sensor supply.
1L+
1M
Vs L+
Digital input DI
module
1L+
1M
Vs
M
Digital input DI
module
Figure 9-11 Wiring diagram for SM 326; DI 24 × DC 24V; for application 4 – Connecting one
sensor to one channel
Warning

A5E00085586-08 9-17
Digital Modules
Wiring Diagram for Application 4 – Connecting Two Redundant Sensors to One

Channel
Two redundant sensors are connected via one channel (1oo1 evaluation) to two
digital modules for each process signal. The sensors can also be supplied via an
external sensor supply.
1L+
1M
Vs
Digital input DI
module
1L+
separated sensors
1M
Vs
Digital input DI
module
Figure 9-12 - Wiring diagram for the SM 326; DI 24 × DC 24V; for application 4 – Connecting
two redundant sensors to one channel
Warning

9-18 A5E00085586-08
Digital Modules

"Parameter" tab
F-Parameter:
Module Parameters:
Module
activated)
Evaluation of 1oo1 Evaluation Static Channel
sensors
Time-of-day stamp
"Redundancy" Tab
module pair

A5E00085586-08 9-19
Digital Modules
Below you can find the wiring diagrams and the parameter assignment of the
Internal Sensor Supply If a Sensor Is Connected to the Module
Note
Generally, if you connect one sensor to two inputs of a module and you use the
internal sensor supply of the module, you have to use the sensor supply of the
left half of the module 1Vs (Pin 4) or 2VS (Pin 11) .
Wiring Diagram for Application 5 – Connecting One Sensor to One Channel

A sensor is connected via one channel to two opposite inputs in the digital
module (1oo2 evaluation) for each process signal. The sensors can also be
supplied via an external sensor supply.
1L+
Digital input
module 1M
Vs
DI
left: Channels 0...11
right: Channels 0...11 DI
one sensor to one channel
Warning

9-20 A5E00085586-08
Digital Modules
Wiring Diagram for Application 5 – Connecting a Non-equivalent Sensor to Two

Non-equivalent Channels
A non-equivalent sensor is connected via 2 antivalent channels to two opposite
inputs in the digital module (1oo2 evaluation) for each process signal. The sensors
can also be supplied via an external sensor supply. The left channels on the
module supply the user signals.
This means, if no errors are detected, these signals will be available in the I/O area
for inputs in the F-CPU.
1L+
Digital input
module 1M
Vs
DI
left: Channels 0...11
right: Channels 0...11 DI
Figure 9-14 Wiring diagram for SM 326; DI 24 × DC 24V; for application 5 – Connecting a
non-equivalent sensor to two non-equivalent channels
Warning

A5E00085586-08 9-21
Digital Modules
Wiring Diagram for Application 5 – Connecting Two One-channel Sensors to Two

Non-equivalent Channels
For each process signal, two one-channel sensors are connected to two opposite
inputs in the digital module (1oo2 evaluation) via two non-equivalent channels.
The sensors can also be supplied via an external sensor supply. The left channels
on the module supply the user signals. This means, if no errors are detected, these
signals will be available in the I/O area for inputs in the F-CPU.
1L+
Digital input
module 1M
Vs
DI Acquires the same process

left: channel 0...11*
right: channel 0...11 Vs separated sensors
DI
* The left channels supply the user signals
one-channel sensors to two non-equivalent channels
Warning

9-22 A5E00085586-08
Digital Modules
Wiring Diagram for Application 5 – Connecting a Two-channel Sensor to

Two Channels
A two-channel sensor is connected via two channels to two opposite inputs in the
digital module (1oo2 evaluation) for each process signal. The sensors can also be
supplied via an external sensor supply.
1L+
Digital input
module 1M
Vs
DI
left: channel 0...11
Sensor contacts are
right: channel 0...11 Vs connected mechanically
DI
two-channel sensor to two channels
Warning
Wiring Diagram for Application 5 – Connecting Two One-channel Sensors to Two

Channels
Two one-channel sensors are connected via two channels to two opposite inputs
in the digital module (1oo2 evaluation) for each process signal. The sensors can
also be supplied via an external sensor supply.
1L+
Digital input
module 1M
Vs
DI variable with mechanically
separated sensors
right: channel 0...11 Vs
DI
one-channel sensors to two channels
Warning

A5E00085586-08 9-23
Digital Modules
Table 9-7 SM 326 DI 24 parameter; DI 24× DC 24V of application 5

"Parameter" tab
F-Parameter:
Module Parameters:
Module
activated)
Activated Activated/deactivated Static Channel Pair
Evaluation of 1oo2 evaluation Static Channel Pair
sensors
Type of Sensor • 2-chann. equiv. Static Channel Pair
Circuit (for figures 9-16, 9-17)
• 2-chann. non-equiv.
(for figures 9-14, 9-15)
• 1-chann. (for figure 9-13)
Discrepancy (only for 2-chann.) Static Channel Pair
Behavior • provide last valid value.
• "Provide 0 value"
Discrepancy Time 10 to 30000 ms (2-Chann. only) Static Channel Pair
Time-of-day stamp

9-24 A5E00085586-08
Digital Modules

Below you can find the wiring diagrams and the parameter assignment of the
Internal Sensor Supply If a Sensor Is Connected to the Module
Note
Generally, if you connect one sensor to two inputs of a module and you use the
internal sensor supply of the module, you have to use the sensor supply of the
left half of the module 1Vs (Pin 4) or 2VS (Pin 11) .
Wiring Diagram for Application 6 – Connecting Two Redundant, One-channel

Sensors to One Channel
Two redundant, one-channel sensors are required for each process signal. One
sensor is connected via a single channel to two opposite inputs in the digital
module (1oo2 evaluation) for each module. The sensors can also be supplied via
an external sensor supply.
1L+
Digital input
module 1M
Vs
DI
right: channel 0...11 DI
1L+ variable with mechanically
Digital input separated sensors
module 1M
Vs
DI
two redundant, one-channel sensors to one channel
Warning

A5E00085586-08 9-25
Digital Modules
Wiring Diagram for Application 6 – Connecting Two Redundant, Non-equivalent

Sensors to Two Non-equivalent Channels
Two redundant, non-equivalent sensors are required for each process signal. One
non-equivalent sensor is connected to two opposite inputs in the digital module
(1oo2 evaluation) for each module. The sensors can also be supplied via an
external sensor supply. The left channels on the module supply the user signals.
This means, if no errors are detected, these signals will be available in the I/O area
for inputs in the F-CPU.
1L+
Digital input
module 1M
Vs
DI
left: channel 0...11* **

Digital input
separated sensors
module 1M
Vs
DI
left: channel 0...11* **
right: channel 0...11
DI

** alternatively, you can connect two single-channel sensors (see figure 9-15)
two redundant, non-equivalent sensors to two non-equivalent channels
Warning

9-26 A5E00085586-08
Digital Modules
Wiring Diagram for Application 6 – Connecting a Two-channel Sensor to Two

Channels
A two-channel sensor is connected via 2 channels to the two digital modules (1oo2
evaluation) for each process signal. The sensors must be supplied via an external
sensor supply.
1L+
Digital input L+
module 1M
L+
DI
right: channel 0...11 DI *
1L+
Digital input
M M
module 1M
DI
* Sensor contacts are connected mechanically; alternatively you can connect two single-channel
sensors (see figure 9-17)
two-channel sensor to two channels
Warning

A5E00085586-08 9-27
Digital Modules
Wiring Diagram for Application 6 – Connecting Two Two-channel, Redundant

Sensors to Two Channels
Two two-channel, redundant sensors are required for each process signal. One
sensor is connected via 2 channels to two opposite inputs in the digital module
(1oo2 evaluation) for each module. The sensors can also be supplied via an
external sensor supply.
1L+
Digital input
module 1M
Vs
DI
right: channel 0...11 *
Vs
DI
Digital output separated sensors
module 1M
Vs
DI
right: channel 0...11 *
Vs
DI
* Sensor contacts are mechanically connected; alternatively, you can connect two single-
channel sensors (see figure 9-17)
two-channel redundant sensors to two channels
Warning

9-28 A5E00085586-08
Digital Modules

"Parameter" tab
F-Parameter:
Module Parameters:
Module
activated)
Activated Activated/deactivated Static Channel Pair
Evaluation of sensors 1oo2 evaluation Static Channel Pair
Type of Sensor • 2-chann. equiv. Static Channel Pair
Circuit (for figures 9-20, 9-21)
• 2-chann. non-equiv.
(for figure 9-19)
• 1-chann. (for figure 9-18)
Discrepancy (only for 2-chann.) Static Channel Pair
Behavior • provide last valid value.
• "Provide 0 value"
Discrepancy Time 10 to 30000 ms (2-Chann. only) Static Channel Pair
Time-of-day stamp
"Redundancy" Tab
module pair

A5E00085586-08 9-29
Digital Modules
9.3.9 Diagnostic Messages for the SM 326; DI 24 × DC 24V
Possible Diagnostic Messages

The following table gives you an overview of the diagnostic messages of the
SM 326; DI 24 × DC 24V.
Diagnostic messages are assigned either to one channel or to the entire module.
Some diagnostic messages occur only in particular use cases.
Table 9-9 SM 326 DI 24; DI 24× DC 24V
Diagnostic message Relevant Effective Configu-

Application Range of rable
Diagnostic
Internal short circuit or sensor supply
defective
Short circuit to L+ on the unswitched sensor
line (contact open)
Short circuit to ground or sensor supply 1, 2, 3, 4, 5, 6 Channel Yes
defective
Short circuit to sensor supply line on
unswitched sensor line (contact open)
Short circuit on unswitched sensor line
(contact open)
Discrepancy error 5, 6
(1oo2 evaluation)
Missing external auxiliary supply
Module not assigned parameters
Wrong parameters on module
Communication error
Module-internal supply voltage failed
Time monitoring responded (watchdog)
EPROM fault 1, 2, 3, 4, 5, 6 Module No
RAM fault
Processor failure
Parameter assignment error
(with consecutive number)
Internal error in the read circuit/test circuit 1, 2, 3, 4, 5, 6 Channel
Error in the cyclic redundancy check (CRC) Module
Monitoring time for data message frame 3, 4, 5, 6
exceeded
Message frame error during non fail-safe 1,2 Module
communication

9-30 A5E00085586-08
Digital Modules
Short Circuit to M and L+

The internal short-circuit tests are carried out as follows:
• Short circuit to chassis ground is always tested, regardless of the configuration.
• Short circuit to L+ is only tested when sensor supply via module or internal
supply and short-circuit test are configured in HW Config.
Causes of Errors and Remedies

You can find the possible causes for faults and the corresponding remedies for the
individual diagnostic messages of the SM ; DI × DC 24V; with diagnostic interrupt
in the subsequent tables.
Table 9-10 Diagnostic messages and their remedies for the SM 326; DI 24 × DC 24V
Diagnostic message Possible Causes Remedies

Internal short circuit or Internal fault of the sensor supply Replace module
sensor supply defective
Short circuit to L+ on the Short circuit to L+ on the unswitched Eliminate short circuit
unswitched sensor line sensor line (contact open)
(contact open)
Short circuit to ground or Short circuit of the input to M Eliminate short circuit
sensor supply defective Internal fault of the sensor supply Replace module
Short circuit on the Short circuit between the unswitched Eliminate short circuit
unconnected sensor line sensor line (contact open) and the
(contact open) to the sensor sensor supply line
supply line
Short circuit or wire break Short circuit to M of the unconnected Eliminate short circuit
on unswitched sensor line sensor line
(contact open) Interruption in the wire between the Reestablish the connection
module and the sensor
Discrepancy error Faulty process signal Check process signal, replace
1oo2 evaluation Defective sensor sensor if necessary
Short circuit between the unswitched Eliminate short circuit
sensor line (contact open) and the
sensor supply line
Wire break on the switched sensor line Eliminate broken wire
(contact closed) or on the sensor
supply line
Assigned discrepancy time too short Check the assigned discrepancy
time
Missing external auxiliary Supply voltage L+ for module missing Feed in supply L+
supply
Module not assigned No parameters transferred to the Reassign module parameters
parameters module
Wrong parameters on Incorrect parameters transferred to the Reassign module parameters
module module

A5E00085586-08 9-31
Digital Modules

Communication error Communication problem between the Check the PROFIBUS connection
CPU and the module due, for example Eliminate the interference
to a defective PROFIBUS connection
or to impermissibly high
electromagnetic interference
Monitoring time for safety frame Check the parameterization of the
exceeded monitoring time
Test value error (CRC) due, for Eliminate the interference
example, to impermissibly high
CPU has gone into STOP Read out diagnostic buffer
Module-internal supply Internal fault of the L+ supply voltage Replace module
voltage failed
Time monitoring responded Overload due to diagnostic request Reduce the number of diagnostic
(watchdog) (SFCs) requests
Impermissibly high electromagnetic Eliminate the interference
interference
Module Defect Replace module
EPROM fault Impermissibly high electromagnetic Eliminate the interference and
RAM fault interference switch the supply voltage off/on
Processor failure Impermissibly high electromagnetic Eliminate the interference
interference
Parameter assignment error Error in dynamic parameter Check the parameter assignment
(with consecutive number) assignment in the user program
If necessary, contact SIMATIC
Customer Support
Internal error in the read Module Defect Replace module
circuit/test circuit
Error in the cyclic Test value error during communication Eliminate the interference
redundancy check (CRC) between the CPU and the module due,
for example, to impermissibly high
electromagnetic interference or due to
watchdog monitoring errors
Monitoring time for data Configured monitoring time exceeded Check the parameterization of the
message frame exceeded monitoring time
Power-up of fail-safe signal module -
Message frame error during Enter the watchdog and/or the test Check the data frame for the "0"
non fail-safe communication value in the data frame entry for the watchdog and test
value

9-32 A5E00085586-08
Digital Modules
9.3.10 Technical Specifications - SM 326; DI 24 × DC 24V
Dimensions and Weight Permissible potential 75 V DC

Dimensions W ×H ×D (mm) 80 ×125 ×120 differences between the 60 V AC
Weight Approx. 442 g different circuits
Isolation tested with: DC500V/AC350V
Module-Specific Data
for 1 min
Reconfiguration in Run (CiR) – Yes or DC600V for 1s
possible
Current consumption
• Behavior of non- Deliver the last valid
• From backplane bus max. 100 mA
configured inputs during process value
• From the load voltage 1L+/ max. 450 mA
CiR before the
2L+ (without load)
parameter
assignment Power loss of module type 10 W
Number of inputs Status, Interrupts,
• 1-channel 24 Diagnostics
• 2-channel 12 Status display Green LED per
Assigned address area channel
• In I/O for input 10 Byte Interrupts
• In I/O for output 4 Byte • Diagnostic Interrupt Assignable
Length of cable Diagnostic functions Assignable
• Unshielded 100 m, maximum • Group error display Red LED (SF)
• Shielded 200 m, maximum • Fail-safe mode display Green LED (SAFE)
Maximum achievable safety • Diagnostic information can
class in safety mode be displayed Possible
• In Accordance with SIL 3 Sensor Supply Outputs
IEC 61508 Number of outputs 4
• In Accordance with AK 6 Electrical isolation between Yes
DIN V 19250 channels and backplane bus
• In Accordance with Category 4 • In groups of 2
EN 954-1 Output voltage
Fail-safe performance SIL 2 SIL 3 • Loaded Minimum L+ (-1.5 V)
characteristics
Output current
• Low demand mode <1.00E-04 <1.00E-05 • Rated value 400 mA, typical
(average probability of
• Permitted Range 0 to 400 mA
failure on demand)
Additional redundant supply Permissible
• High demand/continuous <1.00E-08 <1.00E-09
mode (probability of a Short-circuit protection Yes, electronically
dangerous failure per Specifications for Sensor Selection
hour) Input voltage
Voltages, Currents, Potentials • Rated value 24V DC
Rated supply voltage of the 24V DC • At signal ”1” 11 to 30 V
electronic components and • At signal "0" - 30 to 5 V
sensors 1L+, 2L+ Input current
• Reverse polarity protection Yes • At signal ”1” 10 mA, typical
• Voltage failure bridging 5 ms Input characteristic In accordance with
(does not apply to sensor IEC 1131, Type 2
supply outputs) Connection of 2-wire proximity Possible if "With
Number of simultaneously switch short-circuit Test"
controllable inputs parameter is set to
• Horizontal installation 24 "no"
Up to 40 °C 24 (with 24 V) • Permissible quiescent Max. 2 mA
Up to 60 °C current
18 (with 28.8 V)
• Vertical installation 24
Up to 40 °C
Electrical isolation
• Between channels and Yes
backplane bus
• Between the channels
In groups of 12

A5E00085586-08 9-33
Digital Modules
Time, Frequency Acknowledgment Time

Internal preprocessing time • In safety mode with 1oo1 Max. 29 ms
(without input delay) for sensor evaluation
• Standard Mode Min. Max. • In safety mode with 1oo2 Max. 30 ms
sensor evaluation
• Safety mode SIL 2 (safety 6 ms 22 ms
level AK 4, category 3) Minimum sensor signal see table 6.1
6 ms 23 ms
duration
• Safety mode SIL 3 (safety
level AK 6, category 4) 6 ms 22 ms
Input delay
• From ”0” to ”1” 2,1 to 3,4 ms
• From "1" to "0" 2,1 to 3,4 ms

9-34 A5E00085586-08
Digital Modules
9.4 SM 326; DI 8 ×NAMUR
Order Number
6ES7 326-1RF00-0AB0
Features
SM 326; DI 8 ×NAMUR bit has the following features:
• SIMATIC S7 intrinsically safe digital module,
suitable for connecting signals from a hazardous area
• 8 single-channel inputs and 4 two-channel inputs isolated from one another
• 24V DC rated input voltage
• Suitable for the following sensors
- To DIN 19234 and NAMUR (with diagnostic evaluation)
- Switched mechanical contacts (with diagnostic evaluation)
• 8 short circuit-proof sensor supplies for 1 channel, isolated from one another
Warning
Adhering to Clearance in Air and Leakage Paths in Hazardous Areas
Note
For the digital input modules SM 326; DI 8 ×NAMUR, the L+/M infeed must be via
a wire chamber (order no. 6ES7 393-4AA10-0AA0) to meet the clearance for air
and leakage paths in hazardous areas (see chapter 9.4.2).

