Simatic Fault-Tolerant Systems S7-400H
Simatic Fault-Tolerant Systems S7-400H
Simatic Fault-Tolerant Systems S7-400H
___________________
Fault-tolerant automation
___________________
systems 2
___________________
S7-400H setup options 3
SIMATIC
___________________
Getting Started 4
Fault-tolerant systems
S7-400H ___________________
Assembly of a CPU 41x–H 5
Special functions of a CPU
___________________
41x-H 6
System Manual
___________________
PROFIBUS DP 7
___________________
PROFINET 8
___________________
Consistent data 9
___________________
Memory concept 10
___________________
System and operating states
of the S7–400H 11
___________________
Link-up and update 12
___________________
Using I/Os in S7–400H 13
___________________
Communication 14
___________________
Configuring with STEP 7 15
___________________
Failure and replacement of
components during operation 16
___________________
System modifications during
operation 17
07/2014
A5E00267695-13 Continued on next page
Siemens AG A5E00267695-13 Copyright © Siemens AG 2014.
Industry Sector Ⓟ 09/2014 Subject to change All rights reserved
Postfach 48 48
90026 NÜRNBERG
GERMANY
Continuation
Synchronization modules 18
S7-400 cycle and response
times 19
Technical data 20
Fault-tolerant systems Characteristic values of
S7-400H redundant automation A
systems
Stand-alone operation B
System Manual
Differences between fault-
tolerant systems and C
standard systems
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.
1 Preface ................................................................................................................................................. 19
1.1 Preface .........................................................................................................................................19
2 Fault-tolerant automation systems ......................................................................................................... 25
2.1 Redundant SIMATIC automation systems ...................................................................................25
2.2 Increasing the availability of plants ..............................................................................................26
3 S7-400H setup options .......................................................................................................................... 29
3.1 S7-400H setup options ................................................................................................................29
3.2 Rules for the assembly of fault-tolerant stations ..........................................................................31
3.3 The S7–400H basic system .........................................................................................................31
3.4 I/O modules for S7–400H .............................................................................................................33
3.5 Communication ............................................................................................................................34
3.6 Tools for configuration and programming ....................................................................................35
3.7 The user program.........................................................................................................................36
3.8 Documentation .............................................................................................................................37
4 Getting Started ...................................................................................................................................... 39
4.1 Getting Started .............................................................................................................................39
4.2 Requirements ...............................................................................................................................39
4.3 Hardware assembly and commissioning of the S7–400H ...........................................................40
4.4 Examples of the response of the fault-tolerant system to faults ..................................................42
4.5 Special layout features of SIMATIC Manager ..............................................................................43
5 Assembly of a CPU 41x–H .................................................................................................................... 45
5.1 Operator controls and display elements of the CPUs ..................................................................45
5.2 Monitoring functions of the CPU ..................................................................................................49
5.3 Status and error displays .............................................................................................................52
5.4 Mode switch .................................................................................................................................55
5.4.1 Function of the mode switch ........................................................................................................55
5.4.2 Performing a memory reset .........................................................................................................57
5.4.3 Cold restart / Warm restart ...........................................................................................................59
5.5 Design and function of the memory cards ...................................................................................60
5.6 Using memory cards ....................................................................................................................62
5.7 Multi Point Interface MPI/DP (X1) ................................................................................................65
5.8 PROFIBUS DP interface (X2) ......................................................................................................66
S7-400H
System Manual, 07/2014, A5E00267695-13 5
Table of contents
S7-400H
6 System Manual, 07/2014, A5E00267695-13
Table of contents
S7-400H
System Manual, 07/2014, A5E00267695-13 7
Table of contents
S7-400H
8 System Manual, 07/2014, A5E00267695-13
Table of contents
S7-400H
System Manual, 07/2014, A5E00267695-13 9
Table of contents
S7-400H
10 System Manual, 07/2014, A5E00267695-13
Table of contents
S7-400H
System Manual, 07/2014, A5E00267695-13 11
Table of contents
Tables
S7-400H
12 System Manual, 07/2014, A5E00267695-13
Table of contents
Figures
S7-400H
System Manual, 07/2014, A5E00267695-13 13
Table of contents
S7-400H
14 System Manual, 07/2014, A5E00267695-13
Table of contents
S7-400H
System Manual, 07/2014, A5E00267695-13 15
Table of contents
S7-400H
16 System Manual, 07/2014, A5E00267695-13
Table of contents
S7-400H
System Manual, 07/2014, A5E00267695-13 17
Table of contents
S7-400H
18 System Manual, 07/2014, A5E00267695-13
Preface 1
1.1 Preface
S7-400H
System Manual, 07/2014, A5E00267695-13 19
Preface
1.1 Preface
● Extended cycle time in case of long synchronization lines, see chapter Synchronization
modules for S7–400H (Page 323)
● If you use long synchronization lines, you have to extend the monitoring time of the
connection at an H-CPU V6.0, see chapter Communication via fault-tolerant S7
connections (Page 232).
● The startup time of the CPU at power on, the loading time of blocks, as well as the startup
after a plant modification at runtime can be significantly prolonged by encrypted blocks;
see chapter Access-protected blocks (Page 73).
● The following applies to PROFINET in the fault-tolerant system: The job must be
repeated if it is rejected with return value W#16#80BA when using SFB 52/53/54.
Approvals
For details on certifications and standards, refer to the S7-400 Automation System, Module
Data manual, chapter 1.1, Standards and Certifications.
S7-400H
20 System Manual, 07/2014, A5E00267695-13
Preface
1.1 Preface
Further information
For more information on the topics covered in this manual, refer to the following manuals:
Programming with STEP 7 (http://support.automation.siemens.com/WW/view/en/18652056)
Configuring Hardware and Communication Connections with STEP 7
(http://support.automation.siemens.com/WW/view/en/18652631)
System and Standard Functions
(http://support.automation.siemens.com/WW/view/de/44240604/0/en)
PROFINET system description
(http://support.automation.siemens.com/WW/view/en/19292127)
Online help
In addition to the manual, you will find detailed support on how to use the software in the
integrated online help system of the software.
The help system can be accessed using various interfaces:
● The Help menu contains several commands: Table of contents opens the Help index.
You will find help on H systems in Configuring H-Systems.
● Using Help provides detailed instructions on using the online help system.
● The context-sensitive help system provides information on the current context, for
example, on an open dialog or active window. You can call this help by clicking "Help" or
using the F1 key.
● The status bar provides a further form of context-sensitive help. It shows a short
description of each menu command when you position the mouse pointer over a
command.
● A short info text is also shown for the toolbar buttons when you hold the mouse pointer
briefly over a button.
If you prefer to read the information of the online help in printed form, you can print individual
topics, books or the entire help system.
S7-400H
System Manual, 07/2014, A5E00267695-13 21
Preface
1.1 Preface
Additional support
If you have any questions relating to the products described in this manual, and do not find
the answers in this documentation, please contact your Siemens partner at our local offices.
You will find information on who to contact at:
Contact partners (http://www.siemens.com/automation/partner)
A guide to the technical documents for the various SIMATIC products and systems is
available at:
Documentation (http://www.automation.siemens.com/simatic/portal/html_76/techdoku.htm)
You can find the online catalog and order system under:
Catalog (http://mall.automation.siemens.com/)
Training center
We offer a range of relevant courses to help you to get started with the SIMATIC S7
automation system. Please contact your local training center or the central training center.
Training (http://www.sitrain.com/index_en.html)
Technical Support
For technical support of all Industry Automation products, fill in and submit the online
Support Request:
Support Request (http://www.siemens.de/automation/support-request)
S7-400H
22 System Manual, 07/2014, A5E00267695-13
Preface
1.1 Preface
See also
Technical Support (http://support.automation.siemens.com)
S7-400H
System Manual, 07/2014, A5E00267695-13 23
Preface
1.1 Preface
Security information
Siemens offers IT security mechanisms for its automation and drive product portfolio in order
to support the safe operation of the plant/machine. We recommend that you inform yourself
regularly on the IT security developments regarding your products. You can find information
on this under: http://support.automation.siemens.com
You can register for a product-specific newsletter here.
For the safe operation of a plant/machine, however, it is also necessary to integrate the
automation components into an overall IT security concept for the entire plant/machine,
which corresponds to the state-of-the-art IT technology. You can find information on this at:
http://www.siemens.com/industrialsecurity.
Products used from other manufacturers should also be taken into account here.
