Weidmuller UR20-4DI-4DO-PN-FSPS-V2, UR20-4DI-4DO-PN-FSPS, UR20-4DI-4DO-PN-FSOE-V2, UR20-8DI-PN-FSOE, UR20-8DI-PN-FSPS-V2 User Manual

Remote I/O system u-remote
IP20 modules for functional safety

Manual (Original)

Letʼs connect.

Content

1 About this documentation 3

1.1 Symbols and notes 3

1.2 Complete documentation 3

2 Safety 5

2.1 General safety notice 5

2.2 Intended use 6

2.3 Use in a potentially explosive atmosphere 6

2.4 Notes on functional safety 6

2.5 Legal notice 7

3 System description of safe I/O modules 9

3.1 Sample design 9

3.2 Transition diagramm 10

3.3 Current-/voltage characteristics of the fail safe digital inputs 10

3.4 Registration of safe I/O modules on the safety control 11

3.5 Safety address 11

3.6 Operation with and without test pulses 12

3.7 Processing time 12

4 System description of safe power-feed modules 15

4.1 Sample design 16

4.2 Transition diagramm 17

4.3 Modules switchable by PF-O-xDI-SIL 18

4.4 Conguration 18

4.5 Switch-off delay time 18

4.6 Operation with and without test pulses 19

5 Detailed descriptions of safe modules 21

5.1 General technical data 21

5.2 Data width dependent on the coupler used 22

5.3 Digital in- and output module UR20-4DI-4DO-PN-FSOE,
UR20-4DI-4DO-PN-FSOE-V2 24

5.4 Digital input module UR20-8DI-PN-FSOE, UR20-8DI-PN-FSOE-V2 32

5.5 Digital in- and output module UR20-4DI-4DO-PN-FSPS,
UR20-4DI-4DO-PN-FSPS-V2 39

5.6 Digital input module UR20-8DI-PN-FSPS, UR20-8DI-PN-FSPS-V2 47

5.7 Safe power-feed module UR20-PF-O-1DI-SIL 54

5.8 Safe power-feed module UR20-PF-O-2DI-SIL 59

5.9 Safe power-feed module UR20-PF-O-2DI-DELAY-SIL 64

6 Installation and replacement 71

7 Example applications 73

7.1 Example applications for safe I/O modules 73

7.2 Dual-channel emergency stop monitoring 76

7.3 Dual-channel light curtain monitoring (AOPD type 4)
and emergency stop monitoring 77

7.4 Dual-channel emergency stop and cable-pull switch monitoring 78

7.5 Dual-channel safety door monitoring with automatic reset
and emergency stop 79

7.6 Safety mat 80

7.7 Dual-channel two-hand monitoring with automatic start 81

7.8 Dual-channel safety door monitoring with magnetic switch,
automatic reset and emergency stop 82

7.9 Dual-channel safety door monitoring, spring-operated interlock
with manual reset and emergencystop 83

7.10 Dual-channel safety door monitoring, magnetically operated interlock
with manual reset and emergency stop 84

7.11 Dual-channel safety door monitoring with proximity sensors,
automatic reset and emergency stop 85

7.12 Dual-channel safety door monitoring, spring-operated interlock,
controlled shutdown with manual reset and emergency stop 86

7.13 Dual-channel safety door monitoring with automatic reset
and controlled shutdown and emergency stop 87

7.14 Cascading 88

8 LED displays and troubleshooting 89

8.1 Safe I/O modules 89

8.2 Safe power-feed modules 91

9 Accessories and replacement parts 93

9.1 Accessories 93

9.2 Replacement parts 93

Attachment

Checklist for the use of u-remote safety modules A-2
EC Declaration of Conformity A-5
TÜV Certicates A-27

Manufacturer

Weidmüller Interface GmbH & Co. KG
Klingenbergstraße 16
32758 Detmold, Germany
T +49 5231 14-0
F +49 5231 14-292083
info@weidmueller.com
www.weidmueller.com

Document No. 1484600000
Revision 04/June 2017

2 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

1 About this documentation

1 About this documentation | Symbols and notes

1.1 Symbols and notes

The safety notices in this documentation are designed
according to the severity of the danger.

DANGER

Imminent risk to life!

Notes with the signal word “Danger” warn
you of situations which will result in serious
injury or death if you do not follow the in­structions given in this manual.

WARNING

Possible danger to life!

Notes with the signal word “Warning” warn
you of situations which may result in serious
injury or death if you do not follow the in­structions given in this manual.

CAUTION

Risk of injury!

Notes with the signal word “Caution” warn
you of situations which may result in injury
if you do not follow the instructions given in
this manual.

ATTENTION

Material damage!

Notes with the signal word “Attention” warn you of hazards
which may result in material damage.

The situation-dependent safety notices may contain the fol­lowing warning symbols:

Symbol Meaning

Warning against hazardous electrical
voltage

Warning against explosive atmospheres

Warning against electrostatically charged
components

Warning against automatic startup

Instruction: observe the documentation

▶ All instructions can be identified by the black triangle

next to the text.

– Lists are marked with a tick.

1.2 Complete documentation

This manual contains product-specic

information and notes about the use of
u-remote safe modules. It supplements

but doesnot replace the u-remote manual

(document no 1432790000).

All manuals are available to download on the
Weidmüller website.

Text next to this arrow are notes which are
not relevant to safety, but provide important
information about proper and effective work
procedures.

3u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

1 About this documentation | Complete documentation

4 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

2 Safety

2 Safety | General safety notice

This section includes general safety instructions for handling

the u-remote system. Specic safety instructions for specic

tasks and situations are given at the appropriate places in
the documentation.

2.1 General safety notice

Work on the u-remote products may only be performed by

qualied electricians with the support of trained persons.

As a result of their professional training and experience, an

electrician is qualied to perform the necessary work and

identify any potential risks.

Before any work is carried out on the products (installa-

tion, maintenance, retrotting), the power supply must be

switched off and secured against being switched on again.
Work may be carried out with safety extra-low voltage.

When working during continued operations, the safety
equipments and devices must not be made ineffective.

If a malfunction on a u-remote product cannot be xed after
following the recommended measures (see the chapter8),

the product in question must be sent back to Weidmüller.
Weidmüller assumes no liability If the base or electronic
module has been tampered with!

Electrostatic discharge

u-remote products can be damaged or destroyed by electro­static discharge. When handling the products, the neces­sary safety measures against electrostatic discharge (ESD)
according to IEC 61340-5-1 and IEC 61340-5-2 must be
observed.

All devices are supplied in ESD-protected packaging. The
packing and unpacking as well as the installation and disas­sembly of a device may only be carried out by qualied per­sonnel and in accordance with the ESD information.

Fusing

If safe I/O modules or safe power-feed modules are installed
within a u-remote station, a SELV/PELV power supply has to
be applied to ensure the safety functions.

The operator must set up the equipment so that it is protect­ed against overloading. The upstream fuse must be designed
such that it does not exceed the maximum load current. The
maximum permissible load current of the u-remote compo­nents can be found in the technical data.

To meet UL-specications in accordance with UL248-14,
a UL-certied automatic fuse (e.g. ABB Type S201-B16)
or a 8A fuse with a medium time-lag (e.g. ESKA Part No.

522.226) must be used.

All connections of the u-remote components are protected
against voltage pulses and overcurrent in accordance with

IEC61131-2, ZoneB. The operator has to decide whether
additional overvoltage protection according to IEC62305
is required. Voltages that exceed +/-30V may cause the de-

struction of couplers and modules.

