Function Example No.

MC-FE-I-007-V10-EN

SIMOTION with SINAMICS S120

Safety Integrated Extended Functions
Fail-safe drives
Controlling a D435 via TM54F and F-CPU
 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Preliminary remarks
Functional examples for the topic "Safety Integrated" are fully-functioning
and tested automation configurations based on standard I DT & IA products
for simple, fast and low-cost implementation of automation tasks in safety
engineering. Each of the functional examples presented deals with sub-task
of a typical problem that customers are frequently confronted with in safety
engineering.
Besides listing all the necessary software and hardware components, and
describing their interconnection, the functional examples also include tested
and commented code. This means that the functions described here can be
set up within a short time and can thus be used as the basis for expanded
and adapted solutions.

Important Note
The safety function examples are non-binding and do not claim to be com-
plete in respect of configuration, equipment or any type of contingency. The
Copyright © Siemens AG 2009 All rights reserved

safety function examples are not customer-specific solutions but are only
intended to provide support in implementing typical tasks. You are respon-
31410726 _mc_fe_i_007_v10_en.doc

sible for the correct operation of the products described.

These safety function examples do not relieve you of the obligation to use
the products safely during application, installation, operation and mainte-
nance. By using these safety function examples, you acknowledge the fact
that Siemens cannot be held liable for any claims or damages above and
beyond the liability described above. We reserve the right to make changes
to these safety function examples at any time without prior notice. For de-
viations between the recommendations in these safety function examples
and other Siemens publications - e.g. Catalogs - then the contents of the
other documentation have priority.

I DT Safety Integrated Page 2/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Table of contents
1 Warranty conditions, liability, and support .................................................. 5
2 Automation function....................................................................................... 6
2.1 Description of the function example.................................................................. 6
2.2 Advantages / customer benefits ....................................................................... 9
3 Required components.................................................................................. 10
3.1 Hardware components.................................................................................... 10
3.2 Software components ..................................................................................... 11
3.2.1 Engineering software ...................................................................................... 11
3.2.2 Firmware......................................................................................................... 11
4 Configuration and wiring ............................................................................. 12
4.1 Overview of the hardware configuration ......................................................... 12
4.2 Wiring of the hardware components ............................................................... 12
4.2.1 Wiring the control voltage ............................................................................... 12
4.2.2 Principle connection of the F-CPU to the TM54F ........................................... 14
Copyright © Siemens AG 2009 All rights reserved

4.2.3 DRIVE-CLiQ interconnection .......................................................................... 15

31410726 _mc_fe_i_007_v10_en.doc

4.3 Important settings of the hardware components............................................. 16

4.3.1 Bus interfaces ................................................................................................. 16
4.3.2 Bus topology ................................................................................................... 18
5 Overview and operation ............................................................................... 19
5.1 Description of operation.................................................................................. 19
5.2 Summary of the input signals ......................................................................... 21
6 Example project ............................................................................................ 22
6.1 Passwords ...................................................................................................... 22
6.2 Hardware configuration of the fail-safe control ............................................... 23
6.3 Programming the fail-safe control................................................................... 27
6.4 Configuring the drives..................................................................................... 30
6.4.1 Inserting SIMOTION into the existing SIMATIC project .................................. 30
6.4.2 Basic commissioning of the SINAMICS drives (without safety) ...................... 33
6.5 Parameterizing the safety functions in SINAMICS Integrated ........................ 39
6.5.1 Configuring the message frame...................................................................... 39
6.5.2 Configuring the fail-safe TM54F terminal module........................................... 40
6.5.3 Configuring the safety functions in the drives ................................................. 43
6.5.4 Configuring the safety data block on the SINAMICS side .............................. 47
6.6 SIMOTION ...................................................................................................... 49
6.6.1 Creating SIMOTION axes............................................................................... 49
6.6.2 SIMOTION programs ...................................................................................... 58
6.6.3 Configuration of the execution system............................................................ 61
6.6.4 SIMOTION messages..................................................................................... 63
6.7 Download of the project example ................................................................... 63

I DT Safety Integrated Page 3/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.7.1 Downloading the S7-F-CPU project configuration .......................................... 64

6.7.2 Downloading the project configuration of SIMOTION and SINAMICS
Integrated ................................................................................................... 65
6.8 Acceptance test .............................................................................................. 67
7 History ........................................................................................................... 67
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

I DT Safety Integrated Page 4/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

1 Warranty conditions, liability, and support

Siemens shall not be held liable for the information provided in this docu-
ment.
We accept no liability for any damage or loss caused by the examples, in-
formation, programs, planning data, or performance data described in this
safety function example, irrespective of the legal basis for claims arising
from such damage or loss, unless liability is mandatory (for example, in ac-
cordance with the German Product Liability Act in cases of intent, gross
negligence, due to endangerment of life, the body or health, due to as-
sumption of a guarantee for a product's characteristics of state, due to ma-
licious concealment of a defect, or due to violation of basic contractual obli-
gations). Any compensation for violation of basic contractual obligations,
however, shall be limited to the foreseeable damage or loss which is typi-
cally envisaged in contracts unless there has been gross negligence or un-
less liability is mandatory due to endangerment of life, the body, or health.
Any change to the burden of proof to your disadvantage is not covered he-
reby.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Copyright© 2009 Siemens I DT. Reproduction or transmission of these ap-

plication examples or extracts thereof are forbidden without the express
written authority of Siemens I DT.

If you have any questions about this article, please send an e-mail to
the following address:
[email protected]

I DT Safety Integrated Page 5/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

2 Automation function
2.1 Description of the function example

The following safety functions according to IEC 61800-5-2 are integrated in

SINAMICS S120 drives:

Name Function Description

STO Safe Torque Off • The torque-generating energy-feed to the
motor is switched off in a safety-oriented fa-
shion.
• The closing lock-out prevents the drive unit
from being restarted. (Stop function, Cate-
gory 0 according to EN 60204-1)
SBC Safe Brake Con- • SBC is only used when there is a motor
trol brake; the motor brake is connected to the
power connector through the outputs.
• SBC always responds in conjunction with
STO or when internal safety monitoring
Copyright © Siemens AG 2009 All rights reserved

functions respond with safe pulse suppres-

31410726 _mc_fe_i_007_v10_en.doc

sion.
SS1 Safe Stop 1 • The drive is quickly and safely stopped
along the OFF3 ramp and is safely moni-
tored.
• Transition to STO after a delay time has ex-
pired or the shutdown speed has been rea-
ched. (Stop function, Category 1 according
to EN 60204-1)
SS2 Safe Stop 2 • The drive is quickly and safely stopped
along the OFF3 ramp and is safely moni-
tored.
• Transition into SOS after a delay time has
expired; the drive remains in closed-loop
control. (Stop function, Category 2 accor-
ding to EN 60204-1)
SOS Safe Operating • This function serves to safely monitor the
Stop standstill position of a drive; the drive re-
mains in closed-loop control.
SLS Safely-Limited • The drive speed is safely monitored.
Speed • Parameterizable shutdown response when
the limit value is violated.
SSM Safe Speed Mo- • Safely displays when a speed limit is fallen
nitor below (n < nx)

These extended safety functions can be controlled via PROFIsafe with

PROFIBUS as well as via a TM54F terminal expansion module. In this ex-
ample, the safety functions are controlled via the TM54F.

