XPSMF2DO801 Remote
Output Module
Hardware Manual
07/2007
33003405.01
2
Table of Contents
Safety Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
About the Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Chapter 1 Overview: XPSMF2DO801 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
At a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Representation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 2 Application and Function. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
At a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Initial Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Function. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Offline Proof-Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Chapter 3 Equipment Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
At a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Housing Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Reset Button . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Wiring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
IP Addressing and System ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
SafeEthernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Operating Conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Technical Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Additional Items. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
3
Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
At a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Appendix A Connection Diagrams, Examples of Application, and
Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
At a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Wiring Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Configuration of Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
4
Safety Information
§
Important Information
NOTICE Read these instructions carefully, and look at the equipment to become familiar with
the device before trying to install, operate, or maintain it. The following special
messages may appear throughout this documentation or on the equipment to warn
of potential hazards or to call attention to information that clarifies or simplifies a
procedure.
The addition of this symbol to a Danger or Warning safety label indicates
that an electrical hazard exists, which will result in personal injury if the
instructions are not followed.
This is the safety alert symbol. It is used to alert you to potential personal
injury hazards. Obey all safety messages that follow this symbol to avoid
possible injury or death.
DANGER
DANGER indicates an imminently hazardous situation, which, if not avoided, will
result in death or serious injury.
WARNING
WARNING indicates a potentially hazardous situation, which, if not avoided, can result
in death, serious injury, or equipment damage.
CAUTION
CAUTION indicates a potentially hazardous situation, which, if not avoided, can result
in injury or equipment damage.
33003405 07/2007 5
Safety Information
PLEASE NOTE Electrical equipment should be installed, operated, serviced, and maintained only by
qualified personnel. No responsibility is assumed by Schneider Electric for any
consequences arising out of the use of this material.
© 2007 Schneider Electric. All Rights Reserved.
6
33003405 07/2007
About the Book
At a Glance
Document Scope This manual describes the XPSMF2DO801 remote output module.
The following descriptions of the XPSMF2DO801 are included in this manual:
l dimensions and installation
l application and function
l equipment description
l application examples
Validity Note The XPSMF2DO801 remote output module has been tested and certified by TÜV
for functional safety in accordance with CE and the standards listed below:
l TÜV Anlagentechnik GmbH Automation, software, and information technology
Am Grauen Stein 51105 Köln
l Certificate and test report No. 968/EZ 128.04/03 Safety-related automation
devices
HIMatrix F2DO801
l International standards:
l IEC 61508, parts 1-7: 2000, up to SIL 3
l EN 954-1: 1996, up to Category 4
l EN 298: 1994
l NFPA 8501:1997
l NFPA 8502: 1999
l EN 61131-2: 1994 and A11: 1996, A12: 2000
l EN 61000-6-2: 2000, EN 50082-2: 1996, EN 50081-2: 1993
l National standards:
l DIN V VDE 0801: 1990 and A1: 1994
l DIN V 19250: 1994, up to RC6
l DIN VDE 0116: 1989, prEN 50156-1: CDV 2000
33003405 07/2007 7
About the Book
The corresponding programming software is XPSMFWIN. The software is
executable in the Microsoft Windows 2000/XP. The software helps the user to create
safety-related programs and operate the Programmable Electronic System (PES).
Note: The declaration of conformity is provided within the hardware product’s
packaging. All devices are labelled with the CE sign.
Product Related
Warnings
Schneider Electric assumes no responsibility for any errors that may appear in this
document. If you have suggestions for improvements or amendments or have found
errors in this publication, please notify us.
No part of this document may be reproduced in any form or by any means, electronic
or mechanical, including photocopying, without express written permission of
Schneider Electric.
All pertinent state, regional, and local safety regulations must be observed when
installing and using this product. For reasons of safety and to ensure compliance
with documented system data, only the manufacturer should perform repairs to
components.
Failure to use Schneider Electric software or approved software with our hardware
products may result in injury, harm, or improper operating results.
Failure to observe this product’s safety-related warning can result in injury or
equipment damage.
User Comments We welcome your comments about this document. You can reach us by e-mail at
techpub@schneider-electric.com
8
33003405 07/2007
Overview: XPSMF2DO801
1
At a Glance
Overview This chapter contains an overview of the XPSMF2DO801 remote output module.
What's in this
Chapter?
This chapter contains the following topics:
Topic Page
Introduction 10
Representation 10
Dimensions 11
Installation 13
33003405 07/2007 9
Overview
Introduction
XPSMF2DO801
Safety Remote
Output Module
XPSMF2DO801 is a safety remote output module which works with the XPSMF
Safety PLC range and does not contain a user program. It is designed to monitor
safety functions up to safety Category 4 according to EN 954-1 and SIL 3 according
to IEC 61508 and is used to expand a Safety PLC. XPSMF2DO801 is a compact
safety remote output module in a metal housing with 8 programmable relay contact
outputs.
The safety remote output module is a highly visible product thanks to its red color
housing. The product’s overall ingress protection rating is IP 20. The
XPSMF2DO801 is an extremely versatile product and can be used in all areas of a
factory floor. In areas where conditions are harsh, explosive or generally dangerous,
extra protection in the form of enclosures is available to optimize the product’s
performance, prolong its life, and improved safety within each factory environment.
The XPSMF2DO801 is a very powerful safety remote output module and is very
easy to program and install.
Representation
Front View The following image shows the front view of the XPSMF2DO801 remote output
module:
L- L- L+ L+
L- L+L+L-
1 10/100BaseT
24V DC
RUN
ERROR
PROG
FORCE
FAULT
OSL
BL
HIMA
10/100BaseT
12
DO1
2
34
DO2
56
DO3
HIMatrix
DO5
910
DO6
11 1 2
DO7
13 14
78
DO4
by HIMA
F2DO
8 01
DO8
15 16
10
33003405 07/2007
Dimensions
Overview
Overview of
XPSMF2DO801
Front View
Dimensions
The following section contains information about the dimensions of the
XPSMF2DO801 safety remote output module showing the front and side views.
The following image shows the front view dimensions of the XPSMF2DO801 safety
remote output module:
mm
inch
L- L- L+ L+
L- L+L+L-
1 10/100B aseT
24V DC
RUN
ERROR
PROG
FORCE
FAU LT
OSL
BL
HIMA
10/100 BaseT
12
DO1
2
34
DO2
56
DO3
HIMatrix
DO5
910
DO6
11 12
202
7.95
206
8.11
DO7
13 14
78
DO4
by HIMA
F2DO
8 01
DO8
15 16
33003405 07/2007 11
Overview
Side View
Dimensions
The following image shows the side view dimensions of the XPSMF2DO801 safety
remote output module:
mm
inch
3
0.12
111
4.37
114
4.49
37
1.46
3
83
3.27
112
4.41
28,5
0.12
1.12
12
33003405 07/2007
Overview
Installation
Introduction The XPSMF2DO801 safety remote output module can be installed on mounting
bases and within closed cases, such as control stations, all terminal boxes, and
control racks. The XPSMF2DO801 has been developed in compliance with all
applicable standards for EMC, climate, and environmental requirements.
Procedure Mounting the remote output device requires the following steps:
Step Action
1 Pull down the quick release clip.
2 Position the remote output device on the DIN rail.
3 Release the clip.
33003405 07/2007 13
Overview
Mounting the
Remote Output
Module
Mount the remote output module horizontally (so the F2DO logo on the front panel
is facing the user) to allow sufficient ventilation. We advise not to mount the remote
output module in a vertical position, because in this case additional measures are
required to ensure the device does not move.
The minimum distance to any neighboring device from another manufacturer is as
follows:
l vertical space of at least 100 mm (3.93 in.),
l horizontal space of at least 20 mm (0.78 in.).
Minimum clearances for the XPSMF2DO801 safety remote output module
(Compact Devices):
mm
inch
HIMatrix
HIMA
100
3.94
by HIMA
F3
HIMA
20
0.79
HIMatrix
by HIMA
F31
14
HIMatrix
HIMA
by HIMA
F30
HIMatrix
HIMA
by HIMA
F3
Note: The installation must be performed so that
l the device is not subject to heat emission from neighboring devices and
l devices with high EMC interference do not affect the XPSMF2DO801.
Heat emission and electromagnetic compatibility (EMC) must be checked for
devices from other manufacturers to ensure that operation of the remote output
device is not affected by any external device.
The overall installation space for all cables must also be taken into account to
ensure sufficient ventilation. Additional measures, such as installing heat
extraction fans, can be taken if the product’s housing becomes warm.
33003405 07/2007
Overview
100
Air Circulation The ventilation slots in the housing must not be covered. When installing the
XPSMF2DO801 ensure that the height of the cable ducts does not exceed 40 mm
(1.57 in.). If the cable duct has the height greater than 40 mm(1.57 in.), spacers
must be placed behind the din rail. The illustration below shows an example of using
spacers.