A feed-in power supply with secure isolation must be used.

Earthing (functional earth FE)

Each u-remote I/O module is tted with an FE spring on the

underside which creates an electrical connection to the DIN
rail. In order to establish a secure connection, the assembly
must be carried out carefully in accordance with the instruc­tions (see chapter 7 of the u-remote manual). The module is
earthed by connecting the DIN rail to the protective earth via
the earth terminal.

Shielding

Shielded lines are to be connected with shielded plugs and

xed on a shield bus in compliance with the relevant stan­dard (see u-remote manual, chapter8).

Open equipment

u-remote products are open equipment that may only be in­stalled and operated in lockable housings, cabinets or electri­cal operations rooms. Only trained and authorised personnel
may access the equipment.

For applications requiring functional safety, the surrounding
housing must meet at least IP54.

The standards and guidelines applicable for the assembly
of switch cabinets and the arrangement of data and supply
lines must be complied with.

5u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

2 Safety | Intended use

2.2 Intended use

The products of the u-remote series are intended for use in
industrial automation. A u-remote station with bus coupler
and connected modules is intended for the decentralised
control of systems or sub-systems. All modules of a station

are integrated into a eldbus structure and connected to the
superordinate control unit via the eldbus coupler.

The u-remote safe I/O modules (UR20-*FS*) as well as the
safe power-feed modules (PF-O-xDI-SIL) are intended for
connecting equipment providing functional safety. Therefore
safe I/O modules must be operated via a safety control.
The u-remote products conform to protection class IP20 (in
accordance with DIN EN 60529), they can be used in poten-

tially explosive atmospheres rated as Zone 2 (as per Directive

2014/34/EU).
The observance of the supplied documentation is part of the
intended use. The products described in this manual may
only be used for the intended applications and only in con-

nection with certied third-party devices or components.

2.3 Use in a potentially explosive atmosphere

If u-remote products are used in potentially explosive atmos­pheres, the following notes are also applicable:

– Staff involved in assembly, installation and operation must

be qualified to perform safe work on electrical systems
protected against potentially explosive atmospheres.

– For applications in potentially explosive atmospheres, the

requirements according to IEC60079-15 must be
observed.

– The housing enclosing must be ATEX/IECEx certified

meeting the requirements of protection class IP54, acces­sible only by use of a tool.

– The housing enclosing must meet the requirements of

explosion protection type Exn or Exe.

– Sensors and actuators that are located in Zone 2 or in a

safe zone can be connected to the u-remote station.

– Devices are for use in an area of not more than pollution

degree 2 in accordance with EN60664-1.

– Provision shall be made to prevent the rated voltage from

being exceeded by transient disturbances of more than

140 % of the rated voltage.

– When the temperature under rated conditions exceeds

70 °C at the conductor or conduit entry point, or 80 °C at
the contact, the temperature specification of the selected
cable shall be in compliance with the actual measured
temperature values.

– A visual inspection of the u-remote station is to be per-

formed once per year.

2.4 Notes on functional safety

Safety Integrity Level (SIL)

The safety requirements necessary for the safety functions
of an application are determined in a risk analysis. Here, the
probability of the safety functions failing is important. In an
operating mode with a high rate of demand or continuous
demand, the probability of dangerous failure per hour (PFH)
must be taken into consideration, whereas in an operating
mode with a lower rate of demand, the probability of danger­ous failure on demand (PFD) must be taken into consider-

ation. According to IEC61508 and IEC62061, the safety

requirements are graded by the failure limit values as follows:

Safety requirements by failure limit values

PFD PFH

SIL3 < 10
SIL2 ≥ 10
SIL1 ≥ 10

-3

-3

to < 10

-2

to < 10

-2

-1

Performance level (PL)

According to ENISO13849-1, the degree to which a safety
function contributes to risk minimisation is dened as the
performance level. A distinction is made between the ve

levels PLa to PLe with an increasing contribution to risk min­imisation.

Safety categories

Safety categories according to ENISO13849-1 describe a
minimum level of applicable safety and to what extent moni­toring is required.
Category B: The safety-related components of machine
controls and/or their safety equipment as well as their
components must be designed, selected, assembled and
combined to the state of the art such they can withstand the
expected conditions.
Category 1: The requirements of Category B must be met.
Use of proven safety-related components.
Category 2: The requirements of Category B must be met
with the use of proven safety principles. The safety functions

must be veried by the machine controls at suitable intervals

(depending on the application and the type of machine).
Category 3: The requirements of Category B must be met
with the use of proven safety principles. Controls must be de­signed so that a single failure in the control system does not
lead to a loss of safety function(s), and whenever reasonably
practicable, the single failure shall be detected with suitable
means which meet the state of the art.
Category 4: The requirements of Category B must be met
along with the use of proven safety principles. Controls must

< 10

≥ 10
≥ 10

-7

-7

to < 10

-6

to < 10

-6

-5

6 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

be designed so that a single failure in the control system
does not lead to a loss of safety function(s), and whenever
reasonably practicable, a single failure is detected during or
prior to the next demand upon the safety function, or if this
is not possible, an accumulation of faults does not lead to
the loss of the safety function(s).

Requirements on sensors / signal generators

The sensors / signal generators being connected must meet
the following requirements:

– Only signal generators that are suited for the respective

required safety level may be used.

– Positively opening control switches must be used in

accordance with IEC60947-5-1 (designated with this

symbol:
– Only use components that have been proven in operation.
– Depending on the established risk level, switches (e.g. for

position monitoring) may have to have a redundant

design.
– Depending on the required safety level, control devices

may have to have a redundant design. In this regard,

make sure to take into account the applicable C stan-

dards.

).

2 Safety | Legal notice

2.5 Legal notice

The u-remote series products are CE-compliant in accor­dance with Directive 2014/30/EU (EMC Directive) and
Directive 2014/35/EU (Low Voltage Directive). They also
meet the requirements of the ATEX Directive 2014/34/EU.

7u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

8 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

X1

X2

DI

M

DI DO DIDODODO DO

FS

*

FS

*

AO DO

Safety control

3 System description of safe I/O modules

3 System description of safe I/O modules | Sample design

This chapter contains product-specic informa­tion and notes about the use of safe I/O mod­ules. Please also observe the system description
in the u-remote manual (document number

1432790000).

The u-remote system provides safe I/O modules for both

1)

safety protocols Safety over EtherCAT

(Fail safe over
EtherCAT, FSOE) and PROFIsafe. Attached to a safety control
they enable the selective switching off of plant devices.
The 4DI-4DO type as well as the 8DI type is available for

each safety protocol. Each type is also available as type2

variant (V2):
UR20-4DI-4DO-PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2
UR20-8DI-PN-FSOE, UR20-8DI-PN-FSOE-V2
UR20-4DI-4DO-PN-FSPS, UR20-4DI-4DO-PN-FSPS-V2
UR20-8DI-PN-FSPS, UR20-8DI-PN-FSPS-V2
Both variants are identical in design, they only differ in the

rmware and therefore in the parameters (see module de­scriptions in Chapter5). The V2 modules enable to connect

antivalent switching safety devices.

The V1 modules cannot be upgraded using the

V2 rmware!

Single channel architectures (1oo1) as well as dual channel
architectures (1oo2) can be realised with the safe inputs and
outputs, also mixed operation is possible. In case of failure of
the safety control the modules change into the safe status.