S7-400H
24 System Manual, 07/2014, A5E00267695-13
Fault-tolerant automation systems 2
2.1 Redundant SIMATIC automation systems
S7-400H
System Manual, 07/2014, A5E00267695-13 25
Fault-tolerant automation systems
2.2 Increasing the availability of plants
Redundant I/O
Input/output modules are termed redundant when they exist twice and they are configured
and operated as redundant pairs. The use of redundant I/O provides the highest degree of
availability, because the system tolerates the failure of a CPU or of a signal module. If you
require a redundant I/O, you use the blocks of the "Functional I/O Redundancy" function
block library, see section Connecting redundant I/O to the PROFIBUS DP interface
(Page 171).
System-wide integration
The S7-400H automation system and all other SIMATIC components such as the SIMATIC
PCS7 control system are matched to one another. The system-wide integration, ranging
from the control room to the sensors and actuators, is implemented as a matter of course
and ensures maximum system performance.
S7-400H
26 System Manual, 07/2014, A5E00267695-13
Fault-tolerant automation systems
2.2 Increasing the availability of plants
Redundancy nodes
Redundant nodes represent the fail safety of systems with redundant components. A
redundant node can be considered as independent when the failure of a component within
the node does not result in reliability constraints in other nodes or in the overall system.
The availability of the overall system can be illustrated simply in a block diagram. With a 1-
out-of-2 system, one component of the redundant node may fail without impairing the
operability of the overall system. The weakest link in the chain of redundant nodes
determines the availability of the overall system
No error/fault
S7-400H
System Manual, 07/2014, A5E00267695-13 27
Fault-tolerant automation systems
2.2 Increasing the availability of plants
With error/fault
The following figure shows how a component may fail without impairing the functionality of
the overall system.
S7-400H
28 System Manual, 07/2014, A5E00267695-13
S7-400H setup options 3
3.1 S7-400H setup options
The first part of the description deals with the basic setup of the fault-tolerant S7-400H
automation system, and with the components of an S7-400H basic system. We then
describe the hardware components with which you can expand this basic system.
The second part deals with the software tools required for configuring and programming the
S7-400H. Also included is a description of the extensions and functional expansions
available for the S7-400 standard system which you need to create your user program to
utilize all properties of your S7-400H in order to increase availability.
WARNING
Open equipment
S7–400 modules are classified as open equipment, meaning you must install the S7-400 in
an enclosure, cabinet, or switch room which can only be accessed by means of a key or
tool. Such enclosures, cabinets, or switch rooms may only be accessed by instructed or
authorized personnel.
The following figure shows an example of an S7-400H configuration with shared distributed
I/O and connection to a redundant plant bus. The next pages deal with the hardware and
software components required for the installation and operation of the S7-400H.
S7-400H
System Manual, 07/2014, A5E00267695-13 29
S7-400H setup options
3.1 S7-400H setup options
Additional information
The components of the S7-400 standard system are also used in the fault-tolerant S7–400H
automation system. For a detailed description of all hardware components for S7–400, refer
to the Reference Manual S7-400 Automation System; Module Specifications.
The rules governing the design of the user program and the use of function blocks laid down
for the S7-400 standard system also apply to the fault-tolerant S7-400H automation system.
Refer to the descriptions in the Programming with STEP 7 manual, and to the System
Software for S7-300/400; Standard and System Functions Reference Manual.
S7-400H
30 System Manual, 07/2014, A5E00267695-13
S7-400H setup options
3.2 Rules for the assembly of fault-tolerant stations
S7-400H
System Manual, 07/2014, A5E00267695-13 31
S7-400H setup options
3.3 The S7–400H basic system
Power supply
You require one power supply module from the standard range of the S7-400 for each H-
CPU, or to be more precise, for each of the two subsystems of the S7-400H.
To increase availability of the power supply, you can also use two redundant power supplies
in each subsystem. Use the power supply modules PS 405 R / PS 407 R for this purpose.
They can also be used together in redundant configurations (PS 405 R with PS 407 R).
Synchronization modules
The synchronization modules are used to link the two CPUs. They are installed in the CPUs
and interconnected by means of fiber-optic cables.
There are two types of synchronization modules: one for distances up to 10 meters, and one
for distances up to 10 km between the CPUs.
A fault-tolerant system requires 4 synchronization modules of the same type. For more
information on synchronization modules, refer to section Synchronization modules for S7–
400H (Page 323).
Fiber-optic cable
The fiber-optic cables are used to interconnect the synchronization modules for the
redundant link between the two CPUs. They interconnect the upper and lower
synchronization modules in pairs.
You will find the specifications of fiber-optic cables suitable for use in an S7-400H in
section Selecting fiber-optic cables (Page 330).
S7-400H
32 System Manual, 07/2014, A5E00267695-13
S7-400H setup options
3.4 I/O modules for S7–400H
Additional information
For detailed information on using the I/O, refer to section Using I/Os in S7–400H (Page 163).
S7-400H
System Manual, 07/2014, A5E00267695-13 33
S7-400H setup options
3.5 Communication
3.5 Communication
The S7-400H supports the following communication methods and mechanisms:
● Plant buses with Industrial Ethernet
● Point-to-point connection
This equally applies to the central and distributed components. Suitable communication
modules are listed in Appendix Function modules and communication processors supported
by the S7-400H (Page 429).
Communication availability
You can vary the availability of communication with the S7-400H. The S7-400H supports
various solutions to meet your communication requirements. These range from a simple
linear network structure to a redundant optical two-fiber loop.
Fault-tolerant communication via PROFIBUS or Industrial Ethernet is supported only by the
S7 communication functions.
Additional information
For detailed information on communication with the S7-400H, refer to
section Communication (Page 205).
S7-400H
34 System Manual, 07/2014, A5E00267695-13
S7-400H setup options
3.6 Tools for configuration and programming
Optional software
All standard tools, engineering tools and runtime software used in the S7-400 system are
also supported by the S7-400H system. Any restrictions in the functional scope are
described in the respective Online Help.
S7-400H
System Manual, 07/2014, A5E00267695-13 35
S7-400H setup options
3.7 The user program
Note
Required OBs
Always download these error OBs to the S7-400H CPU: OB 80, OB 82, OB 83,
OB 85, OB 86, OB 88, OB 121 and OB 122. If you do not download these OBs, the
fault-tolerant system goes into STOP when an error occurs.
Additional information
For detailed information on programming the blocks described above, refer to the STEP 7
Online Help.
S7-400H
36 System Manual, 07/2014, A5E00267695-13
S7-400H setup options
3.8 Documentation
3.8 Documentation
The figure below provides an overview of the descriptions of the various components and
options in the S7-400H automation system.
S7-400H
System Manual, 07/2014, A5E00267695-13 37
S7-400H setup options
3.8 Documentation
S7-400H
38 System Manual, 07/2014, A5E00267695-13
Getting Started 4
4.1 Getting Started
Based on a specific example, these instructions guide you through the steps to implement
commission all the way to a functional application. You will learn how an S7-400H
automation system operates and become familiar with its response to a fault.
It takes about 1 to 2 hours to work through this example, depending on your previous
experience.
4.2 Requirements
The following requirements must be met:
A correctly installed and valid version of the STEP 7 basic software on your programming
device; see section Configuring with STEP 7 (Page 247). Any necessary hardware updates
are installed.
The modules required for the hardware setup available:
● An S7-400H automation system consisting of:
– 1 UR2–H rack
– 2 PS 407 10 A power supply units
– 2 H–CPUs
– 4 synchronization modules
– 2 fiber-optic cables
● An ET 200M distributed I/O device with active backplane bus with
– 2 IM 153–2
– 1 digital input module, SM321 DI 16 x DC24V
– 1 digital output module, SM322 DO 16 x DC24V
● All necessary accessories such as PROFIBUS cables, etc.
S7-400H
System Manual, 07/2014, A5E00267695-13 39
Getting Started
4.3 Hardware assembly and commissioning of the S7–400H
1. Assemble both modules of the S7-400H automation system as described in the S7-400
Automation Systems, Installation and Module Specifications manuals.
2. Set the rack numbers using the switch on the rear of the CPUs.
An incorrectly set rack number prevents online access and the CPU might not start up.
3. Install the synchronization modules in the CPU. See chapter Synchronization modules
(Page 323).
4. Connect the fiber-optic cables.
Always interconnect the two upper and two lower synchronization modules of the CPUs.
Route your fiber-optic cables so that they are reliably protected against any damage.