A5E00085586-08 9-35
Digital Modules
Address Assignment
Addressing of the
inputs in the
user program:
I x.0 0 4 I x.4
I x.1 1 5
I x.5
I x.2 2 6 I x.6
I x.3 3 7 I x.7
x = modules start addresses
Figure 9-22 Address assignment for SM 326; DI 8 × NAMUR
Front View
Common error Per channel (0 to 7):

indicator – red SF
SAFE
4 Status
Saftey mode indicator - green
indicator - green
0 4
Channel No.
1 5
Use of front connector

(behind the front door): for
connecting the inputs and
power supply
2 6
3 7
Figure 9-23 Front view of SM 326; DI 8 ×NAMUR:

9-36 A5E00085586-08
Digital Modules
Connectable Sensors
The following Figure shows the possible sensors and their connection to
SM 326; DI 8 × NAMUR.
10 k
Digital Digital
module module
1k
NAMUR sensor Switched contact with monitoring for

Monitoring for - Wire break
- Wire break - Short circuit
- Short circuit (resistances directly on the contact)
Figure 9-24 Connectable sensors of the SM 326; DI 8 ×NAMUR

The following Figure - shows the terminal assignment and block diagram of the
SM 326; DI 8 ×NAMUR.
Overvoltage 21 L+
protection 22 M 24 V
+ 8,2 V + 8,2 V
5 25
6 26
+ 8,2 V + 8,2 V
8 28
Status and
9 diagnostics 29
Logic and
backplane bus
interface
+ 8,2 V + 8,2 V
11 Test 31
12 32
+ 8,2 V + 8,2 V
14 34
15 35
SF SAFE Status
Address switch 0 ... 7
M M M
Figure 9-25 Connection and block diagram of the SM 326; DI 8 ×NAMUR

A5E00085586-08 9-37
Digital Modules
Channel Numbers
The inputs are identified uniquely by means of the channel numbers and the
channel-specific diagnostic messages are assigned.
In the 1oo2 evaluation of the sensors the number of channels is halved.
left right
Channel number: 1oo1 1oo2 1oo1 1oo2
0 4
1 5
2 6
3 7
Figure 9-26 Kchannel numbers for SM 326; DI 8 × NAMUR
9.4.2 Special Features when Wiring SM 326; DI 8 ×NAMUR for

Hazardous Areas
Wire Chamber for SM 326; DI 8 ×NAMUR in Hazardous Areas

Adhere to the note below when using SM 326; DI 8 ×NAMUR for explosive areas:
Note
In the case of the digital input module SM 326; DI 8 ×NAMUR; the L+/M infeed
must be via a wire chamber to adhere to the creepages and clearances in
hazardous areas.
Wire Chamber
Order number: 6ES7 393-4AA10-0AA0; 5 units
Wire chamber for screw type

Wedge for spring terminals
Wire chamber for spring terminals
Separator line (break):

Separate the three parts here
Figure 9-27 Wire chamber for SM 326; DI 8 ×NAMUR

9-38 A5E00085586-08
Digital Modules
Wire front connector for SM 326; DI 8 ×NAMUR in Hazardous Areas

Wire the 40-pin front connector as follows:
1. Fasten the supply lines in the terminals 21 (L+) and 22 (M) and lead them out
of the top (1).
2. Insert the wiring chamber into terminals (3 and 23) of the front connector (2).
Screw-type connection:
Then tighten the screws for terminals 3 and 23.
Spring-type connection
Use the supplied special key instead of the screwdriver to install the wire
chamber.
3. Wire the process wires and feed them out of the bottom of the module (3).
4. Do not forget to fit the enclosed strain-relief grip around the wires (4).
Result: This ensures a safely isolated connection between the wire chamber and
the front connector and thus meets the safety requirements to prevent explosions.
Wire chamber
of screw type terminal
Wire chamber
for spring terminals
3
4
Wedge for
spring terminals
Figure 9-28 Front connector wired for SM 326; DI 8 ×NAMUR

A5E00085586-08 9-39
Digital Modules
Minimum Thread Length for SM 326; DI 8 ×NAMUR in Hazardous Areas
Warning
! There must be a minimum thread length of 50 mm between the connections
with safe functional extra-low voltage and the intrinsically safe connections of the
SM 326; DI 8 ×NAMUR.This can be achieved within the front connector by using
a wire chamber.
The minimum thread length between the different modules may be violated in
some circumstances (for example, when explosion-proof and standard modules
are used together and the minimum thread length between live parts of explosion-
proof and standard modules is < 50 mm).
You can comply with the thread length requirements between the modules in the
following ways:
• Always insert the SM 326; DI 8 ×NAMUR into the ET 200M as the last module
(on the far right) on the rail. This will ensure that the thread length to the
module on the left is automatically correct because of the module width of the
SM 326; DI 8 ×NAMUR.
• If that is not possible, insert the DM 370 dummy module between the affected
intrinsically safe and standard modules.
• If you use the bus modules of the active backplane bus, you can also use the
intrinsically safe separation bar.
Warning
! When performing the wiring, you should always keep intrinsically safe wires
separate from wires that are not intrinsically safe. Lay them in separate ducts.
Additional Information about Hazardous Areas

You can find more information on the use of the DM 370 and the intrinsically safe
separation bar as well as the separation of wires that are intrinsically safe from
those that are not in the reference manual S7-300, M7-300, ET 200M
Programmable Controllers, I/O Modules with Intrinsically-Safe Signals.

9-40 A5E00085586-08
Digital Modules
9.4.3 Applications of SM 326; DI 8 ×NAMUR:

The following figure helps you to select an application according to the
requirements for high availability and availability. On the following pages you can
find out how to wire the module for each application and which parameters you
must set with STEP 7 using the S7 Distributed Safety or F Systems optional
package.
No
Safety mode?
Yes
SIL3
safety level?
SIL 2
(AK 4, Cat. 3)
Yes Yes Yes

No No No

Applications 1 to 6
1 2 3 4 5 6
See See See See See See
Figure 9-29 Selecting an application - SM 326; DI 8 ×NAMUR
Warning
! The achievable safety class is dependent on the quality of the sensor and the
magnitude of the proof-test interval in accordance with IEC 61508. If the quality of
the sensor is lower than the quality stipulated in the required safety class, the
sensor must be applied redundantly with a two-channel connection.

A5E00085586-08 9-41
Digital Modules
9.4.4 Application 1: Standard Mode and Application 3: Safety Mode

SIL 2 (Safety Level AK 4, Category 3)
SM 326; DI 8 × NAMUR for:
Wiring Diagram for Applications 1 and 3

A one-channel sensor (1oo1 evaluation) is connected via a single channel to the
digital modules for each process signal. The digital module provides the sensor
supply Vs.
L+
M
+ 8.2 V
Vs
Digital input DI
module
Figure 9-30 Wiring diagram for SM 326; DI 8 ×NAMUR for applications 1 and 3
Warning
Parameter Settings for Applications 1 and 3
Table 9-11 Parameters of SM 326; DI 8 ×NAMUR for applications 1 and 3
Parameter Range of Values in Type Effective

Safety Mode Standard Mode in
"Inputs" Tab
Enable diagnostic Yes/No Yes/No Static Module
interrupt
Safety Mode Yes No Static Module
Monitoring Time 10 to 10000 ms - Static Module
Sensor Evaluation 1oo1 Evaluation - Static Module
Group diagnostics Yes/No Yes/No Static Channel
"Redundancy" Tab
Redundancy None - Static Module

9-42 A5E00085586-08
Digital Modules
9.4.5 Application 2: Standard Mode with High Availability and

Application 4: Safety Mode SIL 2 (Safety Level AK 4, Category 3)
with High Availability (only in S7 F/FH Systems)

Two one-channel, redundant sensors are connected via one channel (1oo1
evaluation) to the two digital modules for each process signal. The respective
digital modules provide the sensor supply Vs.
L+
M
+ 8.2 V
Vs
Digital input DI
module
L+ variable with mechanically
separated sensors
M
+ 8.2 V
Vs
Digital input DI
module
Figure 9-31 Wiring diagram for SM 326; DI 8 ×NAMUR for applications 2 and 4
Warning

A5E00085586-08 9-43
Digital Modules
Parameter Settings for Applications 2 and 4
Table 9-12 Parameters of SM 326; DI 8 ×NAMUR for applications 2 and 4
Parameter Range of Values in Type Effective

"Inputs" Tab
interrupt
Safety Mode Yes No Static Module
Sensor Evaluation 1oo1 Evaluation - Static Module
"Redundancy" Tab
Redundancy Two Modules -* Static Module
Redundant module (Selection of an - Static Redundant
existing additional module
module of the same pair
type)
Discrepancy Time 10 to 30000 ms - Static Redundant
module
pair
* For a redundant configuration in the standard mode, there are two digital values which you have to
evaluate in the standard user program.

9-44 A5E00085586-08
Digital Modules
Wiring Diagram for Application 5

Two one-channel sensors are connected via two channels to two opposite inputs
in the digital module (1oo2 evaluation) for each process signal. The digital module
provides the sensor supply Vs. The left channels on the module supply the user
signals. This means, if no errors are detected, these signals will be available in the
I/O area for inputs in the F-CPU.
L+
Digital input
module M
+ 8,2 V
Vs
Opposite inputs for sensor
DI Acquires the same connection:
left: channel 0...3 process variable with
** mechanically separated
right: channel 0...3* 0 and 4
Vs sensors
1 and 5
DI 2 and 6
3 and 7

** alternatively, the sensor contacts can be connected mechanically
Figure 9-32 Wiring diagram for SM 326; DI 8 ×NAMUR for application 5
Warning

A5E00085586-08 9-45
Digital Modules
Table 9-13 Parameters of SM 326; DI 8 ×NAMUR for application 5
Parameter Value Range in Safety Type Scope of Action

Mode
"Inputs" Tab
Enable diagnostic Yes/No Static Module
interrupt
Safety Mode Yes Static Module
Monitoring Time 10 to 10000 ms Static Module
Sensor Evaluation 1oo2 evaluation Static Module
Group diagnostics Yes/No Static Channel
Discrepancy Time 10 to 30000 ms Static Channel
"Redundancy" Tab
Redundancy None Static Module


9-46 A5E00085586-08
Digital Modules
Wiring Diagram for Application 6

Four one-channel, redundant sensors are connected via two channels (1oo2
evaluation) to the two digital modules for each process signal. The sensor contacts
of the sensor each lead to opposite inputs of the same digital module. The
respective digital modules provide the sensor supply Vs. The left channels on the
module supply the user signals. This means, if no errors are detected, these
signals will be available in the I/O area for inputs in the F-CPU.
L+
Digital input
module M
+ 8,2 V
Vs
DI connection:
left: channel 0...3
** 0 and 4
right: channel 0...3* Vs 1 and 5
2 and 6
DI 3 and 7
L+ Acquires the same process

Digital input variable with mechanically
module M separated sensors
+ 8.2 V
Vs
DI connection:
left: channel 0...3
** 0 and 4
right: channel 0...3* Vs 1 and 5
2 and 6
DI 3 and 7

** alternatively, the sensor contacts can be connected mechanically
Figure 9-33 Wiring diagram for SM 326; DI 8 ×NAMUR for application 6
Warning

A5E00085586-08 9-47
Digital Modules
Table 9-14 Parameters of SM 326; DI 8 ×NAMUR for application 6
Parameter Value Range in Safety Mode Type Scope of Action

"Inputs" Tab
interrupt
Safety Mode Yes Static Module
Monitoring Time 10 to 10000 ms Static Module
Sensor Evaluation 1oo2 evaluation Static Module
Discrepancy Time 10 to 30000 ms Static Channel
"Redundancy" Tab
Redundant module (Selection of an existing Static Redundant
additional module of the same module pair
type)
module pair

9-48 A5E00085586-08
Digital Modules
9.4.8 Diagnostic Messages for SM 326; DI 8 ×NAMUR:

SM 326; DI 8 × NAMUR.
Some diagnostic messages occur only in particular applications.
Table 9-15 Diagnostic messages of SM 326; DI 8 ×NAMUR
Diagnostic message Relevant Effective Configur-

Application Range of able
Diagnostic
Wire break or internal error in sensor supply
Short circuit between sensor line and sensor
supply line 1, 2, 3, 4, 5, 6 Channel Yes
Internal error in read circuit/test circuit or No

defective sensor supply
Discrepancy error 5, 6 Channel Yes
(1oo2 evaluation)
Communication error
EPROM fault 1, 2, 3, 4, 5, 6 Module
RAM fault No
Processor failure
Error in the cyclic redundancy check (CRC)
Monitoring time for data message frame 3, 4, 5, 6 Module
exceeded
Message frame error during non fail-safe 1, 2 Module
communication

A5E00085586-08 9-49
Digital Modules

In the following table, you find the possible causes of faults and the corresponding
remedies for the individual diagnostic messages of the SM 326, DI 8 × NAMUR.
Table 9-16 Diagnostic messages and their remedies for SM 326; DI 8 ×NAMUR

Wire break or internal fault Interruption of the wire between the Reestablish the connection
of the sensor supply module and the NAMUR sensor
With contacts as sensors: Insert 10 kΩ series resistor
10 kΩ series resistor directly above the directly above the contact
contact is missing or interrupted
Channel is not connected (open) Disable the "Group Diagnosis"
parameter for the channel
Internal fault of the sensor supply Replace module
Short circuit between the Short circuit between the two sensor Eliminate short circuit
sensor line and the sensor lines
supply line
Discrepancy error Faulty process signal Check the process signal; replace
1oo2 evaluation Defective NAMUR sensor the NAMUR sensor, if necessary
Short circuit between the unswitched Eliminate short circuit
sensor line (contact open) and the
sensor supply line
Wire break on the switched sensor line Eliminate broken wire
(contact closed) or on the sensor
supply line
Assigned discrepancy time too short Check the assigned discrepancy
time
Missing external auxiliary Supply voltage L+ for module missing Feed in supply L+
supply
Module not assigned No parameters transferred to the Reassign module parameters
parameters module
Wrong parameters on Incorrect parameters transferred to the Reassign module parameters
module module
The setting of the logical module Correct the address setting and
address in STEP 7 does not set the parameters the module
correspond to the setting of the again
address switch on the module.
Communication error Communication problem between the Check the PROFIBUS connection
CPU and the module due, for example Eliminate the interference
to a defective PROFIBUS connection
or to impermissibly high
Monitoring time for data frame Check the parameterization of the

9-50 A5E00085586-08
Digital Modules

Module-internal supply Internal fault of the L+ supply voltage Replace module
voltage failed
Time monitoring responded Overload due to diagnostic request Reduce the number of diagnostic
(watchdog) (SFCs) requests
Impermissibly high electromagnetic Eliminate the interference
interference
EPROM fault Impermissibly high electromagnetic Eliminate the interference and
RAM fault interference switch the supply voltage off/on
Internal error in read Module Defect Replace module
circuit/test circuit or
Processor failure Impermissibly high electromagnetic Eliminate the interference
interference
Parameter assignment error Error in dynamic parameter Check the parameter assignment
(with consecutive number) assignment in the user program
If necessary, contact SIMATIC
Customer Support
Error in the cyclic Test value error during communication Eliminate the interference
redundancy check (CRC) between the CPU and the module due,
for example, to impermissibly high
electromagnetic interference or due to
watchdog monitoring errors
Monitoring time for safety Configured monitoring time exceeded Check the parameterization of the
frame exceeded monitoring time
Message frame error during Enter the watchdog and/or the test Check the data frame for the "0"
non fail-safe communication value in the data frame entry for the watchdog and test
value

A5E00085586-08 9-51
Digital Modules
9.4.9 Technical Specifications - SM 326; DI 8 ×NAMUR
Dimensions and Weight Permitted potential difference

Dimensions W × H × D (mm) 80 ×125 ×120 • Between different circuits 60 V DC
Weight Approx. 482 g [EEx] 30 V AC
Module-Specific Data • Between different circuits 75 V DC
[not EEx] 60 V AC
Number of inputs
Isolation tested with:
• 1-channel 8
• Channels against the 1500 VAC
• 2-channel 4
backplane bus and load
Assigned address area voltage L+ 500 V DC and
• In I/O for input 6 Byte • Load voltage L+ against the 350 V AC
• In I/O for output 4 Byte backplane bus
Length of cable • Chan. between each other 1500 VAC
• Shielded 200 m, maximum Current consumption
• Unshielded 100 m, maximum • From backplane bus 90 mA, maximum
Ignition protection type II(2)G [EEx ib] IIC to • From load voltage L+ 160 mA, maximum
EN 50020 (without load)
Test number KEMA 99 ATEX 2671 X Power loss of module 4.5 W, typical
Maximum achievable safety
Status, Interrupts, Diagnostics
class in safety mode Single-ch. Two-ch.
Status display Green LED per
• In Accordance with SIL 2 SIL 3
channel
IEC 61508
Interrupts
• In Accordance with AK 4 AK 6
DIN V 19250 • Diagnostic Interrupt Assignable
• In Accordance with Cat. 3 Cat. 4 Diagnostic functions Assignable
EN 954-1 • Group error display Red LED (SF)
Fail-safe performance SIL 2 SIL 3 • Fail-safe mode display Green LED (SAFE)
characteristics • Diagnostic information can
• Low demand mode be displayed Possible
<1.00E-04 <1.00E-05
(average probability of Sensor Supply Outputs
failure on demand) Number of outputs 8
• High demand/continuous <1.00E-08 <1.00E-09 Output voltage 8,2 VDC
mode (probability of a Short-circuit protection Yes, electronically
dangerous failure per
Safety Guidelines (See Conformity Description in
hour)
the Appendix)
Voltages, Currents, Potentials
Highest values of the input
Rated supply voltage of the 24V DC circuits (per channel)
electr. comp. and sensor L+
• U0 (Output open-circuit 10 V, maximum
• Reverse polarity protection Yes voltage)
• Voltage failure ride-through 5 ms • I0 (Short-circuit current) 13,9 mA, maximum
Number of simultaneously • P0 (Load power) Max. 33.1 mW
controllable inputs
• L0 (Permissible external Max. 80 mH
• Horizontal installation 8 induction)
Up to 60 °C
• C0 (Permissible external Max. 3 µF
• Vertical installation 8 capacity)
Up to 40 °C • Um (Fault voltage) Max. 60 V DC
Electrical isolation Max. 30 V AC
• Between channels and Yes • Ta (Permissible ambient Max. 60 °C
backplane bus temperature)
voltage supply of
electronics
• Between the channels Yes

9-52 A5E00085586-08
Digital Modules
Specifications for Sensor Selection Time, Frequency

Sensor To DIN 19234 and Internal preprocessing time Typically Max.
NAMUR (without input delay) for
Input current • Standard Mode 55 ms 60 ms
• At signal "0" 0.35 to 1,2 mA • Safety Mode 55 ms 60 ms
• At signal ”1” 2,1 to 7 mA Input delay
• From ”0” to ”1” 1,2 to 3 ms
• From "1" to "0" 1,2 to 3 ms
Acknowledgment Time
• in safety mode 68 ms, maximum
Minimum sensor signal Min. 38 ms
duration

A5E00085586-08 9-53
Digital Modules
9.5 SM 326; DO 8 × DC 24V/2A PM
Order Number
6ES7 326-2BF40-0AB0
Features
The SM 326; DO 8 × DC 24V/2A PM; has the following features:
• 8 outputs, isolated as two groups of 4
• P-M switching (current sourcing/sinking)
• 2 A output current
• 24V DC rated load voltage
• Suitable for solenoid valves, DC contactors, and indicator lights
• Common error display (SF)
• Safety mode indicator (SAFE)
• can be used in safety mode
• simplified PROFIsafe address assignment
Warning
Note
The SM 326; DO 8 × DC 24V/2A PM can be used locally in S7-300 with all
F-CPUs, however with
• CPU 315F-2 DP only as of order no. 6ES7 315-6FF01-0AB0, Firmware
version V2.0.9 and
• CPU 317F-2 DP only as of order no. 6ES7 317-6FF00-0AB0, Firmware
version V2.1.4

9-54 A5E00085586-08
Digital Modules
Connecting capacitive loads

The error message "Short circuit to L+ or output driver defective“ may occur when
the outputs SM 326; DO 8 × DC 24V/2A PM are connected to loads that require
little current and show a capacity. Reason: Capacities cannot be sufficiently
discharged during self-test readback time of 1°ms.
The following figure shows a typical curve representing the correlation between
load impendance and switched load capacitance for 24V DC power supply.
Figure 9-42 Correlation between load impedance and switched load capacitance for SM 326; DO 8 ×
24V/2A DC
Remedy:
1. Determine the load current and capacitance of the load.
2. Determine the operating point in the figure above.
3. If the operating point lies above the curve, do one of the following:
- Increase the load current by connecting a resistor in parallel to bring the
operating point below the curve or
- Use the output with series diodes