Safety function

The information on the inputs are transferred to the safety
control via a black channel according to EN61508-2). A safe
input will send the input information “false” to the safety con­trol if a signal is within the inactive range or a fault has been
detected.
Vice versa the information from the safety control are trans­ferred to the outputs. The safe outputs will be deactivated if
the output information “false” is sent from the safety control
or a fault has been detected (safe status see technical data).

3.1 Sample design

Safe I/O modules can be placed at any position in the
u-remote station. The only exceptions are safety segments
built up from safe power feed modules (s. section 4.1). No
safe I/O module with outputs (UR20-4DI-4DO-PN-FSOE or

UR20-4DI-4DO-PN-FSPS
segment.

The following picture exemplies how to design a u-remote

station with safe I/O modules.

) may be placed within a safety

Example set-up of safe I/O modules (FS*) in a u-remote station

1) Safety over EtherCAT® is a registered trademark and patented technology, licensed by

Beckhoff Automation GmbH, Germany

9u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

3 System description of safe I/O modules | Transition diagramm

0

0 2 20104 6 8 12 14 16 18

3

2

1

4

[V]

[mA]

Inputs "off" Inputs "on"

0

0 2 20104 6 8 12 14 16 18

3

2

1

4

[V]

[mA]

Inputs "off" Inputs "on"

3.2 Transition diagramm

Waiting for parameter

Transition diagramm for safe I/O modules

State 1

Unrecoverable fault

Parameter received from safety control

State 3

Fault

State 2

Running

Failure occured

Acknowledgement
by safety control

Failure resolved

State 4

Requesting

acknowledgement

by safety control

3.3 Current-/voltage characteristics of the fail

safe digital inputs

Current-/voltage character istic for P-switching inputs

10 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

Current-/voltage character istic for PN-switching inputs

3 System description of safe I/O modules | Registration of safe I/O modules on the safety control

3.4 Registration of safe I/O modules on the

safety control

Safe I/O modules need to get registered on a safety control
using an engineering tool. Via the web server the safe I/O
modules can only be observed but not be parameterised or
forced.

PROFIsafe

For the commissioning of safe I/O modules running with the
PROFIsafe safety protocol you will need the Weidmüller CPD
tool which is available to download on the website. Accord­ing to the parameter settings this software tool calculates a
check sum, wich will be transferred to the safety control in
Siemens STEP7 and on the TIA portal.

Fail-Safe-over-EtherCAT

For the commissioning of safe I/O modules running with
the Fail safe over EtherCAT safety protocol you will need
TwinCAT as well as a TwinSAFE safety control. The FSOE
modules have been tested using the TwinSAFE-Logic
EL6900 system (Beckhoff) and TwinCAT 2.11.2247
(Beckhoff).

Please use e.g. a ball pen to set the DIP switches
and avoid sharp-edged tools.

With PROFIsafe modules: Make sure that switch-

es without identication marking always remain
in position “Zero”.

Setting the safety address

▶ Before snapping the module onto the DIN rail please set

the safety address according to the project planning via
the DIP switches on the electronic unit.

▶ Snap the module onto the DIN rail and continue the

installation of the u-remote station.

1 0

0

1

2

3

4

5

6

7

8

9

10

11

3.5 Safety address

Before commissioning the safety address (F-address) has to
be set on each safe I/O module using the DIP switches on
the electronic unit. This address is indicated by the project
planning. The safety control transfers the safety address to
the module on each commissioning.
The safety address (decimal) has to be converted into a bi­nary value and then set using the DIP switches .

Decimal/binary conversion table

decimal 2048 1024 512 256 128 64 32 16 8 4 2 1

0 0 0 0 0 0 0 0 0 0 0 1

0 0 0 0 0 0 0 0 0 0 1 0

0 0 0 0 0 0 0 0 0 1 0 0

0 0 0 0 0 0 0 0 1 0 0 0

0 0 0 0 0 0 0 1 0 0 0 0

binary

Example: Address „1234“ is represented by setting

0000010011010010.

0 0 0 0 0 0 1 0 0 0 0 0

0 0 0 0 0 1 0 0 0 0 0 0

0 0 0 0 1 0 0 0 0 0 0 0

0 0 0 1 0 0 0 0 0 0 0 0

0 0 1 0 0 0 0 0 0 0 0 0

0 1 0 0 0 0 0 0 0 0 0 0

1 0 0 0 0 0 0 0 0 0 0 0

1234 0 1 0 0 1 1 0 1 0 0 1 0

11

9

7

10

8

1

5

3

0

4

2

6

1 0

0000010011010010

DIP switches for set ting the safety address on a PROFIsafe module (example setting: 1234)

Changing the safety address

To change the safety address after the module has been as­signed to the control please act as follows (with V2 modules
start with step5):

1. Pull out the electronic unit.

2. Set all DIP switches to position „Zero“.

3. Slide the electronic unit back into the module and turn on
the module/station.

4. Please wait until the status LED of the module lights alter­nating red and green (3 s green, 1 s red).

Only now the old safety address has been deleted and the
new one can be set.

5. Pull out the electronic unit again and set the new safety
address.

6. Slide the electronic unit back into the module and turn on
the module/station.

The status LED of the module lights green and the new safe­ty address will be displayed on the web server.

11u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

3 System description of safe I/O modules | External circuitry of a PN/P output pair

1

2

3

4

1

2

3

4

DO (PN)

24 V DC

DO (P)

DO (PN)

DO (P)

1

2

3.6 External circuitry of a PN/P output pair

All information in this section refer to the ZVEI position paper

CB24I (Edition 2.0).
The outputs of the module can be circuited as follows.

Options for the external circuitry of the outputs

Circuit diagram Parameterisation

2 x single-channel, P-switching

1

2 2 x single-channel, rst channel N-switching
3 dual-channel, rst channel N-switching

Examples 1 and 2

2 x single-channel, P-switching or dual-channel, P-switching
The outputs in circuit diagram1 correspond to the typeC
source.

or
dual-channel, P-switching

DO (PN)

1

DO (P)

1

2

3

4

Example 3

Dual-channel, rst channel N-switching
The outputs correspond with the typeD source.

DO (PN)

3

DO (P)

External dual-channel circuitr y of the outputs

Test pulse class Parameterisable per test pulse duration

Test pulse duration Depending on the parameterisation 0.5 ... 10ms

Test pulse intervall 200ms

Rated current 0.5A (as per EN61131-2)

Depending on the parameterisation and the load
current. With test pulses enabled the output current

Capacitive load

must be reduced to <10V within one millisecond.
With test pulses disabled (only possible with V2

modules) the connected capacity must not exceed

250µF.

Inductive load

Lamp load

As per EN61131-2 for 0.5Aoutputs, maximum
leakage current in state OFF: 100µA

When using a lamp load the test pulses must be

enabled (V2 modules only).

1

2

3

4

DO (PN)

2

DO (P)

External circuitr y of the outputs

1

2

3

4

24 V DC

Test pulse class Parameterisable per test pulse duration

Test pulse duration Depending on the parameterisation 0.5 ... 10ms

Test pulse intervall 200ms

Rated current 0.5A (as per EN61131-2)

Capacitive load

Depending on the parameterisation and the load
current. With test pulses enabled the output current

must be reduced to <10V within one millisecond.
With test pulses disabled (only possible with V2

modules) the connected capacity must not exceed

250µF.

Inductive load

Lamp load

As per EN61131-2 for 0.5Aoutputs, maximum
leakage current in state OFF: 100µA

When using a lamp load the test pulses must be

enabled (V2 modules only).