You should also always make sure that the two fiber-optic cables are routed separately.
This increases availability and protects the fiber-optic cables from potential double errors
caused, for example, by interrupting both cables at the same time.
Furthermore, always connect at least one fiber-optic cable to both CPUs before you
switch on the power supply or the system. Otherwise both CPUs may execute the user
program as master CPU.
5. Configure the distributed I/O as described in the ET 200M Distributed I/O Device manual.
6. Connect the programming device to the first fault-tolerant CPU (CPU0). This CPU will be
the master of your S7-400H.
7. A high-quality RAM test (self-test) is executed after POWER ON. The self-test takes at
least 10 minutes.
The CPU cannot be accessed and the STOP LED flashes for the duration of this test. If
you use a backup battery, this test is no longer performed when you power up in future.
S7-400H
40 System Manual, 07/2014, A5E00267695-13
Getting Started
4.3 Hardware assembly and commissioning of the S7–400H
Note
You can also start and stop the S7-400H automation system using STEP 7.
For additional information, refer to the online help.
You can only initiate a cold restart using the programming device command "Cold
restart". For this purpose, the CPU must be in STOP mode and the mode switch must be
set to RUN. OB 102 is called in the cold restart routine.
S7-400H
System Manual, 07/2014, A5E00267695-13 41
Getting Started
4.4 Examples of the response of the fault-tolerant system to faults
S7-400H
42 System Manual, 07/2014, A5E00267695-13
Getting Started
4.5 Special layout features of SIMATIC Manager
Note
You should preferably process CPU0, because information that is only available offline
will be missing otherwise (e.g. comments or parameter names).
S7-400H
System Manual, 07/2014, A5E00267695-13 43
Getting Started
4.5 Special layout features of SIMATIC Manager
S7-400H
44 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H 5
5.1 Operator controls and display elements of the CPUs
Figure 5-1 Arrangement of the control and display elements on CPU 41x-5H PN/DP
LED displays
The following table shows an overview of the LED displays on the individual CPUs.
Sections Monitoring functions of the CPU (Page 49) and Status and error displays
(Page 52) describe the states and errors/faults indicated by these LEDs.
S7-400H
System Manual, 07/2014, A5E00267695-13 45
Assembly of a CPU 41x–H
5.1 Operator controls and display elements of the CPUs
Mode switch
You can use the mode switch to set the current operating mode of the CPU. The mode
switch is a toggle switch with three switching positions.
Section Function of the mode switch (Page 55) describes the functions of the mode switch.
S7-400H
46 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.1 Operator controls and display elements of the CPUs
MPI/DP interface
You can, for example, connect the following devices to the MPI of the CPU:
● Programming devices
● Operator control and monitoring devices
● For further S7-400 or S7-300 controllers, see section Multi Point Interface MPI/DP (X1)
(Page 65).
Use bus connectors with angled cable outlet, see the S7–400 Automation System,
Installation manual.
The MPI can also be configured for operation as DP master and therefore as a PROFIBUS
DP interface with up to 32 DP slaves.
PROFIBUS DP interface
The PROFIBUS DP interface supports the connection of distributed I/O, programming
devices and OPs.
PROFINET interface
You can connect PROFINET IO devices to the PROFINET interface. The PROFINET
interface features two switched ports with external connectors (RJ 45). The PROFINET
interface provides the interconnection with Industrial Ethernet.
CAUTION
This interface only allows connection to an Ethernet LAN. You cannot connect it to the
public telecommunication network, for example.
You may only connect PROFINET-compliant network components to this interface.
S7-400H
System Manual, 07/2014, A5E00267695-13 47
Assembly of a CPU 41x–H
5.1 Operator controls and display elements of the CPUs
You can order an assembled jack connector and cable with the order number
A5E00728552A.
Note
If you replace a power supply module and want to backup the user program and the data (as
described above) in an RAM while doing so, you must connect an auxiliary power supply to
the "EXT. BATT." socket.
Do not interconnect the cables of different CPUs. Interconnecting the cables of different
CPUs may lead to problems with regard to EMC conditions and different voltage potentials.
S7-400H
48 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.2 Monitoring functions of the CPU
Type of error Cause of error Response of the operating system Error LED
Access error Module failure (SM, FM, CP) LED "EXTF" remains lit until the error EXTF
is eliminated.
In SMs:
• Call of OB 122 with direct access,
call of OB 85 in the event of a
process image update
• Entry in the diagnostic buffer
• In the case of input modules: Entry
of "null" as date in the accumulator
or the process image
In the case of other modules:
• Call of OB 122 with direct access,
call of OB 85 in the event of a
process image update
Time error • The user program execution time (OB 1 LED "INTF" remains lit until the error is INTF
and all interrupts and error OBs) eliminated.
exceeds the specified maximum cycle Call of OB 80.
time. If the OB is not loaded: CPU changes
• OB request error to STOP mode.
• Overflow of the start information buffer
• Time-of-day error interrupt
Power supply In the central or expansion rack: Call of OB 81 EXTF
module(s) fault If the OB is not loaded: The CPU
• at least one backup battery in the power
(not power failure) remains in RUN.
supply module is flat.
• the backup voltage is missing.
• the 24 V supply to the power supply
module has failed.
S7-400H
System Manual, 07/2014, A5E00267695-13 49
Assembly of a CPU 41x–H
5.2 Monitoring functions of the CPU
Type of error Cause of error Response of the operating system Error LED
Diagnostic An I/O module with interrupt capability Call of OB 82 EXTF
interrupt reports a diagnostic interrupt If the OB is not loaded: CPU changes
In a configuration as of V6.0: The to STOP mode.
synchronization module reports a
diagnostics interrupt; see chapter
Synchronization modules for S7–400H
(Page 323)
Swapping interrupt Removal or insertion of an SM, and insertion Call of OB 83 EXTF
of a wrong module type. If the OB is not loaded: CPU changes
Removing a synchronization module. to STOP mode.
Redundancy error • Loss of redundancy on the CPUs Call of OB 72 EXTF
interrupt If the OB is not loaded: The CPU
• Standby master changeover
remains in RUN.
• Synchronization error
• Error in a synchronization module
• Cancellation of the update process
• Comparison error (e.g. RAM, PAA)
CPU hardware • A memory error was detected and Call of OB 84 INTF
fault eliminated If the OB is not loaded: The CPU
• In a configuration older than V6.0: Data remains in RUN.
transmission error at the redundant link.
Program • Priority class is called, but the Call of OB 85 INTF
execution error corresponding OB is not available. If the OB is not loaded: CPU changes
• In the case of an SFB call: Missing or to STOP mode.
faulty instance DB
• Process image update error EXTF
Failure of a • Power failure in an expansion rack Call of OB 86 EXTF
rack/station If the OB is not loaded: CPU changes
• Failure of a DP/PN segment
to STOP mode.
• Failure of a coupling segment: Missing or
defective IM, interrupted cable
Communication Communication error: Call of OB 87 INTF
error If the OB is not loaded: CPU does not
• Time synchronization
change to STOP mode.
• Access to DB when exchanging data via
communications function blocks
S7-400H
50 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.2 Monitoring functions of the CPU
Type of error Cause of error Response of the operating system Error LED
Execution The execution of a program block was Call of OB 88 INTF
canceled canceled. Possible reasons for the If the OB is not loaded: CPU changes
cancellation are: to STOP mode.
• Nesting depth of nesting levels too great
• Nesting depth of master control relay too
great
• Nesting depth of synchronization errors
too great
• Nesting depth of block call commands (U
stack) too great
• Nesting depth of block call commands (B
stack) too great
• Error during allocation of local data
Programming User program error: Call of OB 121 INTF
error If the OB is not loaded: CPU changes
• BCD conversion error
to STOP mode.
• Range length error
• Range error
• Alignment error
• Write error
• Timer number error
• Counter number error
• Block number error
• Block not loaded
MC7 code error Error in the compiled user program, for CPU changes to STOP mode. INTF
example, illegal OP code or a jump beyond Restart or memory reset required.
block end
S7-400H
System Manual, 07/2014, A5E00267695-13 51
Assembly of a CPU 41x–H
5.3 Status and error displays
LED Meaning
RUN STOP
Lit Dark The CPU is in RUN mode.
Dark Lit The CPU is in STOP mode. The user program is not being executed. Cold
restart/restart is possible. If the STOP status was triggered by an error, the error
indicator (INTF or EXTF) is also set.
Flashes Flashes CPU is DEFECTIVE. All other LEDs also flash at 2 Hz.