A5E00085586-08 9-55
Digital Modules
Address Assignment
Addressing of the
outputs in the user
program Q x.0 0 4 Q x.4
Q x.1 1
Q x.5
5
2 6 Q x.6
Q x.2
Q x.3 3 7 Q x.7
x = modules start address
Figure 9-34 Address assignment for SM 326; DO 8 × DC 24V/2A PM
Front View

SAFE
5 Status indicator –
Safety mode green
indicator – green
Bit address
Use of front connector (behind the

front door) for:
- Connection of outputs
- Power supply of the modules
- Load voltage supply of the outputs
Figure 9-35 Front View of the SM 326; DO 8 × DC 24V/2A PM; with Diagnostic Interrupt

9-56 A5E00085586-08
Digital Modules

SM 326; DO 8 × DC 24V/2A PM.
dsfs
Overvoltage 21 1L+
protection 22 1M 24 V
5 Diagnostic status
6
25
8 26
Diagnostic switch
9
28
11 29
P switch
12
Logic and 31
14 backplane Read back 32
15 bus
interface 34
35
M switch
2L+ 17 37 3L+
2L+ 18 Read back 38 3L+
2M 19 39 3M
2M 20 40 3M
SAFE Status
Address switch SF
(1 of 8)
M M M
Figure 9-36 Terminal assignment and block diagram of the SM 326; DO 8 × DC 24V/2A PM
Channel Numbers
The outputs are identified uniquely by means of the channel numbers and the
Channel number: left right
0 4
1 5
2 6
3 7
Figure 9-37 Channel numbers for SM 326; DO 8 × DC 24V/2A PM Applications of SM 326;

DO 8 × DC 24V/2A PM

A5E00085586-08 9-57
Digital Modules
9.5.2 Applications of the SM SM 326; DO 8 × DC 24V/2A PM

The following figure helps you to select a use case according to the requirements
for high availability and availability.On the following pages you can find out how to
wire the module for each application and which parameters you must set with
STEP 7 using the S7 Distributed Safety or F Systems optional package.
SIL3
safety level?
SIL 2
(AK 4, Cat. 3)
SIL 2 SIL 3
Safety mode Safety mode
Applications 1 and 2
1 2
See See
Chapt. 9.5.3 Chapt. 9.5.3
Figure 9-38 Selecting an Application - SM 326; DO 8 × DC 24V/2A PM

9-58 A5E00085586-08
Digital Modules
9.5.3 Application 1: Safety Mode SIL 2 (Safety Level AK 4, Category 3)

and Application 2: Safety Mode SIL 3
(Safety Level AK 6, Category 4)
SM 326; DO 8 × DC 24V/2APM for:
Diagnostic messages, possible causes and remedies can be found in Tables 9-18
and 9-19.
The 8 fail-safe digital outputs each consist of a P-switch DOx P (current sourcing)
and an M-switch DOx M (current sinking). The load is connected between the P
and M-switches.
00
1L+
1M
DOx P
DOx M
2L+
Digital output 2M
module
Figure 9-39 Wiring diagram for SM 326; DO 8 × DC 24V/2A PM for applications 1 and 2

A5E00085586-08 9-59
Digital Modules
Connection of Two Relays on One Digital Output

You can connect two relays using one fail-safe digital output. The following
conditions should be kept in mind:
• L+ and M of the relays must be connected to L2+ and M of the module
(reference potential must be equal).
• The normally open contact of the two relays must be connected in series.
A connection to each of the 8 digital outputs is possible.An example of the
connection of an output is shown in the figure below. This connection enables
AK6/SIL3/Category 4 to be achieved.
00
1L+
1M
DOx P
DOx M
2L+
Digital output 2M
module
Figure 9-40 Wiring diagram 2 relays on one digital output of SM 326;

DO 8 × DC 24V/2A PM
Warning
! To avoid cross circuits between P and M-switches of a fail-safe digital output, you
should connect the relay on the between P and M-switches to protect against
cross circuits (for example with cables separately sheathed or in a separate cable
duct).
Warning
! When connecting two relays on one digital output, the errors "wire break“ and
"overload" are detected only on the P-switch of the output (not on the M-switch).
The controlled actuator can no longer be switched off when there is a cross circuit
between the P and M-switches of the output.

9-60 A5E00085586-08
Digital Modules
Avoiding/Protecting against Cross Circuits between P and M-Switches

To protect against cross circuits between P and M-switches of a fail-safe digital
output, we recommend the following wiring schemes:
00
1L+
1M
DOx P
DOx M
2L+
Digital output 2M
module
Figure 9-41 Wiring diagram 2 relays on one digital output of SM 326;

DO 8 × DC 24V/2A PM – Protection against cross circuits
Note
The "wire break“ fault is only detected at the P or M-switch of the output when the
two P or M relays are separated.

A5E00085586-08 9-61
Digital Modules
Parameter Settings for Applications , 1 and 2
Table 9-17 Parameters of SM 326; DO 8 × DC 24V/2A PM for applications 1 and 2
Parameter Range of Values Type Effective in
"Parameter" tab
F-Parameter:
Module Parameters:
Diagnostics: Wire break Activated/deactivated Static Channel

9-62 A5E00085586-08
Digital Modules
9.5.4 Diagnostic Messages for SM 326; DO 8 × DC 24V/2A PM

SM 326; DO 8 × DC 24V/2A PM.
Table 9-18 Diagnostic messages of the SM 326; DO 8 × DC 24V/2A;
Diagnostic message Relevant Effective Configu-

Application Range of rable
Diagnostic
Wire break
DOx_P Short circuit to ground at the output
or output driver defective 1, 2 Channel Yes
DOx_M Short circuit to ground at the output
or output driver defective
DOx_P Short circuit to L+ at the output or
output driver defective
DOx_M Short circuit to L+ at the output or
output driver defective
Communication error
Watchdog operated
EPROM fault
RAM fault
Internal error in read circuit/test circuit or
defective sensor supply 1, 2 Module No
Processor failure
External load voltage missing
Short circuit DOx_P to DOx_M
Defective output driver
Excess temperature at output driver
Load voltage not connected
Defective load voltage or not connected
Monitoring time for data message frame 1, 2 Module
exceeded

A5E00085586-08 9-63
Digital Modules

You will find the possible causes of faults and the corresponding remedies for the
individual diagnostic messages of the SM 326, DO 8 × DC 24V/2A PM.
Table: 9-19 Diagnostic messages and their remedies for the SM 326; DO 8 ×DC 24V
Diagnostic Error Possible Causes Remedies

message Detection
Wire break General Interruption in the wire between the Reestablish the
module and the actuator connection
Channel not connected (open) or Disable "Group diagnosis"
unused for the channel
Short circuit to General Output overload Eliminate overload
ground at the output Short circuit at M output to M of the Eliminate short circuit
or output driver module supply Module reset necessary
defective
(supply voltage 1L+ off/on)
Undervoltage of the load voltage Check the load voltage
supply supply
Defective output driver Replace module
Short circuit to L+ at General Short circuit of the output to L+ of the Eliminate short circuit
the output or output module supply Module reset necessary
driver defective (supply voltage 1L+ off/on)
Short circuit between channels with Eliminate short circuit
different signals Module reset necessary
Defective output driver Replace module
Short circuit to the General Short circuit to the load Eliminate short circuit
load or output driver Module reset necessary
defective (supply voltage 1L+ off/on)
Defective output General Module Defect Replace module
driver Short circuit to the output Eliminate short circuit
Module reset necessary
Excess temperature General Output overload Eliminate overload
at output driver Internal error of the output driver Replace module
External load voltage General The 1L+ supply voltage of the Feed the 1L+ supply
missing module is missing
Module-internal General Internal fault of the 1L+ supply Replace module
supply voltage failed voltage
Module not assigned General No parameters transferred to the Reassign module
parameters module parameters

9-64 A5E00085586-08
Digital Modules

message Detection
Defective load General Load voltage 2L+, 3L not connected Feed supply 2L+, 3L+
voltage or not External fault of the load voltage Replace module
connected 2L+, 3L+
Short circuit between P and M Eliminate short circuit
Wrong parameters General Wrong module Re-check, exchange, and
on module reassign parameters to
the module
Time monitoring General Overload due to diagnostic request Reduce the number of
responded (SFCs) diagnostic requests
(watchdog) Impermissibly high electromagnetic Eliminate the interference
interference
Loss of General Communication problem between Check the PROFIBUS
communication the CPU and the module due, for connection
example to a defective PROFIBUS Eliminate the interference
connection or to impermissibly high
Monitoring time for data frame Check the
exceeded parameterization of the
monitoring time
EPROM fault General Impermissibly high electromagnetic Eliminate the interference
RAM fault interference and switch the supply
voltage off/on
Internal error in the General Module Defect Replace module
read circuit/test
circuit
Processor failure General Impermissibly high electromagnetic Eliminate the interference
interference
Parameter General Error in dynamic parameter Check the
assignment error assignment parameterization in the
(with consecutive user program. If
number) necessary, contact
SIMATIC Customer
Support
Error in the cyclic General Test value error occurred in the Eliminate the interference
redundancy check communication between the CPU
(CRC) and the module due, for example, to
impermissibly high electromagnetic
interference or due to watchdog
monitoring errors

A5E00085586-08 9-65
Digital Modules

message Detection
Monitoring time for General Configured monitoring time Check the
data message frame exceeded parameterization of the

9-66 A5E00085586-08
Digital Modules
9.5.5 Technical Specifications - SM 326; DO 8 × DC 24V/2A PM
Dimensions and Weight Electrical isolation

Dimensions W × H × D (mm) 80 ×125 ×120 • Between channels and Yes
backplane bus
Weight Approx. 465 g
voltage supply of
Number of outputs 8 electronics
Assigned address area • Between the channels Yes

In groups of 4
• In I/O for input 5 Byte
• In I/O for output 5 Byte Isolation tested with: DC500V/AC350V
for 1 min
Length of cable or DC600V for 1s
• Unshielded 50 m, maximum Current consumption
• Shielded 30 m, maximum • From backplane bus max. 100 mA
Maximum achievable safety • From the supply volt. 1L+ max. 75 mA
class in safety mode
• From the load voltage 2L+/ max. 100 mA
• In Accordance with SIL 3 3L+ (without load)
IEC 61508
Power loss of module typically 12 W
• In Accordance with AK 6
DIN V 19250 Status, Interrupts, Diagnostics
• In Accordance with Category 4 Status display Green LED per
EN 954-1 channel
Fail-safe performance SIL 2 SIL 3 Interrupts
characteristics • Diagnostic Interrupt Assignable
• Low demand mode <1.00E-05 <1.00E-05 Diagnostic functions Assignable
(average probability of
• Group error display Red LED (SF)
failure on demand)
• Fail-safe mode display Green LED (SAFE)
• High demand/continuous <1.00E-09 <1.00E-09
mode (probability of a • Diagnostic information can Possible
dangerous failure per hour) be read out
Voltages, Currents, Potentials Data for Selecting an Actuator

Rated supply voltage of the 24V DC Output voltage
electronic components 1L+ • At signal ”1” Min. L + (- 1.0 V)
• Reverse polarity protection Yes
Rated load voltage 2L+/3L+ 24V DC Output current
• Reverse polarity protection No • At signal ”1”
Total current of the outputs (per Rated value 2A
group) Permissible range up to 40° 7 mA to 2 A
• Horizontal installation C horizontal installation
Up to 40 °C Max. 7.5 A Permissible range up to 40° 7 mA to 1 A
Up to 60 °C Max. 5 A C vertical installation
• Vertical installation Permissible range up to 60° 7 mA to 1 A
Max. 5 A C horizontal installation
Up to 40 °C
• At signal ”0” (residual Max. 0.5 mA
current)
Load impedance range
• Up to 40 °C 12 Ωto 3,4 kΩ
• Up to 60 °C 24 Ωto 3,4 kΩ

A5E00085586-08 9-67
Digital Modules
Data for Selecting an Actuator (Continued)

Lamp load 5 W, maximum
Control of a digital input Not possible
Switching frequency
• With resistive load 30 Hz, maximum
• In the case of an inductive 2 Hz, maximum
load
To IEC 947-5-1, DC 13
• With lamp load 10 Hz, maximum
Inductive breaking voltage
limited (internally) to Minimum L+ (33 V)
Short-circuit protection of the Yes, electronically
output
• Response threshold 2.6 to 4.5 A
Time requirements for Actuator may not
actuators respond during dark
periods < 1 ms
(also see chapter 6.5)
Time, Frequency
Internal processing time for Min. Max.
Safety Mode 3 ms 10 ms
Acknowledgment Time
in safety mode Max. 14 ms

9-68 A5E00085586-08
Digital Modules
9.6 SM 326; DO 10 × DC 24V/2A
Order Number
6ES7 326-2BF01-0AB0
Features
The SM 326; DO 10 × DC 24V/2A has the following features:
• 10 outputs, isolated as two groups of 5
• 2 A output current
• 24V DC rated load voltage
• Suitable for solenoid valves, DC contactors, and indicator lights
• 2 connections per output
- One connection for single-channel actuator control (without series diode)
- One connection for redundant actuator control (with series diode)
• Configurable substitute value output in standard mode
Warning

A5E00085586-08 9-69
Digital Modules
Redundant Output Signals
Warning
! The output with a series diode can be used for redundant control of an actuator.
Redundant control can take place from 2 different modules without an external
circuit. The two signal modules must have the same reference potential (M).
Note
If you use 326; DO 10 × DC 24V/2A redundantly, you have to supply these F-SMs
with the same load voltage. If this is not possible with one power supply unit due to
availability, then use two redundant power supply units. Please note that the power
supply units must be connected via diodes.
Short circuit to L+ in a Redundant Interconnection
Warning
! Short circuit to L+ in SM 326; DO 10 × DC 24V/2A must be avoided by wiring in
accordance with standards.
In the event of a short circuit to L+ in a redundant interconnection on an output
with a series diode, the corresponding output may not be switched off and the
actuator remains activated.

9-70 A5E00085586-08
Digital Modules
Connecting capacitive loads

The error message "Short circuit to L+ or Defective output driver“ may occur when
the outputs without series diodes of the SM 326; DO 10 × DC 24V/2A are
connected to loads that require little current and show a capacity. Reason:
Capacities cannot be sufficiently discharged during self-test readback time of 1 ms.
The following figure shows a typical curves representing the correlation between
load impedance and switched load capacitance for a 24V DC power supply.
Capacitive in µF
Load current in mA
Figure 9-42 Correlation between load impedance and switched load capacitance for SM 326;
DO 10 × 24V/2A DC
Remedy:
1. Determine the load current and capacitance of the load.
4. Determine the operating point in the figure above.
5. If the operating point lies above the curve, do one of the following:
- Increase the load current by connecting a resistor in parallel to bring the
operating point below the curve or
- Use the output with series diodes

A5E00085586-08 9-71
Digital Modules
Address Assignment
0 5
1 6 Output byte x
(Q x.5 to Q x.7)
2 7
Output byte x
(Q x.0 to A x.4)
3 0
Output byte x+1
4 1
(Q x+1.0, Q x+1.1)
x = Modules start address
Figure 9-43 Address assignment for SM 326; DO 10 × DC 24V/2A
Front View

SAFE
6 Status indicator –
Safety mode green
indicator – green
Bit address
Use of front connector (behind the

front door) for:
3 - Connection of outputs
- Power supply of the modules
- Load voltage supply of the outputs
4
Figure 9-44 Front view of SM 326; DO 10 ×DC 24V /2 A

9-72 A5E00085586-08
Digital Modules

SM 326; DO 10 × DC 24V/2A PM.
dsfs
Overvoltage
21 1L+
protection 24 V
22 1M
3 23
Status
4 Output driver 24
6 26
7 27
M
9 29
10 30
Logic and
Main switch
12 backplane 32
bus
13 33
interface
Read back
15 35
16 36
24V 2L+ 17 37 3L+ 24V
2L+ 18 38 3L+
2M 19 Diagnostics 39 3M
2M 20 40 3M

M M
Figure 9-45 Terminal assignment and block diagram of the SM 326; DO 10 × DC 24V/2A
Channel Numbers
The outputs are identified uniquely by means of the channel numbers and the
Channel number: left right

0 5
1 6
2 7
3 0
4 1
Figure 9-46 Channel numbers for SM 326; DO 10 × DC 24V/2A

A5E00085586-08 9-73
Digital Modules
9.6.2 Applications for SM 326; DO 10 × DC 24V/2A

The following figure helps you to select the application in accordance with the
requirements in terms of fail safety and fault tolerance (availability). On the
following pages you can find out how to wire the module for each application and
which parameters you must set with STEP 7 using the S7 Distributed Safety or
F Systems optional package.
No
Safety mode?
Yes
SIL3
safety level?
SIL 2
(AK 4, Cat. 3)
Yes Yes Yes

Mlodule redundant? Module redundant? Module redundant?
No No No

Standard Standard Safety mode Safety mode
mode, fault Safety mode, Safety mode,
mode
tolerance fault fault
tolerance tolerance
Applications 1 to 6
1 2 3 4 5 6
Figure 9-47 Selecting an application - SM 326; DO 10 DC 24V/2A

9-74 A5E00085586-08
Digital Modules
Avoiding Dark Periods During Safety Mode
Warning
! If you are using actuators that respond too quickly exclusively during "dark
period" test signal injection (i..e. < 1 ms), you can still use the internal test
coordination by parallel-switching two opposite outputs (with a series diode) at a
time. The dark periods are suppressed in the case of parallel connection (see
chapter 9.6.5).
9.6.3 Application 1: Standard Mode, Application 3: Safety Mode SIL 2

(Safety Level AK 4, Category 3) and Application 5: Safety Mode
SIL 3 (Safety Level AK 6, Category 4)
SM 326; DO 10 × DC 24V/2A; for:
Wiring Diagram for Applications 1, 3 and 5

One actuator is connected via a single pin for each process signal. The load power
supply is connected to the digital module on terminals 2L+/2M, 3L+/3M.
1L+
1M
DO
2L+
Digital output 2M
module
Figure 9-48 Wiring diagram for the SM 326; DO 10 × DC 24V/2A; for applications 1,
3 and 5
Warning
duct).

A5E00085586-08 9-75
Digital Modules
Connection of Two actuators to 1 Digital Output

You can connect two actuators using one fail-safe digital output. The following
conditions should be kept in mind:
• L+ and M of the actuators must be connected to L2+ and M of the module
(reference potential must be equal).
The actuators can be connected to each of the 10 digital outputs. An example of
the connection of an output is shown in the figure below. This connection enables
AK6/SIL3/Category 4 to be achieved.
1L+
1M
DO
2L+
Digital output 2M
module
Figure 9-49 Wiring diagram 2 actuators on one digital output of SM 326;

DO 10 × DC 24V/2A
Warning
duct).