3.7 Operating with and without own test

pulses

All information in this section refer to the ZVEI position paper

CB24I (Edition 2.0).
The parameter settings allow to enable test pulses for the
inputs of the safe I/O modules. These test pulses are gener­ated and analysed by the module. Thus the highest safety
levels can be achieved (see technical data). The test pulse
duration is determined by the input delay.

When operating without test pulses AUX-OX and AUX-OY

can be used as outputs for the supply voltage. The active
output signal includes test pulses, the length of which is pa-

rameterisable between 0.5ms and 10ms. With V2 modules

these test pulses can be disabled.

Please regard the notes for parameter settings
whenever you disable the test pulses (see module

descriptions in chapter5).

12 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

3 System description of safe I/O modules | Operating with and without own test pulses

Examples for operating with test pulses

DI X (PN)

AUX-O X
AUX-O Y

DI Y (P)

Connecting example type A sink

Input current 2.5mA typ. (acc. to Type3 as per EN61131-2)

Output voltage:

AUX-OX, P-switching 22V typ. (Supply voltage minus 2V)

AUX-OX, N-switching 0V

AUX-OY Supply voltage 24V typ.

Input capacity 10nF typ.

DI X (PN)

AUX-O X
AUX-O Y

DI Y (P)

1

2

3

4

+24 V DC

Safety relay

1

2

3

4

For the operation with test pulses the V2modules can be

installed either with three or with four wires:

DI X
AUX-O X
AUX-O Y

DI Y

Operation with own test pulses, 4-wire installation

DI X
AUX-O X
AUX-O Y

DI Y

Operation with own test pulses, 3-wire installation

1

2

3

4

1

2

3

4

Examples for operating without test pulses

The following parameter settings are needed if an external
device is connected that generates test pulses by its own:

V1modules: test pulse “disabled“
V2modules: test pulse “external”.

Connecting example type B sink

Test pulse delay Depending on the parameterisation

Test pulse duration

0.5 to 10ms; depending on the parameterised input

delay

Test pulse intervall 1200ms

Input capacity 10nF typ.

Antivalent circuits are possible with V2 modules only.

DI X (PN)

AUX-O X
AUX-O Y

DI Y (P)

Connecting example with antivalent input circuit (V2 only)

1

2

3

4

DI X (PN)

AUX-O X

AUX-O Y

DI Y (P)

Connecting example for oper ation without own test pulses, typeC sink, class1

1

2

GND

3

+24 V DC

4

OSSD
Safety
device

Test pulse duration Max. 1ms

Test pulse intervall Min. 0

Input resistance Min. 7.2kOhm (at 18V)

Input capacity Max. 10nF typ.

Input inductivity Max. 1mH

13u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

3 System description of safe I/O modules | Processing time

DI X (PN)

AUX-O X

AUX-O Y

DI Y (P)

DI X (PN)

AUX-O X
AUX-O Y

DI Y (P)

DI X

AUX-O X

AUX-O Y

DI Y

Example for the operat ion without own test pulses

1

2

3

4

1

2

3

4

1

2

GND

3

+24 V DC

4

+24 V DC

GND module

+24 V DC

3.8 Processing time

The response time for each input or output of a safe I/O

module is <10ms. The processing time of a signal within the

safety chain can be calculated as follows:

Input delay (parameterised)
+ Response time input (<10 ms)
+ Response time output (<10 ms)
+ Data transfer from and to the PLC
+ PLC computing time

= Processing time

In the event that the module shall be used as

typeA source with disabled test pulses the DIX

input must be parameterised N-switching.

DI X (N)
AUX-O X
AUX-O Y

DI Y (P)

Operation without own test pulses, typeA source with N- switching DIX

1

2

3

4

14 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

4 System description of safe power-feed modules

4 System description of safe power-feed modules

This chapter contains product-specic informa­tion and notes about the use of safe power-feed
modules. Please also observe the system descrip­tion in the u-remote manual document umber

1432790000)

The PF-O-xDI-SIL modules are controlled using con­tact-based safety transducers and/or safety transducers with
OSSD outputs.

Each PF-O-xDI-SIL module safely switches off all fol­lowing modules that are supplied by the output current path
and thus creates a safety segment. A survey of the switch­able modules is shown at the end of this section. The safety
segment extends either to the next PF-O module or to the
end of the station. A safety-related input circuit together with
pulsed inputs is used for detecting broken wires and short
circuits.

Three types of safe power-feed modules are available in the
u-remote system:

– UR20-PF-O-1DI-SIL (one safe input)
– UR20-PF-O-2DI-SIL (two safe inputs)
– UR20-PF-O-2DI-DELAY-SIL (two safe inputs, delayed

switching off possible)

Thereby the following safety functions can be implemented:

– Up to two dual-channel safety circuits (AND linked), e.g.

for emergency stop switch, safety door contacts and
safety light curtains

– A range of output modules within a u-remote station is

safely supplied with power via the switched 24VSafe
output.

– PF-O-xDI-SIL modules can be cascaded.

Safety function

The safety function of the safe power-feed modules is

that the safe output “24VSafe” is being switched accord­ing to the informations of the inputs (Type3 according to
EN61131-2, N-switching respectively). The safe status is
“24V switched off” (current path for outputs and the output
“24V Safe” is switched off).

Safe power-feed module UR20-PF -O-1DI-SIL

Safe power-feed module UR20-PF -O-2DI-SIL and UR20-PF-O -2DI-DELAY-SIL

15u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

4 System description of safe power-feed modules | Sample design

DI DI DO DIDODODO DO

PF-O

SIL

PF-OAO DO

FB

U

OUT

24 V Safe

U

OUT

24 V

U

IN

24 V

24 V

24 V

24 V

1

4.1 Sample design

The following picture exemplies how to design a safety seg­ment using a safe power-feed module. All output modules
arranged within the safety segment will be switched safely.
Input modules can be arranged within the safety segment,
only they do not fulll any safety function and are not inu­enced by the PF-O-xDI-SIL module.

Safe I/O modules with outputs may not be posi­tioned within a safety segment.

For detailed planning please also observe the

notes in the section „Conguration“.

To switch the 24VSafe voltage back on, either an automatic

or a manual start can be selected.

– Automatic start: the safe output current path is switched

on immediately after resetting the safety circuit(s).

WARNING

Possible danger to life!

The option “Automatic start” might only be
used, after a risk analysis has shown that the
application is suitable.

– Manual start: the output current path is only switched on

again if the start button has been held down for 0.5 to
2seconds.

Example set-up of a saf ety segment (1) with PF-O-xDI-SIL

16 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

4.2 Transition diagramm

4 System description of safe power-feed modules | Transition diagramm

State 1

Idle

24 VSafe off

SS1 off

Delay time

expired

State 3

Wait for power off

24 VSafe on

SS1 off

Manual start mode or autostart mode after power on

Safety circuit inactive

no delay

1) Both channels of a safety circuit must get active within a discrepancy time of 0.5s max.

2) The 24 V Safe output remains on until delay time is expired.

3) At least one channel of the safety circuit.

Safety circuit active

Safety circuit inactive

3

Safety circuit active

Autostart mode

Safety circuit inactive

delay

1

3

2

Safety circuit active

Manual start mode

Autostart mode, not after power on

Safety circuit active

1

3

State 2

Wait for start

24 VSafe off

SS1 off

Manual start
key pressed

1

State 4

Running

24 VSafe on

SS1 on

Transition diagramm of safe power-f eed modules

With the delay SIL module (UR20-PF-O-2DI-DELAY-SIL)
switching off can be delayed by a dened time so that,

for example, a machine can be shut down in a controlled
manner. The delay time can be set in four steps between
0 and 60 seconds (corresponds to stop category 1 as per

EN60204).