I DT Safety Integrated Page 6/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Task description
A system equipped with SINAMICS S120 drives is controlled from a
SIMOTION D435. Different safety functions are required in the system.
SIMOTION itself has no safety functions. The extended safety functions in-
tegrated in the SINAMICS S120 drives are used.
These safety functions integrated in the drive are to be controlled from a
TM54F using hardware signals. The drives belong to different drives
groups. An F-CPU handles the safety-oriented logical pre-processing of the
input signals.
This function example is based on the SIMOTION D435 training case
(6ZB2 470-0AE00) and the SAFETY training case.
A typical overview of the assumed machine configuration is shown in the
following diagram.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

The following safety functions are used as basis for further consideration.

I DT Safety Integrated Page 7/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Safety
Description Response
function
Drive 1 is quickly stopped in a
controlled fashion -> subse-
The Emergency Stop button is quent pulse suppression (SS1)
SF1
actuated
Drive 2 is stopped with imme-
diate pulse suppression (STO)
Drive 1 should be stopped The SIMOTION brakes drive 1
quickly when safety door 1 is in the closed-loop position con-
opened. Drive 1 must then be trolled mode. The standstill
SF2
stopped with speed setpoint = position is safely monitored
0 and the standstill position (SOS) after a delay time has
safely monitored. expired
When safety door 2 is open,
The speed of drive 2 is moni-
SF3 drive 2 must not exceed a ma-
tored (SLS)
ximum speed
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Solution
Hardware overview

This function example shows how the STO, SS1, SOS and SLS safety
functions are controlled via the terminal expansion module TM54F at a
SIMOTION D435 with a SINAMICS S120 drive group.
The drive line-up in the booksize format comprises an infeed and a Double
Motor Module. A SIMOTION D435 is used for the closed-loop motion con-
trol and closed-loop motor control. The two servomotors, which are inde-

I DT Safety Integrated Page 8/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

pendent of one another, are controlled from the Double Motor Module. A
Smart Line Module is used as infeed.
The safety-oriented signals are sensed using fail-safe inputs of the ET200M
and evaluated in the F-CPU. The pre-processed signals are transferred to
the TM54F terminal expansion module via fail-safe ET200M outputs. These
control the safety functions integrated in the SINAMICS S120 drive.
When Emergency Stop is initiated, drive 1 is stopped using the SS1 func-
tion integrated in the drive and drive 2 is stopped with STO.
Two switches in the Safety training case each simulate a safety door for
drive 1 and 2. If safety door 1 is opened, then SIMOTION brakes drive 1
down to standstill (zero speed). After a configurable time has expired, the
standstill position is safely monitored (the SOS function is selected). When
the door is closed, axis 1 restarts (the SOS function is deselected). When
safety door 2 is opened, the speed of drive 2 is monitored against a config-
urable maximum value (SLS function). The setpoint speed is limited to 80%
of the selected SLS stage. The speed limit is withdrawn if the simulated
door is closed again. The other drive is not influenced.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

2.2 Advantages / customer benefits

• The safety functions integrated in the drive are simply controlled.

• Simple design using standard technology.
• The existing system can be quickly and simply expanded.
• Space-saving and favorably-priced design using integrated safety
functions – additional hardware is not required.
• User-friendly evaluation and diagnostic information is available in the
SIMOTION system.
• Complex safety concepts can be realized using this as basis.

I DT Safety Integrated Page 9/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

3 Required components
The hardware components and software versions required to realize the
function example are listed in this chapter.

3.1 Hardware components

SAFETY training case (essential components)

Component Type MLFB/Ordering data Qty Manufac-
turer

SITOP power supply SITOP SMART 120W 6EP1 333-2AA01 1 Siemens

CPU 315F-2 PN/DP 6ES7 315-2FH13-0AB0 1 Siemens

SIMATIC S7-300 CPU SIMATIC Micro Memory Card,
6ES7 953-8LJ20-0AA0 1 Siemens
512KB
SIMATIC S7 fail-safe input
SM 326 F-DI 24 6ES7 326-1BK01-0AB0 1 Siemens
module

SIMATIC S7 fail-safe output

SM 326 F-DO 8 6ES7 326-1BF40-0AB0 1 Siemens
module
Copyright © Siemens AG 2009 All rights reserved

SINAMICS fail-safe Termi-

TM54F 6SL3050-0AA00-3BA0 1 Siemens
nal Module
31410726 _mc_fe_i_007_v10_en.doc

Drive-CLiQ Cable, gray, metal connector 6FX2002-1DC00-1AC0 1 Siemens

Safety door simulation Toggle switch 0-I, latching,

3SB2000-2AB01 2 Siemens
switches 16mm, black
S2 and S3 Holder with solder pins 3SB2908-0AB 2 Siemens
Emergency Stop command Mushroom pushbutton, red,
3SB2000-1AC01 1 Siemens
device 16mm
S1 Holder with solder pins 3SB2908-0AB 1 Siemens
Pushbutton, flat button, 16 mm,
3SB2000-0AG01 1 Siemens
Reset button white
S4 Holder with lamp holder, lamp
3SB2455-1B 1 Siemens
and solder pins

Load resistors Type PO595-0 Style 0207

Yageo
1kOhm 1W Power metal oxide film 1
R1 .. R8 Europe
resistors
Phoenix
ST 2.5-QUATTRO-TG 3038451 8
Terminals for load resistors Contact
(R1..R8) Phoenix
P-CO component connector 3036796 8
Contact
WID_MET_SHT_1K2_+-
Load resistor R9 SMA0207 1K2 1% TK 1%_600mW_+50ppm_02 1 Beyschlag
07
TERMINALS_ACCESSORY_EM
PTY 280-801 1 WAGO
Terminals for load resistor CONNECTOR_TYPE1_GRAY
(R9)
TERMINAL_4-
280-686 1 WAGO
CONDUCTOR_GRAY

I DT Safety Integrated Page 10/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

SIMOTION training case

Component Type MLFB/Ordering data Qty Manufactu
rer

SIMOTION training case D435 6ZB2 470-0AE00 1 SIEMENS

Note The function example was tested with the hardware components listed
here. Alternatively, other components with the same function may be
used. In such a case, a different parameterization and different wiring of
the components may be required.