9-76 A5E00085586-08
Digital Modules
Parameter Settings for Applications 1, 3 and 5
Table 9-20 Parameter of the SM 326; DO 10 × DC 24V/2A; for applications 1, 3 and 5
Parameter Range of Values Type Effective in

Safety Mode Standard Mode
"Inputs" Tab
interrupt
mode • Safety mode in • Standard Mode Static Module
accordance with
SIL2/safety level
AK4
• Safety Mode in
Accordance with
SIL3/Safety Level
AK 6
Daily (or More Yes/No - Static Module
Frequent) Signal
Change
Behavior during - • Apply Substitute Static
CPU STOP Value Module
• Keep Last Valid
Value
Apply Substitute - Yes/No Static Channel
Value "1"
"Redundancy" Tab
Redundancy None - Static Module

A5E00085586-08 9-77
Digital Modules
9.6.4 Application 2: Standard Mode with High Availability and

Application 4: Safety Mode SIL 2 (Safety Level AK 4, Category 3)
with High Availability and Application 6: Safety Mode SIL 3
(Safety Level AK 6, Category 4) with High Availability
(only in S7 F/FH Systems)
SM 326; DO 10 × DC 24V/2A; for:
Wiring Diagram for Applications 2, 4 and 6

One actuator controlled redundantly by the two digital modules is required for each
process signal. The load power supply is connected to the relevant digital module
at terminals 2L+/2M, 3L+/3M.
1L+
1M
DO
2L+
Digital output 2M
module
1L+
1M
DO
2L+
Digital output 2M
module
Figure 9-50 Wiring diagram for the SM 326; DO 10 × DC 24V/2A;

for applications 2, 4 and 6

9-78 A5E00085586-08
Digital Modules
Parameter Settings for Applications 2, 4 and 6
Table 9-21 Parameter of the SM 326; DO 10 × DC 24V/2A;

for applications 2, 4 and 6
Parameter Range of Values Type Effective

"Inputs" Tab
interrupt
mode • Safety mode in • Standard Mode Static Module
accordance with
SIL2/safety level
AK4
• Safety Mode in
Accordance with
SIL3/Safety Level
AK 6
Daily (or More Yes/No - Static Module
Frequent) Signal
Change
Behavior during - • Apply Substitute Static
CPU STOP Value Module
• Keep Last Valid
Value
Apply Substitute - Yes/No Static Channel
Value "1"
"Redundancy" Tab
Redundancy Two Modules -* Static Module
Redundant (Selection of an - Static Redundant
module existing additional module
module of the same pair
type)
* In the standard mode in the event of a redundant configuration, there are two digital values which
you have to evaluate in the standard user program.

A5E00085586-08 9-79
Digital Modules
9.6.5 Parallel Connection of Two Outputs for Dark Period Suppression
Applications
Connecting two outputs in parallel to suppress a dark period is possible in all
applications in safety mode (3, 4, 5 and 6).
wiring diagram
Connect two opposite outputs with a series diode to an output. By interconnecting
them in this way and using an internal test coordination between outputs 0...4 and
5... 9, you suppress the "0" test pulse (dark period).
jhhjh
1L+
Digital output
module 1M
DO
3L+
right: 3M
channel 5...9
left:
channel 0...4
2L+
2M
Figure 9-51 Parallel connection of two outputs for the dark period suppression of
SM 326; DO 10 × DC 24V/2A
Assign parameters to the fail-safe signal modules as described for the various
applications on the previous pages. An additional parameter is not required for the
interconnection.
Make sure that the two interconnected outputs are always controlled identically
rather than one output on its own. A total of 4 outputs with a series diode are
required for a process signal in a redundant I/O system.

9-80 A5E00085586-08
Digital Modules
9.6.6 Diagnostic Messages of SM 326; DO 10 × DC 24V/2A

SM 326; DO 10 × DC 24V/2A.
Table 9-22 Diagnostic messages of the SM 326; DO 10 × DC 24V/2A
Diagnostic message Relevant Effective Con-

Application Range of figurable
Diagnostic
Wire break
Short circuit to ground at the output or output
driver defective 1, 2, 3, 4, 5, 6 Channel Yes
Short circuit to L+ at the output or output 1, 2, 3, 4, 5, 6 Module Yes

driver defective*
Communication error
EPROM fault, RAM fault
Internal error in read circuit/test circuit or
Processor failure 1, 2, 3, 4, 5, 6 Module
Parameter assignment error (with consecutive
number) No
External load voltage missing
Defective main switch
Defective output driver
Excess temperature at output driver
Load voltage not connected
Defective load voltage or not connected
Monitoring time for data message frame 3, 4, 5, 6 Module
exceeded
Message frame error during non fail-safe 1, 2 Module
communication
* The module is passivated. In the event of a repeated short-circuit, the module immediately switches
off itself with "Processor failure".

A5E00085586-08 9-81
Digital Modules

You can find the possible causes for faults and the corresponding remedies for the
individual diagnostic messages of the SM ; DO × DC 24V/2A; with diagnostic
interrupt in the subsequent tables.
Table -9-23 Diagnostic messages and their remedies for the SM 326; DO 10 × DC 24V/2A

message Detection
Wire break Only in the Interruption in the wire between the Reestablish the
event of "1" at module and the actuator connection
the output Channel is not connected (open) Disable "Group
or diagnosis" for the
during light channel
test* In the case of outputs with a series Eliminate short circuit
diode:
Short circuit of the output to 1L+ of
the module supply
In the case of outputs with a series Eliminate short circuit
diode:
Short circuit between channels with
different signals
Short circuit to Only in the Output overload Eliminate overload
ground at the output event of "1" at Short circuit of the output to M Eliminate short circuit
or output driver the output
defective Undervoltage of the load voltage Check the load voltage
or supply supply
during light Defective output driver Replace module
test*
Short circuit to L+ at Only in the Short circuit of the output to 1L+ of Eliminate short circuit
the output or output event of "1" at the module supply Module reset necessary
driver defective the output (supply voltage off/on)
without a series
diode Short circuit between channels with Eliminate short circuit
different signals Module reset necessary
or
(supply voltage off/on)
in the case of
an output with a Defective output driver Replace module
series diode
and an internal
L+ short circuit
Missing external General The 1L+ supply voltage of the Feed the 1L+ supply
auxiliary supply module is missing
Module not assigned General No parameters transferred to the Reassign module
parameters module parameters
Wrong parameters General Incorrect parameters transferred to Reassign module
on module the module parameters
* Light period occurs in SIL when the "Signal Changes Daily or More Often" parameter is deselected

9-82 A5E00085586-08
Digital Modules

message Detection
Module-internal General Internal fault of the 1L+ supply Replace module
supply voltage failed voltage
Time monitoring General Overload due to diagnostic request Reduce the number of
responded (SFCs) diagnostic requests
(watchdog) Impermissibly high electromagnetic Eliminate the interference
interference
Loss of General Communication problem between Check the PROFIBUS
communication the CPU and the module due, for connection
example to a defective PROFIBUS Eliminate the interference
connection or to impermissibly high
Monitoring time for data frame Check the
exceeded parameterization of the
monitoring time
CPU has gone into STOP Read out diagnostic
buffer
EPROM fault General Impermissibly high electromagnetic Eliminate the interference
RAM fault interference and switch the supply
voltage off/on
Internal error in the General Module Defect Replace module
read circuit/test
circuit
Processor failure General Impermissibly high electromagnetic Eliminate the problem,
interference remove and insert the
module again
Parameter General Error in dynamic parameter Check the
assignment error assignment parameterization in the
(with consecutive user program. If
number) necessary, contact
SIMATIC Customer
Support
External load voltage General The load voltage 2L+, 3L+ of the Feed supply 2L+, 3L+
missing module is missing
Defective main General Module Defect Replace module
switch
Defective output General Module Defect Replace module
driver
Excess temperature General Output overload Eliminate overload
at output driver Internal error of the output driver Replace module
Load voltage not General The load voltage 2L+, 3L+ of the Feed supply 2L+, 3L+
connected module is missing
Defective load General Load voltage 2L+, 3L not connected Feed supply 2L+, 3L+
voltage or not External fault of the load voltage Replace module
connected 2L+, 3L+

A5E00085586-08 9-83
Digital Modules

message Detection
Error in the cyclic General Test value error occurred in the Eliminate the interference
redundancy check communication between the CPU
(CRC) and the module due, for example, to
impermissibly high electromagnetic
interference or due to watchdog
monitoring errors or at a voltage dip
Monitoring time for General Configured monitoring time Check the
data message frame exceeded parameterization of the
Message frame error General Enter the watchdog and/or the test Check the data frame for
during non fail-safe value in the data frame the "0" entry for the
communication watchdog and test value

9-84 A5E00085586-08
Digital Modules
Faulty Diagnosis After a Wire Break on Redundant Digital Output Modules

During the redundant use of fail-safe output modules SM 326;
DO 10 × DC 24V/2A; the following response may occur in the event of a fault:
When a wire break occurs on a channel, the faulty channel and another channel or
several other channels are reported as faulty when the connected loads are very
different.
1L+
1M
A0
A1
wire 12 Ohm
break I=2 A
2L+
Digital output 2M
module
1L+
1M
A0 1 kOhm
I=24 mA
The load rate is wrongly

A1 selected here!
2L+
Digital output
module 2M
Figure 9-52 Incorrect detection of wire break on redundant SM 326;

DO 10 × DC 24V/2A
Example:
In this example, channels A0 and A1 are reported faulty when a wire break occurs
at A0. The cause is the very extreme variation in load on the two channels: 2 A and
24 mA.
What to do:
To obtain a correct error diagnosis from the modules, the output channels of a
module must have approximately the same load. This means that the ratio of the
lowest load to the highest load must be at least 1:5.
Faulty Diagnosis Given a Short Circuit

During a short circuit of a channel of the fail-safe digital output module
SM 326; DO 10 × DC 24V/2A; with diagnostic interrupt after L+ or a short circuit
between channels with different signals, in addition to the affected channel, all the
other channels of the half containing the faulty channel are also reported as faulty
and passivated. A short circuit that lasts a long time will result in the complete failure
of the module.

A5E00085586-08 9-85
Digital Modules
9.6.7 Technical Specifications - SM 326; DO 10 × DC 24V/2A

Dimensions and Weight Permissible potential 75 V DC
Dimensions W× H× D (mm) 80 ×125 ×120 differences between the 60 V AC
Weight Approx. 465 g different circuits
Isolation tested with: DC500V/AC350V
for 1 min
Number of outputs 10 or DC600V for 1s
Assigned address area Current consumption
• In I/O for input 6 Byte • From backplane bus 100 mA, maximum
• In I/O for output 8 Byte • From the supply volt. 1L+ 70 mA, maximum
Length of cable • From the load voltage 2L+/ 100 mA, maximum
• Unshielded 600 m, maximum 3L+ (without load)
• Shielded 1000 m, maximum Power loss of module 12 W, typical
• At SIL 3, safety level AK 6, 200 m, maximum Status, Interrupts, Diagnostics
Cat. 4 Status display Green LED per
Maximum achievable safety channel
class in safety mode Interrupts
• In Accordance with IEC SIL 3
• Diagnostic Interrupt Assignable
61508
Diagnostic functions Assignable
• In Accordance with AK 6
DIN V 19250
• Fail-safe mode display Green LED (SAFE)
• In Accordance with Category 4
• Diagnostic information can Possible
EN 954-1
be read out
Fail-safe performance SIL 2 SIL 3
Substitute values can be Yes, only in
characteristics
applied standard mode
• Low demand mode <1.00E-05 <1.00E-05
(average probability of Data for Selecting an Actuator
failure on demand) Output voltage
• High demand/continuous <1.00E-09 <1.00E-09 • At signal ”1”
mode (probability of a Without series diode Min. L + (- 1.0 V)
dangerous failure per hour) With series diode Min. L + (- 1.8 V)
Voltages, Currents, Potentials Output current
Rated supply voltage of the 24V DC • At signal ”1”
electronic components 1L+ Rated value 2A
• Reverse polarity protection Yes Permissible range up to
Rated load voltage 2L+/3L+ 24V DC 40°C
• Reverse polarity protection No Horizontal installation 7 mA to 2 A
Total current of the outputs Permissible range up to
without series diode (per group) 40°C
• Horizontal installation Vertical installation 7 mA to 1 A
Up to 40 °C Max. 7.5 A Permissible range up to
Up to 60 °C Max. 5 A 60°C
• Vertical installation Horizontal installation 7 mA to 1 A
Up to 40 °C Max. 5 A Permissible range with
Total current of the outputs with redundant connection up to
series diode (per group) 40°C
Horizontal installation 28 mA to 2 A
• Horizontal installation
Up to 40 °C Max. 5 A Permissible range with
Up to 60 °C redundant connection up to
Max. 4 A
40°C
• Vertical installation
Vertical installation 28 mA to 1 A
Up to 40 °C Max. 4 A
Permissible range with
Electrical isolation
redundant connection up to
• Between channels and Yes 60°C
backplane bus Horizontal installation 28 mA to 1 A
• At signal ”0” (residual Max. 0.5 mA
voltage supply of
current)
electronics
• Between the channels Yes
In groups of 5

9-86 A5E00085586-08
Digital Modules
Data for Selecting an Actuator (Continued) Short-circuit protection of the Yes, electronically
Load resistance range output
• Up to 40 °C 12 Ω to 3,4 kΩ • Response threshold 2.6 to 4.5 A
• Up to 60 °C 24 Ω to 3,4 kΩ • Response threshold for 5.2 to 9 A
redundant
Lamp load 5 W, maximum
interconnections
Parallel connection of
2 outputs Time requirements for Actuator may not
actuators respond during:
• For redundant control of a Only outputs with
load series diode; outputs • Dark period
must have the same < 1 ms
reference potential • Bright period
• For an increase in power Not possible < 1 ms
Control of a digital input Possible (also see chapter 6.5)
Switching frequency Time, Frequency
• With resistive load 10 Hz, maximum
Internal processing time for Max.
• In the case of an inductive 2 Hz, maximum
• Standard Mode 22 ms
load
To IEC 947-5-1, 13 DC • Safety Mode 24 ms
• With lamp load Acknowledgment Time
10 Hz, maximum
• in safety mode 20 ms, maximum

A5E00085586-08 9-87
Digital Modules

9-88 A5E00085586-08
10 Analog Module
10.1 Introduction
Overview
The SM 336; AI 6 × 13 Bit, a fail-safe, redundancy-capable analog input module of
the S7-300 module family, is available for connecting analog sensors/encoders.
This section presents the following information on this fail-safe analog module:
• Properties
• Applications with connection diagrams and parameter assignment
• Diagnostic messages with remedies
Warning

A5E00085586-08 10-1
Analog Module
10.2 Analog Value Representation
Measured Value Ranges
Table 10-1 Measured value ranges for SM 336; AI 6 × 13 Bit
Measuring Measuring Measuring Unit Range

Range Range Range
0 to 20 mA 4 to 20 mA 0 to 10 V As a Decimal Hexade
percentage cimal
of nominal
range
Standard Safety mode Standard Operating mode
mode mode
> 23.515 mA > 22.814 mA > 11.7593 V > 117.589 32767 7FFFH* Overflow
23.515 mA 22.814 mA 11.7589 V 117.589 32511 7EFFH
. . . . . . Overrange
. . . . . .
20.007 mA 20.007 mA > 10.0004 V 100.004 27649 6C01H
20 mA 20 mA 10 V 100 27648 6C00H
. . . . . . Nominal range
. . . . . .
2.89 μA 4 mA + 2.315 1.45 mV 0.014 4 4H
0 mA, typical μA 0V 0 0 0H
4.00 mA,
typical
-0.0007 mA 3.9995 mA -0.36 mV -0.0036 -1 FFFFH
. . . . . . Underrange
. . . . . .
-3.518 mA 1.185512 mA -1.759 V -17.593 -4864 ED00H
< -3.518 mA < 1.185 mA < - 1.759 V < -17.593 -32768 8000H* Underflow
(see below)
* In S7 F/FH systems, a fail-safe value is output for this value in the safety program in the event of overflow or
underflow.
Units in decimal and hexadecimal format can only assume values that are multiples
of 4.
Wire break test and underflow test in the range of 4 to 20 mA

In the 4 to 20 mA range, it becomes apparent whether parameters have been
assigned for a wire break test
• If wire break test parameters have been assigned, an underflow test is not
performed. A wire break is reported at < 3.6 mA with 7FFFH.
• If a wire break test is not configured, then underflow is reported at < 1.18 mA
with 8000H.

10-2 A5E00085586-08
Analog Module
Measured Value Resolution

The SM 336; AI 6 × 13 Bit has a 13-bit resolution. This means that the last two bits
are set to 0. Thus, only values that are multiples of 4 can be assumed. 1 digit
(13-bit measuring range) corresponds to 4 digits Simatic.
Table 10-2 Bit pattern representation
Bit number 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Bit significance Sign 214 213 212 211 210 29 28 27 26 25 24 23 22 21 20
Example 0 1 0 0 1 1 0 0 1 1 1 1 1 1 0 0
Table 10-3 Resolution
Measuring Range % of Nominal Range Resolution

0 to 20 mA 0.014 2.89 μA
4 to 20 mA 0.014 2.32 μA
0 to 10 V 0.014 1.45 mV
Warning
! Only a measuring range of 4 to 20 mA is permitted in safety mode.

A5E00085586-08 10-3
Analog Module
10.3 SM 336; AI 6 × 13 Bit
Order Number
6ES7 336-1HE00-0AB0
Properties
SM 336; AI 6 × 13 Bit has the following properties:
• Six analog inputs with electrical isolation between the channels and the
backplane bus
• Input ranges:
- 0 to 20 mA or 4 to 20 mA, 0 to 10 V in standard mode
- 4 to 20 mA in safety mode
• Short-circuit-proof power supply of 2- or 4-wire measuring transducers over the
module
• External sensor supply possible
• Sensor supply display (Vs)
• Can be operated in both standard mode and safety mode
Use of Inputs
You can use the inputs as follows:
In standard mode
• All 6 channels for current measurement, 0 to 20 mA or 4 to 20 mA
• Up to 4 channels for voltage measurement, 0 to 10 V, and the remaining two for
current measurement
• Other combinations of current measurement and voltage measurement, taking
into account the above-mentioned limitation for voltage measurement.
In safety mode:
• All 6 channels for current measurement, 4 to 20 mA.