Use of cable ducts with horizontal mounting of compact devices on rails:
mm
inch
1
Compact device
2
40
1.57
Cable duct
100
3.94
Compact device
33003405 07/2007 15
3.94
Spacer
H
40
1.57
L
Overview
Installation with spacers:
No. Description
1 The cable ducts’ height is less than 40 mm / 1.57 in.
2 The cable ducts’ height is greater than 40 mm / 1.57 in.
The length of the required spacer is calculated as follows:
L = H - 40 mm / 1.57 in.
L = length of the spacer
H = height of the cable duct
If more than two devices (even when the minimum vertical clearance of 100 mm is
observed) are installed one above the other, additional ventilation measures are
required to ensure even temperature distribution. The illustration below shows the
minimum clearance in the event that the DIN rails are not installed on spacers.
16
33003405 07/2007
Overview
The following images show the minimum clearance between the XPSMF2DO801
safety remote output devices:
mm
inch
1
2
by HIMA
F3
HIMatrix
40
80
3.15
80
3.15
1.57
by HIMA
HIMA
F31
HIMatrix
HIMA
33003405 07/2007 17
Overview
Minimum clearance between the remote output devices and Safety PLCs:
No. Description
1 Installation with spacers: the cable ducts’ height is greater than 40 mm / 1,57 in.;
the vertical separation increases.
2 The XPSMF2DO801 safety remote output device is mounted vertically.
Note: Additional means are required to ensure that the remote output device does
not slide downwards while operating; any movement may cause strain on the
wiring.
On open mounting surfaces, observing the minimum clearance and ensuring
unobstructed air circulation will help maintain the optimum operating temperature.
Heat The increasing integration of electronic components into smaller parts results in
large amounts of heat dissipation on a small surface area. The amount of heat
produced depends on the device's external load. Depending on the design of the
device, installation, design location, air circulation, and environmental conditions
make a very significant impact on the product’s operating temperature.
It is important to comply with the approved environmental conditions when installing
the device. Reduced operating temperature extends the life of the device and
reliability of the installed components.
If the XPSMF2DO801 requires an additional enclosure to increase the ingress
protection, the enclosure case must be designed in such a way that the heat
generated inside it can dissipate from the surface of the enclosure. The type of
enclosure and location of installation selected must easily allow heat dissipation. If
possible, a fan should be used to ensure air circulation.
18
Note: An additional enclosure can be used to increase the ingress protection of the
XPSMF2DO801 safety remote output device.
33003405 07/2007
Overview
The enclosure’s surface area, A is calculated depending on the mounting or
installation type as follows:
The following table is used to calculate the recommended enclosure size for
mounting the XPSMF2DO801:
Case installation
Single case free on all sides A = 1.8 x H x (W + D) + 1.4 x W x D
Single case for wall mounting A = 1.4 x W x (H + D) + 1.8 x H x D
End case free-standing A = 1.4 x D x (W + H) + 1.8 x W x H
End case for wall mounting A = 1.4 x H x (W + D) + 1.4 x W x D
Center case free-standing A = 1.8 x W x H + 1.4 x W x D + H x D
Calculation of A [m
2
] (1m2=10.76ft2)
Center case for wall mounting A = 1.4 x W x (H + D) + H x D
Center case for wall mounting, top
surface covered
A the enclosure’s surface area
W width
H height
D depth
33003405 07/2007 19
A = 1.4 x W x H + 0.7 x W x D + H x D
Overview
Internal
Convection
With internal heat convection, the heat is dissipated outside through the walls of the
housing. This is possible when the ambient temperature is lower than that inside the
housing.
The following table describes the variables used to calculate the internal convection:
Variable Description
[W] heat output (heat dissipation) of the electronic components
P
v
A [m
k [W/m
* (1m
2
]*
2
K]*
2
= 10.76ft2)
effective surface area of the housing
the housing heat transfer coefficient
(e.g., Steel sheet: approximately 5.5 W/m
2
K)*
The maximum temperature increase of all electronic devices inside the housing is
calculated as follows:
∆T()max
The power dissipation P
------------ -=
kA•
Pv
can be calculated based on the values of the electrical
v
power of the controller, its inputs, and outputs.
20
33003405 07/2007
Overview
Temperature
State/Operating
Temperature
The remote output modules are designed to operate with the maximum temperature
o
of 60
C. The temperature states in single modules and PLCs are evaluated by the
CPU module or the remote output device’s CPU for compact systems. The
temperature state of a particular module or PLC is measured by a sensor. The
sensor monitors the temperature state of the remote output device automatically
and continuously.
The following table shows the ranges in which the temperature state signals the
measured temperature:
Temperature range Temperature state
< 60°C / 140°F Normal
60°C to 70°C / 140°F to 158°F High temperature
> 70°C / 158°F Very high temperature
Return to 64°C / 147.2°F High temperature
Return to < 54°C / 129.2°F Normal
Note: The difference in temperature increase and decrease ranges is the result of
the sensor’s hysteresis that equals 6°C / 10.8°F.
Temperature state High temperature indicates the following:
operating temperature = max temperature (delta T)max + ambient temperature
≥ 60°C / 140°F.
In this case, support the internal convection by adding air grilles or increasing the
free space between the remote output devices.
Temperature state Very high temperature indicates the following:
operating temperature = max temperature (delta T)max + ambient temperature
≥ 70°C / 158°F.
In this case, support the internal convection by integrating additional active cooling
elements (fan, coolant devices, etc.) or increasing the free space around the remote
output devices.
If the sensor indicates a temperature increase above the critical threshold, the
temperature state changes. The temperature states can be evaluated using the
Temperature State system signal of the XPSMFWIN.
33003405 07/2007 21
Overview
22
33003405 07/2007
Application and Function
2
At a Glance
Overview This chapter describes the application and function of XPSMF2DO801 safety
remote output module.
What's in this
Chapter?
This chapter contains the following topics:
Topic Page
Initial Operation 24
Application 25
Function 26
Offline Proof-Test 34
33003405 07/2007 23
Application and Function
Initial Operation
Overview The following section contains information about the initial operation of the
XPSMF2DO801 safety remote output module.
First Power-Up The following table describes the first power-up behavior of the XPSMF2DO801
safety remote output module:
Stage Description
1 Power Supply LED (green) is illuminated for 0.5 sec.
2 All LEDs are illuminated for 5 sec.
3 24V DC LED is illuminated.
Prog LED (orange) is flashing.
DANGER
HAZARD OF ELECTRICAL SHOCK, EXPLOSION OR ARC FLASH
Disconnect all power before servicing equipment.
Failure to follow these instructions will result in death or serious injury.
24
33003405 07/2007
Application and Function
Application
Overview The XPSMF2DO801 safety remote output module is certified to the following
standards:
l SIL 3, according to IEC 61508
l Category 4, according to EN 954-1
l IEC 61131-2
l prEN 501156
l DIN V 19250 up to RC 6
l NFPA 8501, NFPA 8502
The extensive hardware range and safe data transmission allow the system to be
optimized to suit anticipated or existing plant structures.
The safety-related networking of the remote output device takes place using
SafeEthernet protocol, which is based on standard Ethernet technology and is
certified to TÜV/BG. The Ethernet medium allows safety data to be transmitted up
to 100 Mbit/s half duplex and 10 Mbit/s full duplex and supports the use of the entire
range of Ethernet functions for networked applications.
A combination of a high-speed Safety PLC and a high-speed safety bus protocol
(SafeEthernet) offers new levels of flexibility for automation process solutions.
Today’s system limits of safety-related automation concepts are disappearing.
Scope is being created for truly application-based solutions.
Key features of the XPSMF2DO801 safety remote output module:
l Certification up to SIL 3, according to IEC 61508.
Category 4, EN 954-1.
l Communication via SafeEthernet
l Versatility. You can use the remote output device in all environmental conditions
with additional equipment.
l Quick and easy network configuration.
l User-friendly interfaces.
33003405 07/2007 25
Application and Function
Function
Overview This section describes functions of the XPSMF2DO801 safety remote output
module.
Block Diagram The following is a block diagram of the XPSMF2DO801 safety remote output
module:
Double
processor
system
26
DO 1
.
.
DO 8
8
relay
outputs
Watchdog
Switch
RJ
45
RJ
45
The following is a short description of the diagram’s components:
l Outputs 8 relay outputs
l Double processor system
l Watchdog Control unit
l 2-port switch with a built-in auto cross-over function, which allows the use of
both the 1:1 and cross-over cables
l 2 RJ 45 connectors for 1:1 or cross-over cable
33003405 07/2007
Application and Function
Safety-Related
Relay Outputs
The XPSMF2DO801 safety remote output module has eight relay outputs. Each
relay output has its own LED to indicate the status of the output.