2 Hz 2 Hz
Flashes Lit HOLD status has been triggered by a test function.
0.5 Hz
Flashes Lit A cold restart/restart was initiated. The cold restart/warm start may take a minute or
2 Hz longer, depending on the length of the called OB. If the CPU still does not change to
RUN, there might be an error in the system configuration, for example.
Dark Flashes A high-quality RAM test (self-test) is executed after POWER ON. The self-test takes at
2 Hz least 10 minutes.
Memory is being reset
Irrelevant Flashes The CPU requests a memory reset.
0.5 Hz
Flashes Flashes Troubleshooting mode
0.5 Hz 0.5 Hz This display also indicates that internal processes are busy on the CPU and prevent
access to the CPU until completed. This status can be triggered by the following
routines:
• Startup (POWER ON) of a CPU on which a large number of blocks is loaded. If
encrypted blocks are loaded, startup may take a longer time depending on the
number of such blocks.
• Memory reset after you have inserted a large Memory Card, or if there are
encrypted blocks.
LED Meaning
MSTR RACK0 RACK1
Lit Irrelevant Irrelevant CPU controls switched I/O
Irrelevant Lit Dark CPU on rack number 0
Irrelevant Dark Lit CPU on rack number 1
S7-400H
52 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.3 Status and error displays
LED Meaning
INTF EXTF FRCE
Lit Irrelevant Irrelevant An internal error was detected (programming or parameter
assignment error).
Irrelevant Lit Irrelevant An external error was detected (i.e. an error whose cause is not in the
CPU module).
Irrelevant Irrelevant Lit A force request is active.
LED Meaning
BUS1F BUS2F BUS5F
Lit Irrelevant Irrelevant An error was detected at the MPI/DP interface.
Irrelevant Lit Irrelevant An error was detected at the PROFIBUS DP interface.
Irrelevant Irrelevant Lit An error was detected at the PROFINET IO interface.
A PROFINET IO system is configured but not connected.
Irrelevant Irrelevant Flashes One or several devices on the PROFINET IO interface are not
responding.
Flashes Irrelevant Irrelevant CPU is DP One or several slaves at the PROFIBUS DP interface 1
master: are not responding.
CPU is DP CPU is not addressed by the DP master.
slave:
Irrelevant Flashes Irrelevant CPU is DP One or several slaves at the PROFIBUS DP interface 2
master: are not responding.
CPU is DP CPU is not addressed by the DP master.
slave:
LED Meaning
IFM1F IFM2F
Lit Irrelevant An error was detected on synchronization module 1.
Irrelevant Lit An error was detected on synchronization module 2
S7-400H
System Manual, 07/2014, A5E00267695-13 53
Assembly of a CPU 41x–H
5.3 Status and error displays
LED Meaning
LINK RX/TX
Lit Irrelevant Connection at the PROFINET interface is active
Irrelevant Flashes Receiving or sending data at the PROFINET interface.
6 Hz
Note
The LINK and RX/TX LEDs are located directly next to the PROFINET interface sockets.
They are not labeled.
REDF LED
The REDF LED indicates specific system states and redundancy errors.
S7-400H
54 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.4 Mode switch
LED MAINT
This LED indicates that maintenance is required. For more information, refer to the STEP 7
Online Help.
Diagnostic buffer
In STEP 7, you can select "Target system -> Module Information" to read the cause of an
error from the diagnostics buffer.
S7-400H
System Manual, 07/2014, A5E00267695-13 55
Assembly of a CPU 41x–H
5.4 Mode switch
Positions
The mode switch is designed as toggle switch. The following figure shows all possible
positions of the mode switch.
The following table explains the positions of the mode switch. If an error or a startup problem
occurs, the CPU will either change to or stay in STOP mode regardless of the position of the
mode switch.
Position Explanations
RUN If there is no startup problem or error and the CPU was able to switch to RUN, the CPU either
executes the user program or remains idle. The I/O can be accessed.
• You can upload programs from the CPU to the programming device (CPU -> Programming
device)
• You can download programs from the programming device to the CPU (Programming device ->
CPU).
STOP The CPU does not execute the user program. The digital signal modules are disabled. The output
modules are disabled.
• You can upload programs from the CPU to the programming device (CPU -> Programming
device)
• You can download programs from the programming device to the CPU (Programming device ->
CPU).
MRES Momentary-on position of the toggle switch for CPU memory reset; see chapter Performing a memory
(Memory reset; reset (Page 57).
Master Reset) Momentary-on position for the "Reset CPU to factory state" function; see chapter Resetting the CPU
to the factory state (Page 75)
S7-400H
56 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.4 Mode switch
S7-400H
System Manual, 07/2014, A5E00267695-13 57
Assembly of a CPU 41x–H
5.4 Mode switch
Special feature
A special situation is presented for the MPI/DP and PN interface parameters when a memory
reset is preformed. The following parameters are valid after a memory reset:
● Memory reset with inserted FLASH card:
The parameters stored on the FLASH card are valid
● Memory reset without inserted FLASH card:
The parameters in the CPU are retained and valid.
S7-400H
58 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.4 Mode switch
Cold restart
● A cold restart resets the process image, all bit memories, timers, counters, and data
blocks to the initial values stored in the load memory, regardless of whether these data
were parameterized as being retentive or not.
● Program execution resumes with OB 1, or with OB 102 if available.
Note
Restart in buffered Power On mode
In buffered PowerOn mode of a fault-tolerant system with large configurations, many CPs
and/or external DP masters, it may take up to 30 seconds until a requested restart is
executed.
S7-400H
System Manual, 07/2014, A5E00267695-13 59
Assembly of a CPU 41x–H
5.5 Design and function of the memory cards
Order numbers
The order numbers for memory cards are listed in the technical specifications, see section
Technical data of memory cards (Page 406).
S7-400H
60 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.5 Design and function of the memory cards
Serial number
In version 5 or later, all memory cards have a serial number. This serial number is listed in
INDEX 8 of the SSL Parts List W#16#xy1C. The parts list can be read using SFC 51
"RDSYSST".
You can determine the following when you read the serial number in your user program: The
user program can only be executed when a specific memory card is inserted into the CPU.
This protects against unauthorized copying of the user program, similar to a dongle.
S7-400H
System Manual, 07/2014, A5E00267695-13 61
Assembly of a CPU 41x–H
5.6 Using memory cards
RAM card
Insert the RAM card to load the user program in the CPU. Load the user program in STEP 7
by selecting "Target system > Download".
You can load the entire user program or individual elements such as FBs, FCs, OBs, DBs, or
SDBs in the load memory in STOP or RUN mode.
When you remove the RAM card from the CPU, the information stored on it will be lost. The
RAM card is not equipped with an integrated backup battery.
If the power supply is equipped with an operational backup battery, or the CPU is supplied
with an external backup voltage at the "EXT. BATT." socket, the RAM card memory contents
are retained when power is switched off, provided the RAM card remains inserted in the
CPU and the CPU remains inserted in the rack.
S7-400H
62 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.6 Using memory cards
FLASH card
If you use a FLASH card, there are two ways of loading the user program:
● Use the mode switch to set the CPU to STOP, insert the FLASH card into the CPU, and
then download the user program to the FLASH card in
STEP 7 by selecting "Target system > Download user program to memory card".
● You download the user program to the FLASH card in offline mode on the programming
device/programming adapter, and then insert the FLASH card into the CPU.
The FLASH card is a non-volatile memory, i.e. its data are retained when it is removed from
the CPU or your S7-400 is being operated without backup voltage (without a backup battery
in the power supply module or external backup voltage at the "EXT. BATT." input of the
CPU).
S7-400H
System Manual, 07/2014, A5E00267695-13 63
Assembly of a CPU 41x–H
5.6 Using memory cards
See also
Technical data of memory cards (Page 406)
S7-400H
64 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.7 Multi Point Interface MPI/DP (X1)
Connectable devices
You can, for example, connect the following devices to the MPI:
● Programming devices (PG/PC)
● Operating and monitoring devices (OPs and TDs)
● Further SIMATIC S7 controllers
Various compatible devices take the 24 V supply from the interface. This voltage is non-
isolated.
PG/OP–CPU communication
A CPU is capable of handling several online connections to PGs/OPs in parallel. By default,
however, one of these connections is always reserved for a PG, and one for an OP/HMI
device.
CPU–CPU communication
CPUs exchange data by means of S7 communication.