10-4 A5E00085586-08
Analog Module
Address Assignment
The figure below shows the assignment of channels to addresses.
Addressing the
inputs in the
0
user program: IW x
IW x+2 1
IW x+4
2
3
IW x+6
IW x+8 4
IW x+10 5
x = module-start address
Figure 10-1 Address assignment for SM 336; AI 6 × 13 Bit
Front View
Common error Sensor supply

indicator - red SF indicator – green
Vs (for all 6 channels)
SAFE Vs
Safety mode
indicator - green
Front connector assignment

(behind the front panel):
for connecting the inputs and
power supply
Figure 10-2 Front view of SM 336; AI 6 × 13 Bit

A5E00085586-08 10-5
Analog Module

The figure below shows the connection and block diagram of the SM 336;
AI 6 × 13 Bit. The internal protective circuit of the connections on the left side of the
figure corresponds to the protective circuit of the connections on the right. The
interconnection of analog sensors for the different applications is presented in the
sections that follow.
Electrical
isolation
Over-
21 L+
voltage
22 M 24 V
protection
L+ 23 Vs
Multi- 24 V
CH0 5 plexer 25 CH0
A A
6 Sensor 26
Supply M
27 V
CH1 8 Vs 28 CH1
A Logic and A
9 backplane Monitor 29
10 bus inter- 30
M face M
A N A
ADU A N A
31
V
CH2 12 32 CH2
A Test A
13 DAU 33
34 V
CH3 A 15 U 35 CH3
C M M
A
16 Monitor 36
A 17 37 A
CH4 18 38 CH4
A 19 39 A
CH5 20 40 CH5

M M
Figure 10-3 Connection and dlock diagram of the SM 336; AI 6 × 13 Bit and internal sensor supply
Key:
A - current measurement
V - voltage measurement

10-6 A5E00085586-08
Analog Module
Channel Numbers
Channel numbers are used to uniquely designate the inputs and to assign the
channel-specific diagnostic messages.
0
Channel number: 0
1 1
2
2
3
3
4 4
5 5
Figure 10-4 Channel numbers for SM 336; AI 6 × 13 Bit
External Sensor Supply

The following figures show how the sensors can be supplied by means of an
external sensor supply (e.g., by means of another module: 1L+).
Analog input 21 L+
module 22 M
VS P
1L+
M+
2 DMU
M-
MANA 1M
recommended
Figure 10-5 External sensor supply, 2-wire measuring transducer for SM 336; AI 6 × 13 Bit
Sensor
Analog input 21 L+ e.g. pressure gauge
module 22 M
VS P
1L+
M+
M- 4 DMU
MANA 1M
recommended
Figure 10-6 External sensor supply, 4-wire measuring transducer for SM 336; AI 6 × 13 Bit

A5E00085586-08 10-7
Analog Module
Warning
! The stability of the external sensor supply must correspond to the desired safety
requirement class AK 4, 5, 6 or SIL 2, 3. If this is not the case, we recommend
either one of the following two options:
• Redundant external sensor supply
• Monitoring of the external sensor supply for overvoltage/undervoltage,
including disconnection of the sensor supply in the event of a fault (single-
channel for SIL 2 and 2-channel for SIL 3).
Recommendation for Internal Sensor Supply

We recommend that you always use the short-circuit-protected internal sensor
supply of the module. The internal sensor supply is monitored, and its state is
displayed by the Vs LED (see Figure 10-2).
Isolated Measuring Sensor

The isolated measuring sensors are not connected to the local potential to ground.
They can be operated potential-free. Due to local conditions or disturbances,
potential differences UCM (static or dynamic) can occur between the measuring
leads M– of the input channels and the reference point of the measuring circuit
MANA .
To prevent the permitted value for UCM from being exceeded during
implementation in environments with high levels of electromagnetic disturbances,
we recommend that you connect M– to MANA .
Non-Isolated Measuring Sensors

The non-isolated measuring sensors are connected to the local potential to ground.
You must connect MANA to the potential to ground. Due to local conditions or
disturbances, potential differences UCM (static or dynamic) can occur between the
locally distributed measuring points.
If the permitted value for UCM is exceeded, you must provide equipotential bonding
conductors between the measuring points.

10-8 A5E00085586-08
Analog Module
Improving Accuracy of Current Measurement on Channels 0 through 3 of the

Analog Input Module
If you are using channel 1, 2, or 3 of SM 336; AI 6 × 13 Bit for current
measurements, we recommend that you connect the non-protected voltage input to
the associated current input, as shown in Figure 10-7 and Figure 10-8. This
improves accuracy by approximately 0.2%.
Analog input 21 L+
module 22 M
VS
MVn+
2 DMU P
MIn+
MU-
recommended
MANA
N=0 to 3
Figure 10-7 Improving accuracy of current measurement on channels 0 to 3 with

2-wire measuring transducer
Analog input- 21 L+
module 22 M
VS
MVn+ recommended 4 DMU
+ -
P
MIn+
Mn-
MANA
recommended
n= 0 to 3
Figure 10-8 Improving accuracy of current measurement on channels 0 to 3 with

4-wire measuring transducer

A5E00085586-08 10-9
Analog Module
10.3.2 Applications for SM 336; AI 6 × 13 Bit

The following figure helps you to select a application according to the requirements
for high availability and availability. On the following pages, you will learn how to
wire the module for each application and which parameters you will need to set in
STEP 7.

all measurement areas
No
Safety mode?
Yes
SIL3
safety level?
SIL 2
(AK 4, Cat. 3)
Yes Yes Yes

No No No

Applications 1 to 6
1 2 3 4 5 6
Figure 10-9 Selecting a application - SM 336; AI 6 × 13 Bit
Warning
! The achievable safety class depends on the sensor quality and the duration of
the proof test interval in accordance with IEC 61508. If the quality of the sensor is
lower than the quality stipulated in the required safety class, the sensor must be
set up redundantly with a two-channel connection.

10-10 A5E00085586-08
Analog Module
Wiring Schemes
Each application has three wiring schematics, depending on the measurement
type.
Table 10-4 Wiring schematic for SM 336; AI 6 × 13 Bit
Wiring Measurement Type Range Channels Abbreviation

Scheme in HW Config
A Current measurement 4 to 20 mA 0 to 5 2 WMC
with 2-wire measuring
transducer
B Current measurement 4 to 20 mA 0 to 5 4 WMC
with 4-wire measuring 0 to 20 mA*
transducer
C Voltage measurement* 0 to 10 V 0 to 3 U
* Current measurement, 0 to 20 mA, and voltage measurement are only possible in standard mode.
Note
In the following wiring scheme figures, connections to the reference point of
measuring circuit MANA are represented by a dashed line. This means that these
connections are optional but recommended (see "Improving Accuracy of Current
Measurement on Channels 0 to 3 of the Analog Module" in Section 10.3.1).
A dashed connection between two or four sensors means that the sensors are
measuring the same variable.

A5E00085586-08 10-11
Analog Module
10.3.3 Application 1: Standard Mode
The wiring schemes and the parameter assignment of the SM 336; AI 6 × 13 Bit
are presented below for:
• Application 1: standard mode
For diagnostic messages, possible causes of faults, and fault remedies, refer to
Tables 10-11 and 10-12.
Wiring Schematic A, Current Measurement, 4 to 20 mA, 2-Wire Measuring

Transducer, for Application 1
Six (6) process signals can be connected to an analog module. Sensor supply VS is
provided for 6 channels by the analog module. The sensors can also be supplied
by means of an external sensor supply (see Figure 10-5).
SM 336;
AI 6 x 13Bit
L+
M
P 2-wire measuring
transducer
- +
Figure 10-10 Current measurement, 4 to 20 mA, 2-wire measuring transducer, for

application 1 with SM 336; AI 6 × 13 Bit

10-12 A5E00085586-08
Analog Module
Wiring Schematic B, Current Measurement, 0 to 20 mA, 4-Wire Measuring

With wire-break monitoring, the measuring range decreases to 4 to 20 mA.
SM 336;
L+ AI 6 x 13Bit
M
P 4-wire meas.
transducer
+ -
Figure 10-11 Current measurement, 4 to 20 mA, 4-wire measuring transducer, for

application 1 with SM 336; AI 6 × 13 Bit

A5E00085586-08 10-13
Analog Module
Wiring Schematic C, Voltage Measurement 0 to 10 V, for Application 1

Four (4) process signals can be connected to an analog module. Sensor supply VS
is provided for 4 channels by the analog module. The sensors can also be supplied
SM 336;
L+ AI 6 x 13Bit
M
P 4-wire meas.
transducer
+ -
Figure 10-12 Voltage measurement, 0 to 10 V for application 1 with SM 336; AI 6 × 13 Bit

10-14 A5E00085586-08
Analog Module
Table 10-5 Parameters for application 1 SM 336; AI 6 × 13 Bit
Parameter Value Range in Standard Mode Type Scope of Action

"Inputs 1" Tab
Enable for diagnostic Yes/No Static Module
interrupt
Interference 50 Hz/60 Hz Static Module
frequency
Wire-break test (only Yes/No Static Channel
for 4 to 20 mA)
Measurement type Deactivated Static Channel
4WMC
2WMC
U
Measuring range 4 to 20 mA Static Channel
0 to 20 mA
0 to 10 V
"Inputs 2" Tab
Safety mode No (standard mode) Static Module
Monitoring time - Static Module
"Redundancy" Tab

(only in S7 F/FH Systems)
Tables 10-11 and 10-12.

A5E00085586-08 10-15
Analog Module

Six (6) process signals can be connected to two redundant analog modules. For
each process signal, two sensors are connected using 1 channel to the two analog
modules. Sensor supply VS is provided for 6 channels by the analog module. The
sensors can also be supplied by means of an external sensor supply
(see Figure 10-5).
SM 336;
AI 6 x 13Bit
1L+
P 2-wire meas, 1M
transducer
- +

variables with mechanically
separated sensors
SM 336;
AI 6 x 13Bit
2L+
P 2 wire meas. 2M
transducer
- +

10-16 A5E00085586-08
Analog Module

sensors can also be supplied by means of an external sensor supply (see Figure
10-6). With wire-break monitoring, the measuring range decreases to 4 to 20 mA.
SM 336;
AI 6 x 13Bit
P 4 wire meas. 1L+
transducer 1M
+ -

separated sensors
SM 336;
4 wire meas. 2L+ AI 6 x 13Bit
P
transducer 2M
+ -

A5E00085586-08 10-17
Analog Module
Wiring Schematic A, Voltage Measurement, 0 to 10 V, 4-Wire Measuring

Four (4) process signals can be connected to two redundant analog modules. For
(see Figure 10-6).
P 4 wire meas. 1L+

trransducer 1M
+ -

separated sensors
P 4 wire meas. 2L+

trransducer 2M
+ -

10-18 A5E00085586-08
Analog Module
Parameter Value Range in Standard Mode Type Scope of Action

"Inputs 1" Tab
interrupt
frequency
for 4 to 20 mA)
Measurement Type Deactivated Static Channel
4WMC
2WMC
U
Measuring Range 4 to 20 mA Static Channel
0 to 20 mA
0 to 10 V
"Inputs 2" Tab
Safety mode No (standard mode) Static Module
Monitoring time - Static Module
"Redundancy" Tab*
Redundancy 2 modules Static Module
Redundant module Selection of another available Static Redundant
module of the same type module pair
* With redundant configuration in standard mode, there are two analog values that have to be
evaluated in the standard user program.

A5E00085586-08 10-19
Analog Module
The wiring schemes and the parameter assignment of the SM 336; AI 6 × 13 Bit is
presented below for:
• Application 3: safety mode, SIL 2 (AK 4, category 3)
Tables 10-11 and 10-12.

SM 336;
AI 6 x 13Bit 1 L+
2 M
3
CH0 MI0+ 5
P 2 wire meas.
M0- 6 transducer
- +
CH1 MI1+ 8
M1- 9
MANA 10
CH2 MI2+ 12
M2- 13
CH3 MI3+ 15
M3- 16
MI4+ 17
CH4
M 4- 18
MI5+ 19
CH5
M 5- 20
Figure 10-16 Current measurement, 4 to 20 mA, 2-wire measuring transducer for application 3 with
SM 336; AI 6 × 13 Bit

10-20 A5E00085586-08
Analog Module

SM 336;
AI 6 x 13Bit 1 L+
2 M
3
CH0 MI0+ 5
M0- 6
CH1 MI1+ 8
M1- 9
MANA 10
CH2 MI2+ 12
P 4 wire meas.
M2- 13 transducer
+ -
CH3 MI3+ 15
M3- 16
MI4+ 17
CH4
M 4- 18
MI5+ 19
CH5
M 5- 20
SM 336; AI 6 × 13 Bit

A5E00085586-08 10-21
Analog Module
Parameter Value Range in Safety Mode Type Scope of

Action
"Inputs 1" Tab
interrupt
frequency
for 4 to 20 mA)
Measurement Type Deactivated Static Channel
4WMC
2WMC
Measuring Range 4 to 20 mA Static Channel
"Inputs 2" Tab
Safety mode In accordance with SIL 2 / AK 4 Static Module
1 sensor
Monitoring time 10 to 10,000 ms Static Module
"Redundancy" Tab

The wiring schemes and the parameter assignment of the SM 336; AI 6 × 13 Bit is
presented below for:
Tables 10-11 and 10-12.

10-22 A5E00085586-08
Analog Module

(see Figure 10-5).
SM 336;
AI 6 x 13Bit 1 1L+
2 1M
P 2-wire meas.
3 transducer
- +
CH0 MI0+ 5
M0- 6
CH1 MI1+ 8
M1- 9
MANA 10
CH2 MI2+ 12
M2- 13
CH3 MI3+ 15 variables with 2 mechanically
M3- separated sensors
16
MI4+ 17
CH4
M 4- 18
MI5+ 19
CH5
M 5- 20
SM 336;
AI 6 x 13Bit 1 2L+
2 2M
P 2-wire meas.
3 transducer
- +
CH0 MI0+ 5
M0- 6
CH1 MI1+ 8
M1- 9
MANA 10
CH2 MI2+ 12
M2- 13
CH3 MI3+ 15
M3- 16
MI4+ 17
CH4
M 4- 18
MI5+ 19
CH5
M 5- 20

A5E00085586-08 10-23
Analog Module

(see Figure 10-6).
SM 336;
AI 6 x 13Bit 1 4-wire meas. 1L+
P
2 transducer 1M
3 + -
CH0 MI0+ 5
M0- 6
CH1 MI1+ 8
M1- 9
MANA 10
CH2 MI2+ 12
M2- 13
CH3 MI3+ 15 variables with 2 mechanically
M3- separated sensors
16
MI4+ 17
CH4
M 4- 18
MI5+ 19
CH5
M 5- 20
SM 336;
AI 6 x 13Bit 1 4-wire meas. 2L+
P
2 transducer 2M
3 + -
CH0 MI0+ 5
M0- 6
CH1 MI1+ 8
M1- 9
MANA 10
CH2A MI2+ 12
M2- 13
CH3A MI3+ 15
M3- 16
MI4+ 17
CH4A
M 4- 18
MI5+ 19
CH5A
M 5- 20

10-24 A5E00085586-08
Analog Module

"Inputs 1" Tab
interrupt
frequency
for 4 to 20 mA)
4WMC
2WMC
"Inputs 2" Tab

Safety mode In accordance with SIL 2 / AK 4 Static Module
1 sensor
"Redundancy" Tab

A5E00085586-08 10-25
Analog Module
Tables 10-11 and 10-12.

Six (6) process signals can be connected to an analog module. For each process
signal, two redundant sensors are connected to two opposite inputs of the analog
module (1oo2 evaluation). Sensor supply VS is provided for 6 channels by the
analog module. The sensors can also be supplied by means of an external sensor
supply (see Figure 10-5).
SM 336;
AI 6 x 13Bit 1 L+
2 2-wire meas. 2-wire meas. M
3 transducer transducer
- + - +
CH0 MI0+ 5
M0- 6 M
CH1 MI1+ 8
M1- Acquires the same process
9 variables with mechanically
MANA 10 separated sensors
CH2 MI2+ 12
M2- 13
CH3 MI3+ 15
M3- 16
MI4+ 17
CH4
M 4- 18
MI5+ 19
CH5
M 5- 20
SM 336; AI 6 × 13 Bit

10-26 A5E00085586-08
Analog Module

Six (6) process signals can be connected to an analog module. For each process
signal, two redundant sensors are connected to two opposite inputs of the analog
SM 336;
AI 6 x 13Bit 1 L+
2 4-wire meas. 4-wire meas. M
+ - - +
CH0 MI0+ 5
M0- 6
CH1 MI1+ 8
M1- 9
MANA 10
CH2 MI2+ 12 Acquires the same process

M2- 13 variables with mechanically
separated sensors
CH3 MI3+ 15
M3- 16
MI4+ 17
CH4
M 4- 18
MI5+ 19
CH5
M 5- 20
SM 336; AI 6 × 13 Bit

A5E00085586-08 10-27
Analog Module

"Inputs 1" Tab
interrupt
frequency
Wire-break test Yes/No Static Channel
4WMC
2WMC
"Inputs 2" Tab
Safety mode Measured. SIL 3 / AK 6 Static Module
2 sensors
Discrepancy time 10 to 10,000 ms Static Module
Tolerance window 0 to 20% in 1% increments Static Module
with reference to
measuring range
Standard value MIN/MAX Static Module
"Redundancy" Tab
Discrepancy Analysis for Fail-Safe Analog Input Modules

If you have configured safety mode in accordance with SIL3/AK 6, you can
configure a discrepancy time and an absolute tolerance window in % with
reference to the measuring range of 4 mA to 20 mA for each input of the analog
input module. You also configure the standard value (MIN = the smaller value /
MAX= the larger value) that is to be accepted and passed on to the CPU.
If the difference between the two measured values is outside of the tolerance
window longer than the configured discrepancy time, a fault is signaled and the
standard value is accepted

10-28 A5E00085586-08
Analog Module

Tables 10-11 and 10-12.

A5E00085586-08 10-29
Analog Module

Six (6) process signals can be connected to two redundant analog modules. Four
(4) redundant sensors are required per process signal. For each module, two
redundant sensors are connected using two channels to two opposite inputs of
the analog module (1oo2 evaluation). Sensor supply VS is provided for 6 channels
by the analog module. The sensors can also be supplied by means of an external
sensor supply (see Figure 10-5).
SM 336;
AI 6 x 13Bit 1 2-wire meas. 2-wire meas. 1L+
2 transducer transducer M1
3 - + - +
CH0 MI0+ 5
M0- 6 M1
CH1 MI1+ 8
M1- 9
MANA 10
CH2 MI2+ 12 separated sensors
M2- 13
CH3 MI3+ 15
M3- 16
MI4+ 17
CH4
M 4- 18
MI5+ 19
CH5
M 5- 20
SM 336;
AI 6 x 13Bit 1 2-wire meas. 2-wire meas. 2L+
2 transducer transducer M2
3 - + - +
CH0 MI0+ 5
M0- 6 M2
CH1 MI1+ 8
M1- 9
MANA 10
CH2 MI2+ 12
M2- 13
CH3 MI3+ 15
M3- 16
MI4+ 17
CH4
M 4- 18
MI5+ 19
CH5
M 5- 20

10-30 A5E00085586-08
Analog Module

Six (6) process signals can be connected to two redundant analog modules. Four
(4) redundant sensors are required per process signal. For each module, two
sensors are connected using 2 channels to two opposite inputs of the analog
SM 336;
AI 6 x 13Bit 1
L1+
2 M1
4-wire meas. 4-wire meas.
+ - - +
CH0 MI0+ 5
M0- 6
CH1 MI1+ 8
M1- 9
MANA 10 Acquires the same process
separated sensors
CH2 MI2+ 12
M2- 13
CH3 MI3+ 15
M3- 16
MI4+ 17
CH4
M 4- 18
MI5+ 19
CH5
M 5- 20
SM 336;
AI 6 x 13Bit 1
L2+
2 M2
4-wire meas.- 4-wire meas.
+ - - +
CH0 MI0+ 5
M0- 6
CH1 MI1+ 8
M1- 9
MANA 10
CH2 MI2+ 12
M2- 13
CH3 MI3+ 15
M3- 16
MI4+ 17
CH4
M 4- 18
MI5+ 19
CH5
M 5- 20

A5E00085586-08 10-31
Analog Module

"Inputs 1" Tab
interrupt
frequency
for 4 to 20 mA)
4WMC
2WMC
"Inputs 2" Tab
Safety mode Measured. SIL 3 / AK 6 Static Module
2 sensors
Discrepancy time 0 to 30,000 ms Static Module
Tolerance window 1 to 20% in 1% increments Static Module
with reference to
measuring range
Standard value MIN/MAX Static Module
"Redundancy" Tab
Discrepancy Analysis for Fail-Safe Analog Input Modules

If you have configured safety mode in accordance with SIL3/AK 6, you can
configure a discrepancy time and an absolute tolerance window in % with
reference to the measuring range of 4 mA to 20 mA for each input of the analog
input module. You also configure the standard value (MIN = the smaller value /
MAX= the larger value) that is to be accepted and passed on to the CPU.
If the difference between the two measured values is outside of the tolerance
window longer than the configured discrepancy time, a fault is signaled and the
standard value is accepted