17u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

4 System description of safe power-feed modules | Modules switchable by PF-O-xDI-SIL

4.3 Modules switchable by PF-O-xDI-SIL

Safely switchable output modules:

– UR20-4DO-P
– UR20-4DO-P-2A
– UR20-4DO-PN-2A
– UR20-8DO-P
– UR20-8DO-P-2W-HD
– UR20-16DO-P
– UR20-16DO-P-PLC-INT
– UR20-4DO-N
– UR20-4DO-N-2A
– UR20-8DO-N
– UR20-2PWM-PN-0.5A
– UR20-2PWM-PN-2A
– UR20-4AO-UI-16
– UR20-4AO-UI-16-HD
– UR20-4AO-UI-16-DIAG
– UR20-4AO-UI-16-DIAG-HD

In case a N-switching output module is positioned within a
safety segment the connected load needs to be switched

against +24V Safe.

The relay output modules UR20-4RO-CO-255 and UR20­4RO-SSR-255 are not safely switchable, therefore they must
not switch any safety function.
The digital counter module UR20-1CNT-1DO-100 will not be
switched since it is supplied via the input current path.

4.4 Conguration

A PF-O-xDI-SIL module can be positioned anywhere in
the u-remote station. Multiple PF-O-xDI-SIL modules
and thus safety segments can be set up in a single station.
When planning a u-remote station with PF-O-xDI-SIL
modules, the following requirements must be met:

– The overall current consumption from the system current

path of all switchable modules within a safety segment
must be lower than 100mA (see table in section4.5).

– Each safety segment might include at most 12 switcha-

ble modules.

– The switch-off delay time for the safe input channels

within a safety circuit is 500ms ± 10ms.

– The load output is not designed for either inductive or

capacitive loads.

– The feed-in of the PF-O-xDI-SIL module must be

safeguarded with a 8-A super fast fuse.
– A SELV/PELV power supply must be used.
– The safely shut-off systems/applications must get their

power exclusively from the safe feed-in module

PF-O-xDI-SIL. Likewise, it must not be possible to

feed external energy into the safety segment elsewhere.

– Relay modules can be located within a safety segment,

however their outputs cannot be safely shut off in case of
a malfunction.

– At the SS1 output of the UR20-PF-O-2DI-DELAY-SIL, only

systems/equipment that do not feed any power back into
the system in the event of a malfunction can be con­nected.

– Any external short circuits in the wiring of the safe output

must be avoided.

– Fault exclusion as per EN ISO13849-2 must be provided.

4.5 Switch-off delay time

The turn-off time of a PF-O-xDI-SIL module is 20ms,
caused by the hardware and rmware delay time. The time

required until the output voltage even of the last switchable

module of a safety segment is below 5V, can be calculated

as follows:

Turn-off time of a PF-O-xDI-SIL module
+ Sum of all modules’ hardware delay

= Switch off delay [ms]

Switch-off delay and current consumption

Hardware delay [ms] Current consumption

[mA]

from I

SYS

UR20-4DO-P

UR20-4DO-P-2A

UR20-4DO-PN-2A

UR20-8DO-P

UR20-8DO-P-2W-HD

UR20-16DO-P

UR20-16DO-P-PLC-INT

UR20-4DO-N

UR20-4DO-N-2A

UR20-2PWM-PN-0.5A

UR20-2PWM-PN-2A

UR20-4AO-UI-16

UR20-4AO-UI-16-HD

UR20-4AO-UI-16-DIAG

UR20-4AO-UI-16-DIAG-HD

*The delay time is always 150ms, irrespective of the amout of these modules.

2 8

2 8

3 15

1 15

1 15

1 10

1 10

2 8

2 8

5 10

5 10

150* 10

150* 10

150* 10

150* 10

18 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

4 System description of safe power-feed modules | Operation with and without test pulses

4.6 Operation with and without test pulses

The safe input circuits are designed to connect passive dual
channel switching devices. Each input channel is provided
with pulsed voltage the test pulses of which are analysed.
Therefore the highest safety levels can be achieved (see tech­nical data).

S11 / S31
S12 / S32

S21 / S41
S22 / S42

S11 / S31
S12 / S32

S21 / S41
S22 / S42

Exemplary operation w ith test pulses

1

2

3

4

+24 V DC

Safety relay

1

2

3

4

Sensor

+24 V DC

S11 / S31

S12 / S32

S21 / S41

S22 / S42

1

2

1

3

4

Safety relay

with

OSSD

outputs

...

1

2

4

3

GND

S11 / S31

S12 / S32

S21 / S41

S22 / S42

Exemplary operation of the UR20-PF-O-2DI-DELAY-SIL without test pulses

Test pulses can be enabled or disabled using the DIP-switch­es of the module.

4

1

2

3

4

+24 V DC

The safe power-feed module UR20-PF-O-2DI-DELAY-SIL

might also be operated without test pulses. This is mandato­ry whenever an external device gernerating own test pulses
is connected.

When using switching devices generating own
test pulses please regard that low level with a

duration of more than 2ms will be detected as an

opening of the safety circuit.

19u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

20 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

5 Detailed descriptions of safe modules

5.1 General technical data

5 Detailed descriptions of safe modules | General technical data

Type of connection

Line connection cross-section

Dimensions

Protection class (DIN EN 60529)

Flammability rating UL94

Temperature data

Humidity

Air pressure

Vibration resistance

Shock resistance

Potential isolation

“PUSH IN”

Single-wired 0.14 – 1.5mm2 (AWG 16 – 26)

2

Fine-wired 0.14 – 1.5mm

Height 120mm (128mm with release lever)

Width 11.5mm

Depth 76.0mm

IP20

V-0

Operation -20°C to +60°C

Storage, transport -40°C to +85°C

Operation, storage, transport 5 % to 95 %, non-condensing as per IEC 61131-2

Operation ≥ 795 hPa (altitude ≤ 2000m) as per IEC 61131-2

Storage, transport ≥ 700 hPa (altitude ≤ 3000m) as per IEC 61131-2

5Hz ≤ f ≤ 8.4Hz: 3.5-mm amplitude as per IEC 60068-2-6

8.4Hz ≤ f ≤ 150Hz: 1-g acceleration as per IEC 60068-2-6

15 g for 11 ms, half sinewave, as per IEC 60068-2-27

Test voltage Max. 28.8 V within a channel

500V DC eld/system

Pollution severity level 2

(AWG 16 – 26)

Overvoltage category II

Approvals and Standards

1)

Unless otherwise noted within the product-specific technical data.

1)

cULus UL 508 pending

Potentially explosive atmosphere Zone 2 ATEX Directive 2014/34/EU

EMC EN 61000 (Partial standards as per requirements of IEC61131-2)

Explosion protection EN 60079-0:2009 and EN60079-15:2010

PLC IEC 61131-2

FS DINENISO13849-1, IEC61508, IEC62061

You can nd all product-specic technical data in the corresponding product description.