For additional information, refer to the Programming with STEP 7 manual.
Connectors
Always use bus connectors with an angular cable outlet for PROFIBUS DP or PG cables to
connect devices to the MPI (see Installation Manual).
MPI as DP interface
You can also parameterize the MPI for operation as DP interface. To do so, reparameterize
the MPI under STEP 7 in the SIMATIC Manager. You can configure a DP segment with up to
32 slaves.
S7-400H
System Manual, 07/2014, A5E00267695-13 65
Assembly of a CPU 41x–H
5.8 PROFIBUS DP interface (X2)
Connectable devices
The PROFIBUS DP interface can be used to set up a PROFIBUS master system, or to
connect PROFIBUS I/O devices.
You can connect redundant I/O to the PROFIBUS DP interface.
You can connect any standard-compliant DP slaves to the PROFIBUS DP interface.
Here, the CPU represents the DP master, and is connected to the passive slave stations or,
in stand-alone mode, to other DP masters via the PROFIBUS DP fieldbus.
Various compatible devices take the 24 V supply from the interface. This voltage provided at
the PROFIBUS DP interface is non-isolated.
Connectors
Always use bus connectors for PROFIBUS DP and PROFIBUS cables to connect devices to
the PROFIBUS DP interface (refer to the Installation Manual).
Redundant mode
In redundant mode, the PROFIBUS DP interfaces have the same parameters.
Assigning an IP address
You have the following options of assigning an IP address to the Ethernet interface:
● By editing the CPU properties in HW Config. Download the modified configuration to the
CPU.
You can also set up the IP address parameters and the station name (NameOfStation, NoS)
locally without having to modify the configuration data.
● Using the "PLC -> Edit Ethernet Node" command in SIMATIC Manager.
S7-400H
66 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.9 PROFINET interface (X5)
Connectors
Always use RJ45 connectors to hook up devices to the PROFINET interface.
Connection
Version 2 x RJ45
Switch with 2 ports
Media Twisted pair Cat5
Transmission rate 10/100 Mbps
Autosensing
Autocrossing
Autonegotiation
S7-400H
System Manual, 07/2014, A5E00267695-13 67
Assembly of a CPU 41x–H
5.9 PROFINET interface (X5)
Note
Networking PROFINET components
The PROFINET interfaces of our devices are set to "automatic setting" (autonegotiation) by
default. Verify that all devices connected to the PROFINET interface of the CPU are also set
to the "Autonegotiation" mode. This is the default setting of standard PROFINET / Ethernet
components.
If connecting a device to the on-board PROFINET interface of the CPU that does not support
the "automatic setting" (Autonegotiation) operating mode, or selecting a setting other than
the "automatic setting" (Autonegotiation), note the following:
• PROFINET IO needs to be operated at 100 Mbps in full-duplex mode, which means if the
on-board PROFINET interface of the CPU for PROFINET IO communication and
Ethernet communication is used at the same time, the PROFINET interface may only be
operated at 100 Mbps in full-duplex mode.
• Operation at 100 Mbps full-duplex is possible if the on-board PROFINET interface(s) of
the CPU is(are) used for Ethernet communication only. Half-duplex mode is not allowed
in any situation.
Background: If a switch that is permanently set to 10 Mbps half-duplex is connected to the
interface of the CPU, the "Autonegotiation" setting forces the CPU to adapt itself to the
settings of the partner device, i.e. the communication operates de facto at "10 Mbps half-
duplex". However, this would not be a valid operating mode because PROFINET IO
demands operation at 100 Mbps full-duplex.
Reference
● For additional information on PROFINET, refer to PROFINET System Description
(http://support.automation.siemens.com/WW/view/en/19292127)
● For detailed information about Ethernet networks, network configuration and network
components refer to the SIMATIC NET manual: Twisted-pair and fiber-optic networks
(http://support.automation.siemens.com/WW/view/en/8763736) manual.
● For additional information about PROFINET, refer to: PROFINET
(http://www.profibus.com/)
S7-400H
68 System Manual, 07/2014, A5E00267695-13
Assembly of a CPU 41x–H
5.10 Overview of the parameters for the S7-400H CPUs
Default values
All parameters are set to factory defaults. These defaults are suitable for a wide range of
standard applications and can be used to operate the S7-400H directly without having to
make any additional settings.
You can determine the CPU-specific default values by selecting "Configuring Hardware" in
STEP 7.
Parameter blocks
The responses and properties of the CPU are defined in parameters which are stored in
system data blocks. The CPUs have a defined default setting. You can modify these default
setting by editing the parameters in the hardware configuration.
The list below provides an overview of the parameterizable system properties of the CPUs.
● General properties such as the CPU name
● Start-up
● Cycle/clock memory, e.g. the scan cycle monitoring time
● Retentivity, i.e., the number of bit memories, timers, and counters that are retained after
restart
● Memory, e.g. local data
Note: If you change the work memory allocation by modifying parameters, this work
memory is reorganized when you download system data to the CPU. As a consequence,
the data blocks generated by means of SFC are deleted and the remaining data blocks
are initialized with values from load memory.
If you change the following parameters, the work memory area available for logic blocks
and data blocks will be modified when loading the system data:
– Size of the process image, byte-oriented in the "Cycle/Clock memory" tab
– Communication resources in the "Memory" tab
– Size of the diagnostic buffer in the "Diagnostics/Clock" tab
– Number of local data for all priority classes in the "Memory" tab
● Assignment of interrupts (hardware interrupts, time delay interrupts, asynchronous error
interrupts) to the priority classes
● Time-of-day interrupts such as start, interval duration, priority
● Watchdog interrupts, e.g. priority, interval duration
● Diagnostics/clock, e.g. time-of-day synchronization
S7-400H
System Manual, 07/2014, A5E00267695-13 69
Assembly of a CPU 41x–H
5.10 Overview of the parameters for the S7-400H CPUs
● Security levels
● Fault tolerance parameters
Note
16 bit memory bytes and 8 counters are set by default in retentive memory, i.e., they are
not deleted at a CPU restart.
Note
If you modify the parameters listed below, the operating system initializes the following:
• Size of the process input image
• Size of the process output image
• Size of the local data
• Number of diagnostic buffer entries
• Communication resources
This involves the following initialization actions:
• Data blocks are initialized with the load values
• Bit memories, timers, counters, inputs and outputs are deleted, regardless of their
retentivity setting (0).
• DBs generated by SFC will be deleted
• Permanently configured, basic communication connections are shut down
• All run levels are initialized.
Further settings
● The rack number of a fault-tolerant CPU, 0 or 1
Use the selector switch on the rear panel of the CPU to change the rack number.
● The operating mode of a fault-tolerant CPU: Stand-alone or redundant mode
For information on how to change the operating mode of a fault-tolerant CPU, refer to
Appendix Stand-alone operation (Page 419).
S7-400H
70 System Manual, 07/2014, A5E00267695-13
Special functions of a CPU 41x-H 6
6.1 Security levels
You can define a security level for your project in order to prevent unauthorized access to
the CPU programs. The objective of these security level settings is to grant a user access to
specific programming device functions which are not protected by password, and to allow
that user to execute those functions on the CPU. When logged on with a password, the user
may execute all PG functions.
S7-400H
System Manual, 07/2014, A5E00267695-13 71
Special functions of a CPU 41x-H
6.1 Security levels
Note
Setting a lower security level
You can use SFC 109 "PROTECT" to set a lower security level than the one you
configured with STEP 7 "Configure hardware".
Additional aspects
● Both fault-tolerant CPUs of a fault-tolerant system can have different security levels in
STOP.
● The security level is transferred from the master to the standby during link-up/update
operations.
● The set security levels of both fault-tolerant CPUs are retained if you make modifications
to the plant during operation.
● The security level is transferred to the target CPU in the following cases:
– Switching to CPU with modified configuration
– Switching to a CPU with expanded memory configuration
– Switching to a CPU with modified operating system
– Switching to a CPU using only one intact redundant link
S7-400H
72 System Manual, 07/2014, A5E00267695-13
Special functions of a CPU 41x-H
6.2 Access-protected blocks
S7-Block Privacy
The STEP 7 add-on package S7-Block Privacy can be used to protect the functions and
function blocks against unauthorized access.
Observe the following information when using S7-Block Privacy:
● S7-Block Privacy is operated by means of shortcut menus. To view a specific menu help,
press the "F1" function key.