10-32 A5E00085586-08
Analog Module
10.3.9 Diagnostic Messages for SM 336; AI 6 × 13 Bit

Table 10-11 provides an overview of the diagnostic messages for
SM 336; AI 6 × 13 Bit.
Table 10-11 Diagnostic messages for SM 336; AI 6 × 13 Bit
Diagnostic Message Relevant Effective Assignable

Application Range of Parameter?
Diagnostic
Wire break 1, 2, 3, 4, 5, 6
Discrepancy error 4, 6 A, B Channel Yes
Common mode error 1, 2, 3, 4, 5, 6 A, B, C
Overflow or underflow of measured value 1, 2, 3, 4, 5, 6 A, B, C
(see "Wire break and Underflow" on page Channel
10-2 )
Wrong parameters in the module
No
Parameter assignment error (with
specification of a serial number)
ADC/DAC error 1, 2, 3, 4, 5, 6 A, B, C Module
No external auxiliary voltage
Communications problem (CPU Stop)
Time monitoring addressed
EPROM fault, RAM fault
Processor failure
Error in test value (CRC)
Monitoring time for safety message frame 3, 4, 5, 6 A, B, C
exceeded
Message frame general fault 1, 2

A5E00085586-08 10-33
Analog Module
Causes of Faults and Corrective Measures

In Table 10-2, you will find a list of possible causes of for each SM 336; AI 6 × 13
Bit diagnostic message, as well as appropriate remedies.
Table 10-12 Diagnostic messages and remedies for SM 336; AI 6 × 13 Bit
Diagnostic Message Possible Causes Remedy

Wire break (only in measuring Interruption of measuring lead Reconnect lead
range of 4 to 20 mA) between module and sensor
Incorrect measuring range set Set measuring range to 4 to 20
mA
Discrepancy error Assigned tolerance window Assign a larger tolerance window
parameters exceeded after and/or discrepancy window, as
discrepancy time expired required
Wire break Repair wire break as required
Check process signal,.
Deviation of two inputs too large in Wiring fault
the safety mode in accordance with Wire analog signal to both inputs
SIL 2 or replace module
Common mode error Potential difference UCM between Connect M- to MANA
the inputs (M-) and reference
potential of the measuring circuit
(MANA) is too high
Overflow or underflow of Measuring range fallen below Use an appropriate sensor; check
measured value (see "Wire wiring (sensor polarity reversed)
break and Underflow" on Measuring range exceeded Use an appropriate sensor;
page 10-2 ) sensor polarity reversed
Wrong parameters in the Faulty parameters transferred to Reassign module parameters
module the module
Parameter assignment error Error during dynamic reassignment Parameter assignment check in
(with specification of a serial of parameters user program
number; Contact SIMATIC Customer
e.g., "16": Wrong address) Support, if necessary
ADC/DAC error Internal error during analog value Replace module
test
Deviation of two inputs too large in Wiring fault;
safety mode in accordance with wire analog signal to both inputs
SIL 2 or replace module
Internal voltage monitor has
reported a fault
No external auxiliary voltage Supply voltage L+ for module Feed in supply L+
missing
Communications problem Problem in communication Check the PROFIBUS connection
between CPU and module, e.g., Eliminate the interference
due to defective PROFIBUS
connection or interference in
excess of permitted levels
Monitoring time for safety message Check parameter assignment for
frame exceeded monitoring time
Test value error (CRC), e.g., due to Eliminate the interference
interference in excess of permitted
levels
CPU has gone into STOP mode Read out diagnostic buffer

10-34 A5E00085586-08
Analog Module
Diagnostic Message Possible Causes Remedy

Time monitoring addressed Electromagnetic interference Eliminate the interference
(watchdog) occasionally too high
Module defective Replace module
EPROM fault, RAM fault Occasionally high electromagnetic Eliminate the interference and
interference cycle ON/OFF the supply voltage
of the CPU
Processor failure Interference in excess of permitted Eliminate the interference
levels
Error in test value (CRC) Test value error occurred during Eliminate the interference
communication between CPU and
module, e.g., due to interference in
excess of permitted levels or due to
an error during sign-of-life
monitoring
Monitoring time for safety Assigned monitoring time Check parameter assignment for
message frame exceeded exceeded monitoring time
Startup of fail-safe signal module -
Message frame general fault Sign-of-life and/or test value Check the data message frame
entered in the data message frame for the entry "0" for sign-of-life and
test value

A5E00085586-08 10-35
Analog Module
10.3.10 Technical Specifications - SM 336; AI 6 × 13 Bit
Dimensions and Weight Permitted potential difference

Dimensions W × H × D (mm) 80 × 125 × 120 • Between inputs and MANA 6,0 VDC
(UCM)
• Between MANA and 75 VDC, 60 VAC
Minternal (UISO)
Number of inputs 6 Isolation tested with: DC500V/AC350V
Assigned address range for 1 min
• In I/O range for inputs 16 bytes or DC600V for 1s
• In I/O range for outputs 4 bytes Current consumption

• From backplane bus 90 mA, maximum
Length of cable
200 m, maximum • From supply voltage L+ 160 mA, typical
• Shielded
Common-mode voltage
Maximum achievable safety
class in safety mode • Permitted common-mode ±6 V, maximum
voltage between inputs
• In accordance with SIL 3, maximum
(UCM)
IEC 61508
• Monitoring for common- Yes, operating
• In Accordance with AK 6, maximum
mode voltage range > 6 V and
DIN V 19250
< -6 V
• In Accordance with Cat. 4, maximum
Power loss of module 4.25 W, typical
EN 954-1
Fail-safe performance Analog Value Generation
characteristics Measurement principle Integrating
• Low demand mode < 1.00E-05 Integration/conversion time
(average probability of • Assignable Yes
failure on demand) SIL 3
• Integration time
• High demand / < 1.00E-09 at 50 Hz 20.00 ms
continuous mode at 60 Hz 16.66 ms
(probability of a dangerous
failure per hour) SIL 3
• Resolution, including 13 bit + sign
Surge protection of supply ±0.5 kV, 1.2/50 µs overrange
voltages L+ and Lext in
accordance with IEC 1000-4-5
(internal) Response time per activated
channel
Surge protection of analog ±2 kV, 1.2/50 µs
inputs and sensor supply at 50 Hz 50 ms, maximum
voltage in accordance with IEC at 60 Hz 44 ms, maximum
1000-4-5 (internal)
Voltage, Currents, Potentials Basic response time
Rated supply voltage of 24 VDC at 50 Hz 50 ms, maximum
electronics L+ at 60 Hz 44 ms, maximum
• Reverse polarity protection Yes
• Voltage failure ride-through 5 ms Acknowledgment time corresponds to
Electrical isolation maximum response time = maximum response time
• Between channels and Yes per channel × N + maximum basic response time
backplane bus (N = number of activated channels)
• Between channels and Yes, only for
voltage supply of external supply of
electronics sensors
• Between the channels No

• Between voltage supply
and sensor supply No

10-36 A5E00085586-08
Analog Module
Noise Suppression, Limits of Error Sensor Supply Output

Noise suppression for f=n × 38 dB, minimum Number of outputs 1
(50/60 Hz±1%), Output voltage
n=1, 2, etc..
• Loaded Minimum L+
Common mode noise 75 dB, minimum (-1.5 V)
(Ucm ≤ 6 Veff)
Output current
Crosstalk between inputs 75 dB, minimum • Rated value 1.0 A
Basic error limit (operational • Permissible range 0 to 1.3 A
limits at 25 °C with reference to
Short-circuit protection Yes, electronic
input range)
Electrical isolation in
• Current input ± 0.40% accordance with DIN VDE 0160
• Voltage input ± 0.40% • Between output Vs and Yes
Temperature error (with ± 0.002%/K backplane bus
reference to input range) • Between output Vs and L+ No
Linearity error (with reference to ± 0.05% • Test voltage 600 VDC
input range)
• Nominal circuit voltage 75 VDC/60 VAC
Repeat accuracy (in steady- ± 0.05%
state condition at 25°C with Specifications for Sensor Selection
reference to input range) Input range (rated values)/input
Operational limits (in entire resistance in standard mode
temperature range with • Voltage 0 to 10 V / 59 kΩ
reference to input range) • Current 0 to 20 mA
• Current ±0.48% 4 to 20 mA/107 Ω
• Voltage ±0.48%
Status, Interrupts, Diagnostics Input range (rated values)/input
resistance in safety mode
Interrupts
• Current 4 to 20 mA/107 Ω
• Hardware interrupt No
• Diagnostic interrupt Yes, assignable Permitted input voltage for Maximum 30 V
parameter voltage input (destruction limit) continuous;
Diagnostic functions Yes, assignable Maximum 38 V for
parameter maximum 1 s (pulse
duty factor 1:20)
• Display of fail-safe Green LED (SAFE)
Permitted input current for 40 mA, maximum
operation
current input (destruction limit)
• Sensor supply monitor Green LED (Vs)
Signal sensor connection
• For voltage measurement Possible
• Diagnostic information can Yes
• For current measurement Possible
be read out
• As 4-wire measuring Possible
Fail-safe values can be applied Programmable in
transducer
safety program
• As 2-wire measuring Possible
transducer
• Load of 2-wire measuring Maximum 600 Ω
transducer

A5E00085586-08 10-37
Analog Module

10-38 A5E00085586-08
11 Safety Protector
11.1 Introduction
Overview
The safety protector protects the F-SMs from possible overvoltages in the event of
a fault. This section provides the following information on the safety protector:
• Properties
• Configuration variants

A5E00085586-08 11-1
Safety Protector
11.2 Properties, Front View, and Block Diagram
Order Number
6ES7 195-7KF00-0XA0
Properties
The safety protector protects the fail-safe signal modules from possible
overvoltages in the event of a fault.
The safety protector does not occupy an address, does not supply diagnostic
messages, and is not assigned parameters with STEP 7.
Note
The safety protector controls overvoltages up to a maximum of 230 V.
Safety Class AK6/SIL3/Cat.4 with Safety Protector

Note the following for applications in safety class AK6/SIL3/Cat.4:
Warning
! The safety protector must be used for AK6/SIL3/Cat. 4 applications:
• Generally, if the F-SMs are used locally in an S7-300
• Generally, if the PROFIBUS DP is set up with copper cable
• If the PROFIBUS DP is set up with fiber optic cable and joint operation of
standard SMs and F-SMs is required in one ET 200M.
Safety Class AK4/SIL2/Cat.3 without Safety Protector

If you comply with the safe functional extra-low voltage (see Section 6.2) for all
components connected on the PROFIBUS DP, the safety protector is not required
for applications in safety class AK4/SIL2/Cat.3.

11-2 A5E00085586-08
Safety Protector
Front View
Safety Protector
Do not
remove
with
power on
Do not
remove
with
power on
Figure 11-1 Front view of safety protector
Block Diagram
The following figure shows the block diagram of the safety protector.
Backplane bus Over- Backplane bus

voltage
interface Fuse protection interface
Figure 11-2 Block diagram of safety protector

A5E00085586-08 11-3
Safety Protector
11.3 Configuration Variants
Introduction
There are two possible ways of configuring an S7-300/ET 200M with an safety
protector, depending on whether or not it is necessary to replace modules during
operation.
Configuration of an S7-300/ET 200M with an Safety Protector (No Module

Replacement during Operation)
The safety protector increases the width of the S7-300/ET 200M by 40 mm.
However, you can still insert a maximum of 8 signal modules.
The following figure shows an example configuration with seven signal modules.
Power supply Standard signal Safety Fail-safe signal modules

modules protector
IM 153-2
Figure 11-3 Configuration of an ET 200M with an safety protector (no module replacement during
operation)
Note
To ensure that overvoltage protection is maintained in safety mode, you must do
the following:
• Always insert the standard signal modules to the left of the safety protector
and the fail-safe signal modules to the right of the safety protector.
• Ground the mounting rail.
• Connect the safety protector to the functional ground. To do so, connect pins
19 and 20 of the safety protector to the mounting rail using one cable each of
the shortest possible length (cable cross section of 1.5 mm2).

11-4 A5E00085586-08
Safety Protector
Replacing Modules in ET 200M in Safety Mode

If you use active bus modules to set up the safety protector and the other modules
in an ET 200M, you can then insert and remove any of the modules - except the
safety protector - during operation.
Warning
! The bus module for the safety protector (order no. 6ES7 195-7HG00-0XA0) can
only be used if the safety protector is inserted. The sole purpose of the bus
module is to connect the safety protector to the active backplane bus.
The safety protector itself must not be inserted or removed during operation!
(Insertion or removal would cause the ET 200M to fail.)
Configuration of an ET 200M with the Safety Protector on the

Active Backplane Bus
The bus module for the safety protector increases the width of the ET 200M by
80 mm. However, you can still insert a maximum of 8 signal modules. Note that the
mounting rail designed for "Module replacement during operation" (order no.
6ES7 195-1GX00) is required for installation. The following figure shows an
example configuration with seven signal modules.
Power supply Standard signal modules Safety Protector Fail-safe signal modules
IM 153-2 Bus module for

safety protector
Figure 11-4 Configuration of an ET 200M with the safety protector on the active backplane bus
Note
To ensure that overvoltage protection is maintained in safety mode, you must do
the following:
• Always insert the standard signal modules to the left of the safety protector
and the fail-safe signal modules to the right of the safety protector.
• Ground the mounting rail.
• Connect the safety protector to the functional ground. To do so, connect pins
19 and 20 of the safety protector to the mounting rail using one cable each of
the shortest possible length (cable cross section of 1.5 mm2).

A5E00085586-08 11-5
Safety Protector
11.4 Technical Specifications
Dimensions and Weight

Dimensions W × H × D (mm) 40 × 125 × 120
Voltages, Currents, Potentials
Power loss of module None

11-6 A5E00085586-08
12 Diagnostic Data of Signal Modules
Introduction
This appendix describes the structure of diagnostic data in the system data. You
need to know this structure if you want to evaluate diagnostic data of fail-safe
signal modules in the standard user program.
Further Reading
The System and Standard Functions reference manual describes in detail the
principles of evaluating diagnostic data of signal modules in the standard user
program and describes the SFCs used for this.
Reading Out SFCs for Diagnostics

The following SFCs are available for reading out diagnostic data of fail-safe signal
modules in the standard user program:
Table 12-1 SFCs for Reading Out Diagnostic Data
SFC No. Identifier Application

59 RD_REC Reading out data records of S7 diagnostics (storing in
data area of the standard user program)
13 DPNRM_DG Reading out slave diagnostics (storing in data area of
the standard user program)
Position in the Diagnostic Message Frame of the Slave Diagnostics

When fail-safe modules are being used in a distributed configuration in the
ET 200M and a diagnostic interrupt occurs, data records 0 and 1 are entered in the
slave diagnostics of the ET 200M (interrupt section).
The position of the interrupt section in the slave diagnostics depends on the
structure of the diagnostic message frame and the length of the channel-related
diagnostics.
A detailed description of the structure of the diagnostic message frame and the
position of the interrupt section in accordance with the PROFIBUS standard can be
found in the section on "Commissioning and Diagnostics" in the
Distributed I/O Device ET 200M manual.

A5E00085586-08 12-1
Diagnostic Data of Signal Modules
Data Records 0 and 1 of the System Data

The diagnostic data of a module can be up to 16 bytes long and are located in data
records 0 and 1 of the system data area:
• Data record 0 contains 4 bytes of diagnostic data describing the state of the
signal module
• Data record 1 contains
- 4 bytes of diagnostic data of the signal module, which are also found in
data record 0
- Up to 12 bytes of channel-related diagnostic data
Structure and Content of Diagnostic Data

The structure and content of the individual diagnostic data bytes are described
below.
The following applies generally: If a fault occurs, the corresponding bit is set to "1".
Bytes 0 and 1
The following figure shows the content of bytes 0 and 1 of the diagnostic data.
7 6 5 4 3 2 1 0
Byte 0 0
Module fault
Internal fault
External fault
Channel fault exists
External auxiliary voltage missing

7 6 5 4 3 2 1 0
Byte 1 0 0 0 1 0 0 0
Module class: FM
Channel information available
Figure 12-1 Bytes 0 and 1 of diagnostic data

12-2 A5E00085586-08
Bytes 2 and 3
The following figure shows the content of bytes 2 and 3 of the diagnostic data.
7 6 5 4 3 2 1 0
Byte 2 0 0 0 0 0
Loss of communication

7 6 5 4 3 2 1 0
Byte 3 0 0 0 0
Processor failure
EPROM fault
RAM fault
ADC/DAC fault
Figure 12-2 Bytes 2 and 3 of diagnostic data

A5E00085586-08 12-3
Bytes 4 to 6
The following figure shows the content of bytes 4 to 6 of the diagnostic data.
7 6 5 4 3 2 1 0
Byte 4 0
Channel type B#16#30: fail-safe digital input module

B#16#31: fail-safe digital output module
B#16#32: fail-safe analog input module
7 0
Byte 5 0 0 0 0 0 0 0 0
7 0
Byte 6
Number of channels
24: SM 326; DI 24 x DC 24V; with diagnostic interrupt

8: SM 326; DI 8 x NAMUR; with diagnostic interrupt
10: SM 326; DO 10 x DC 24V /2A; with diagnostic interrupt
6: SM 336; AI 6 x 13Bit; with diagnostic interrupt
Figure 12-3 Bytes 4 to 6 of diagnostic data

12-4 A5E00085586-08
Bytes 7 to 9 for SM 326; DI 24 × DC 24V

The following figure shows the content of bytes 7 to 9 of the diagnostic data for
SM 326; DI 24 × DC 24V.
7 6 5 4 3 2 1 0
Byte 7
Channel fault on channel 0

7 6 5 4 3 2 1 0
Byte 8

7 6 5 4 3 2 1 0
Byte 9

Figure 12-4 Bytes 7 to 9 of diagnostic data for SM 326; DI 24 × DC 24V

A5E00085586-08 12-5
Byte 7 for SM 326; DI 8 × NAMUR

The following figure shows the content of byte 7 of the diagnostic data for SM 326;
DI 8 × NAMUR.
7 6 5 4 3 2 1 0
Byte 7

Figure 12-5 Byte 7 of diagnostic data for SM 326 DI 8 × NAMUR
Byte 7 for SM 326; DO 8 × DC 24V/2A PM

The following figure shows the content of byte 7 of the diagnostic data for the
SM 326; DO 8 × DC 24V/2A PM.
7 6 5 4 3 2 1 0
Byte 7

Figure 12-6 Byte 7 of diagnostic data for SM 326 DO 8 × DC 24V/2A PM

12-6 A5E00085586-08
Bytes 7 and 8 for SM 326; DO 10 × DC 24V/2A

The following figure shows the content of bytes 7 and 8 of the diagnostic data for
SM 326; DO 10 × DC 24V/2A.
7 6 5 4 3 2 1 0
Byte 7

7 6 5 4 3 2 1 0
Byte 8 0 0 0 0 0 0

Figure 12-7 Bytes 7 and 8 of diagnostic data for SM 326; DO 10 × DC 24V/2A

A5E00085586-08 12-7
Byte 7 for SM 336; AI 6 × 13 Bit

The following figure shows the content of byte 7 of the diagnostic data for the
SM 336; AI 6 × 13 Bit.
7 6 5 4 3 2 1 0
Byte 7