3.2 Software components

3.2.1 Engineering software

Component Type MLFB/Ordering data Qty Manufacturer

STEP 7 V5.4 SP4 6ES7810-4CC08-0YA5 1 Siemens

S7 Distributed Safety
Copyright © Siemens AG 2009 All rights reserved

V5.4 SP4 6ES7833-1FC+02-0YA5 1 Siemens

programming
31410726 _mc_fe_i_007_v10_en.doc

S7 F ConfigurationPack V5.5 SP5 1 Siemens

SIMOTION SCOUT V4.1 SP2 6AU1810-1BA41-2XA0 1 Siemens

3.2.2 Firmware

All SINAMICS components must have firmware release V2.5 SP1 or

higher.
SIMOTION must be operated with a firmware release V4.1 SP1 or higher.

I DT Safety Integrated Page 11/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

4 Configuration and wiring

4.1 Overview of the hardware configuration
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Basic configuration

4.2 Wiring of the hardware components

4.2.1 Wiring the control voltage

I DT Safety Integrated Page 12/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

I DT Safety Integrated Page 13/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

4.2.2 Principle connection of the F-CPU to the TM54F

failsafe digital output

module (ET200S/
ET200M) TM54F

-X520
1 L3+
2 M1
-X521
1 L1+
DO 0+ 2 DI 0
F-DI 0
3 DI 1+
F-DO 0 4 DI 2
R1 R2 F-DI 1
5 DI 3+
DO 0- 6 DI 1-
7 DI 3-
M1 8 M1

Connection, F-DO P/M switching(F-CPU) → F-DI (TM54F)

Copyright © Siemens AG 2009 All rights reserved

Dimensioning the load resistors

31410726 _mc_fe_i_007_v10_en.doc

Any conditions specified for the digital output in the manufacturer's

documentation, (e.g. a minimum load or a maximum load resistance)
should be taken into account.
For example, a minimum load of 1 kΩ is specified for the SIMATIC ET200S
4 F-DO I/O module.
This means that two additional load resistors of 1 kΩ and a continuous load
capacity of at least P = V²/R = (28.8V)²/1 kΩ = 830 mW are required to
connect such an F-DO with an F-DI of the TM54F.
Note: When using regulated SITOP power supplies, the voltage tolerance
on the 24 V side is significantly less than the maximum permissible
tolerance of +20% of the power supply voltage at the ET200S modules.
The power dissipated in the resistor is, in this case, less than the maximum
power calculated above.

I DT Safety Integrated Page 14/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

4.2.3 DRIVE-CLiQ interconnection

The SINAMICS units should be connected-up using the DRIVE-CLiQ cable

as shown in the following diagram.

TM54F D435 SLM DMM

DRIVE-CLiQ DRIVE-CLiQ DRIVE-CLiQ

-X500 -X100 -X200
-X501 -X101 -X201
-X102 -X202
-X103 -X203
PROFIBUS
-X126
-X127

Ethernet Encoder 2
-X120
-X130

Encoder 1
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

DRIVE-CLiQ interconnection

I DT Safety Integrated Page 15/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

4.3 Important settings of the hardware components

In this function example, the PROFIBUS interfaces of the F-CPU and the
D435 are only used for programming. Hardwired 24 V signals are used
exclusively for the safety-oriented signal exchange between the F-CPU and
the TM54F.

4.3.1 Bus interfaces

Programming device / PC
• PROFIBUS address = 0
• As the F-CPU used is the bus master, the PROFIBUS interface of the
programming device must not be configured as the only master on the
bus (do not enter a checkmark in the field "PG/PC is the only master on
the bus").
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

I DT Safety Integrated Page 16/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

SIMOTION D435
• PROFIBUS address = 2
• The PROFIBUS address is set via HW Config.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

SIMATIC 315F-2 PN/DP CPU

• PROFIBUS address = 4

I DT Safety Integrated Page 17/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

4.3.2 Bus topology

View in NetPro
Copyright © Siemens AG 2009 All rights reserved

Conditions for operation

31410726 _mc_fe_i_007_v10_en.doc

• The SIMATIC components have been mounted and connected with one
another. The PROFIsafe addresses of the fail-safe input and output
modules must be set using the DIL switch; see Chapter 6.2 Hardware
configuration of the fail-safe control.
• All of the components are connected as specified in Chapter 4.2 Wiring
of the hardware components.
• The DRIVE-CLiQ topology of the SINAMICS components has been
maintained.
• The motors are connected to the Motor Module using the power and
encoder cable.
• The Motor Module is correctly connected with the infeed (DC link and
24 V DC control voltage).
• The infeed is connected to the line supply.
• The components are supplied with 24 V DC.

I DT Safety Integrated Page 18/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

5 Overview and operation

5.1 Description of operation
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Hardware overview

In order to be able to operate the drives, SIMOTION must first be switched

into the "RUN" state. In the example, this is realized using SCOUT. To do
this, object D435 is selected and the righthand mouse key pressed. The
following selection should now be made: Target device -> Operating state

I DT Safety Integrated Page 19/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

The window then opens in which you can set the operating state of
SIMOTION. The rotary switch should be set to the RUN position.
Switches -S1 to -S4 are located on a switchbox that belongs to the Safety
training case. The various safety functions are selected using these
switches. Switches -S5 to -S10 are located on a switchbox that belongs to
the SIMOTION training case. These switches are used to switch axis
enable signals, start travel programs, initiate the test function for the safety
functions and acknowledge faults.
The Emergency Stop button S1 must be released in order to be able to
operate the drives
The axis enable signals for drive 1 (upper motor) are switched using switch
-S5. The associated travel program can be started and stopped using -S6.
For axis 2 (lower motor), -S7 is used to issue the enable signal and the
travel program is activated or deactivated with -S8. Pending alarms on the
SIMOTION as well as drive alarms can be acknowledged using -S9. The
safety alarms are the exception in this case, as they must be acknowledged
in a fail-safe fashion using -S4. The test stop to be cyclically executed for
the safety functions in the drives as well as the TM54F is activated using -
Copyright © Siemens AG 2009 All rights reserved

S10.
31410726 _mc_fe_i_007_v10_en.doc

If the Emergency Stop pushbutton -S1 is pressed, then for drive 1 (upper
motor), safety function SS1 is initiated; i.e. the drive is braked along the
OFF3 ramp and then STO is activated. STO is directly initiated for drive 2
(lower motor); i.e. the drive coasts down. When Emergency Stop is initiated
drive 1 comes to a standstill before drive 2.
Drive 1 can be operated when safety door 1 is closed (toggle switch -S2). If
-S2 is opened, then safety function SOS is initiated; i.e. SIMOTION brakes
the drive down to standstill. The drive standstill position is safely monitored
after a configurable time has expired. If the simulated safety door -S2 is
closed again, then the travel program is restarted. In this case, an ON
command is not necessary.
Drive 2 can be operated at any speed when safety door 2 is closed (toggle
switch -S3). If -S3 is opened, then SIMOTION limits the travel speed to
80% of the speed limit value of stage 1 of safety function SLS. This limit
value is monitored by safety function SLS after a defined time has expired.
If -S3 is closed again, then SLS is switched-out and the speed limit on the
SIMOTION is withdrawn. The drive can now be operated again with the
configured speed.