Each output of the module is fitted with two safety relays in diversity with positively
guided contacts and one standard type relay. Internal fuses are used to limit the
switching current of the output contacts to 60% (3.15 A) of the maximum admissible
value (according to VDE 0116, En 298). The contact outputs can be used for safety
shutdowns. For DC switching the contact circuit must be additionally equipped with
an external fuse adapted to the maximum admissible current.
An output is in a safe state when it is de-energized. If a fault occurs, all outputs are
switched off.
If the module has a fault all outputs are switched off. In the event of a fault at
Ethernet communication the concerning output is set to the initial value. How the
actuators respond in such a case should be taken into account.
Faults in one or more channels as well as a fault on the module are indicated by the
FAULT LED on the front plate of the remote output module.
The relay outputs are connected to the following terminals:
Terminal No. Designation Function (relay output)
1 DO1 contact 1, terminal A
2 contact 1, terminal B
3 DO2 contact 2, terminal A
4 contact 2, terminal B
5 DO3 contact 3, terminal A
6 contact 3, terminal B
7 DO4 contact 4, terminal A
8 contact 4, terminal B
9 DO5 contact 5, terminal A
10 contact 5, terminal B
11 DO6 contact 6, terminal A
12 contact 6, terminal B
13 DO7 contact 7, terminal A
14 contact 7, terminal B
15 DO8 contact 8, terminal A
16 contact 8, terminal B
33003405 07/2007 27
Application and Function
The output contacts are connected in pairs via terminal connectors, the terminals
are numbered. The terminal pins on the front plate of the module have the same
numbering sequence in order to prevent confusing connections.The terminal
connections meet the protection requirements according to IP 20. For higher
requirements the module must be enclosed in a housing with a suitable degree of
protection. The clearance and creepage distances are designed for overvoltage
category II up to 300 V according to IEC 61131-2.For the connection of voltages
besides SELV and PELV suitable cables must be used with double or reinforced
insulation (e.g. mains cable).
28
33003405 07/2007
Application and Function
Cable
Disconnection
In a Safety PLC network, areas are covered using the Safety network. Therefore,
damage or disconnection of the communications cable may occur. In the system
below, the "X" represents a cable break between Safety PLC 2 and Safety PLC 3.
The communications between each of the systems will cease. As a result, the
following will occur:
l if the Safety PLC 2 system was dependent on the inputs of the Safety PLC 3
system, the corresponding outputs will automatically be set to "zero",
l if the Safety PLC 3 system was dependent on the inputs of the Safety PLC 2
system, the corresponding outputs will automatically be set to "zero", and
l if the systems are still provided with the 24 VDC power supply, the two systems
will continue to operate the remaining inputs and outputs of each separate
system.
The following diagram shows an example of the Safety PLC network interruption:
Safety PLC Safety PLC Safety PLC
Remote I/O module
Remote I/O module
Remote I/O module
Remote I/O module
Remote I/O module
If the local network is reacting only on the inputs of the same system, the PLC
system continues to run without failure.
33003405 07/2007 29
Application and Function
Power Supply
Interruption
Small System
Reconfiguration
Large System
Reconfiguration
The following table shows reactions to the changes in operating voltage:
Voltage level Reaction of the controller
19.3 to 28.8 VDC Normal operation
< 18.0 VDC Alarm state (internal variables are written and put to the inputs/
outputs).
< 12.0 VDC Inputs and outputs are switched off.
If power supply is interrupted, all inputs and outputs discontinue and return to the off
"safe" state.
A Safety PLC can be reconfigured while the network is executing an existing
configuration. Resources which require configuration must be stopped. The
following table describes the reconfiguration procedure:
Step Action
1 Using the XPSMFWIN programming environment, stop the Safety PLC’s
system which requires the new configuration.
2 Download the new configuration fully checked by a qualified safety engineer to
the Safety PLC via Ethernet cable Cat 5, grade D or better.
3 Once the module is re-programmed, start the device.
4 Execute the new configuration immediately.
The following table describes the reconfiguration procedure for large systems:
Step Action
1 Stop the relevant resources within the network using the XPSMFWIN
programming environment. Small segments of a network can be reconfigured in
stages.
2 Connect your PC to any Ethernet communications point.
3 Download the new configuration(s) fully checked by a qualified safety engineer
to the Safety PLC network via Ethernet cable Cat 5, grade D or better.
4 Restart all devices, preferably in stages - system by system.
30
33003405 07/2007
Application and Function
Short-Circuit
Characteristics
of the Output
Channels
If a short-circuit occurs in an output channel, the safety remote device switches off
the affected channel. If multiple short-circuits occur, the channels are switched off
individually in accordance with their power consumption.
If the maximally permitted current for all outputs is exceeded, all outputs are shut
down and cyclically reconnected.
WARNING
SHORT-CIRCUIT CONDITION
The output circuit terminals must not be connected with the connected load. In case
of a short-circuit, the resulting high current may damage the terminals.
Failure to follow these instructions can result in death, serious injury, or
equipment damage.
Diagnostics Using the XPSMFWIN programming environment, all the safety remote output
device’s diagnostics can be viewed. Each safety remote device provides diagnostic
signals with reference to their status, error codes, and channel status.
In XPSMFWIN all diagnostic information can be viewed in two ways:
l Using the On-line test function - it can monitor the values of the signals and
variables within the logic plan, while the systems are executing the program.
l Using the Diagnostics window that displays all states of the CPU, COM, and
I/O modules.
33003405 07/2007 31
Application and Function
Replacing Faulty
Modules
Testing the
Inputs and
Outputs for
Interference
Voltage and
Earth Faults
If a safety remote output device fails, the following replacement procedure is used:
Step Action
1 Disconnect power supply to the specific module.
2 Disconnect all terminals (removing input or output wires is not required).
3 Disconnect communication - Ethernet from the remote output module.
4 Loosen the DIN rail clip and dismount the module.
5 Mount the new module and release the DIN rail clip.
6 Re-connect power supply.
7 Connect to the PC that is executing XPSMFWIN via Ethernet cable.
8 Enter new communication settings for MAC address and IP address.
9 Download the configuration used by the previous module.
10 Connect all output terminals to the new module. Rewiring is not necessary, but
the terminals must be inspected to ensure they are in good operating condition.
11 Re-establish network connection.
12 Run the module.
Inadmissible interference voltage can be measured with a universal tester. We
recommend testing every single terminal for unapproved interference voltage.
When testing the external cables for insulation resistance, short-circuit, and line
break, the cables must not be connected at both ends to prevent defects or
destruction of the XPSMF2DO801 caused by excessive voltages.
Earth faults are to be tested before connecting the field cable to the devices. The
feed voltage must be disconnected from the sensors, as well as between the
negative pole and the actuators. If the negative pole is earthed during operation, the
earth connection must be disconnected while testing for earth faults. This also
applies to the earth connection of an existing earth fault tester. Every terminal can
only be tested against earth with a resistance tester or a similar test instrument.
Testing the insulation of one or more wires against earth is admissible, but not two
muted wires. High voltage testing is also not admissible.
Guidelines to measure circuit voltage and insulation resistance can be found in
EN 50178.
32
33003405 07/2007
Application and Function
Maintenance The XPSMF2DO801 safety remote output module is designed for industrial
applications. All the components have a very high availability and are compliant with
the requirements of IEC 61508 for PFD and PFH in accordance with SIL 3.
Note: For safety-related use, the modules have to be subjected to an offline proof
test in intervals of 3 years. For Offline Proof Test, see Offline Proof-Test, p. 34.
WARNING
OFFLINE PROOF TEST
Offline Proof Test according to IEC 61508-4 must be conducted to verify proper
operation.
Failure to follow these instructions can result in death, serious injury, or
equipment damage.
Repair of Remote
Output Modules
You may not repair the XPSMF2DO801 safety remote output device. Defective
devices must be returned to Schneider Electric for repair.
The validity of the safety certificate will expire if unauthorized repairs have been
made on the device. The manufacturer will bear no responsibility for unauthorized
repairs. Unauthorized repairs will also cancel all warranties for the device.
33003405 07/2007 33
Application and Function
Offline Proof-Test
Overview The offline proof-test recognizes dangerous concealed faults that would affect the
safe function of the plant.
Safety systems have to be subjected to an offline proof test in intervals of 10 years.
By an analysis using the calculation tool SILence, the interval often may be
extended. (SILence is a separate program. Contact the service for more information
or take a look at the HIMA homepage for a test version of the software SILence.)
For relay modules, the proof test for the relays has to be carried out in intervals
defined for the respective plant.
Execution of the
Offline Proof
Test
Periodic Proof
Testing
The execution of the offline proof test depends on the configuration of the plant
(EUC = equipment under control), which risk potential it has, and which standards
for operation are applied and form the bases for the approval by the test authority in
charge.