● You can no longer edit protected blocks in STEP 7. Moreover, testing and commissioning
functions such as "Monitor blocks" or breakpoints are no longer available. Only the
interfaces of the protected block remain visible.
● Protected blocks can only be released again for editing if you have the correct key and
the corresponding decompilation information included in your package. Make sure that
the key is always kept in a safe place.
● The loading of protected blocks is only supported on CPUs as of version 6.0.
● If your project contains sources, you can use these to restore the protected blocks by
means of compilation. The S7-Block Privacy sources can be removed from the project.
Note
Memory requirements
Each protected block with decompilation information occupies 232 additional bytes in load
memory.
Each protected block without decompilation information occupies 160 additional bytes in load
memory.
Note
Extended runtimes
The startup time of the CPU at power on, the loading time of blocks and the startup after a
system modification at runtime may be significantly prolonged.
Operation with FlashCard can significantly prolong the time for memory reset.
To optimize additional time requirements, it is best practice to protect one large block instead
of many small blocks.
If you have many protected blocks and change one of the following parameters, the error
"Unable to load system data..." could occur during the loading process.
• Size of the process image
• Size of the diagnostic buffer
• Maximum number of communication jobs
• Total amount of local data
Download the system data once again in this case.
S7-400H
System Manual, 07/2014, A5E00267695-13 73
Special functions of a CPU 41x-H
6.2 Access-protected blocks
Additional information
For additional information, refer to "S7 block privacy" in the STEP 7 Online Help.
S7-400H
74 System Manual, 07/2014, A5E00267695-13
Special functions of a CPU 41x-H
6.3 Resetting the CPU to the factory state
Properties Value
MPI address 2
MPI transmission rate 187.5 Kbps
Contents of the diagnostic buffer Empty
IP parameters None
IP parameters Default values
Operating hours counter 0
Date and time 01.01.94, 00:00:00
Procedure
Proceed as follows to reset a CPU to its factory settings:
1. Switch off the mains voltage.
2. If a memory card is inserted in the CPU, always remove the memory card.
3. Hold the toggle switch in the MRES setting and switch the mains voltage on again.
4. Wait until LED pattern 1 from the following overview is displayed.
5. Release the toggle switch, set it back to MRES within 3 seconds and hold it in this
position.
After approx. 4 seconds all the LEDs light up.
6. Wait until LED pattern 2 from the following overview is displayed.
This LED pattern lights up for approximately 5 seconds. During this period you can abort
the resetting procedure by releasing the toggle switch.
7. Wait until LED pattern 3 from the following overview is displayed, and release the toggle
switch again.
The CPU is now reset to its factory settings. It starts without buffering and goes to STOP
mode. The event "Reset to factory setting" is entered in the diagnostic buffer.
Note
Canceling the operation
If the described operation is canceled prematurely and the CPU remains in an undefined
state, you can once again set it to a defined state by cycling power off and on.
S7-400H
System Manual, 07/2014, A5E00267695-13 75
Special functions of a CPU 41x-H
6.3 Resetting the CPU to the factory state
S7-400H
76 System Manual, 07/2014, A5E00267695-13
Special functions of a CPU 41x-H
6.4 Updating the firmware without a memory card
Basic procedure
To update the firmware of a CPU, you will receive several files (*.UPD) containing the
current firmware. Download these files to the CPU. You do not need a memory card to
perform an online update. However, it is still possible to update the firmware using a memory
card.
Requirement
The CPU whose firmware you want to update must be accessible online, e.g. via
PROFIBUS, MPI, or Industrial Ethernet. The files containing the current firmware versions
must be available in the programming device/PC file system. A folder may contain only the
files of one firmware version. If security level 2 or 3 is set for the CPU, you require the
password to update the firmware.
Note
You can update the firmware of the fault-tolerant CPUs via Industrial Ethernet. Updating the
firmware over a MPI can take a long time if the transfer rate is low (e.g. approximately 10
minutes at 187.5 Kbit/s).
Procedure in HW Config
Proceed as follows to update the firmware of a CPU:
1. Open the station containing the CPU you want to update in HW Config.
2. Select the CPU.
3. Select the "PLC -> Update Firmware" menu command.
4. In the "Update Firmware" dialog, select the path to the firmware update files (*.UPD)
using the "Browse" button.
After you have selected a file, the information in the bottom boxes of the "Update
Firmware" dialog box indicate the modules for which the file is suitable and from which
firmware version.
5. Click on "Run".
STEP 7 verifies that the selected file can be interpreted by the CPU and then downloads the
file to the CPU. If this requires changing the operating state of the CPU, you will be prompted
to do this in the relevant dialog boxes.
S7-400H
System Manual, 07/2014, A5E00267695-13 77
Special functions of a CPU 41x-H
6.4 Updating the firmware without a memory card
Note
Update security
For reasons of firmware security, the CPU validates a digital signature before it runs the
firmware update. If it detects an error, it retains the current firmware version and rejects the
new one.
S7-400H
78 System Manual, 07/2014, A5E00267695-13
Special functions of a CPU 41x-H
6.5 Firmware update in RUN mode
Requirement
The size of the load memory on the master and reserve CPU is the same. Both Sync links
exist and are working.
Note
Only the third number of the firmware versions of the master and reserve CPU may differ by
1. You can only update to the newer version.
Example: From V6.0.0 to V6.0.1
Please take note of any information posted in the firmware download area.
The constraints described in section System and operating states of the S7–400H
(Page 115) also apply to a firmware update in RUN
S7-400H
System Manual, 07/2014, A5E00267695-13 79
Special functions of a CPU 41x-H
6.6 Reading service data
Application case
If you need to contact Customer Support due to a service event, the department may require
specific diagnostic information on the CPU status of your system. This information is stored
in the diagnostic buffer and in the service data.
Select the "PLC -> Save service data" command to read this information and save the data
to two files. You can then send these to Customer Support.
Note the following:
● If possible, save the service data immediately after the CPU goes into STOP or the
synchronization of a fault-tolerant system has been lost.
● Always save the service data of both CPUs in an H system.
Procedure
1. Select the "PLC > Save service data" command.
In the dialog box that opens up, select the file path and the file names.
2. Save the files.
3. Forward these files to Customer Support on request.
S7-400H
80 System Manual, 07/2014, A5E00267695-13
PROFIBUS DP 7
7.1 CPU 41x–H as PROFIBUS DP master
Introduction
This chapter describes how to use the CPU as DP master and configure it for direct data
exchange.
Further references
The STEP 7 Online Help provides descriptions and information on the following topics:
● Planning of a PROFIBUS subnet
● Configuration of a PROFIBUS subnet
● Diagnostics in the PROFIBUS subnet
Additional information
Details and information on migrating from PROFIBUS DP to PROFIBUS DPV1 is available
under entry ID 7027576 at the Internet address:
http://support.automation.siemens.com
DP diagnostics addresses occupy at least 1 byte for the DP master and each DP slave in the
input address area. At these addresses, the DP standard diagnostics can be called for the
relevant node by means of the LADDR parameter of SFC 13, for example. Define the DP
diagnostics addresses when you configure the project data. If you do not specify any DP
diagnostics addresses, STEP 7 automatically assigns the addresses as DP diagnostics
addresses in descending order, starting at the highest byte address.
S7-400H
System Manual, 07/2014, A5E00267695-13 81
PROFIBUS DP
7.1 CPU 41x–H as PROFIBUS DP master
Requirement
You have to configure the relevant CPU interface for use as PROFIBUS DP master. This
means you must make the following settings in STEP 7:
● Assign a network
● Configure the CPU as PROFIBUS DP master
● Assign a PROFIBUS address
● Change the operating mode, if necessary; the default setting is DPV1.
● Link DP slaves to the DP master system
Note
Is one of the PROFIBUS DP slaves a CPU 31x or CPU 41x?
If yes, you will find it in the PROFIBUS DP catalog as "preconfigured station". Assign this
DP slave CPU a slave diagnostics address in the PROFIBUS DP master. Link the
PROFIBUS DP master to the DP slave CPU, and specify the address areas for data
exchange with the DP slave CPU.
Note
The "Programming" or "Monitor/Modify" applications prolong the DP cycle if executed via the
PROFIBUS DP interface.
S7-400H
82 System Manual, 07/2014, A5E00267695-13
PROFIBUS DP
7.1 CPU 41x–H as PROFIBUS DP master
S7-400H
System Manual, 07/2014, A5E00267695-13 83
PROFIBUS DP
7.1 CPU 41x–H as PROFIBUS DP master
Determining the bus topology in a DP master system using SFC 103 "DP_TOPOL"
A diagnostic repeater is available to make it easier to localize disrupted modules or DP cable
breaks when failures occur during operation. This module is a slave that discovers the
topology of a PROFIBUS subnet and detects any problems caused by it.