I DT Safety Integrated Page 20/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

5.2 Summary of the input signals

Digital inputs of the SINAMICS Integrated at the SIMOTION D435

Sets / withdraws axis
DI0 -S5 Drive 1
enable signals
Starts/stops the travel
DI1 -S6 Drive 1
program
Sets / withdraws axis
DI2 -S7 Drive 2
enable signals
Starts/stops the travel
DI3 -S8 Drive 2
program
Drive 1 / Drive 2 / TM54F
DI6 -S9 Acknowledges alarms
/ SIMOTION
DI7 -S10 Drive 1 / Drive 2 / TM54F Initiates a test stop
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Fail-safe inputs at the F-DI module

Drive 1: SS1
F-DI0 -S1 Emergency Stop button
Drive 2: STO
F-DI1 -S2 Safety door 1 (for drive 1) SOS
F-DI2 -S3 Safety door 2 (for drive 2) SLS
Fail-safe
acknowledgement (drive 1
F-DI3 -S4 Acknowledgement button
& 2) and depassivation (all
F slaves)

I DT Safety Integrated Page 21/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6 Example project
In this chapter, you get to know how the individual components must be
parameterized. SIMOTION SCOUT is used as the engineering software for
SIMOTION and the SINAMICS S120. Distributed Safety is a prerequisite
for programming the F-CPU.
It will now be described how the software project belonging to this function
example was set-up.

6.1 Passwords

For reasons of simplicity, in the project, a common safety password is used

for the program and hardware on the SIMATIC components. Also when
configuring the Safety functionality of the SINAMICS components, one
password is used for the drives and for the TM54F terminal expansion
module.
• Safety password on the F-CPU: "0"
• Safety password on SINAMICS components: "1"
Copyright © Siemens AG 2009 All rights reserved

These passwords should be changed for real applications!

31410726 _mc_fe_i_007_v10_en.doc

I DT Safety Integrated Page 22/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.2 Hardware configuration of the fail-safe control

Description Remark

In the SIMATIC
Manager, insert a
SIMATIC 300 station
into the project.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Completely create and

parameterize the
station in HW Config.

To do this, in the parts

list from Chapter 3.1
Hardware components,
drag the modules from
the catalog window and
drop them into the con-
figuration window.
Set the address of the
DP interface as
described in Chapter
4.3.

I DT Safety Integrated Page 23/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Configuring the F CPU

In the properties
window of the F-CPU,
under the Protection
tab, activate access
protection for the F-
CPU and protect using
a password.
Activate the safety
program ("CPU
contains safety
program").
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Configuring the F-DI

module.

Configure the
PROFIsafe address
using DIL switches.

Configuring the F-DI

module.

Configuring F-DI 0
(channels 0, 12)

I DT Safety Integrated Page 24/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Configuring the F-DI

module.

Configuring F-DI 1
(channels 1, 13)

Configuring F-DI 2
(channels 2, 14)
Copyright © Siemens AG 2009 All rights reserved

Configuring F-DI 3
31410726 _mc_fe_i_007_v10_en.doc

(channels 3, 15)

Configuring F-DI 5
(channels 5, 17)

Configuring the F-DO

module.

Configure the
PROFIsafe address
using DIL switches.

I DT Safety Integrated Page 25/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Configuring the F-DO

module.

Configuring F-DO 0

Configuring F-DO 1

Configuring F-DO 2
Copyright © Siemens AG 2009 All rights reserved

Configuring F-DO 5
31410726 _mc_fe_i_007_v10_en.doc

Configuring F-DO 7

Save and compile HW

Config.
Download HW Config
into the F-CPU.

I DT Safety Integrated Page 26/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.3 Programming the fail-safe control

The safety program was deliberately selected to be as simple as possible.

In this particular case, the main task of the safety program is to transfer the
signals at the F-DIs to the F-DOs. The F-DOs are connected to the F-DIs of
the TM54F. The safety functions of the drives are controlled from the
TM54F. The blocks required for the safety program are first created.
Caution:
In this form, it is not permissible that the program is used for a real
application.
You start with the F-call block. This is required to call the safety program.
To do this, a function (in this case, FC1) must be inserted into the block
folder using the the F-call programming language. Cyclic interrupt OB35 is
required to cyclically call the safety program.
In this example, the actual safety program is executed in a function block
(here, FB1), this means that FB 1 must now be inserted using the F-LAD or
F-FBD programming language.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Description Remark

Programming OB35

Calling the safety

program

I DT Safety Integrated Page 27/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Programming FB1

Network 1:
Activate automatic
acknowledgement

Network 2:
Control signal lamp in -
S4.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Programming FB1

Network 3:
-S1 (Emergency Stop)
is interconnected to F-
DO 0.

Network 4:
-S2 is interconnected,
inverted to F-DO 1.

Network 5:
-S3 is interconnected
to F-DO2.

Network 6:
-S4 is interconnected
to F-DO5.

Network 7:
-S4 is used for
acknowledgement.

I DT Safety Integrated Page 28/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Creating the new F-

Runtime group

Here, the safety

program (FB1) is
assigned to FC1 and
the associated I-DB is
defined.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Then, generate the

safety program and
download into the
CPU.

In addition, download
the standard blocks
into the F-CPU.

I DT Safety Integrated Page 29/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.4 Configuring the drives

The basic configuring of SINAMICS Integrated is described in this section.

Safety commissioning is discussed in the next point.

6.4.1 Inserting SIMOTION into the existing SIMATIC project

Description Remark
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Insert an additional
SIMATIC 300 station
into the existing object.

I DT Safety Integrated Page 30/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Then (if required)

rename the station,
e.g. as "SIMOTION D"
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Select the appropriate

SIMOTION component
from the catalog and
transfer into the work
area (drag & drop).

I DT Safety Integrated Page 31/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Configure and network

the DP interface of the
SIMOTION being
used.
In the example, DP2 is
used (also refer to
Section 4.3.2, Bus
topology)

Then save and

Copyright © Siemens AG 2009 All rights reserved

compile. Then
31410726 _mc_fe_i_007_v10_en.doc

download HW Config
into SIMOTION. HW
Config can now be
closed.

SIMOTION is now
integrated into the
existing project.

I DT Safety Integrated Page 32/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.4.2 Basic commissioning of the SINAMICS drives (without safety)

Description Remark

Open SCOUT /
STARTER from the
SIMATIC project (->
double click on
"Commissioning")

Go online
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Start the automatic

configuration of the
drives.

Select the "Servo"

control type for both
drives.

I DT Safety Integrated Page 33/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Go offline and "Save

and Compile"
Post configuration,
drive 1

In the Project
Navigator for drive 1
(SERVO_02), open the
configuration window.

"Configure DDS" starts

the navigated post
configuration.