21u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

5 Detailed descriptions of safe modules | Data width dependent on the coupler used

5.2 Data width dependent on the coupler used

Data width

Order No. Module Configuration Parameter Diagnostics Process data

Input Output

Bytes Bytes Bytes Bytes B ytes

UR20-FBC-PB-DP

1334870000 UR20-FBC-PB-DP — 8 47 — —

1335030000 UR20-PF-O-1DI-SIL 3 — 47 4 —

1335040000 UR20-PF-O-2DI-DELAY-SIL 3 — 47 4 —

1335050000 UR20-PF-O-2DI-SIL 3 — 47 4 —

1335060000 UR20-4DI-4DO-PN-FSPS 7 26 47 5 5

1335070000 UR20-8DI-PN-FSPS 7 26 47 5 5

2464570000 UR20-4DI-4DO-PN-FSPS-V2 7 30 47 5 5

2464590000 UR20-8DI-PN-FSPS-V2 7 35 47 5 5

Max. data (in byte) 244 244 244 244 244

UR20-FBC-PN-IRT

1334880000 UR20-FBC-PN-IRT 4 10 47 4 4

1335030000 UR20-PF-O-1DI-SIL 4 — 47 5 1

1335040000 UR20-PF-O-2DI-DELAY-SIL 4 — 47 5 1

1335050000 UR20-PF-O-2DI-SIL 4 — 47 5 1

1335060000 UR20-4DI-4DO-PN-FSPS 4 23 47 6 6

1335070000 UR20-8DI-PN-FSPS 4 23 47 6 6

2464570000 UR20-4DI-4DO-PN-FSPS-V2 4 27 47 6 6

2464590000 UR20-8DI-PN-FSPS-V2 4 32 47 6 6

Max. data (in byte) 260 4362 1408 512 512

UR20-FBC-EC

1334910000 UR20-FBC-EC 256 4096 3328 1024 1024

1335030000 UR20-PF-O-1DI-SIL 4 — 47 4 —

1335040000 UR20-PF-O-2DI-DELAY-SIL 4 — 47 4 —

1335050000 UR20-PF-O-2DI-SIL 4 — 47 4 —

1529800000 UR20-8DI-PN-FSOE 4 5 47 6 6

1529780000 UR20-4DI-4DO-PN-FSOE 4 5 47 6 6

2464580000 UR20-4DI-4DO-PN-FSOE-V2 4 9 47 6 6

2464600000 UR20-8DI-PN-FSOE-V2 4 14 47 6 6

Max. data (in byte) 1514 pro telegramm + CoE 1514 pro telegramm + CoE 1514 pro telegramm + CoE 1024 1024

UR20-FBC-EIP

1334910000 UR20-FBC-EC 8 — — 2/10 2/10

1335030000 UR20-PF-O-1DI-SIL 4 — 47 4 —

1335040000 UR20-PF-O-2DI-DELAY-SIL 4 — 47 4 —

1335050000 UR20-PF-O-2DI-SIL 4 — 47 4 —

Max. data (in byte) 264 — — 496/504 496/504

22 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

5 Detailed descriptions of safe modules | Data width dependent on the coupler used

Data width

Order No. Module Configuration Parameter Diagnostics Process data

Input Output

Bytes Bytes Bytes Bytes B ytes

UR20-FBC-DN

1334900000 UR20-FBC-DN - 11 47 2/10 2/10

1335030000 UR20-PF-O-1DI-SIL 4 — 47 4 —

1335040000 UR20-PF-O-2DI-DELAY-SIL 4 — 47 4 —

1335050000 UR20-PF-O-2DI-SIL 4 — 47 4 —

Max. data (in byte) 264 400 47 496/504 496/504

UR20-FBC-CAN

1334890000 UR20-FBC-CAN — 47 — —

1335030000 UR20-PF-O-1DI-SIL 2 47 4 —

1335040000 UR20-PF-O-2DI-DELAY-SIL 2 47 4 —

1335050000 UR20-PF-O-2DI-SIL 2 47 4 —

Max. data (in byte) 128 — 3055 256 256

UR20-FBC-MOD-TCP

Order No. Module Process data

Input Output

Bytes Bytes

1335030000 UR20-PF-O-1DI-SIL 4 Bytes —

1335040000 UR20-PF-O-2DI-DELAY-SIL 4 Bytes —

1335050000 UR20-PF-O-2DI-SIL 4 Bytes —

The register structure for UR20-FBC-MOD-TCP see u-remote manual, section5.4.

23u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2

5.3 Digital in- and output module UR20-4DI-4DO-PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2

Digital in- and output module UR20-4DI-4DO-PN-FSOE (Best.-Nr. 1529780000),
UR20-4DI-4DO-PN-FSOE-V2 (Bes t.-Nr. 2464580000)

The digital input and output module UR20-4DI-4DO-PN-FSOE
or UR20-4DI-4DO-PN-FSOE-V2 is a safe I/O module for
the Fail-Safe-over-EtherCAT (FSoE) protocol. Each module
provides four digital inputs and outputs respectively, it can
detect up to four binary control signals and control up to four

actuators each with a maximum of 0.5A. Two inputs and

outputs respectively can be parameterised P- or N-switching.
Sensors can be connected to connectors 1 and 2 using a
2-wire, 3-wire or 4-wire connection. In the event that the

available supply current of 0.8A per plug will not sufce, the

sensor supply must be realised using the auxiliary outputs
of another module (e.g. potential distribution module) within
the same power segment.
Actuators can be connected to connectors 3 and 4 using a
2-wire connection. A status LED is assigned to each channel.
The module electronics supply the inputs as well as the out­puts with power from the output current path (I

OUT

).
A test pulse check of the inputs can be parameterised as a
cross-circuit detection between input singal and supply volt­age, between different input signals or other signals. Thus an
input gets active only when the signal of the dedicated auxil­iary output is pending. The test pulses must be disabled, if a
safety relay with OSSD outputs generating own test pulses is
connected.

4DI·4DO

DI 0 (PN)

AUX-O 0
AUX-O 1

DI 1 (P)

DI 2 (PN)

AUX-O 2
AUX-O 3

DI 3 (P)

DO 0 (PN)

GND

DO 1 (P)

GND

DO 2 (PN)

GND

DO 3 (P)

GND

Connection diagram UR20-4DI-4DO -PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2 (Examples)

1

2

1

3

4

1

2

2

3

4

1

2

3

3

4

1

2

4

3

4

DI 0 (PN)

AUX-O 0
AUX-O 1

DI 2 (PN)

AUX-O 2
AUX-O 3

DO 0 (PN)

DO 1 (P)

DO 2 (PN)

DO 3 (P)

DI 1 (P)

DI 3 (P)

GND

GND

GND

GND

1

2

3

4

4DI·4DO

1

2

3

4

1

2

3

4

1

2

3

4

1

2

3

4

GND

24 V DC

Safety relay

with OSSD

outputs

With the variant1 module the active output signal always
includes test pulses for the purpose of cross-circuit and error
detection. The test pulse duration can be parameterised.
A safety sensor that is being connected in a dual channel
mode must allocate the PN and the P-input of one connector

(safety architecture of category 4 acc. to DINENISO13849).

The external circuitry of a PN/P output pair is described in
Chapter3.