You can use SFC 103 "DP_TOPOL" to trigger the determination of the bus topology of a DP
master system by the diagnostic repeater. SFC 103 is described in the corresponding online
help and in the "System and Standard Functions manual. For information on the diagnostic
repeater refer to the "Diagnostic Repeater for PROFIBUS DP manual, order number
6ES7972–0AB00–8BA0.
S7-400H
84 System Manual, 07/2014, A5E00267695-13
PROFIBUS DP
7.1 CPU 41x–H as PROFIBUS DP master
Table 7- 2 Meaning of the "BUSF" LED of the CPU 41x operating as DP master
S7-400H
System Manual, 07/2014, A5E00267695-13 85
PROFIBUS DP
7.1 CPU 41x–H as PROFIBUS DP master
S7-400H
86 System Manual, 07/2014, A5E00267695-13
PROFIBUS DP
7.1 CPU 41x–H as PROFIBUS DP master
Event detection
The table below shows how the CPU 41xH in DP master mode detects operating state
changes on an I-slave or interruptions of the data transfer.
S7-400H
System Manual, 07/2014, A5E00267695-13 87
PROFIBUS DP
7.1 CPU 41x–H as PROFIBUS DP master
system=1022
The CPU calls OB 82 with the following information, for example: CPU: RUN → STOP
• OB 82_MDL_ADDR:=1022 CPU generates an I-slave diagnostics frame.
• OB82_EV_CLASS:=B#16#39
As incoming event
• OB82_MDL_DEFECT:=module error
The CPU diagnostic buffer also contains this information
You also program SFC 13 "DPNRM_DG" in the user program for
reading the diagnostic data of the I-slave.
Use SFB 54 in the DPV1 environment. This outputs the full interrupt
information.
S7-400H
88 System Manual, 07/2014, A5E00267695-13
PROFINET 8
8.1 Introduction
What is PROFINET?
PROFINET is the open, non-proprietary Industrial Ethernet standard for automation. It
enables comprehensive communication from the business management level down to the
field level.
PROFINET fulfills the high demands of industry, for example:
● Industrial-compliant installation engineering
● Real-time capability
● Non-proprietary engineering
There are a wide range of products from active and passive network components,
controllers, distributed field devices to components for industrial wireless LAN and industrial
security available for PROFINET.
Information about the use of I/Os at the PROFINET interface is available in the chapter
System redundancy (Page 99).
With PROFINET IO a switching technology is implemented that allows all stations to access
the network at any time. In this way, the network can be used much more efficiently through
the simultaneous data transfer of several nodes. Simultaneous sending and receiving is
enabled through the full-duplex operation of Switched Ethernet.
PROFINET IO is based on Switched Ethernet full-duplex operation and a bandwidth of 100
Mbit/s.
In PROFINET IO communication, a slice of the transmission time is reserved for cyclic,
deterministic data transmission. This allows you to split the communication cycle into a
deterministic and an open part. Communication takes place in real-time.
Direct connection of distributed field devices (IO devices, such as signal modules) to
Industrial Ethernet. PROFINET IO supports a consistent diagnostics concept for efficient
error localization and troubleshooting.
Note
No changes to the PROFINET interface at runtime
I/O components that are connected to a PROFINET interface as well as parameters of the
PROFINET interface cannot be modified during operation.
S7-400H
System Manual, 07/2014, A5E00267695-13 89
PROFINET
8.1 Introduction
S7-400H
90 System Manual, 07/2014, A5E00267695-13
PROFINET
8.2 PROFINET IO systems
Functions of PROFINET IO
The following graphic shows the new functions in PROFINET IO:
S7-400H
System Manual, 07/2014, A5E00267695-13 91
PROFINET
8.2 PROFINET IO systems
The fault-tolerant system, The fault-tolerant system, consisting of CPU 41x-5H PN/DP ② + ③, sets up PROFINET
consisting of CPU 41x-5H system 2 as IO controller. A one-sided IO device is operated in system redundancy on this
PN/DP IO controller in addition to IO devices.
② + ③, sets up the Here you see that a fault-tolerant system can operate system-redundant IO devices as well
PROFINET system 2 as IO as a one-sided IO device:
controller.
A one-sided IO device is • The fault-tolerant system is the IO controller for both system-redundant IO devices ET
operated in system 200 ⑦ + ⑧ as well as the one-sided IO device ⑨.
redundancy in addition to IO
devices at this IO controller.
Further information
You will find further information about PROFINET in the documents listed below:
● In the PROFINET system description
(http://support.automation.siemens.com/WW/view/en/19292127) manual
● In the From PROFIBUS DP to PROFINET IO programming manual.
This manual also provides a clear overview of the new PROFINET blocks and system
status lists.
S7-400H
92 System Manual, 07/2014, A5E00267695-13
PROFINET
8.3 Blocks in PROFINET IO
Table 8- 1 System and standard functions that are new or have to be replaced
S7-400H
System Manual, 07/2014, A5E00267695-13 93
PROFINET
8.3 Blocks in PROFINET IO
The following table provides an overview of the system and standard functions for SIMATIC,
whose functionality must be implemented by other functions when converting from
PROFIBUS DP to PROFINET IO.
Table 8- 2 System and standard functions of PROFIBUS DP that can be emulated in PROFINET IO
The following SIMATIC system function is not supported for PROFINET IO:
● SFC 103 "DP_TOPOL" Determine the bus typology in a DP master
Detailed information
For more information about the blocks, refer to the manual System Software for S7-300/400
System and Standard Functions.
S7-400H
94 System Manual, 07/2014, A5E00267695-13
PROFINET
8.4 System status lists for PROFINET IO
Introduction
The CPU makes certain information available and stores this information in the "System
status list".
The system status list describes the current status of the automation system. It provides an
overview of the configuration, the current parameter assignment, the current statuses and
sequences in the CPU, and the assigned modules.
The system status list data can only be read, but not be changed. The system status list is a
virtual list that is compiled only on request.
From a system status list you receive the following information via the PROFINET IO
system:
● System data
● Module status information in the CPU
● Diagnostic data from a module
● Diagnostic buffer
S7-400H
System Manual, 07/2014, A5E00267695-13 95
PROFINET
8.5 Device replacement without removable medium/programming device
Detailed information
For detailed descriptions of the individual system status lists, refer to the manual System
Software for S7-300/400 System and Standard Functions.
Additional information
For additional information, refer to the STEP 7 Online Help and to the PROFINET System
Description (http://support.automation.siemens.com/WW/view/en/19292127) manual.
S7-400H
96 System Manual, 07/2014, A5E00267695-13
PROFINET
8.6 Shared Device
Note
Note that the power modules and electronic modules belonging to the same potential group
of a shared IO device (e.g. ET 200S) must be assigned to the same IO controller in order to
enable the diagnosis of load voltage failure.
Additional information
For more information about shared devices and their configuration, refer to the STEP 7
Online Help and to the PROFINET System Description
(http://support.automation.siemens.com/WW/view/en/19292127) manual.
Topology
You can also combine system redundancy under PROFINET with other PROFINET
functions.
S7-400H
System Manual, 07/2014, A5E00267695-13 97
PROFINET
8.7 Media redundancy
① S7-400H system
② SCALANCE X400 (one-sided I/Os)
③ ET200M (one-sided/system-redundant I/Os)
Note
RT communication is interrupted (station failure) if the reconfiguration time of the ring is
greater than the selected response monitoring time of the IO device. This means that you
should select a response monitoring time of the IO device of sufficient length. The same
applies to IO devices configured with MRP outside the ring.
Additional information
For additional information, refer to the STEP 7 Online Help and to the PROFINET System
Description (http://support.automation.siemens.com/WW/view/en/19292127) manual.
S7-400H
98 System Manual, 07/2014, A5E00267695-13
PROFINET
8.8 System redundancy
Requirement
You need the following component versions to set up a fault-tolerant system with system-
redundant I/Os:
● CPU 41x-5H PN/DP as of version 6.0
● IM 153-4BA00 as of version 4.0
● STEP7 as of V5.5, SP2 HF1
Configuration
The figure below shows a configuration with two IO devices connected in system
redundancy.