Note: In the following,

only those screen
forms are described in
which a change is
required.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Post configuration,
drive 1

A signal for "Infeed in

operation" (p0864)
must be configured.
Here, fixed binector 1
is used in the example.

I DT Safety Integrated Page 34/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Post configuration,
drive 1

The PROFIdrive
message frame
(p0922) must be set for
the drive. Message
frame type 105 is used
here in the example.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Post configuration,
drive 2

Start the Configurator

as described for drive
1 (drive 2 is
SERVO_03).

A signal for "Infeed in

operation" (p0864)
must be configured.
Here, fixed binector 1
is used in the example.

I DT Safety Integrated Page 35/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Post configuration,
drive 2

The second drive does

not have a Drive-CLiQ
encoder; the motor
must be manually
selected.

A 1FK7022 - 5AK71 -
1AG0 motor is used in
the example.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Post configuration,
drive 2

Just like the motor, the

encoder must also be
manually selected. The
is also realized using
the type number
(MLFB).

I DT Safety Integrated Page 36/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Post configuration,
drive 2

The PROFIdrive
message frame
(p0922) must be set for
the drive. Message
frame type 105 is used
here in the example.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

The TM54F is
automatically created,
if for the automatic
configuration, it was
connected to the D435
via Drive-CLiQ.

The topology for the

function example can
be seen here.

Save the configuration,

then go online and
download the modified
project.

I DT Safety Integrated Page 37/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

For the SERVO_02

object, open the
"Speed controller"
window using the
Project Navigator.

For both drives, in the

example, the speed
controller was set as
shown here:
P gain = 0.1 Nms/rad
Reset (integral) time =
10ms
Copyright © Siemens AG 2009 All rights reserved

On both drives,
several parameters
31410726 _mc_fe_i_007_v10_en.doc

now have to be
adapted in the expert
list.
Adaptation to 230V
operation.
Configuring the OFF3
ramp.
p2101 = r722.6 in the expert list of the CU
Interconnect alarm
acknowledgement with
-S9 (= DI 6 SINAMICS
Integrated).

Now copy RAM to

ROM (on SINAMICS
Integrated), download
the configuration into
the PG and save.

I DT Safety Integrated Page 38/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.5 Parameterizing the safety functions in SINAMICS Integrated

6.5.1 Configuring the message frame

Description Remark

In SCOUT, open the

window to configure
the PROFIdrive
message frame
Copyright © Siemens AG 2009 All rights reserved

Insert the message

frame extension for the
31410726 _mc_fe_i_007_v10_en.doc

so-called safety data

block.
3 words are required to
transfer data from the
drive to SIMOTION.
Insert this message
frame extension for
both drives.

Select message frame

type 390 for the CU.
Transfer changes into
the HW Config.

The message frame

(telegram)
configuration should
now look like it is
shown here (assuming
that the same address
has been assigned).

Save, go online and

download the
configuration.

I DT Safety Integrated Page 39/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.5.2 Configuring the fail-safe TM54F terminal module

Note:
The fail-safe terminal module must be configured online.

Description Remark

Open the "Safety

Integrated" Window of
the TM54F and
activate the
commissioning mode
with "Change settings".
The password for the
first commissioning is
"0".
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

"Configuration" window

The following have to

be configured in the
example:
Assignment, drives /
drive groups
Discrepancy time F-DI
F-DI for fail-safe
acknowledgement
Signal source for
forced dormant error
detection

I DT Safety Integrated Page 40/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

"Drive group 1" window

The following have to

be configured in the
example:
STO statically inactive
SS1 via F-DI 0
SOS via F-DI 1
SS2 and SLS statically
inactive
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

"Drive group 2" window

The following have to

be configured in the
example:
STO via F-DI 0
SS1, SS2 and SOS
statically inactive
SLS via F-DI 2

I DT Safety Integrated Page 41/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

"Outputs" window

The following have to

be configured in the
example:
1st signal for F-DO 0
with checkback signal
SSM for drive group 1.
2nd signal F-DO 0 with
checkback signal SSM
for drive group 2.

Copy parameters and

then open the dialog
box to change the
password.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Assign a new
password. The value
"1" is used in the
example.

Activate settings

Execute RAM to ROM

backup (start with
"OK").

Note:
The system can be immediately restarted. However, it is recommended to
configure the safety functions of the axes beforehand.

I DT Safety Integrated Page 42/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.5.3 Configuring the safety functions in the drives

Notes:
The safety functions in the drives must be configured online.
Only the windows are described in which parameter changes are required.
For both drives, safety functions STO, SS1, SS2, SOS, SLS and SSM are
commissioned so that they are able to be controlled. However, for drive 1,
the example is restricted to selecting SS1 and SOS. STO and SLS are
controlled for drive 2.
The safety functions are configured precisely the same way for both drives.

Description Remark
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Open the "Safety

Integrated" window of
drive 1/2 (SERVO_02 /
SERVO_03) and
activate the
commissioning mode
using "Change
settings".
The password for the
first commissioning is
"0".

I DT Safety Integrated Page 43/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

"Safety Integrated"
window

The following have to

be configured in the
example:
Select control with
"Motion monitoring via
TM54F"
Set enable signals to
"Enable".
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

"Configuration" window

The following have to

be configured in the
example:
Velocity limit (SSM)
with 100 mm/min
Signal source, test
stop with DI7 of
SINAMICS Integrated

I DT Safety Integrated Page 44/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

"Safe stops" window

The following have to

be configured in the
example:
Delay time SS1 ->
Pulse suppression =
500msec
Delay time selection
SOS -> SOS active =
500msec
Delay time SS2-> SOS
active = 500msec
Acceleration
monitoring =
Copyright © Siemens AG 2009 All rights reserved

500mm/min
Shutdown speed SS1
31410726 _mc_fe_i_007_v10_en.doc

= 100mm/min
Standstill tolerance
SOS = 2.5mm

"Safely limited speed"

window

The following have to

be configured in the
example:
n_max for stage 1 =
625mm/min

Copy parameters and

then open the dialog
box to change the
password.

I DT Safety Integrated Page 45/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Assign a new
password. The value
"1" is used in the
example.

Activate settings

Execute RAM to ROM

Copyright © Siemens AG 2009 All rights reserved

backup.
Axial backup is
31410726 _mc_fe_i_007_v10_en.doc

sufficient (start with

"Axis parameters").
Note:
Only restart the system
after configuring has
been completed.

For Version V2.5

(SINAMICS
Integrated), now for
both drives, the clock
1. p10 = 95
cycle synchronous 2. p9761 = password (in the example "1")
internal PROFIBUS 3. p9510 = 1
still has to be adapted. 4. p9700 = 57hex
5. p9701 = AChex
6. p10 = 0
Now, copy from RAM
to ROM (in SINAMICS
Integrated).
Carry out a Power On
reset.
Go online, download
the configuration into
the PG and save.

If you have carried out the safety commissioning for all drives, with
Emergency Stop deselected, you can operarte the drives from the control
panel or SIMOTION.