According to the standards IEC 61508 1-7, IEC 61511 1-3, IEC 62061, and
VDI/VDE 2180 sheet 1 to 4, in case of safety-related systems the operating
company has to arrange for proof tests.
The modules can be proof tested by executing the full safety loop.
In practice the input and output field devices have a more frequent proof test interval
(e.g., every 6 or 12 months) than the modules. If the end-user tests the complete
safety loop because of the field devices then the modules are automatically included
in these tests. No additional periodic tests are required for the modules.
If the proof test of the field devices does not include the modules then the PES needs
to be tested as a minimum once in 10 year. This can be done by executing a reset
of the modules.
In case there are periodic proof test requirements for specific modules then the enduser should refer to the data sheets of these modules.
34
33003405 07/2007
Equipment Description
3
At a Glance
Overview This chapter contains the equipment description of XPSMF2DO801 safety remote
output module.
What's in this
Chapter?
This chapter contains the following topics:
Topic Page
Housing Elements 36
Reset Button 39
Communication 40
LEDs 44
Wiring 47
IP Addressing and System ID 49
SafeEthernet 50
Operating Conditions 56
Technical Characteristics 59
Additional Items 62
33003405 07/2007 35
Equipment Description
Housing Elements
Front View The following image shows the various elements of the front panel of
XPSMF2DO801 safety remote output module:
1
L- L- L+ L+
L- L+L+L-
24V DC
RUN
ERROR
PROG
FORCE
FAU LT
OSL
BL
2 2
12
DO1
2 2
34
DO2
56
DO3
HIMatrix
DO5
DO6
78
DO4
DO7
HIMA
1 10/100BaseT
10/100 BaseT
2
910
3
2 2
11 12
13 14
2
Elements of the front panel:
No. Description
1 Power supply input
2 Relay outputs
3 Indicators
by HIMA
F2DO
8 01
DO8
15 16
36
33003405 07/2007
Top View The following image shows the elements of the top panel:
13 1411 12910 15 16
Reset button
Bottom View The following image shows the elements of the bottom panel:
78563412
Equipment Description
SafeEthernet
33003405 07/2007 37
Equipment Description
Back Panel The following image shows elements of the back panel:
DIN rail recess
Quick release clip
38
33003405 07/2007
Equipment Description
Reset Button
Overview The device is equipped with a reset button. The reset button is used if the PC
connection password is lost.
Using Reset
Button
You can access the pushbutton through a small round opening on the upper side of
the housing, about 40...50 mm (1.57...1.97 in.) from the left rim.
Use the button only while you reboot the device and keep the button pressed for at
least 20 s. Pushing the reset button while the device is running produces no result.
Effect When you push the Reset button,
l all accounts are deactivated (except the default Administrator account
without password) and
l IP addresses and system ID (SRS) are set to default values.
Note: After activation of the reset button, values are modified and remain valid until
the next reboot. After the next reboot the previous values are restored. You can
enter new information, if necessary.
33003405 07/2007 39
Equipment Description
Communication
Overview The Safety PLCs and remote output devices communicate with each other and the
PC over Ethernet using SafeEthernet protocol.
The Safety PLCs communicate with each other and with a PC through a star or
linear Ethernet layout. A PC can be connected at any place in the network.
The communication section is connected to the safe microprocessor system. It
controls communication between PES and other systems via powerful interfaces,
such as 100 BaseT: SafeEthernet, Modbus TCP/IP
Safety-Related
Communication
Communication via switches
The switch integrated into each system for SafeEthernet communication is shown
on the block diagram (see Block Diagram, p. 26).
In contrast to a hub, a switch can store data packets for a short period of time in
order to establish a temporary connection between two communication partners
(transmitter/receiver) for transferring data. This way, collisions (typically occurring in
hubs) can be avoided, and the load on the network can be reduced. For controlled
data transfer, every switch needs an address/port relation table. This table will be
automatically generated in a self-learning process. Each port in the switch is
corellated to the defined MAC addresses. According to this table, incoming data
packets are switched directly to the corresponding port.
The switch automatically switches between the transfer rates of 10 and 100 MBit/s
full and half duplex transmissions.
The switch controls communication between different devices. The switch can
address up to 1000 absolute MAC addresses.
Autocrossing recognises if cables with crossed wires have been connected, and the
switch adjusts accordingly.
For networking via Ethernet, the XPSMF2DO801 safety remote output device is
equipped with two connections arranged on the lower side panel of the case.
Various systems can be networked as required via Ethernet star or line
configuration. A PC can also be connected wherever required.
Note: When building the network, ensure that no network loops are formed. The
system must receive data along only one path.
40
33003405 07/2007
Equipment Description
The following scheme shows a SafeEthernet networking example:
Telemecan ique
XPS-MF
XPSMFPS01
from other F60 or other XPSMF device
PC w ith XPSMFWIN
SafeEthernet protocol
24V DC
RUN
ERROR
PROG
FORCE
FAU LT
OSL
BL
HIMA
24V DC
RUN
ERROR
PROG
FORCE
FAU LT
OSL
BL
HIMA
24V DC
RUN
ERRO R
PROG
FORCE
FAUL T
OSL
BL
HIMA
HIMatrix
24V DC
RUN
ERROR
PROG
FORCE
FAULT
OSL
BL
HIMA
HIMatrix
HIMa-
by HIMA
F3DI
by HIMA
F1
by HIMA
F30
DI
24V DC
RUN
ERROR
PROG
FORCE
FAU LT
OSL
BL
HIMA
24V DC
RUN
ERROR
PROG
FORCE
FAU LT
OSL
BL
HIMA
24V DC
RUN
ERROR
PROG
FORCE
FAU LT
OSL
BL
HIMA
HIMatrix
HIMatrix
HIMatrix
HIMatrix
by HIMA
F35
by HIMA
F31
by HIMA
F2DO
by HIMA
F3AIO
33003405 07/2007 41
Equipment Description
The following is a Ethernet cable connection diagram:
HIMA
HIMA
HIMA
HIMA
HIMA
HIMA
Legend:
HIMatrix F3 1
HIMatrix F3 1
HIMatrix F3 1
HIMatrix F3 1
HIMatrix F3 1
HIMatrix F3 1
by HIMA
HIMA
by HIMA
HIMA
by HIMA
HIMA
by HIMA
HIMA
by HIMA
HIMA
by HIMA
HIMA
HIMatrix F3 1
HIMatrix F3 1
HIMatrix F3 1
HIMatrix F3 1
HIMatrix F3 1
HIMatrix F3 1
by HIMA
by HIMA
by HIMA
by HIMA
by HIMA
by HIMA
1
2
3
4
5
6
42
by HIMA
HIMatrix F3 1
HIMA
Device in case Connector Coupling (plug and socket
Connector pairs and cable distances:
Number Number of plug connector pairs Maximum cable distance
1 2 100 m / 328.1 ft
2 2 100 m / 328.1 ft
3 3 100 m / 328.1 ft
4 3 100 m / 328.1 ft
5 4 100 m / 328.1 ft
6 4 100 m / 328.1 ft
33003405 07/2007
Equipment Description
When using specified cables and plug connectors approved to 100 MHz, the
maximum cable distance is 100 m (328.1 ft) with a maximum of six connector pairs.
A combination of a plug and a socket is considered one pair.
Use optic fiber cables with converters for greater distances.
Using SafeEthernet protocol has the following advantages:
l Very fast packet transfer between the collision areas
l Significant increase of data throughput with full-duplex mode
l Prevention of collisions allows deterministic operation.
33003405 07/2007 43
Equipment Description
LEDs
Overview The XPSMF2DO801 safety remote output module LEDs:
L- L- L+ L+
L- L+L+L-
1 10/100BaseT
24V DC
RUN
ERROR
PROG
FORCE
FAULT
OSL
BL
HIMA
10/100BaseT
12
DO1
34
DO2
56
DO3
78
DO4
by HIMA
HIMatrix
DO5
2
910
DO6
11 1 2
DO7
13 14
F2DO
8 01
DO8
15 16
44
33003405 07/2007
Equipment Description
LED Description The following table describes behaviors of the LEDs:
LED Color Status Meaning
Relay Contact
Outputs 1-8
24 VDC Green On 24 V DC operating voltage present
RUN Green On Normal state of PES (RUN) A loader user program is executed (not in
ERROR Red On The CPU has discovered a hardware fault in the CPU and is switching
PROG Orange On The CPU is being loaded with a new configuration.
FORCE Not illuminated Off FORCE is not signalled.
FAULT Orange On Error display for Line Control. The user program has caused an error.
OSL Orange Flash Emergency loader of the operating system is active.
BL Orange Flash COM in
Orange On An Output signal is being sent.