24 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

4DI-4DO

System
bus

U

SYS

U

IN

U

OUT

µC

µC

µC

24 V DC

GND

GND

DOx

4x

4x

2x

Config.
switch

DC

DC

1

2

3

4

DO 0 (PN)
GND
DO 1 (P)
GND

DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)

DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)

DO 2 (PN)
GND
DO 3 (P)
GND

Type 3

DI 0

•

•

DI 3

DO 0

•

•

DO 3

5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2

Module status LED
Green: Communication on system bus
3s green/1s red: Waiting for parameters
1s green/1s red: Waiting for acknowledgement by safety control
Red: Collective error diagnostic

1.1 Yellow: Input 0 active

1.3 Red: Error sensor supply or input 0 or input 1

1.4 Yellow: Input 1 active

2.1 Yellow: Input 2 active

2.3 Red: Error sensor supply or input 2 or input 3

2.4 Yellow: Input 3 active

3.1 Yellow: Output 0 active

3.2 Red: Error output 0

3.3 Yellow: Output 1 active

3.4 Red: Error output 1

4.1 Yellow: Output 2 active

4.2 Red: Error output 2

4.3 Yellow: Output 3 active

4.4 Red: Error output 3

LED indicators UR20-4DI-4DO -PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2, error messages see Chapt er7

Block diagram UR20-4DI-4DO-PN-FSOE , UR20-4DI-4DO -PN-FSOE-V2

25u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2

Technical data UR20-4DI-4DO-PN-FSOE (Order No. 1529780000), UR20-4DI-4DO-PN-FSOE-V2 (OrderNo.2464580000)

System data

Data

Interface

System bus transfer rate

Process and diagnostic data depend on the coupler used, see section 5.2

u-remote system bus

48 Mbps

Safety-related data according to ENISO13849-1 (Regard the entire safety chain!)

Achievable safety level inputs

Achievable safety level outputs

Diagnostic Coverage (DC) inputs

Diagnostic Coverage (DC) outputs

MTTFD (Mean Time To Failure dangerous) inputs

MTTFD (Mean Time To Failure dangerous) outputs

Single-channel circuit 1oo1
Dual-channel circuit 1oo2

Single-channel circuit 1oo1
Dual-channel circuit 1oo2

Dual-channel circuit 1oo2 99%

PLd, Categorie2
PLe, Categorie4

PLe, Categorie4

90%
99%

> 100 Years (840 Years)

> 100 Years (279 Years)

Safety-related data according to EN62061 (Regard the entire safety chain!)

Achievable safety level inputs

Single-channel circuit 1oo1
Dual-channel circuit 1oo2

Achievable safety level outputs

PFH (Probability of Failure per hour in 1/h) inputs

Single-channel circuit 1oo1
Dual-channel circuit 1oo2

PFH (Probability of Failure per hour in 1/h) outputs

Fault reaction time

Single-channel circuit 1oo1 5s

Safety-related data according to EN61508 (Regard the entire safety chain!)

Achievable safety level inputs

Single-channel circuit 1oo1
Dual-channel circuit 1oo2

Achievable safety level outputs

PFH (Probability of Failure per hour in 1/h) inputs

Single-channel circuit 1oo1
Dual-channel circuit 1oo2

PFH (Probability of Failure per hour in 1/h) outputs

PFD (Probability of Failure per Demand) inputs

Single-channel circuit 1oo1
Dual-channel circuit 1oo2

PFD (Probability of Failure per Demand) outputs

HFT (Hardware Failure Tolerance) inputs

Single-channel circuit 1oo1
Dual-channel circuit 1oo2

HFT (Hardware Failure Tolerance) outputs

SFF (Safe Failure Fraction) inputs and outputs

Presumed lifecycle time

Prooftest intervall

Classification acc. to EN61508-2:2010

98%

20 Years

No prooftest needed within the life cycle

Type B

SILCL2
SILCL3

SILCL3

-8

10

2,94*10

5,56*10

SIL2
SIL3

SIL3

-8

10
2,17*10

2,17*10

8,77*10
1,85*10

1,85*10

0
1

1

-9

-9

-10

-10

-4

-5

-5

26 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2

Technical data UR20-4DI-4DO-PN-FSOE (Order No. 1529780000), UR20-4DI-4DO-PN-FSOE-V2 (OrderNo.2464580000)

Inputs

Number

Input Type

Input filter

Response time

Low input voltage

High input voltage

Sensor supply

Sensor connection

Reverse polarity protection

Module diagnosis

Individual channel diagnosis

1) Minimum rate of change in transition range: 1V/s. Deviating from EN61131-2 the following applies for PN-inputs in P-switching mode:The input will be read “inactive” if the input
voltage considerably exceeds the module supply voltage.

4, two of which are parameterisable P- or N-switching

Type1 and 31) as per IEC 61131-2 (N-switching based on the standard)

Input delay adjustable from 1 to 100ms

<10ms

P-switching: < 5 V; N-switching: > -5 V to +24 V

P-switching: >11 V; N-switching: < -11 V to +24 V

Max. 0.8A per plug, total max. 1.6A

2-wire, 3-wire, 4-wire

yes

yes

yes

Outputs

Number

Type of load

Response time

Output current

4, two of which are parameterisable P- or N-switching

Ohmic, inductive, lament lamp load

<10 ms

per channel 0.002 to 0.5A

per module max. 2A

Breaking energy (inductive)

Switching frequency

Actuator connection

Short-circuit-proof

Protective circuit

Response time of the current limiting circuit

Module diagnosis

Individual channel diagnosis

Safe status

150mJ/channel

Resistive load (min. 47 Ω) 10Hz

Inductive load (DC 13) 0.2Hz without free-wheeling diode

10Hz with suitable free-wheeling diode

Filament lamp load (12W) 10Hz

2-wire

yes

Constant current with thermal switch-off
approx. 1,1A (P-switching), approx. 3,5A (N-switching)

< 100µs

yes

yes

P-switching: < 5V, < 2mA
N-switching: > -2mA (referred to +24VDC)

27u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2

Technical data UR20-4DI-4DO-PN-FSOE (Order No. 1529780000), UR20-4DI-4DO-PN-FSOE-V2 (OrderNo.2464580000)

Supply

Supply voltage

Current consumption from system current path I

Current consumption from output current path I

SYS

OUT

24V DC +20 %/-15 %

8mA

20mA + output current + current consumption from the auxiliary outputs

General data

Weight (operational status)

93 g

Additional general data, see Section 5.1.

Overview of the editable parameters1) UR20-4DI-4DO-PN-FSOE

Channel Description Options Default

0 ... 1 Input delay 1 ms (0) / 3ms (1) / 10ms (2) / 100ms (3) 1ms

0 ... 1 Test pulse disabled (0) / enabled (1) disabled

0 Input polarity P-switching (0) / N-switching (1) P-switching

0 + 1 Input dual channel mode (inputs 0 + 1) single channel (0) / dual channel (1) single channel

0 + 1 Discrepancy time 5 ms (0) / 50ms (1) / 2s (2) / 30s (3) 5ms

2 ... 3 Input delay 1 ms (0) / 3ms (1) / 10ms (2) / 100ms (3) 1ms

2 ... 3 Test pulse disabled (0) / enabled (1) disabled

2 Input polarity P-switching (0) / N-switching (1) P-switching

2 + 3 Input dual channel mode (inputs 2 + 3) single channel (0) / dual channel (1) single channel

2 + 3 Discrepancy time 5 ms (0) / 50ms (1) / 2s (2) / 30s (3) 5ms

4 ... 5 Output test pulse duration (output 0 ... 1) 0.5 ms (0) / 1ms (1) / 3ms (2) / 10ms (3) 0.5ms

4 Output polarity P-switching (0) / N-switching (1) P-switching

4 + 5 Output dual channel mode (outputs 0 + 1) single channel (0) / dual channel (1) single channel

6 ... 7 Output test pulse duration (output 2 ... 3) 0.5 ms (0) / 1ms (1) / 3ms (2) / 10ms (3) 0.5ms

6 Output polarity P-switching (0) / N-switching (1) P-switching

6 + 7 Output dual channel mode (outputs 2 + 3) single channel (0) / dual channel (1) single channel

1) Please regard the notes for parameter settings.