I DT Safety Integrated Page 46/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

The use of the safety functions integrated in the drive is selected and these
can be activated or deactivated using the operator control elements at the
F-CPU.
Only the following messages should be visible.

However, these messages do not influence the functionality described

above. They only state that the test stop of the safety functions in the drives
is required (A1697) or the forced dormant error detection of the TM54F
must be executed (A35014). They are alarms, i.e. the drives can be
switched-on and operated.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

6.5.4 Configuring the safety data block on the SINAMICS side

The message frame extension for the so-called safety data block was cre-
ated in Section 6.5.1. Here, the objective is to supply this data block with
the required data from SINAMICS Integrated. 6 bytes / 3 words are re-
quired. The data is sent from the drive to SIMOTION. No safety signals are
sent from SIMOTION to the drive.
The user connects up the process data using the BiCo interconnection in
SINAMICS. The sequence of the individual signals in the safety data block
must not be changed.

The checkback signal bits of the drive safety functions are transferred in
the first word.

I DT Safety Integrated Page 47/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

The following BiCo interconnection must be made for each drive:

The status word is then available at parameter r2089[3].

The effective setpoint speed limiting when selecting SLS (r9733) is
transferred as floating-point number in the second and third words.
Copyright © Siemens AG 2009 All rights reserved

The interconnection of the safety datablock on the drive side has the
31410726 _mc_fe_i_007_v10_en.doc

following assignment:

Safety status word

r2089[3]

effective setpoint speed limiting

r9733 [0] = p9531 [x] * p9533 / p9520
(x: active SLS stage)

The SINAMICS safety status signals are shown in the SIMOTION system
variables D435.Axis_1.drivedata.drivesafetyextendedfunctionsinfodata.state.
The value of the setpoint speed limit is shown in
D435.Axis_1.drivedata.drivesafetyextendedfunctionsinfodata.safespeedlimit.

I DT Safety Integrated Page 48/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.6 SIMOTION

6.6.1 Creating SIMOTION axes

On the SIMOTION side, the axes should be created as follows using the
Commissioning Wizards. SERVO_02 is assigned to Axis_1, SERVO_03 is
correspondingly connected to Axis_2. The procedure is shown for an axis
(Axis_1) as example. The two axes must be configured before the project is
downloaded into SIMOTION.

Description Remark

Start the
Commissioning
Copyright © Siemens AG 2009 All rights reserved

Wizards by double-
31410726 _mc_fe_i_007_v10_en.doc

clicking on "Insert Axis"

in the Project
Navigator.
In the example, the
first axis is called
"Axis_1".
"Speed control" and
"Positioning" are
activated.

I DT Safety Integrated Page 49/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

The default values are

kept. It involves a
linear axis with electric
drive.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Also in the "Units"

window, in the
example, the default
values are kept.

I DT Safety Integrated Page 50/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

Modulo correction is
not activated in the
example.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

The assignment
between SIMOTION
object (Axis_1) and the
SINAMICS axis
(SERVO_02) is
established in this
window.
Transfer data from the
drive (Normalization
speed and maximum
speed).

Check as to whether
PROFIdrive message
frame 105 is selected.

Open the following

window using the
"Change PROFIdrive
message frame"
button.

I DT Safety Integrated Page 51/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

As the SINAMICS
drives have now been
configured, here a
check is only made as
to whether the values
were correctly
accepted. Generally,
changes are not
required.

It is especially
important that you
check the message
frame extension of 3
Copyright © Siemens AG 2009 All rights reserved

words on the input side

31410726 _mc_fe_i_007_v10_en.doc

as this is required to
transfer safety data
from the drive to
SIMOTION.

The encoder is
assigned here.
The encoder data can
be transferred into the
Wizard using the "Data
transfer from the drive"
button.

I DT Safety Integrated Page 52/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

The additional encoder

data are displayed
here. Changes are not
required if data transfer
from the drive was
performed error-free.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

Complete the Wizard

to create the axis
object on SIMOTION.

I DT Safety Integrated Page 53/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

After completing the

Commissioning
Wizards, for the
example, only a few
parameter changes are
required. These are
shown in the following
windows.
"Default value" window

Set the velocity to a

value of 83.33 mm/s
(this corresponds to
300 rpm).
The value of
333.33mm/s2 is
entered for the
Copyright © Siemens AG 2009 All rights reserved

acceleration and
deceleration.
31410726 _mc_fe_i_007_v10_en.doc

"Limits" window

Set the maximum

velocity to a value of
500mm/s.

I DT Safety Integrated Page 54/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

"Control" window

The Servo gain factor

is set to a value of 12
1/s in the example.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

For the second axis,

there are differences in
the "Drive assignment"
window.

Here, enter the logical

hardware addresses
according to Servo_03.

I DT Safety Integrated Page 55/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

For the second axis,

there are also
differences in the
"Encoder assignment"
window.
The encoder data can
be transferred into the
Wizard using the "Data
transfer from the drive"
button.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

For the second axis,

there are also
differences in the
"Encoder data"
window.
The additional encoder
data are displayed
here. Changes are not
required if data transfer
from the drive was
performed error-free.

I DT Safety Integrated Page 56/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

Description Remark

As the "Safety alarms"

of SIMOTION do not
completely comply with
the specification, it is
recommended that
these are hidden for
both axes.

The window is opened

by selecting the
TechFault task in the
execution system and
then pressing the
"Alarm configuration"
button.
Copyright © Siemens AG 2009 All rights reserved

In this example, the

axis-specific responses
31410726 _mc_fe_i_007_v10_en.doc

are also not based on

these alarms.

After the two axes

have been
commissioned on the
SIMOTION side, the
project must be saved
and downloaded into
SIMOTION (in the
Project Navigator,
select D435).

If commissioning was Axis_1

carried out as shown
here, then all of the
settings for the safety
block are correct.
Now, it only has to be
checked that the start Axis_2
address was correctly
entered (276 for
Axis_1 and 320 for
Axis_2)

I DT Safety Integrated Page 57/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.6.2 SIMOTION programs

The programs used in the function example are briefly presented in this
section. The program code and a very detailed description will not be given
as the program itself has comments.
ST programs include the comments directly in the code. For MMC
programs, commented blocks are identified by a green triangle in the upper
righthand corner. The comment can be opened by selecting the block and
opening a menu with the righthand mouse key. Here, the "Enter comment
..." entry must be selected.

6.6.2.1 IO_ReadWrite (reading in or writing digital I/Os)

The digital inputs of SINAMICS Integrated of the SIMOTION D435 are used
to control (open-loop) axis motion. These inputs are read into SIMOTION
via the I/O variable "io_cu320_inword". The outputs of SINAMICS
integrated can be controlled via the "io_cu320_outword" variable; however,
this is not applicable for this example. The inputs are used, e.g. to switch-
on the drives, start travel programs, acknowledge faults and to start the test
Copyright © Siemens AG 2009 All rights reserved

stop or the forced dormant detection.