Not illuminated Off No operating voltage
remote I/O modules). The CPU reads inputs, processes the logic, and
writes outputs; communication and hardware/software tests are
carried out.
Green Flash The CPU is in STOP and is not executing any user program. All outputs
are reset to a safe de-energized state. STOP can be triggered by
setting the Emergency stop system variable to TRUE in the user
program or by a direct command from the PC. Seen when PLC is
switched on for approximately 10s during the system check.
Not illuminated Off The CPU in ERROR STOP (see ERROR below).
to ERROR STOP. The CPU has discovered a software error in the
operating system. The watchdog has triggered ERROR STOP,
because the cycle time has been exceeded. The CPU has stopped the
execution of the user program, ended all hardware and software tests,
and all outputs have been reset. The CPU can only be started again
through a command from the PC.
Not illuminated Off No error has been detected.
Orange Flash The Flash ROM is being loaded with a new operating system.
Not illuminated Off No loading of configuration or operating system.
Orange On Forcing active.
The PES configuration is faulty. The loading of a new operating system
was faulty, and the operating system is corrupt.
Orange Flash An error has occured during the write cycle for a Flash ROM (during
the oprating system update). One or more I/O errors have occured.
Not illuminated Off None of the above errors has occured.
INIT_FAIL state.
33003405 07/2007 45
Equipment Description
LED Color Status Meaning
RJ45 Green On Full duplex operation.
Flash Collision
Off Half-duplex operation, no collision
Yellow On Connection established
Flash Interface activity
46
33003405 07/2007
Equipment Description
Wiring
Ethernet Wiring Industrial standard cables can be subjected to extreme mechanical stresses. The
minimum for SafeEthernet protocol communication requires Category 5 twisted pair
cable with a class D rating, for greater distances and less possibility for errors
occurring, fiber optic cable should be used.
The controllers communicate at 100 Mbit/s (Fast Ethernet) and 10 Mbit/s during full
duplex mode. The XPSMF2DO801 safety remote output device has an auto "crossover" function built into the switch, which allows the use of both a 1:1 cable and a
cross-over cable.
The outer shielding of the twisted pair cable must be earthed at both ends. If an
RJ 45 connector is used, it automatically connects the cable's shield to the
controller’s housing.
Interface
Elements
When connecting a module or a PLC over Ethernet communication, the following
interface elements are recommended: FL CAT5 TERMINAL BOX of Phoenix
Contact
(R)
. The controllers are mounted on an earthed EN mounting rail. The
conductors of the field cable are attached to the interface terminals. It is important
to make sure that the cable shield is also connected via the strain relief.
Prefabricated patch cables are used to connect the interface element and the
XPSMF2DO801 safety remote output device. If the rail is earthed in accordance with
the standards, it is enough to mount an interface element on a rail.
33003405 07/2007 47
Equipment Description
Specified Cables The cables are specified by category depending on their transmission and high-
frequency properties as follows:
Category Specification Approved
1- No
2 up to 1 MHz No
3 up to 16 MHz No
4 up to 20 MHz No
5 up to 100 MHz Yes
6 up to 250 MHz Yes
7 up to 600 MHz Yes
The channel as a point-to-point transmission path is defined as follows:
Class Specification Approved
A up to 0.1 MHz No
Bup to 1 MHz No
C up to 16 MHz No
D up to 100 MHz Yes
E up to 250 MHz Yes
F up to 600 MHz Yes
The higher the letter, the greater the demand on the transmission channel. For
Ethernet communication at 100 MHz, Category 5 (or higher) cables and at least
Class D capacity are required.
RJ45 Connector For direct Ethernet plug connections without interface elements, you can use
connectors such as IP 20 Data Plug (Harting
(R)
). You can assemble the cable
quickly by crimping the conductors; special tools are not required.
Switches To span distances of more than 100 m (328.1 ft) using SafeEthernet protocol, rail
switches of the RS2 series (Hirschmann
(R)
) with optical fibre ports are
recommended.
48
33003405 07/2007
Equipment Description
IP Addressing and System ID
Overview A transparent label provided with the controller can be used to note the IP address
and system ID (SRS, System-Rack-Slot) following a modification:
IP_._._._SRS_._._
Default value for IP address: 192.168.0.99
Default value for SRS: 60000.1.0
The ventilation slots in the housing of the Safety PLC must not be covered with the
label.
For more information about changing the IP address and system ID, see the
XPSMFWIN Software manual.
Note: Each Ethernet board has a unique Ethernet address. It is a 48 bit number:
the first 24 bits indicate the manufacturer, while the last 24 bits are a unique
number for each Ethernet board/controller-chip assigned by the manufacturer. The
number is also called MAC ID.
TCP/IP
Description
The IP address is an identifier for a device in a network. IP addresses are 32-bit
numbers. To make it easier to memorize them, they are usually expressed in four
8-bit numbers (e.g., 192.168.10.1)
IP addresses are unique, no other device within the network can share the same
address:
l the IP address assigned to the PC
l the part of the IP address (the subnet mask) that distinguishes other networks
Note: The operator must ensure that the Ethernet used for Peer-to-Peer
communication is adequately protected from unauthorized access (i.e. by
hackers). The nature and extent of the measures to be taken must be determined
in conjunction with the approval authorities.
33003405 07/2007 49
Equipment Description
SafeEthernet
Overview This section provides information about SafeEthernet protocol and OSI model.
Description In the field of automation, requirements, such as determinism, reliability,
interchangeability, extensibility, interoperability and the overall safety are central
themes. Based on the Ethernet technology, SafeEthernet provides a transfer
protocol for transmitting safety-related data up to RC 6 or SIL 3. SafeEthernet
implements a mechanism that can detect and react to the following:
l Corruption of transmitted data
l Incorrect address allocation for the messages (transmitter, receiver)
l Incorrect data sequence (repetition, loss, change)
l Incorrect timing (delay, echo)
SafeEthernet is based on the standard Ethernet or FastEthernet according to
IEEE 802.3.
The transmission of the safety-related data does not change the protocol frame of
the standard Ethernet.
According to the Black Channel Approach in SafeEthernet, "insecure transmission
channels" (Ethernet) are used and controlled by safety-related protocol mechanism
at transmitter and receiver. This way, regular Ethernet network components, such
as hubs, switches, routers, and PCs supplied with network interfaces can be used
within a safety-related network. The significant difference to standard Ethernet is
determinism, the real-time ability of SafeEthernet.
A special protocol mechanism ensures deterministic behavior even in case faults
occur or new communication participants emerge. New components are
automatically integrated into the running system. All components of the network
could be changed while the system is running. With the use of switches,
transmission times can be clearly defined. This way, Ethernet works in real time.
Possible transfer speed up to 100Mbit/s for safety-related data is higher than the
speed normally used. Copper lines as well as fiber optic cables can be used as
transmission media. The integration of firm intranets as well as connections to the
Internet, can be realized with SafeEthernet technology. The terms for safety-related
communication have to be considered.
50
33003405 07/2007
Equipment Description
Therefore, only one network for safety and non-safety data transfer is necessary.
SafeEthernet can be fitted to existing Ethernet networks with adjustable network
profiles. With SafeEthernet, you can set up flexible built-up system structures for
decentral automation with defined reaction times. According to the requirements,
the intelligence can be centralized or distributed to the participants in a decentral
way within the network. There is no limit to the number of safe participants of the
network and the amount of transferred safe data to get the needed reaction times.
A central controller and the built-up of parallel structures is therefore superfluous.
The transmission of standard and safe data can be integrated into one network. A
separate safety bus can be saved. The switches of the safety remote I/O device
perform the tasks normally carried out by network switches.
33003405 07/2007 51
Equipment Description
Operation
Parameters of
the Ethernet
Interfaces
Up to COM OS version 8.32 all Ethernet ports of the integrated Ethernet switches
have the same settings:
l Autoneg/Autoneg for Speed Mode
l Flow-control Mode
Other settings are not possible and will be rejected by the PLC when loading a
configuration.
The Ethernet interfaces 10/100 BaseT of the device have the following parameters:
Firm operating parameters
Speed Mode Autoneg
Flow-Control Mode Autoneg
Other devices combined with the Safety PLC or remote I/O device must have the
following network settings:
Admissible settings of other devices
Speed Mode Autoneg
Flow-Control Mode Autoneg
or
Speed Mode Autoneg
Flow-Control Mode Half Duplex
or
Speed Mode 10 or 100 Mbit/s
Flow-Control Mode Half Duplex
52
Non-admissible settings of other devices
Speed Mode Autoneg or 10 or 100 Mbit/s
Flow-Control Mode Full Duplex
For COM OS version > 8.32 and XPSMFWIN Hardware Management version
> 7.56.10 each Ethernet port of the integrated switch can be individually configured.
See also in the appendix Connection Diagrams, Examples of Application, and Error
Codes, p. 67.