Figure 12-8 Byte 7 of diagnostic data for SM 336; AI 6 × 13 Bit

12-8 A5E00085586-08
13 Dimension Drawings
Signal Module
The following figure shows the dimension drawing of the signal modules (without
functionality for removal/insertion during operation). The different signal modules
can vary in appearance, but the specified dimensions are always the same.
hbjhb
80 120
SF
SAFE
0 4
1 5
125
2 6
3 7
Figure 13-1 Dimension drawing of signal module

A5E00048969-08 13-1
Dimension Drawings
Signal Module with Active Bus Module

The following figure shows the dimension drawing (side view) of a signal module
with "removal and insertion" functionality with active bus module, S7-300 module,
and explosion barrier. The specified dimensions are the same for all signal
modules on the active backplane bus.
Rail for the active bus module Intrinsically safe

"Insertion and Removal” function S7-300 module partition
155
125
122
59
152
166
Figure 13-2 Dimension drawing of a signal module with active bus module, S7-300 module, and explosion
barrier

13-2 A5E00048969-08
Dimension Drawings
Saftey Protector
The following figure shows the dimension drawing of the safety protector.
hbjhb125
40 117
Safety Protector
Do not
remove
with
125
power
on
Do not
remove
with
power
on
Figure 13-3 Dimension drawing of the safety protector

A5E00048969-08 13-3
Dimension Drawings
Bus Module for the Safety Protector
The following figure shows the dimension drawing of the bus module for the safety
protector.
hbjhb9
92
97
Figure 13-4 Dimension drawing of the bus module for the safety protector

13-4 A5E00048969-08
14 Accessories and Order Numbers
Accessories and Order Numbers

The following table lists the order numbers of the fail-safe signal modules, the
safety protector, and additional parts you can order for fail-safe signal modules.
Table 14-1 Accessories and Order Numbers
Component Order Number

Fail-safe signal modules
• SM 326; DI 24 × DC 24V 6ES7 326-1BK01-0AB0
• SM 326; DI 8 × NAMUR 6ES7 326-1RF00-0AB0
• SM 326; DO 8 × DC 24V/2A PM 6ES7 326-2BF40-0AB0
• SM 326; DO 10 × DC 24V/2A 6ES7 326-2BF01-0AB0
• SM 336; AI 6 × 13 Bit 6ES7 336-1HE00-0AB0
Safety Protector 6ES7 195-7KF00-0XA0
Bus module for safety protector 6ES7 195-7HG00-0XA0
Wiring chamber for SM 326; DI 8 × NAMUR (5) 6ES7 393-4AA10-0AA0
Labeling plate
• Yellow labeling strips (10) 6ES7 392-2XX20-0AA0
• Yellow cover plates, transparent yellow (10) 6ES7 392-2XY20-0AA0
Front panel connector, 40-pin
• Screw-type connection system 6ES7 392-1AM00-0AA0
• Spring-type connection system 6ES7 392-1BM00-0AA0
Bus connector 6ES7 390-0AA00-0AA0

A5E00085586-08 14-1
Accessories and Order Numbers

14-2 A5E00085586-08
15 Response times
Introduction
This appendix presents the response times of the fail-safe modules. The response
times of the fail-safe modules enter into the calculation of the response time of the
F-system.
You will find information about the calculation of the F-system response time in the
Safety Engineering in SIMATIC S7 system description.
Individual elements of the formulas below are taken from the technical
specifications for the respective module in Sections 9 and 10.
Definition of Response time

For fail-safe digital inputs: the response time represents the time between a signal
change at the digital input and safe delivery of the safety message frame on the
backplane bus.
For fail-safe digital outputs: the response time represents the time between an
arriving safety message frame from the backplane bus and the signal change at
the digital output.
Response time of SM 326; DI 8 × NAMUR

Response time of SM 326; DI 8 × NAMUR (with or without presence of a fault) is
calculated as the following:
Response time = internal processing time + input delay
Example SM 326; DI 8 × NAMUR:
Response time = 55 ms + 3 ms = 58 ms
When a fault is present, the response time is increased by the amount of the
parameterized discrepancy time, provided “1oo2 evaluation” was selected.
Note
The maximum response time is calculated by applying the maximum values from
the technical specifications for the fail-safe signal modules in the formulas above.

A5E00085586-08 15-1
Response times
Response time of SM 326; DO 10 X DC 24V/2A

The response time of the SM 326; DO 10 X DC 24V/2A (with or without a fault
present) is calculated using the following formula:
Response time = internal processing time + output delay
Whereby the output delay is always negligible
Example SM 326; DO 10 × DC 24V/2 A in safety mode:
Response time = 24 ms + 0 ms = 24 ms
Note
Maximum Response time of SM 326; DI 24 × DC 24V
Formula for calculating maximum response time when no fault is present:

Maximum response time when no fault is present = Tmax + 3 ms* + 6 ms**
* Input delay
** Short-circuit test duration = 2 x input delay
You assign parameters for the short-circuit test in STEP 7 (see Section 9.5).
Table 15-1 SM 326; DI 24 × DC 24V: Internal Processing Times
Sensor Evaluation Minimum Internal Maximum Internal

Processing Time Tmin Processing Time Tmax
1oo1 and 1oo2 6 ms 23 ms
Maximum Response time When a Fault is Present:

The following table contains the maximum response times for the
SM 326; DI 24 × DC 24V when a fault is present, according to the parameter
assignment in STEP 7 and the type of sense evaluation.
Table 15-2 SM 326; DI 24 × DC 24V: Maximum Response time When a Fault is Present
Short-Circuit Test 1oo1 Evaluation 1oo2 Evaluation***

Parameter
Short-circuit test disabled 31 ms 29 ms
Short-circuit test enabled 31 ms 29 ms
*** In the case of 1oo2 evaluation, the response times also depend on the assigned discrepancy
behavior:
Provide a value of 0: The times in the table above apply.
Provide last valid value: The times in the table above are increased by the parameterized
discrepancy time.

15-2 A5E00085586-08
Response times
Maximum Response time of SM 326; DO 8 × DC 24V/2 A PM

The maximum response time of the SM 326; DO 8 × DC 24V/2 A PM (with or
without a fault present) corresponds to the maximum internal processing time Tmax.
Minimum internal processing time Tmin = 3 ms
Maximum internal processing time Tmax = 10 ms
Response time of Fail-Safe Analog Input Modules

The response time (conversion time) of fail-safe analog input modules (with or
without a fault present) is calculated using the following formula:
Response time = response time per channel × N + base response time
Where N = number of enabled channels
Example SM 336; AI 6 × 13 Bit, all channels connected (N = 6), interference
frequency of 50 Hz:
Response time = 6 × 50 ms + 50 ms = 350 ms
When a fault is present, the response time is increased by the parameterized
discrepancy time, provided “2 sensors” were selected and the failure direction of
the signal is unsafe (or the “unit value” was not assigned in accordance with the
safe failure direction).
Note
Note on Calculation of Response times
Note
The MS Excel files for calculating maximum response times (s7fcotib.xls or
s7ftimeb.xls) provided with the S7 Distributed Safety and S7 F/FH Systems
optional packages support calculation of the “maximum response time when a
fault is present” by increasing the response time by the amount of the
parameterized discrepancy time.

A5E00085586-08 15-3
Response times

15-4 A5E00085586-08
16 Type Examination Certificate and
Declaration of Conformity
SM 326; DI 8 × NAMUR
This appendix contains the EC type examination certificate and declaration of
conformity for the SM 326; DI 8 × NAMUR for connection of signals from potentially
explosive locations.

A5E00085586-08 16-1
Type Examination Certificate and Declaration of Conformity
EC Type Examination Certificate for SM 326; DI 8 × NAMUR

16-2 A5E00085586-08
EC Type Examination Certificate for SM 326; DI 8 × NAMUR, Continued

A5E00085586-08 16-3
EC Type Examination Certificate for SM 326; DI 8 × NAMUR, Continued

16-4 A5E00085586-08
EC Type Examination Certificate for SM 326; DI 8 × NAMUR, Addendum

A5E00085586-08 16-5
Declaration of Conformity for SM 326; DI 8 × NAMUR

16-6 A5E00085586-08
17 Glossary
1oo1 Evaluation -> Sensor evaluation method: In 1oo1 evaluation, there is one -> sensor
and it is connected to the module via a single channel.
1oo2 Evaluation -> Sensor evaluation method - In 1oo2 evaluation, two input channels
are occupied, either by one 2-channel sensor or two single channel
sensors. The input signals are compared internally for equality
(equivalence) or non-equality (nonequivalence).
A
Acknowledgment During the acknowledgement time, the -> F-I/O acknowledge the sign of
Time life specified by the -> F-CPU. The acknowledgement time enters into
the calculation of the -> monitoring time and -> response time for the F-
system as a whole.
Actuator Actuators can be power relays or contactors for switching on consumers,

or they can be consumers themselves (for example, directly controlled
solenoid valves).
Availability Theprobability that a system is functional at a specific point in time.

Availability can be increased by redundancy, e.g., by using redundant
signal modules and/or by using multiple -> sensors at the same
measuring point.
C
Category Category in accordance with EN 954-01:
With -> fail-safe signal modules, categories up to category 4 can be
used in safety mode.
Channel Fault A channel fault is a channel-related fault, such as a wire break or a short
circuit.
Channel Number Channel numbers are used to uniquely identify the inputs and outputs of
a module and to assign channel-specific diagnostic messages.
Channel-Granular In this passivation method, when a -> channel fault occurs, only the
Passivation channel involved is passivated (method available in S7 F/FH systems
only). In the case of a -> module fault, all channels of the -> fail-safe
signal module are passivated.

A5E00085586-08 17-1
Glossary
CiR CiR stands for Configuration in RUN. System modification in RUN mode via CiR
enables configuration changes in parts of the system with distributed I/O while in
RUN mode. Process execution is thereby halted for a brief, assignable time
period. The process inputs retain their last value during this time period.
Configuration Systematic arrangement of individual signal modules (configuration)
CRC Cyclic Redundancy Check
CRC Signature A CRC signature in the safety message frame is used to safeguard the
validity of the process values in the safety message frame, the
correctness of the assigned address references, and the safety-related
parameters.
D
Dark Period Dark periods occur during switch-off tests and during complete bit
pattern tests. This involves test-related 0 signals being switched to the
output while the output is active. The output is then switched off briefly
(dark period). A sufficiently slow -> actuator does not respond and
remains switched on.
Discrepancy Discrepancy analysis for equivalence or nonequivalence is used for fail-

Analysis safe inputs to determine faults based on the time characteristic of two
signals with the same functionality. Discrepancy analysis is initiated
when different levels are detected for two associated input signals (for
nonequivalence testing, when the same levels are detected). After a
programmable time interval (so-called -> discrepancy time) has elapsed,
a check is made to determine whether the difference has disappeared
(for nonequivalence testing, whether the agreement has disappeared). If
not, this means that a discrepancy error exists.
There are two types of discrepancy analyses for fail-safe input modules:
• In the case of -> 1oo2 evaluation:
The discrepancy analysis is carried out between the two input signals of the
1oo2 evaluation in the fail-safe input module.
• In the case of redundant I/O (S7 FH systems only):
The discrepancy analysis is performed between the two input signals of the
redundant input modules by the fail-safe driver blocks of the S7 F Systems
optional software.
Discrepancy Time Discrepancy time is a period of time configured for the -> discrepancy
analysis. If the discrepancy time is set too high, the times for fault
detection and -> fault reaction are extended unnecessarily. If the
discrepancy time is set too low, availability is decreased unnecessarily
because a discrepancy error is detected when, in reality, no fault exists.

17-2 A5E00085586-08
Glossary
F
Fail-Safe Signal Signal modules of S7-300 that can be used for safety-related operation
Modules (-> safety mode) in S7 Distributed Safety or S7 F/FH fail-safe systems.
These modules are equipped with integrated -> safety functions.
Fail-Safe Systems Fail-safe systems (F-systems) are systems that remain in a safe state or
immediately switch to another safe state as soon as particular failures
occur.
Fault Reaction Time The maximum fault reaction time for an F-system is the time between
the occurrence of any fault and a safe response at all affected fail-safe
outputs. For -> F-System in total: The maximum fault reaction time is the
time between occurrence of any fault in any -> F-I/O and a safe
response at the relevant fail-safe output.
For inputs: The maximum fault reaction time is the time between the
occurrence of a fault and a safe response at the backplane bus.
For digital outputs: The maximum fault reaction time is the time between
the occurrence of a fault and a safe response at the digital output.
F-CPU An F-CPU is a central processing unit with fail-safe capability that is

permitted for use in S7 Distributed Safety/S7 F/FH systems. For S7 F/FH
systems, the F-copy license allows the central processing unit to be
used as an F-CPU. That is, it can execute a -> safety program. For S7
Distributed Safety, an F-copy license is not required. A -> standard user
program can also be run on the F-CPU.
F-I/O F-I/O is a group designation for fail-safe inputs and outputs available in
SIMATIC S7 for integration in S7 Distributed Safety and S7 F/FH
systems. The following F-I/O modules are available:
• ET 200eco Distributed I/O Station
• S7-300 fail-safe signal modules (F-SMs)
• ET 200S fail-safe modules
• Fail-safe DP standard slaves (for S7 Distributed Safety only)
F-monitoring time -> PROFIsafe monitoring time
F-SM -> Fail-safe signal modules
F-Systems -> Fail-safe systems

A5E00085586-08 17-3
Glossary
L
Light Period Light periods occur during complete bit pattern tests. This involves test-
related 1 signals being switched to the output while the output is inactive
(output signal "0"). The output is then switched on briefly (light period). A
sufficiently slow actuator does not respond to this and remains
deactivated.
M
Module Fault Module-wide fault: A module fault can be an external fault (such as
missing load voltage) or an internal fault (such as processor failure). An
internal fault always necessitates a module replacement.
Module An additional, identical module is operated redundantly to increase

Redundancy availability.
Monitoring Time -> PROFIsafe monitoring time
M-Switch (Current In the SM 326 DO 8 × 24 VDC/2 A PM, every fail-safe digital output
Sinking) consists of a P-switch DOx P (current sourcing) and an
M-switch DOx M (current sinking). The load is connected between the P
and M-switches. The two switches are always controlled so that voltage
is applied to the load.
N
Nonequivalent A nonequivalent -> sensor is a reversing switch that is connected to two
Sensor inputs of an -> F-I/O (via 2 channels) in -> fail-safe systems (for -> 1oo2
evaluation of sensor signals).
P
Parameter Parameter assignment via PROFIBUS DP: Transfer of slave parameters
Assignment from the DP master to the DP slave
Parameter assignment of modules: Setting the module behavior using
the STEP 7 configuration software
Passivation If an -> F-I/O module detects a fault, it switches either the affected
channel or all channels to a -> safe state; that is, the channels of the F-
I/O module are passivated. The F-I/O signals the detected faults to the -
> CPU.
For an F-I/O with inputs, if passivation occurs, the F-system provides
fail-safe values for the safety program instead of the process values
pending at the fail-safe inputs.
For an I/O module with outputs, if passivation occurs, the F-system
transfers fail-safe values (0) to the fail-safe outputs instead of the output
values provided by the safety program.

17-4 A5E00085586-08
Glossary
PG Programming devices (PGs) are compactly designed personal

computers made especially for use in an industrial setting. A
programming device (PG) is fully equipped for programming SIMATIC
automation systems.
Process Image The process image is a component of the system memory of the CPU.
At the start of the cyclical program, the signal states of the input modules
are transferred to the process image of the inputs. At the end of the
cyclic program, the process image of the outputs is transferred to the
output modules as the signal state.
Process Safety The process safety time of a process is a time interval during which the
Time process can be left on its own without risk to life and limb of the
operating personnel or damage to the environment.
Within the process safety time, any type of F-system process control is
tolerated. That is, during this time, the -> F-system can control its
process incorrectly or it can even exercise no control at all. The process
safety time depends on the process type and must be determined on a
case-by-case basis.
PROFIBUS PROcess FIeld BUS, German process and fieldbus standard specified in
IEC 61784-1:2002 Ed1 CP 3/1. This standard specifies functional,
electrical, and mechanical properties for a bit-serial field bus system.
PROFIBUS is available with the following protocols: DP (= distributed
I/O), FMS (= Fieldbus message specification), PA (= Process
automation), or TF (= Technological functions).
PROFIsafe Safety-related PROFIBUS DP/PA for communication between the -

> safety program and the ->
F-I/O in an -> F-system.
PROFIsafe Address Every -> F-I/O module has a PROFIsafe address You must configure the
PROFIsafe address in STEP 7
HW Config and set it on the F-I/O using a switch.
PROFIsafe Monitoring time for safety-related communication between the F-CPU

Monitoring Time and F-I/O
Proof-Test Interval A component must be set in the fail-safe state following the proof-test
interval. That is, it is replaced by an unused component or it is proven to
be completely without faults.
P-Switch -> See M-Switch.

A5E00085586-08 17-5
Glossary
R
Response time Response time starts with the detection of an input signal and ends with
the modification of a gated output signal.
The actual response time is between the shortest and the longest
response time. The longest response time must always be anticipated.
For fail-safe inputs: the response time represents the time between a
signal change at the input and safe delivery of the safety message frame
on the backplane bus.
For fail-safe digital outputs: the response time represents the time
between an arriving safety message frame from the backplane bus and
the signal change at the digital output.
Redundancy, Availability-enhancing redundancy means multiple availability of

Availability- components to ensure that components continue to function even in the
Enhancing event of hardware faults.
Redundancy, Multiple availability of components with the aim of exposing hardware

Safety-Enhancing faults based on comparison (for example, -> 1oo2 evaluation in -> fail-
safe signal modules.
Redundant Redundant switched I/O are a configuration variant of S7 FH systems in

switched I/O -> safety mode for increasing availability. -> F-CPU, PROFIBUS DP, and
-> F-I/O are redundant. In the event of a fault, the F-I/O are no longer
available.
Reintegration Once a fault has been eliminated, the -> F-I/O must be reintegrated
(depassivated). The reintegration (switchover from fail-safe values to
process values) occurs either automatically or only after user
acknowledgement in the safety program.
For an F-I/O module with inputs, the process values pending at the fail-
safe inputs are provided again for the -> safety program after
reintegration. For an F-I/O module with outputs, the -> F-system again
transfers the output values provided in the safety program to the fail-safe
outputs.
S
Safe State The basis of the safety concept for fail-safe systems is that there is a
safe state for all process variables. For digital signal modules, the safe
state is, for example, the value “0“.
Safety Function Safety function is a mechanism built into the -> F-CPU and -> F-I/O that
allows them to be used in -> S7 Distributed Safety or S7 F/FH systems.
IEC 61508: Function implemented by a safety system to ensure that the
system is kept in a safe state or brought to a safe state in the event of a
particular fault.

17-6 A5E00085586-08
Glossary
Safety Integrity The safety integrity level (SIL) is a safety class in accordance with
Level IEC 61508 and prEN 50129. The higher the safety integrity level, the
stricter the measures must be to prevent and eliminate systematic faults
and to remedy hardware failures.
With fail-safe signal modules, safety-integrity levels up to SIL 3 can be
used in safety mode.
Safety Message In safety mode, data are transferred between the -> F-CPU and -> the
Frame fail-safe signal module in a safety message frame.
Safety Mode Safety mode is the operating mode of the -> F-I/O that allows -> safety-
related communication by means of -> safety message frames. -> ET
200S fail-safe modules can only be used in safety mode. -> S7-300 F-
SMs can be used in -> standard mode or safety mode.
Safety Program The safety program is a safety-related user program.
Safety Requirement Safety requirement class (AK) in accordance with DIN V 19250 (DIN V
Class (AK) VDE 0801):
Safety requirement classes are a means of categorizing safety
requirements for preventing and remedying faults. With -> fail-safe signal
modules, safety requirement classes up to A6 can be used in -> safety
mode.
Safety-Related Safety-related communication is used to exchange fail-safe data.