31410726 _mc_fe_i_007_v10_en.doc

The two variables are created as shown as follows in the Project Navigator
under "I/O".

In this example, SINAMICS Integrated provides the DIs at address 298

(corresponds to PZD 2 of the Control Unit in the send direction). Address
298 should also be used for the outputs (corresponds to PZD 2 of the
Control Unit, receive direction).
The "IO_ReadWrite" program was taken from the FAQ with number
29063656. The program parts not required were subsequently removed.
Detailed documentation as well as the program code can be downloaded
under the following link:
http://support.automation.siemens.com/WW/view/en/29063656
The program is executed in the background task and provides the signals
for the program sequence of SIMOTION at the digital inputs of SINAMICS
Integrated via the variables mentioned above.

6.6.2.2 Axis_01.mmc_bg_task1 (sequential control system for Axis_1)

The upper drive of the demonstration case (Axis_1; or SERVO_02) is

controlled using this program. The program is cyclically processed in the
background task and is responsible for switching-in/switching-out the axis
enable signals, the fault acknowledgement as well as starting and stopping
the travel program "mt_axis_1".
Program functions:
-S5 (DI 0) setting or withdrawing enable signals for Axis_1

I DT Safety Integrated Page 58/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

-S6 (DI 1) starting or stopping the travel program "mt_axis_1".

-S9 (DI 6) acknowledging alarms

6.6.2.3 Axis_02.mmc_bg_task2 (sequential control system for Axis_2)

The lower drive of the demonstration case (Axis_1; or SERVO_02) is

controlled using this program. The program is cyclically processed in the
background task and is responsible for switching-in/switching-out the axis
enable signals, the fault acknowledgement as well as starting and stopping
the travel program "mt_axis_2".
Program functions:
-S7 (DI 2) setting or withdrawing enable signals for Axis_2
-S8 (DI 3) starting or stopping the travel program "mt_axis_2".
-S9 (DI 6) acknowledging alarms

6.6.2.4 Axis_01.mt_axis_1 (travel program for Axis_1)

The travel program comprises 3 travel commands, which are cyclically

called from "mmc_bg_task1", as long as a HIGH signal level is present at -
Copyright © Siemens AG 2009 All rights reserved

S1. This means that after starting the travel program once, "endless
motion" of the axis is executed until this is interrupted by selecting a safety
31410726 _mc_fe_i_007_v10_en.doc

function or using a LOW signal level at -S1. This program is executed in

MotionTask_3. This task is cyclically started from program
"Axis_01.mmc_gb_task1".

6.6.2.5 Axis_02.mt_axis_2 (travel program for Axis_2)

The travel program comprises 3 travel commands, which are cyclically

called from "mmc_bg_task2", as long as a HIGH signal level is present at -
S3. This means that after starting the travel program once, "endless
motion" of the axis is executed until this is interrupted by selecting a safety
function or using a LOW signal level at -S3. This program is executed in
MotionTask_4. This task is cyclically started from program
"Axis_02.mmc_gb_task2".

6.6.2.6 Axis_01.mt_safety_axis_1

The axis-specific responses to selecting or deselecting the safety functions

are executed in this program. As several safety functions can be
simultaneously active, the priority must first be determined before the axis-
specific response can be executed. To do this, the value of a variable is
determined, which can then be used to select the response (using a CASE
statement). In the example, the subsequently described responses are
initiated for the individual functions. After they have been executed, the
variables for the state of the individual safety functions (determined in
ST_Main.extsafety) as well as also for the priority assignment (determined
in Axis_01.mt_safety_1) are reset. This program is executed in
MotionTask_6.

I DT Safety Integrated Page 59/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

STO
When selecting STO, no special response is necessary as the impulses are
immediately suppressed. When deselecting, a response is also not
necessary as after deselecting STO, a new ON command must be set.
SS1
When selecting SS1, the axis must be switched into the follow-up mode
and the "Axis_01.mt_axis_1" motion program interrupted. To do this, Mo-
tionTask_3 and the actual traversing command are interrupted. When
deselecting SS1, MotionTask_3 is reset so that it can be restarted. As SS1
automatically results in an STO, a new ON command is required to restart
axis motion.
SS2
When selecting SS2, the axis must be switched into the follow-up mode
and the "Axis_01.mt_axis_1" motion program interrupted. To do this,
MotionTask_3 and the actual traversing command are interrupted.
MotionTask_3 is continued when SS2 is deselected. The motion is
automatically continued when deselected. An additional command is not
necessary.
SOS
Copyright © Siemens AG 2009 All rights reserved

When selecting SOS, axis motion is stopped down to standstill in the

31410726 _mc_fe_i_007_v10_en.doc

closed-loop position controlled mode using a STOP command.

MotionTask_3 is then interrupted in order to prevent axis travel initiated by
the next positioning command. When SOS is deselected, MotionTask_3 is
continued again and the next pending positioning command executed. This
means that also here, a command is not necessary to restart axis motion.
SLS
When selecting SLS, the maximum permissible velocity (SIMOTION
variable: pluslimitsofdynamics.velocity) when positioning is reduced to the
value that is transferred from SINAMICS Integrated (via the so-called safety
data block) to SIMOTION. Motion is now executed at a reduced velocity.
When deselecting SLS, this limit value is reset to the original value.

6.6.2.7 Axis_02.mt_safety_axis_2

See 6.6.2.6, whereby this program is processed in MotionTask_7 and axis

motion of Axis_2 is monitored using MotionTask_4.

6.6.2.8 ST_VarGlobal

Variables required to evaluate the safety status word are defined in this ST
program.

6.6.2.9 ST_Main

This program comprises the three subprograms "startup",

"extsafety" and "techfault".
Note:
Presently, it is still not possible to configure the response depending on
SIMOTION safety messages 50201 to 50203, as the alarms still do not

I DT Safety Integrated Page 60/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

completely comply with the specification. This is the reason that the safety
status word must be cyclically evaluated.
"startup"
In this program, the axis instances are assigned, i.e. it is defined as to
which axis corresponds to which variable. Further, the velocity limit of the
SIMOTION configuration project is buffered here in a variable. When
selecting SLS, this value is overwritten and when deselected, must be
available again. The program is processed in the StartupTask.
"extsafety"
The safety status work is evaluated in this program in order to obtain
information as to which safety functions are in which state. A distinction is
made between the states "selected" (coming event), "active" "deselected"
(going event) and "inactive". Depending on this information, the motion task
is then started, which includes the program for the axis-specific response to
safety functions (MotionTask_6 for Axis_1 and MotionTask_7 for Axis_2).
In the example, the program is processed in the IPO task; however, this is
only necessary if the SS2 or SS1 functions are being used. Without these
two functions, processing in the Background Task is sufficient. When
Copyright © Siemens AG 2009 All rights reserved

selecting safety functions SS1 or SS2, the drive immediately decouples

31410726 _mc_fe_i_007_v10_en.doc

itself from the higher-level setpoint of SIMOTION when the function is

selected. It is now important to prevent a following error from occuring that
would then result in pulse suppression. This is the reason that in these
cases, processing must be as fast as possible. The SOS and SLS functions
have a configurable timer between selecting and activating; this is the
reason that there is more time available for the SIMOTION response.
"Techfault"
This involves a dummy program that must be integrated in the
TechnologicalFaultTask. If this is missing, then for a TechnologicalFault
alarm, the operating state of SIMOTION changes into the "STOP" operating
state.
6.6.2.10 other_MMCs.peripheralfault

This involves a dummy program that must be integrated in the

PeripheralFaultTask. If this is missing, then for a Peripheral-Fault alarm, the
operating state of the SIMOTION changes into the "STOP" operating state.