33003405 07/2007
Equipment Description
Connections for
SafeEthernet/
Networking
Examples
For the networking via SafeEthernet protocol, the devices are equipped - depending
on the design - with two connections arranged on the lower side panel of the case.
See example of a Safety-Related Communication, p. 40.
The various systems can be networked together as required via Ethernet (star or line
configuration). A programming unit (PC) can also be connected wherever required.
Note: Ensure that no network loops are formed when connecting systems
together. The system must receive data packets along one path only.
Modbus TCP/IP The Modbus serial slave field bus protocol can communicate with the Modbus
TCP/IP protocol via the Ethernet interfaces on the Safety PLC.
Standard Modbus communication transfers the slave address and a CRC checksum
in addition to the instruction code and the data. In Modbus TCP/IP the subordinate
TCP/IP protocol handles this function.
Note: More information about Modbus TCP/IP protocol can you find in the online
help of XPSMFWIN.
Used Network
Ports for
Ethernet
Communication
UDP ports and usage
UDP Ports Usage
8000 programming and operation with XPSMFWIN
8001 configuration of the remote I/O via PLC
6010 SafeEthernet
6005/6012 if TCS_DIRECT was not activated within HH network
TCP ports and usage
UDP Ports Usage
502 Modbus (changeable by user)
33003405 07/2007 53
Equipment Description
OSI model The model divides the functions of a protocol into a series of layers known as a
’protocol stack’ (e.g., TCP/IP stack). Lower layers are implemented in hardware,
while higher layers are used in software. Each of the layers is a transport platform
for the next higher level and relies on the next lower level .
The following image is a graphic representation of the OSI layers:
Data Layer
Media Layers Host Layers
Data
Data
Data
Segments
Packets
Frames
Bits
Application
Network Process to Application
Presentation
Data Representation and Encryption
Session
Interhost Communication
Transport
End-to-End Connections and Reliability
Network
Path Determination and IP
Data Link
MAC and LLC
Physical
Media, Signal, and Binary Transmission
54
33003405 07/2007
The following table describes the seven OSI layers (bottom-top):
Number Layer Data Description
Media Layers
1 Physical layer
Media, Signal, and Binary
Transmission
2 Data link layer
MAC and LLC
3Network layer
Path Determination and IP
Host Layers
4 Transport layer
End-to-End Connections and
Reliability
5 Session layer
Interhost Communication
6 Presentation layer
Data Representation and
Encryption
7 Application layer
Network Process to
Application
Bits Defines all electrical and physical specifications for the
devices.
Frames Provides the functional and procedural means to transfer
data between network entities and detect and correct
errors that may occur in the Physical layer.
Packets Provides the functional and procedural means of
transferring variable length data sequences from a
source to a destination via one or more networks.
Segments Provides transparent transfer of data between end users.
Data Provides the mechanism for managing the dialog
between end-user application processes.
Data Relieves the Application layer of concern regarding
syntactical differences in data representation within the
end-user systems.
Data Interfaces directly to and performs common application
services for the application processes.
Equipment Description
33003405 07/2007 55
Equipment Description
Operating Conditions
Overview The XPSMF2DO801 safety remote output module has been developed in
compliance with the requirements of the following standards for EMC, climate and
environment:
IEC 61131-2 Programmable Controllers, Part 2, Equipment Requirements and
Tests
IEC 61000-6-2 EMC Generic Standards, Part 6-2
IEC 61000-6-4 EMC General Emission Standard, Industrial Environment
To use the XPSMF2DO801 safety remote output module, the following conditions
must be fulfilled:
Protection Class Protection class II according to IEC/EN 61131-2
Pollution Pollution degree II
Altitude < 2000 m / 6561.7 ft
Enclosure Standard: IP 20 If requested by the relevant application standards
(e.g., EN 60204, EN 954-1), the device must be installed in a required
enclosure (e.g., IP 54).
Climatic
Conditions
56
The most important tests and limit values for climatic conditions are listed in the
following table:
EN 61131-2 Climatic Tests
Operating temperature: 0°C to 60°C / 32°F to 140°F
(Test limits -10°C to +70°C / 14°F to 158°F)
Storage temperature: -40°C to 85°C / -40°F to 185°F (with battery
only -30°C / -22°F)
6.3.4.2 Dry heat and cold withstand test: 70°C / -25°C (158°F / -13°F, 96 h,
EUT power supply disconnected
6.3.4.3 Change of temperature, withstand and immunity test: -25°C / 70°C
(-13°F / 158°F) and 0°C / 55°C (32°F / 131°F), EUT power supply
disconnected
6.3.4.4 Cyclic damp heat withstand test: 25°C / 55°C (77°F / 131°F), 95%
relative humidity, EUT power supply disconnected
33003405 07/2007
Equipment Description
Mechanical
Conditions
The most important test and limit values for mechanical conditions are listed in the
following table:
EN 61131-2 Mechanical Tests
Vibration test, operating: 5 Hz to 9 Hz / 3.5 mm, 9 Hz to
150 Hz / 1g
6.3.5.1 Immunity vibration test: 10 Hz to 150 Hz, 1 g, EUT
operating, 10 cycles per axis
6.3.5.2 Immunity shock test: 15g, 11ms, EUT operating, 2 cycles
per axis
EMC Conditions The most important tests and limit values for EMC conditions are listed in the
following tables:
EN 61131-2 Noise Immunity Test
6.3.6.2.1 IEC/EN 61000-4-2 ESD test: 4 kV contact/ 8 kV air discharge
6.3.6.2.2 IEC/EN 61000-4-3 RFI test (10 V/m): 26 MHz to 1 GHz, 80% AM
6.3.6.2.3 IEC/EN 61000-4-4 Burst test: 2 kV power supply / 1 kV signal lines
6.3.6.2.4 IEC/EN 61000-4-12 Damped oscillatory wave immunity test: 1 kV
IEC/EN 61000-6-2 Noise Immunity Test
IEC/EN 61000-4-6 Radio frequency common mode: 10 V
150 kHz to 80 MHz, AM
IEC/EN 61000-4-3 900 MHz pulses
IEC/EN 61000-4-5 Surge: 1 kV, 0.5 kV
IEC/EN 61000-6-4 Noise Emission Test
EN50011 Class A Emission test: radiated, conducted
33003405 07/2007 57
Equipment Description
Voltage Supply The most important tests and limit values for the voltage supply of the equipment are
listed in the following table:
IEC/EN 61131-2 Verification of DC Power Supply Characteristics
The power supply must meet alternatively the following
standards: IEC 61131-2 or SELV (Safety Extra Low
Voltage) or PELV (Protective Extra Low Voltage)
Fusing the XPSMF2DO801 safety remote output device
must be performed according to this manual only.
6.3.7.1.1 Voltage range test: 24 V DC, -20% to 25% (19.2 V DC to
30.0 V DC)
6.3.7.2.1 Momentary interruption immunity test: DC, PS 2: 10ms
6.3.7.4.1 Reversal of DC power supply polarity test
6.3.7.5.1 Backup duration withstand test: Test B, 1000 h, Lithium
battery is used for backup.