Overview of the editable parameters1) UR20-4DI-4DO-PN-FSOE-V2

Channel Description Options Default

0  Input delay 1 ms (0) / 3ms (1) / 10ms (2) / 100ms (3) 1ms

0  Test pulse internal (0) / external (1) / from AUX0 (2) / from AUX1 (3) internal

0 Input polarity P-switching (0) / N-switching (1) P-switching

1 Input delay 1 ms (0) / 3ms (1) / 10ms (2) / 100ms (3) 1ms

1 Test pulse internal (0) / external (1) / from AUX0 (2) / from AUX1 (3) internal

1) Please regard the notes for parameter settings.

28 1484600000/04/06.2017u-remote IP20 modules for functional safety manual

5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2

Overview of the editable parameters1) UR20-4DI-4DO-PN-FSOE-V2

Channel Description Options Default

0 + 1 Input dual channel mode (inputs 0 + 1) single channel (0) / dual channel equivalent (1) / dual channel antivalent (2) single channel

0 + 1 Discrepancy time 5 ... 30.000ms 500ms

2 Input delay 1 ms (0) / 3ms (1) / 10ms (2) / 100ms (3) 1ms

1)

2 Test pulse internal (0) / external

2 Input polarity P-switching (0) / N-switching (1) P-switching

3 Input delay 1 ms (0) / 3ms (1) / 10ms (2) / 100ms (3) 1ms

3 Test pulse internal (0) / external

(1) / from AUX2 (2) / from AUX3 (3) internal

1)

(1) / from AUX3 (3) internal

2 + 3 Input dual channel mode (inputs 2 + 3) single channel (0) / dual channel equivalent (1) / dual channel antivalent (2) single channel

2 + 3 Discrepancy time 5 ... 30.000ms 500ms

1)

4 ... 5 Test pulse disabled

4 ... 5 Output test pulse duration (output 0 ... 1) 0.5 ms (0) / 1ms (1) / 3ms (2) / 10ms (3) 0.5ms

4 Output polarity P-switching (0) / N-switching (1) P-switching

4 + 5 Output dual channel mode (outputs 0 + 1) single channel (0) / dual channel (1) single channel

6 ... 7 Test pulse disabled

6 ... 7 Output test pulse duration (output 2 ... 3) 0.5 ms (0) / 1ms (1) / 3ms (2) / 10ms (3) 0.5ms

6 Output polarity P-switching (0) / N-switching (1) P-switching

6 + 7 Output dual channel mode (outputs 2 + 3) single channel (0) / dual channel (1) single channel

1) Please regard the notes for parameter settings.

Notes for parameter settings

(0) / enabled (1) disabled

1)

(0) / enabled (1) disabled

– Please regard the following when parameterising „exter-

nal“ test pulses with a UR20-4DI-4DO-PN-FSOE-V2 mod-

– The module independently performs a plausibility test for

the relevant pair of inputs or outputs, if the dual channel
mode is parameterised. On this it will be checked if both
inputs or outputs become active or inactive simultane­ously within the discrepancy time.

– The “test pulse” parameter of an input must be disabled

(V1 variant) or set “external” (V2 variant) if a safety device

ule:

– An edge transition must occur at least every five min-

utes at an active input. Otherwise a module error will
be signalised.

– With this setting the module cannot detect any short

circuits. The short circuit detection must be realised by

the connected OSSD device.
with OSSD outputs generating own test pulses is con­nected. The test pulse duration depends on the parame­terised input delay:

Input delay [ms] 1 3 10 100

Test pulse duration [ms] 0.5 1 3 10

Please regard the following to ensure that the safety func-

tion will not be inuenced.

ATTENTION

– In the event that the output test pulses of a

UR20-4DI-4DO-PN-FSOE-V2 module are disabled output
errors will only be detected under the following condi­tions:

– No lament lamp load must be connected.
– The capacitive load at this output may be 250µF at

maximum.

29u-remote IP20 modules for functional safety manual 1484600000/04/06.2017

5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2

Diagnostic data UR20-4DI-4DO-PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2

Name Byte Bit Description Default

0 Module error 0
1 Internal error 0
2 Reserved 0

Error indicator 0

3 Channel error 0

4 Reserved 0
5 Reserved 0
6 Reserved 0
7 0 0
0 1

Module Type 1

1 1
2 0
3 0
4 1 0

0x03

5 0 0
6 0 0
7 0 0

Error byte 2 2 0 ... 7 Failure code 0

0 0 0
1 0 0
2 0 0

Error byte 3 3

3 0 0

4 Communication fault 0
5 0 0
6 0 0
7 0 0
0 1
1 1
2 1

Channel Type 4

3 0

4 1

0x77

5 1
6 1
7 0 0

Diagnostic bits
per channel

Number of
channels

5

6

Number of diagnostic bit per
channel

Number of similar channels per
module

8

8

0 Error at channel 0 0
1 Error at channel 1 0
2 Error at channel 2 0

Channel error 7

3 Error at channel 3 0

4 Error at channel 4 0
5 Error at channel 5 0
6 Error at channel 6 0
7 Error at channel 7 0

Channel 8 error

...

8
...100 ... 7 Reserved 0

Channel 10 error

Diagnostic data UR20-4DI-4DO-PN-FSOE, UR20-4DI-4DO-PN-FSOE-V2

Name Byte Bit Description Default

0 Input 0, Short circuit 0
1 Input 0, Cross connection 0

Channel 11 error 11

2 Input 0, Discrepancy error 0

3 Input 0, Other error 0

4 ... 7 Reserved 0

0 Input 1, Short circuit 0
1 Input 1, Cross connection 0

Channel 12 error 12

2 Input 1, Discrepancy error 0

3 Input 1, Other error 0

4 ... 7 Reserved 0

0 Input 2, Short circuit 0
1 Input 2, Cross connection 0

Channel 13 error 13

2 Input 2, Discrepancy error 0

3 Input 2, Other error 0

4 ... 7 Reserved 0

0 Input 3, Short circuit 0
1 Input 3, Cross connection 0

Channel 14 error 14

2 Input 3, Discrepancy error 0

3 Input 3, Other error 0

4 ... 7 Reserved 0

0 Output 0, Short circuit 0
1 Output 0, Cross connection 0

Channel 15 error 15

2 Output 0, Readback error 0

3 Output 0, Other error 0

4 ... 7 Reserved 0

0 Output 1, Short circuit 0
1 Output 1, Cross connection 0

Channel 16 error 16

2 Output 1, Readback error 0

3 Output 1, Other error 0

4 ... 7 Reserved 0

0 Output 2, Short circuit 0
1 Output 2, Cross connection 0

Channel 17 error 17

2 Output 2, Readback error 0

3 Output 2, Other error 0

4 ... 7 Reserved 0

0 Output 3, Short circuit 0
1 Output 3, Cross connection 0

Channel 18 error 18

2 Output 3, Readback error 0

3 Output 3, Other error 0

4 ... 7 Reserved 0

Channel 19 error

...

19

...420 ... 7 Reserved 0

Channel 42 error
Time stamp 43-46 time stamp [µs] (32bit)

30 1484600000/04/06.2017u-remote IP20 modules for functional safety manual