6.6.2.11 other_MMCs.executionfault

This involves a dummy program that must be integrated in the

ExecutionFaultTask . If this is missing, then for a Execution-Fault alarm, the
operating state of the SIMOTION changes into the "STOP" operating state.

6.6.3 Configuration of the execution system

The various SIMOTION programs must now be assigned to various tasks.

The function example is based on the following configuration.

I DT Safety Integrated Page 61/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

I DT Safety Integrated Page 62/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.6.4 SIMOTION messages

6.6.4.1 Safety message

On the SIMOTION side, there are 3 messages for the extended safety
functions.
50201: Safety alarm in the drive
50202: Drive starts Safety Integrated Extended function
50203: Drive completes Safety Integrated Extended function
Presently, these messages can still not be used for configuring the axis-
specific responses of SIMOTION. This is the reason that they are hidden
for both axes for this function example.

6.6.4.2 Other messages

When selecting the different safety functions, additional messages are

displayed. These are expected and do not represent incorrect behavior.
Copyright © Siemens AG 2009 All rights reserved

20005: Device type: X, log. address: Y faulted.

This fault also occurs when selecting STO and SS1 and indicates that the
31410726 _mc_fe_i_007_v10_en.doc

drive has shut itself down.

30002: Command aborted (reason: X, Command type: Y)
This message should also be monitored when selecting STO and SS1 as
well as when "stopping" positioning by shutting down -S6 or S8. The reason
for this message is that the actual positioning command was interrupted
before or during processing.
40002: Programmed velocity is limited
The fault occurs when SLS is selected if the configured velocity lies above
the limit for SLS.
40005: Missing enable signals(s) (Parameter1: X) and/or incorrect mode
(Parameter2: Y)
The fault occurs when STO is selected and means that for a pending
motion command, the axis enable signals are missing.

6.7 Download of the project example

Up until now, the configuration of the function example was described step-
by-step. The following steps should now be followed if the project example
is to be directly downloaded into the hardware.
To start, all of the components (S7-F-CPU, SIMOTION and SINAMICS
Integrated) should be generally reset or reset to the factory setting.

I DT Safety Integrated Page 63/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

6.7.1 Downloading the S7-F-CPU project configuration

To start, the HW configuration of the S7-F-CPU must be downloaded. The

HW configuration is opened by double-clicking on "Hardware".

Depending on the default values and the previous configuration on the F-

CPU side, if required, the baud rate of the PC/PG interface must be
adapted to download the hardware configuration of the F-CPU. If
SIMOTION and the F-CPU have the same PROFIBUS address (2 is the
default value for both), then it is only necessary to first connect the F-CPU
with the PC/PG in order to download the HW configuration. Therefore, it is
Copyright © Siemens AG 2009 All rights reserved

only necessary to change the bus address and the baud rate to the values
31410726 _mc_fe_i_007_v10_en.doc

specified in Section Fehler! Verweisquelle konnte nicht gefunden wer-

den.. SIMOTION can now also be reintegrated into the PROFIBUS net-
work. The baud rate must be again changed according to Fehler! Ver-
weisquelle konnte nicht gefunden werden. before you can go online.
Note:
If a safety program existed on the CPU beforehand, then this is password-
protected. This must be known for the download. If it is not known, then the
memory card must be deleted using a suitable device (e.g. SIEMENS PG).
If the card is deleted or formatted using a card reader, the card will be
destroyed.
After the HW configuration has been downloaded, the program blocks must
be downloaded to the F-CPU.

I DT Safety Integrated Page 64/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

The window to download the safety functions is first opened using the "yel-
low" button in the function bar. The download is then initiated from this win-
Copyright © Siemens AG 2009 All rights reserved

dow using the "Download" button. The remaining (non-safety-oriented)

31410726 _mc_fe_i_007_v10_en.doc

blocks are then downloaded normally.

6.7.2 Downloading the project configuration of SIMOTION and SINAMICS

Integrated

Also here, the HW configuration of the SIMOTION should be downloaded

first. Without this step, generally it would not be possible to obtain an online
connection to SINAMICS Integrated. The HW configuration is opened by
double-clicking on "Hardware".

After the download, SCOUT is opened from the SIMATIC project (double-
click on "Commissioning").

I DT Safety Integrated Page 65/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726

The complete configuration of SIMOTION and SINAMICS Integrated can

now be downloaded from here.
After the download, various safety faults are present as the serial numbers
of the encoder modules, motor modules and the TM54F do not match those
of the devices that were used to generate the project example. Now, for
each series commissioning, the new serial numbers must be transferred
into the safety configuring. This is done using "Confirm HW replacement"
The simplest way is to open the safety screen form on both drives and
there, press the "Confirm HW replacement" button.
Copyright © Siemens AG 2009 All rights reserved
31410726 _mc_fe_i_007_v10_en.doc

This function does not exist as button for the TM54F. Here, the safety
screen should also be opened and the commissioning mode selected using
the "Change settings" button and exited again using "Activate settings". To
do this, the safety password ("1") must be entered.

I DT Safety Integrated Page 66/67 MC-FE-I-007-V10-EN

 SIMOTION with SINAMICS S120 Failsafe Drives Entry ID: 31410726
Copyright © Siemens AG 2009 All rights reserved

The backup procedure from RAM to ROM must then be initiated for
31410726 _mc_fe_i_007_v10_en.doc

SINAMICS Integrated and a restart carried out (Power On reset).

6.8 Acceptance test

To verify safety-oriented parameters, an acceptance test must be

performed after the machine has been commissioned for the first time and
also after changes are made to safety-oriented parameters. The
acceptance test must be appropriately documented. The acceptance
reports must be adequately stored and archived.
The acceptance test must be carried out after parameterization has been
completed and a Power On reset.
Information about the acceptance test, the acceptance report and an
example of an appropriate acceptance report is provided in the "Function
Manual SINAMICS S120 Safety Integrated" (FHS) in the Chapter,
Acceptance test and acceptance report.

7 History
Version Date Change
V1.0 09/2009 First Edition

I DT Safety Integrated Page 67/67 MC-FE-I-007-V10-EN