58
33003405 07/2007
Technical Characteristics
Mechanical Data Power Supply Connectors 1
Connection diameters, single lead connection
Without lead end sleeves
Stranded with lead and sleeves (without
plastic sleeves)
Stranded with lead end sleeves (with plastic
sleeves)
Power Supply Connectors 2
Connection diameters, multiple lead connections (2 leads max, same diameters)
Without lead end sleeves
Stranded with lead and sleeves (without
plastic sleeves)
Stranded with lead end sleeves (with plastic
sleeves)
Equipment Description
2
Solid 0.2 to 2.5 mm
Stranded 0.2 to 2.5 mm
AWG 24-12
2
0.25 to 2.5 mm
AWG 22-14
2
0.25 to 2.5 mm
AWG 22-14
2
Solid 0.14 to 1.5 mm
Stranded 0.14 to 1.5 mm
AWG 28-16
2
0.25 to 1.5 mm
AWG 22-16
2
0.25 to 0.5 mm
AWG 22-20
2
2
Signal Line Connectors 1
Connection diameters, single lead connection
Without lead end sleeves
Solid 0.14 to 1.5 mm
Stranded 0.14 to 1.5 mm
AWG 28-16
Stranded with lead and sleeves (without
plastic sleeves)
Stranded with lead end sleeves (with plastic
sleeves)
33003405 07/2007 59
0.25 to 1.5 mm
AWG 22-16
0.25 to 0.5 mm
AWG 22-20
2
2
2
2
Equipment Description
Signal Line Connectors 2
Connection diameters, multiple lead connections (2 leads max, same diameters)
Without lead end sleeves
Solid 0.14 to 0.5 mm
2
AWG 28-20
2
Stranded 0.14 to 0.75 mm
AWG 28-18
Stranded with lead and sleeves (without
plastic sleeves)
Stranded with lead end sleeves (with plastic
sleeves)
0.25 to 0.34 mm
AWG 22
2
0.5 mm
AWG 20
2
Stripping Length and Torque
Stripping length 9 mm (0.35 in)
Torque 0.22 to 0.25 Nm (1.9 to 2.2 lb-in)
Technical Data The XPSMF2DO801 safety remote output device technical data are presented in
the following tables:
Interface Ethernet 2*RJ-45, 10/100 Base T with integrated switch
Operating Voltage 24 VDC -15%/+20%, Wss <=15%, from a power supply
with protective separation, conforming to IEC 61131-2
requirements
Current Consumption max. 0.6 A
Operation Temperature 0 to 60°C / 32°F to 140°F
Storage Temperature -40 to +85°C / -40°F to 185°F
Fuse (external) 10 A (Slow blow)
Battery backup none
Protection IP 20
Max dimensions width: 207 mm / 8.15 in. (with housing screws)
height: 114 mm / 4.49 in. (with latch)
depth: 86 mm / 3.39 in. (with grounding bolt)
Weight 1.3 kg / 2.87 lb
60
33003405 07/2007
Equipment Description
Relay Outputs
Relay Types per Channel 2 Safety relays with positively guided contacts,
1 standard type relay
Number of Outputs 8 Potential-free NO contacts in diversity
Output Voltage 2 VDC
Switching Voltage
Switching Current internally fused with 3.15 A
Switching Capacity AC UL:
Switching Capacity DC (nonInductive)
Contact Material silver alloy
Switching Time approx. 30 mS
Reset Time approx. 10 mS
Bounce Time approx. 15 mS
Service Life Mechanical and
Electrical
≥ 5 V, ≤ 250 VAC / 250 VDC
breaking capacity 100 A
250 VAC @ 6 A GP
TÜV:
max. 250 VA, cos
max. 625 VA, cos
ϕ ≥ 0.5, at max. 250 VAC
ϕ = 1
UL: 24 VDC @ 1 A at resistive load
TÜV:
up to 30 VDC: Max. 90 W (3.15 A)
up to 70 VDC: Max. 22 W (0.315 A)
up to 127 VDC: Max. 25 W (0.25 A)
up to 250 VDC: Max. 40 W (0.16 A)
(external fusing adapted)
6
≥ 3 x 10
≥ 2.5 x 10
switching cycles
5
switching cycles with resistive full load and
≤ 0.1 switching cycles per second
Supply Voltage The XPSMF2DO801 safety remote output device is a single voltage system. The
required operating voltage is defined as follows in accordance with IEC/EN 61131-2.
Supply voltage
Nominal value 24 VDC, -15...+20%
Max. permissible function
limits in continuous operation
Max. peak value 35 VDC for 0.1 s
Permissible ripple w < 5% as r.m.s. value w
Reference potential L - (negative pole)
33003405 07/2007 61
18.5 to 30.2 VDC (including ripple)
< 15% as value peak-to-peak
ss
Earthing the reference potential is permitted.
Equipment Description
Additional Items
Overview This section lists additional items that can be used with or alongside the
XPSMF2DO801 safety remote output device.
List of Additional
Items
l Power Supply Unit-24VDC with protective separation from power supply:
IEC 61131-2
Product ranges: ABL7RE or ABL8RP
Location: www.telemecanique.com
l Suitable DIN Rail for mounting the controller
AM1** range of DIN rail is acceptable and can be found under the Cable and
Wiring Accessories in Control and Connection Components Catalog.
l OtherSafe PLC controllers and IO
l XPSMF60** The XPSMF60 controller is a modular PES in a rack system
housing. The controller is able to house up to six of the folowing modules (see
the table below). The number of times a particular module is used in the
XPSMF60 is not restricted.
l XPSMF3DIO** Remote Input and Output modules. The number of inputs and
outputs may vary depending on the model.
l XPSMF2DO** Remote Output Module. The number of outputs varies.
l XPSMF1DI1601 Remote Input Module with 16 digital outputs.
l Safety Modules Various safety modules and safety controllers (see Machine
Safety in the Essential Guide). Module functions range from emergency stop to
light curtain monitoring.
l Standard Controllers: Non-Safety data transfer (see Automation, automation and
Control, Essential Guide, 2005). Standard controllers operate both large and
small machinery. Ranges: Twido, Micro, Premium, and Quantum.
l Safety Devices Switches and Actuators:
l Coded Magnetic Switches, Limit Switches, Rotary Lever or spindle,
Emergency Stops, Foot Switches, Switch Disconnectors
l Mat
l Light Curtains
l 2 Hand Control units
l Motor Starters
(See Safety section or the Essential Guide for more details.)
62
33003405 07/2007
Equipment Description
l Human Machine Interface Devices (to increase safety awareness)
l Pushbuttons and Pilot Lamps
l Beacons
l Sirens
l Magelis Displays
(See Operator Dialog section of the Essential Guide for more information.)
Note: All the catalogs and guides are available at http://www.telemecanique.com.
33003405 07/2007 63
Equipment Description
64
33003405 07/2007
Appendices
At a Glance
Overview This chapter contains error codes and examples of wiring diagrams.
What's in this
Appendix?
The appendix contains the following chapters:
Chapter Chapter Name Page
A Connection Diagrams, Examples of Application, and Error
Codes
67
33003405 07/2007 65
Appendices
66
33003405 07/2007
Connection Diagrams, Examples of Application, and Error Codes
A
At a Glance
Overview This chapter contains connection diagrams, examples of application, and error
codes.
What's in this
Chapter?
This chapter contains the following topics:
Topic Page
Error Codes 68
Wiring Examples 70
Configuration of Ethernet Interfaces 73
33003405 07/2007 67
Brief description of the functional devices
Error Codes
Description of
Error Codes
The error codes listed in this section appear in XPSMFWIN programming
environment.
The following table describes error codes of relay outputs:
System signal R/W Meaning
Module.SRS [
Module.Type [
Module.Error Code [
DO.Error Code [
UDINT] R slot number (System-Rack-Slot)
UINT] R type of module, setpoint: 0x003C [60
WORD] R error codes of the module
0x0000
0x0001
0x0002
0x0004
0x0010
0x0020
0x0040
0x0080
WORD] R error codes of all digital outputs
0x0001
0x0002
0x0004
0x0008
0x0010
0x0020
0x0040
0x0080
0x0100
0x0400
0x0800
0x1000
0x2000
0x4000
]
dez
I/O processing, may be faulty, see further error codes
no I/O processing (CPU not in RUN)
no I/O processing during start-up tests
manufacturer interface in operation
no I/O processing: incorrect configuration
no I/O processing: error rate exceeded
no I/O processing: configured module not inserted
module error
MEZ test, safety switch 1 failed
MEZ test, safety switch 2 failed
FTZ test of test pattern failed
MEZ test of readback channels failed
MEZ test, active disconnection failed
error with initialization: relays
FTZ test: error of relay voltage
FTZ test of CS (chip select) signals failed
FTZ test: 1. temperature threshold exceeded
FTZ test: 2. temperature threshold exceeded
MEZ test: status of safety switch 1
MEZ test: status of safety switches
MEZ test: active disconection by watchdog failed
68
33003405 07/2007
Brief description of the functional devices
System signal R/W Meaning
DO[xx].Error Code [BYTE] W error codes of the digital output channels
0x01
0x04
0x10
error in digital output module
error reading back the digital outputs
error reading back relay [x].1
(the channel is permanently deactivated)
0x20
error reading back relay [x].2
(the channel is permanently deactivated)
DO[xx].Value [
0x080
BOOL] W output value of digital output channels
0
1
channel still can not be activated after deactivation by
l application
l forcing
l channel/module failure
output power-free
output activated
33003405 07/2007 69
Brief description of the functional devices
Wiring Examples
SafeEthernetProtocol and
Ethernet Wiring
Example
The following scheme shows an example of Ethernet and SafeEthernet protocol
networking:
6
Ethernet (SafeEthernet)
Medium (protocol)
1
7
Ethernet (Mo dbus TCP/IP)
Ethernet (Modbus T CP/IP)
4
Ethernet (SafeEthernet)
Ethernet (SafeEthernet)
2
3
5
5
70
Elements of the network
No. Element
1 Atomation Platform Premium PLC
2 Magelis Graphic Terminal
3 Magelis Graphic Terminal
4 XPSMF30 Safety PLC
5 XPSMF 1/2/3 DIO/AIO Remote I/O
6PC
7 TSX ETY100 (Modbus TCP/IP) Module
33003405 07/2007
Brief description of the functional devices
The above application shows the communication between a Safety PLC and a
Premium PLC over Ethernet (Modbus TCP/IP protocol) and Ethernet using
SafeEthernet protocol. The data exchange between the Safety PLC and the
Premium PLC is non-safety data transfer. The two systems can work together
sending and receiving data in both directions using Modbus TCP/IP protocol. In this
case, it allows non-safe data transfer over Ethernet through the Safety PLC.