Communication
Sensor Sensors permit exact acquisition of digital and analog signals and exact
measurement of routes, positions, velocities, rotational speeds, weights,
etc.
Sensor Evaluation There are two types of sensor evaluation:

• -> 1oo1 evaluation – Sensor signal is read out once
• -> 1oo2 evaluation: The sensor signal is read twice by the same
module and compared internally.
Single-channel I/O Single-channel I/O are a configuration variant of S7 Distributed

Safety/S7 F systems in -> safety mode. The -> F-CPU and -> F-I/O are
not redundant. In the event of a fault, the F-I/O are no longer available.

A5E00085586-08 17-7
Glossary
Single-channel Redundant switched I/O are a configuration variant of S7 FH systems in

switched I/O -> safety mode for increasing availability. -> F-CPU is redundant, ->
F-I/O are not redundant; if a fault occurs, a switch is made to the other ->
F-CPU. In the event of a fault, the F-I/O are no longer available.
Standard mode Operating mode of F-I/O, in which standard communication is possible

but not -> safety-related communication by means of -> safety message
frames.
Fail-safe signal modules of S7-300 can be used in standard mode or ->
safety mode. Fail-safe modules of ET 200S are designed for safety
mode only.
Static Parameter Static parameters can only be set when the CPU is in STOP mode and
cannot be changed by means of SFC (system function) while the user
program is running.
T
Thread length Air clearance and creepage distance in air
(Air clearance is the shortest distance between two components in air.
Creepage distance in air is the shortest distance in air between two
conductive parts along the surface of an insulating material)

17-8 A5E00085586-08
Index
Certification ....................................................1-2
Changes
1 from previous version .................................1-1
1oo1 evaluation............................................ 17-1 Changes in manual ........................................1-1
1oo2 evaluation..................................... 5-2, 17-1 Channel fault ................................................17-1
Channel number ...........................................17-1
CiR ................................................ 4-1, 9-6, 17-2
A Commissioning
fail-safe signal modules ..............................2-5
Accessories.................................................. 14-1 Communication
Acknowledgment time.................................. 17-1 safety-related............................................17-7
Actuator ....................................................... 17-1 Conditions of Use .........................................8-11
requirements .............................................. 6-5 Configuration .........................................4-1, 17-2
Address distributed...................................................3-1
PROFIsafe .......................................... 5-4, 5-7 local ............................................................3-1
Address assignment ...................................... 9-6 redundant ...................................................5-9
Address assignment in standard and safety Configuration in RUN.............................4-1, 17-2
modes ........................................................ 5-1 Configuration variants
Address range according to availability ..............................3-4
permissible................................................. 5-3 in safety mode ............................................3-3
Address switch........................................ 5-5, 5-7 in standard mode........................................3-2
for PROFIsafe addresses .......................... 5-7 Connecting capacitive loads.........................9-55
setting ................................................. 5-6, 5-8 Conventions
Addresses occupied by useful data ............... 5-2 in manual....................................................1-4
Addressing CPU
of channels in standard mode .................... 5-3 permitted .............................................3-2, 3-3
rules .................................................... 5-6, 5-8 CRC..............................................................17-2
AK 4, AK 6 ..................................................... 2-4 Cross circuit
Analog input module Avoidance.................................................9-60
measured value resolution ....................... 10-3
Analog value representation
measured value range ............................. 10-2 D
Assigning parameters .................................... 4-2
Availability .................................................... 17-1 Dark Period ...........................................6-7, 17-2
according to F-I/O ...................................... 3-4 Dark Period Suppression..............................9-80
higher......................................................... 4-2 Data records 0 and 1
diagnostic data .........................................12-1
Degree of protection .....................................8-13
B Degree of protection IP 20............................8-13
Diagnostic buffer ............................................7-3
Basic knowledge Diagnostic data.............................................12-1
requirements .............................................. 1-1 Diagnostic evaluation .....................................7-6
Diagnostic functions .......................................7-6
C Diagnostic interrupt ........................................7-7
assigning ....................................................7-7
Capacitive loads Diagnostic LEDs.............................................7-7
connecting ............................................... 9-55 Diagnostic messages
Connecting............................................... 9-71 SM 326, DI 24 DC 24V.........................9-30
Category ............................................... 3-4, 17-1 SM 326, DI 8 NAMUR ...........................9-49
Category 3 and 4 ........................................... 2-4 SM 326, DO 10 DC 24V/2A..................9-81
Causes of errors SM 326, DO 8 DC 24V/2A PM .............9-63
in SM 326, DI 24 DC 24V..................... 9-31 SM 336, AI 6 13 Bit ............................10-33
in SM 326, DI 8 NAMUR....................... 9-50 Diagnostic messages and corrective measures7-
in SM 326, DO 8 DC 24V/2A PM ......... 9-64 7
in SM 336, AI 6 13 Bit ........................ 10-34 Diagnostics by LED display ............................7-7
in the SM 326, DO 10 DC 24V/2A ....... 9-82 Digital Modules...............................................9-1

A5E00085586-08 Index-1
Index
Dimension drawing of bus module for safety IM 153

protector................................................... 13-4 permitted .............................................3-2, 3-3
Dimension drawing of safety protector......... 13-3 Increased availability ......................................2-4
Dimension drawing of signal module ........... 13-1 Input delay....................................................15-2
DIN V 19250 .................................................. 2-4 Insertion/removal............................................6-4
DIP switch ............................................... 5-5, 5-7 Installing .........................................................5-9
Discrepancy Analysis................. 9-2, 10-32, 17-2 Interferences
Discrepancy Behavior .................................... 9-2 pulse-shaped.......................................8-7, 8-8
Discrepancy time ......................................... 17-2 sinusoidal ...................................................8-8
Distributed configuration ................................ 3-1 IP 20 .............................................................8-13
Documentation Isolation test .................................................8-13
additional ................................................... 1-2
Duration of Sensor Signals
Requirement for ......................................... 6-6 L
Light period...................................................17-4
E Loads, capacitive
Connecting ...............................................9-71
Electromagnetic Compatibility........................ 8-6 Local configuration .........................................3-1
EMC............................................................... 8-6 Logical base address......................................5-5
EMC guidelines.............................................. 8-9
EN 954-1........................................................ 2-4
Environmental Requirements....................... 8-11 M
mechanical............................................... 8-11 Manual
contents......................................................1-4
F Measuring sensor
analog input module .................................10-8
F Configuration Pack ..................................... 4-1 Module fault..................................................17-4
F_destination_address................................... 5-4 Module redundancy ......................................17-4
assigning.................................................... 5-7 Module starting address .................. 5-1, 5-4, 5-5
Fail-safe automation system .......................... 2-2 Monitoring time.............................................17-4
Fail-safe signal module .................................. 2-2 M-switch (current sinking).............................17-4
Fail-safe systems ......................................... 17-3
Fault reaction time ....................................... 17-3
Fault reactions ............................................... 7-2 N
F-CPU.......................................................... 17-3 Namur sensors ...............................................6-5
F-I/O.................................................... 17-3, 17-5 Nominal line voltages ...................................8-13
Field of Application......................................... 8-4 Nonequivalent sensor...................................17-4
F-monitoring time ......................................... 17-3
Front panel connector .................................... 6-3
F-SM .............................................................. 2-2 O
F-System ....................................................... 2-2
example configuration................................ 2-3 Operation safety
Functional extra-low voltage of system ....................................................1-7
safe ............................................................ 6-2 Order number ........................................1-1, 14-1
Overvoltage protection .................................11-4
G P
General Techical Specifications..................... 8-1
Group diagnostics .......................................... 7-5 Parameter assignment .................................17-4
Parameter Reassignment in RUN ..................9-6
Parameters.....................................................4-2
H Passivation ............................................7-3, 17-4
Channel-granular......................................17-1
H/F Competence Center ................................ 1-5 Power supplies ...............................................6-3
Hazardous Areas ......................................... 9-35 Process image..............................................17-5
Higher availability........................................... 4-2 Process safety time ......................................17-5
How to use PROFIBUS ...................................................17-5
manual ....................................................... 1-4 PROFIsafe....................................................17-5
address...................................... 5-4, 5-7, 17-5
I address assignment ...................................5-7
-Monitoring time........................................17-5
IEC 1131 ........................................................ 8-4 Programming device.....................................17-5
IEC 61508 ............................................. 2-4, 9-11 Proof-test interval ................................9-11, 17-5

Index-2 A5E00085586-08
Index
Protection Class........................................... 8-13 Single-channel I/O.................................3-4, 17-7

P-switch ....................................................... 17-5 Single-channel switched I/O ..................3-4, 17-8
Pulse-Shaped Interference ..................... 8-7, 8-8 SM 326, DI 24 DC 24V
Purpose of manual......................................... 1-1 Applications ..............................................9-10
Causes of Errors and Remedies ..............9-31
Channel numbers .......................................9-8
R Connection and block diagram ...................9-9
Radio interferences Diagnostic messages ...............................9-30
emission of................................................. 8-9 External Sensor Supply ..............................9-9
Reading out diagnostic messages with STEP 7 Features .....................................................9-5
................................................................... 7-8 Front View ..................................................9-7
Recycling and disposal .................................. 1-4 internal sensor supply...............................9-20
Redundancy Order number .............................................9-5
availability-enhancing............................... 17-6 Parameter.................................................9-24
safety-enhancing...................................... 17-6 Short Circuit to M and L+..........................9-31
Redundant Configuration ........................ 5-9, 8-9 Sinusoidal Interferences .............................8-8
Redundant I/O......................................... 2-4, 4-2 SM 326, DI 8 NAMUR
Redundant switched I/O........................ 3-4, 17-6 Address Assignment ................................9-36
References Applications ..............................................9-41
additional ................................................... 1-2 Causes of Errors and Remedies ..............9-50
Reintegration......................................... 7-4, 17-6 Channel numbers .....................................9-38
Replacing modules ........................................ 6-4 Connectable Sensors ...............................9-37
Requirement class ......................... 2-4, 3-4, 17-7 Connection and block diagram .................9-37
Requirements Diagnostic messages ...............................9-49
software ..................................................... 4-1 Features ...................................................9-35
Response time ............................................. 17-6 Front View ................................................9-36
fail-safe analog input modules ................. 15-3 Order number ...........................................9-35
fail-safe digital modules ........................... 15-1 Technical specifications............................9-52
SM 326, DO 10 DC 24V/2A
Address Assignment ................................9-72
S Applications ..............................................9-74
Causes of Errors and Remedies ..............9-82
Safe extra-low voltage ................................... 6-2 Channel Numbers ....................................9-73
Safe state....................................... 2-2, 7-3, 17-6 Connection and block diagram .................9-73
Safety class ............................................ 2-4, 3-4 Diagnostic messages ...............................9-81
Safety function ............................................. 17-6 Features ...................................................9-69
Safety integrity level.............................. 6-5, 17-7 Front View ................................................9-72
Safety message frame ................................. 17-7 Order Number ..........................................9-69
Safety mode............................2-3, 2-4, 5-7, 17-7 SM 326, DO 8 DC 24V/2A PM
replacing modules............................. 6-4, 11-5 Address Assignment ................................9-56
Safety program ............................................ 17-7 Applications ..............................................9-58
Safety protector.............................................. 3-4 Causes of Errors and Remedies ..............9-64
block diagram........................................... 11-3 Channel numbers .....................................9-57
front view ............................................... 11-3 Connection and block diagram .................9-57
Order No. ................................................. 11-2 Diagnostic messages ...............................9-63
set up in ET 200M/S7-300 ....................... 11-4 Front View ................................................9-56
technical specifications ............................ 11-6 Order number ...........................................9-54
Scope Properties .................................................9-54
of manual ................................................... 1-1 Technical specifications............................9-67
DIN V VDE 0801 ............................................ 2-4 SM 336, AI 6 13 Bit
Sensor ......................................................... 17-7 address assignment .................................10-5
requirements .............................................. 6-5 front view ............................................... 10-5
Sensor evaluation ........................................ 17-7 SM 336, AI 6 13 Bit ................................10-36
Sensor Signal applications ............................................10-10
Requirement for Duration........................... 6-6 causes of errors and corrective measures..10-
Sensor Supply 34
internal ..................................................... 9-20 Channel numbers .....................................10-7
Setting safety mode ................................ 5-5, 5-7 connection and block diagram..................10-6
Short-circuit test ........................................... 15-2 diagnostic messages ..............................10-33
Signal module external sensor supply..............................10-7
fail-safe ...................................................... 2-2 order number............................................10-4
SIL 2, SIL 3 properties .................................................10-4
Requirement classes ................................. 2-4 Software requirements ...................................4-1
Safety classes............................................ 2-4

A5E00085586-08 Index-3
Index
Standard mode ..................................... 2-3, 17-8 Transport and storage conditions .................8-10
addressing of channels .............................. 5-3 TÜV certificate................................................8-5
Static parameter........................................... 17-8
STEP 7 .......................................................... 4-1
Substitute value ............................................. 7-2 U
Substitute value output ........................... 7-2, 7-4 Underflow .....................................................10-2
Support
additional ................................................... 1-5
Switching capacitive loads ........................... 9-71 V
Vibration .......................................................8-11
T Voltages
nominal line ..............................................8-13
Technical specifications
general ....................................................... 8-1
Safety protector........................................ 11-6 W
SM 326, DI 8 NAMUR........................... 9-52
SM 326, DO 8 DC 24V/2A PM............. 9-67 Wire break ....................................................10-2
SM 336, AI 6 13 Bit............................ 10-36 Wire Chamber .....................................9-35, 9-38
Test Voltages ............................................... 8-13 Wiring .............................................................6-3
Thread length...................................... 9-40, 17-8
Training center ............................................... 1-5

Index-4 A5E00085586-08
Your Address:
Name:
Siemens AG
Company:
A&D AS SM ID Position:
Postfach 1963
Street:
D-92209 Amberg
Postal code / Place:
Telefax: +49(9621)80-3103
Email:
mailto:doku.automation@siemens.com
Phone:
Fax:
Your Feedback as regards the S7 Distributed Safety
Dear SIMATIC user,
Our goal is to provide you information with a high degree of quality and usability, and to continuously
improve the SIMATIC documentation for you. To achieve this goal, we require your feedback and
suggestions. Please take a few minutes to fill out this questionnaire and return it to me by Fax, e-mail or
by post.
We are giving out three presents every month in a raffle among the senders. Which present would you
like to have?
SIMATIC Manual Collection Automation Value Card Laser pointer
Dr. Thomas Rubach,

Head of Information & Documentation
General Questions
1. Are you familiar with the SIMATIC Manual 3. Do you use Getting Starteds?
Collection?
yes no
yes no
if yes, which:
2. Have you ever downloaded manuals from the 4. How much experience do you have with the
internet? S7 Distributed Safety?
yes no Expert
Experienced user
Advanced user
Beginner
SIMATIC S7 Distributed Safety: feedback

A5E00297771-04
Please specify the documents, for which you want to answer the questions below:
A: Manual S7 Distributed Safety, D: Manual ET 200eco, Distributed I/O

Configuring and Programming Fail-Safe I/O Module
B: Manual S7-300, Fail-Safe E: System Description

Signal Modules Safety Engineering in SIMATIC S7
F: Getting Started
C: Manual ET 200S, Distributed I/O System S7 Distributed Safety
Fail-Safe Modules
G: ET 200pro Distributed I/O Device -
Fail-Safe Modules
1. In which project phase do you use this Were able to find the required information?
document frequently?
yes no
Information Assembly
which was not:
Planning Commissioning
Configuration Maintenance &

Service 4. What is the scope of the information?
Programming others: Just right
Not enough - which topic:
2. Finding the required information in the

document:
Too detailed – which topic:
How quickly can you find the desired information in
the document?
immediately not at all 5. Is the information easy to understand (texts,

figures, tables)?
after a brief after a long
search search yes no
if no, which was not:
Which search method do you prefer?
Table of contents Index
Full-text search others:

6. Are examples important to you?
no, of less importance

Which supplements/improvements would you like
in order to help you find the required information �quickly? yes, important –were the examples
enough?
yes no
if no, on which topic:

3. Your judgement of the document as regards
content.
How satisfied are you with this document 7. What are your suggestions as regards the
contents of the document?
Totally satisfied not very satisfied
Very satisfied not satisfied
Satisfied
Thank you for your cooperation
SIMATIC S7 Distributed Safety: feedback

A5E00297771-04

S7300 Fail-Safe Modules e

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

S7300 Fail-Safe Modules e

Transféré par

Droits d'auteur :

Formats disponibles

s

1 Preface ............................................................................................................................ 1-1

2 Product Overview........................................................................................................... 2-1

5 Addressing and Installing ............................................................................................. 5-1

Fail-Safe Signal Modules

9 Digital Modules............................................................................................................... 9-1

Fail-Safe Signal Modules

10 Analog Module ............................................................................................................. 10-1

13 Dimension Drawings.................................................................................................... 13-1

14 Accessories and Order Numbers ............................................................................... 14-1

15 Response times............................................................................................................ 15-1

16 Type Examination Certificate and Declaration of Conformity................................. 16-1

Fail-Safe Signal Modules

Fail-Safe Signal Modules

Purpose of the Manual

Scope of the Manual

Module Order Number Release Version and

SM 326; DO 8 × DC 24V /2A PM 6ES7326-2BF40-0AB0 01

Fail-Safe Signal Modules

Certification Mark for Australia (C-Tick Mark)

Position in the Information Landscape

Documentation Brief Description of Relevant Contents

Fail-Safe Signal Modules

Documentation Brief Description of Relevant Contents

• The S7-400, M7-400 Programmable Controllers Hardware and

Fail-Safe Signal Modules

Documentation Brief Description of Relevant Contents

The entire SIMATIC S7 documentation is available on CD-ROM.

How to Use this Documentation

Recycling and Disposal

Fail-Safe Signal Modules

Fail-Safe Signal Modules

Service & Support on the Internet

Fail-Safe Signal Modules

Important Note for Maintaining Operational Safety of Your System

Fail-Safe Signal Modules

Fail-Safe Signal Modules

Fail-Safe Signal Modules

2.2 Using Fail-Safe Signal Modules

What is a Fail-Safe Automation System?

What Are Fail-Safe Signal Modules?

What Fail-Safe Signal Modules Are Available?

Table 2-1 Useable interface modules

Interface module Order number

Possible Use of Fail-Safe Signal Modules

Fail-Safe Signal Modules

F-System with Fail-Safe Signal Modules

S7-300 with Fail-safe

Figure 2-1 S7 Distributed Safety Fail-Safe Automation System

Use in Standard Mode

Use in Safety Mode

Fail-Safe Signal Modules

Achievable Safety Classes

Table 2-2 Achievable Safety Classes in Safety Mode

Safety Class in Safety Mode

Increased Availability in Standard Mode and Safety Mode

Fail-Safe Signal Modules

2.3 Guide to Commissioning Fail-Safe Signal Modules

Sequence of Steps from Selecting to Commissioning F-SMs

Table 2-3 Sequence of Steps from Selecting to Commissioning F-SMs

Step Procedure See ...

Fail-Safe Signal Modules

Fail-Safe Signal Modules

Local and Distributed Configuration