Now, the data from a safety-related input can control a safety output within the
Safety PLC system and a non-safety output through the Premium PLC system. The
PLC system can transmit its non-safe data over Ethernet controlling a non-safetyrelated output. This allows the cabling system to be used to transfer both safe and
non-safe data.
33003405 07/2007 71
Brief description of the functional devices
SafeEthernet
Wiring Example
The following scheme shows an example of SafeEthernet protocol and Modbus
protocols networking:
Modbus serial
1
6
5
Ethernet (SafeEthernet)
7
8
2
Modbus serial field bus
Ethernet (Modb us TCP/IP)
3
4
5
Ethernet (SafeEthernet)
Medium (p rotocol)
Elements of the network
No. Element
1 Magelis Graphic Terminal
2 Automation platform ’Premium’
3 Magelis Graphic Terminal
4 XPSMF30 Safety PLC
5 XPSMF 1/2/3 DIO/AIO
6 XPSMF ADAPT
7 TER Connection on Premium Processor
8 TSXSCY21601 Modbus Serial Module
72
The application above shows the combination of a Safety PLC system and a
Premium PLC system connected via Modbus serial. The data exchange between
the Safety PLC system and the Premium PLC system over Modbus serial is nonsafe data transfer. The communication allows the two systems to work together. The
PLC system can send the non-safe data over to the Safety PLC. The Safety PLC
can transmit the non-safety-related data over Ethernet to one of the remote I/O
modules. The module can control a non-safety-related output. This enables the use
of a single transmission line over large distances for safe and non-safe data transfer.
33003405 07/2007
Configuration of Ethernet Interfaces
Brief description of the functional devices
Communication
Settings
For setting the communication parameters proceed as follows:
Step Action
1 Open the Extended tab.
2In the Speed Mode list, select Autoneg.
3In the Flow-Control Mode list, select Autoneg.
4 Select the Activate Extended Settings check box.
Result: The selected parameters are activated.
Konfiguration
[0] HIMatrix F3 DIO 20 _8 01_1
[0] HIMatrix F3 DIO 20 _8 01_2
[250] Ablauf
[33] Abl-Mode
Abl-Mode
Protocols
Remote I/O
[0] HIMatrix F35
COM
Ethernet s witch
Port config uration_1
CPU
[1] DO 8 DO 8
[2] CI 2 CI 2
[3] MI 24/ 8 FS1000 MI 24/800
Note: The parameters of the Extended tab are explained in detail in the online
help of XPSMFWIN.
/Konfiguration/Abl-M ode/HIMatrix F35/CO M
IP Settings License KeyExtended
Activate Extended ...
ARP Aging Time [s] 00
MAC Learning con servative
IP Forwardin g
Speed Mode Autoneg
Flow-Control Mode Autoneg
OK HelpApplyCancel
33003405 07/2007 73
Brief description of the functional devices
Port Settings The port settings of the integrated switch can be parameterized individually from
COM OS version > 8.32 and XPSMFWIN Hardware Management version
> 7.56.10. Using the context menu of the communication COM settings select
Ethernet switch → New → Port configuration. A configuration menu can be
established for each switched port.
Setting a port configuration
[0] HIMatrix F35
COM
Ethernet switch
CPU
[1] DO 8 DO 8
[2] CI 2 CI 2
[3] MI 24/8 FS1000 MI 24/8 FS1000
[3] Auswahl
Auswahl
Protocols
New
Copy
Past
Delete
Print...
Properties
Port configuration
Parameters of a port configuration
Applikationen-Factory-V1.1
Konfiguration
[0] HIMatrix F3 DIO 20_8 01_1
[0] HIMatrix F3 DIO 20_8 01_2
[250] Ablauf
[33] Abl-Mode
Abl-Mode
Protocols
Remote I/O
[0] HIMatrix F35
COM
Ethernet switch
Port configuration_1
CPU
/Konfiguration/Abl-Mode/HIMatrix F35/OM
Type Port configuration
Name Port configuration_1
Port 1
Speed [MBit/s] 100
Flow control Full duplex
Autoneg also with fix values
Limit Broadcast
OK HelpApplyCancel
74
33003405 07/2007
Brief description of the functional devices
The following table contains the parameter descriptions:
Parameter Description
Port Port number, as assigned on device.
Note: Only 1 configuration is possible per port.
Value range 1...n, depending on the resource
Speed [MBit/s] The following selections are available:
10 MBit/s data rate 10 MBit/s
100 MBit/s data rate 100 MBit/s
Autoneg (10/100) automatic setting of the baud rate
The default setting is Autoneg.
Flow control The following selections are available:
Full duplex communication in both directions at the same time
Half duplex communication in one direction
Autoneg automatic control of communication
The default setting is Autoneg.
Autoneg also with
fix values
Limit Limit incoming Multicast and/or Broadcast packages.
The Advertising (transfer of Speed and Flow control properties) is
made with fixed parameter values. Thereby other devices, whose port
settings are Autoneg, can recognise how the PLC ports are set.
The following selections are available:
Off no limit
Broadcast limit Broadcast (128 kbit/s)
Multicast and Broadcast limit Multicast and Broadcast (1024 kbit/s)
The default setting is Broadcast.
Activation of
Settings
Parameters are set in the COM window of the Hardware Management screen.
Before the changes/settings become active the application program must be
compiled using the Code Generator and then transferred to the PLC(s). The
communication properties can be changed in the online mode using the Control
Panel. The settings become active immediately, but are not transferred to the
application program.
33003405 07/2007 75
Brief description of the functional devices
76
33003405 07/2007
Glossary
A
AWG american wire gage (wire diameter)
C
COM communication module
CPU central processing unit
D
DI digital input
DIO digital input/output
DO digital output
33003405 07/2007 77
Glossary
E
EMC electromagnetic compatibility
F
FB field bus
FBD functional block diagram
FTT fault tolerance time
FTZ see FTT
I
IEC international electrotechnical commission
L
LC line control
M
MEZ see MFOT
MFOT multi-fault occurrence time
78
33003405 07/2007
N
NSP non-safety-related protocol
O
OLE object linking and embedding
OSI Model open system interconnection model
P
PELV protective extra low voltage
PES programmable electronic system
Glossary
R
R read
R/W read/write
RC requirement class
33003405 07/2007 79
Glossary
S
SELV safety extra low voltage
SFC sequential function chart
SIL safety integrity level (according to IEC 61508)
SRS system-rack-slot
T
TMO timeout
W
W write
WD watchdog
WDT watchdog time
80
33003405 07/2007
Index
B
C
A
A
additional items, 62
air circulation, 15
application, 25
B
block diagram, 26
C
cable disconnection, 29
climatic conditions, 56
communication, 40
configuration
Ethernet interfaces, 73
connections for SafeEthernet, 53
D
description of error codes, 68
diagnostics, 31
dimensions, 11
E
EMC conditions, 57
equipment description, 35
error codes, 68
Ethernet
configuration, 73
Ethernet communication
used network ports, 53
F
first power-up, 24
front view, 10, 36
function, 26
H
heat, 18
housing elements, 36
I
initial operation, 24
installation, 13
interface elements, 47
internal convection, 20
introduction, 10
IP addressing and system ID, 49
L
large system reconfiguration, 30
LED description, 45
LEDs, 44
list of additional items, 62
33003405 07/2007 81
Index
M
maintenance, 33
mechanical conditions, 57
mechanical data, 59
Modbus TCP/IP, 53
mounting the remote output module, 14
O
operating conditions, 56
operation parameters of the Ethernet
Interfaces, 52
OSI model, 54
P
power supply connectors, 59
power supply interruption, 30
procedure, 13
R
repair of remote output modules, 33
replacing faulty modules, 32
representation, 10
reset button, 39
RJ45 connector, 48
T
TCP/IP description, 49
technical characteristics, 59
technical data, 60
temperature state/operating temperature, 21
testing the inputs and outputs for
interference voltage and earth faults, 32
U
using reset button, 39
V
voltage supply, 58
W
wiring, 47
wiring examples, 70
S
SafeEthernet, 50
SafeEthernet protocol wiring example, 70
SafeEthernet wiring, 47
SafeEthernet wiring example, 72
safety-related communication, 40
safety-related relay outputs, 27
short-circuit characteristics of the output
channels, 31
signal line connectors, 59, 60
small system reconfiguration, 30
specified cables, 48
stripping length and torque, 60
supply voltage, 61
switches, 48
82
33003405 07/2007
Loading...