S7-400H
System Manual, 07/2014, A5E00267695-13 99
PROFINET
8.8 System redundancy
This topology has the following advantage: The entire system can continue to operate in
case of an interrupted connection, no matter where it occurs. One of the two communication
connections of the IO devices will always remain intact. The IO devices that were redundant
until now will continue operating as one-sided IO devices.
The figure below shows the view in STEP7, the logical view and the physical view of the
configuration with two integrated IO devices in system redundancy. Note that the view in
STEP7 does not exactly match the physical view.
S7-400H
100 System Manual, 07/2014, A5E00267695-13
PROFINET
8.8 System redundancy
Note
Using the topology editor
Use the topology editor in HW Config.
S7-400H
System Manual, 07/2014, A5E00267695-13 101
PROFINET
8.8 System redundancy
S7-400H
102 System Manual, 07/2014, A5E00267695-13
PROFINET
8.8 System redundancy
The figure below shows the system-redundant connection of nine IO devices using three
switches. This configuration, for example, allows you to arrange IO devices in several
cabinets.
Note
Logical structure and topology
The topology itself does not determine if IO devices are connected one-sided or in a
configuration with system redundancy. This is determined in thje course of configuration.
You can configure the IO devices in the first figure as one-sided instead of the system-
redundant setup.
S7-400H
System Manual, 07/2014, A5E00267695-13 103
PROFINET
8.8 System redundancy
S7-400H
104 System Manual, 07/2014, A5E00267695-13
Consistent data 9
Overview
Data that belongs together in terms of its content and describe a process state at a specific
point in time is known as consistent data. In order to maintain data consistency, do not
modify or update the data during their transfer.
Example 1:
In order to provide a consistent image of the process signals to the CPU for the duration of
cyclic program processing, the process signals are written to the process image of inputs
prior to program execution, or the processing results are written to the process image of
outputs after program execution. Subsequently, during program processing when the inputs
(I) and outputs (O) operand areas are addressed, the user program addresses the internal
memory area of the CPU on which the process image is located instead of directly accessing
the signal modules.
Example 2:
Inconsistency may develop when a communication block, such as SFB 14 "GET" or SFB 15
"PUT", is interrupted by a process alarm OB of higher priority. If the user program modifies
any data of this process alarm OB which in part have already been processed by the
communication block, certain parts of the transferred data will have retained their original
status which was valid prior to process alarm processing, while others represent data from
after process alarm processing.
This results in inconsistent data, i.e. data which are no longer associated.
SFC 81 "UBLKMOV"
Use SFC 81 "UBLKMOV" to copy the content of a memory range, the source area,
consistently to another memory range, the target range. The copy operation cannot be
interrupted by other operating system activities.
SFC 81 "UBLKMOV" enables you to copy the following memory areas:
● Bit memory
● DB contents
● Process input image
● Process output image
The maximum amount of data you can copy is 512 bytes. Make allowances for the CPU-
specific restrictions listed in the instruction list.
Since copying cannot be interrupted, the alarm response times of your CPU may increase
when using SFC 81 "UBLKMOV".
S7-400H
System Manual, 07/2014, A5E00267695-13 105
Consistent data
9.1 Consistency of communication blocks and functions
The source and destination areas must not overlap. If the specified destination area is larger
than the source area, the function only copies the amount of data contained in the source
area to the destination area. If the specified destination area is smaller than the source area,
the function only copies as much data as can be written to the destination area.
For information on SFC 81, refer to the corresponding online help and to the "System and
Standard Functions" manual.
S7-400H
106 System Manual, 07/2014, A5E00267695-13
Consistent data
9.2 Consistency rules for SFB 14 "GET" or read variable, and SFB 15 "PUT" or write variable
9.2 Consistency rules for SFB 14 "GET" or read variable, and SFB 15
"PUT" or write variable
SFB 14
The data are received consistently if you observe the following points:
Evaluate the entire, currently used part of the receive area RD_i before you activate a new
request.
SFB 15
When a send operation is initiated (rising edge at REQ), the data to be sent from the send
areas SD_i are copied from the user program. You can write new data to these areas after
the block call command without corrupting the current send data.
Note
Completion of transfer
The send operation is not completed until the status parameter DONE assumes value 1.
Note
Evaluate the entire currently used part of the receive area RD_i before you activate a new
job.
S7-400H
System Manual, 07/2014, A5E00267695-13 107
Consistent data
9.3 Consistent reading and writing of data from and to DP standard slaves/IO devices
Note
When a send operation is activated (positive edge at REQ), the data to be transmitted from
the send areas SD_i is copied from the user program. You can write new data to these areas
after the block call command without corrupting the current send data.
Note
The PROFIBUS DP standard defines the upper limits for transmission of consistent user
data. Typical DP standard slaves adhere to this upper limit. Older CPUs (<1999) had CPU-
specific restrictions in terms of the transmission of consistent user data. The maximum
length of data this CPU can consistently read and write to and from a DP standard slave is
specified in your technical specifications, keyword "DP Master – User data per DP slave".
With this value, newer CPUs exceed the length of data that a DP standard slave provides or
receives.
S7-400H
108 System Manual, 07/2014, A5E00267695-13
Consistent data
9.3 Consistent reading and writing of data from and to DP standard slaves/IO devices
Note
Forcing variables
It is not allowed to force variables in the I/O or process image range of a DP slave or IO
device and that belong to a consistency range. The user program may overwrite these
variables in spite of the force job.
S7-400H
System Manual, 07/2014, A5E00267695-13 109
Consistent data
9.3 Consistent reading and writing of data from and to DP standard slaves/IO devices
Example:
The example of the process image partition 3 "PIP 3" below shows a possible configuration
in HW Config. Requirement: The process image was previously updated by means of SFC
26/27 call, or the update of the process image was linked to an OB.
● PIP 3 at output: Those 50 bytes are stored consistently in process image partition 3 (drop
down list box "Consistent over > Total length"), and can thus be read by means of
standard "Load input xy" commands.
● Selecting "Process image -> ---" under Input in the drop down list box means: no storage
in a process image. You must work with the system functions SFC14/15.
S7-400H
110 System Manual, 07/2014, A5E00267695-13
Memory concept 10
10.1 Overview of the memory concept of S7-400H CPUs
S7-400H
System Manual, 07/2014, A5E00267695-13 111
Memory concept
10.1 Overview of the memory concept of S7-400H CPUs
Note
Please note the following if you expand the process image of a CPU. Reconfigure the
modules whose addresses have to be above the highest address of the process image
so that the new addresses are still above the highest address of the expanded process
image.
Important note for CPUs after the parameter settings for the allocation of RAM have been changed
If you change the work memory allocation by modifying parameters, this work memory is
reorganized when you load system data into the CPU. As a consequence, the data blocks
generated by means of SFC are deleted and the remaining data blocks are initialized with
values from load memory.
The amount of work memory that is made available for logic or data blocks during the
download of system data is adapted if you modify the following parameters:
● Size of the process image (byte-oriented; in the "Cycle/Clock Memory" tab)
● Communication resources (in the "Memory" tab)
● Size of the diagnostics buffer ("Diagnostics/Clock" tab)
● Number of local data for all priority classes ("Memory" tab)
S7-400H
112 System Manual, 07/2014, A5E00267695-13
Memory concept
10.1 Overview of the memory concept of S7-400H CPUs
Backup
● The backup battery provides backup power for the integrated and external part of the load
memory, the data section of the working memory and the code section.
S7-400H
System Manual, 07/2014, A5E00267695-13 113
Memory concept
10.1 Overview of the memory concept of S7-400H CPUs
S7-400H
114 System Manual, 07/2014, A5E00267695-13
System and operating states of the S7–400H 11
This chapter features an introduction to the subject of S7-400H fault-tolerant systems.
You will learn the basic terms that are used in describing how fault-tolerant systems operate.
Following that, you will receive information on fault-tolerant system states. They depend on
the operating states of the different fault-tolerant CPUs, which will be described in the next
section.
In describing these operating states, this section concentrates on the behavior that differs
from a standard CPU. You will find a description of the standard behavior of a CPU in the
corresponding operating mode in the Programming with STEP 7 manual.
The final section provides details on the modified time response of fault-tolerant CPUs.
11.1 Introduction
The S7-400H consists of two redundantly configured subsystems that are synchronized via
fiber-optic cables.
Both subsystems create a fault-tolerant automation system operating with a two-channel (1-
out-of-2) structure based on the "active redundancy" principle.
Convention
To identify the two subsystems, we use the traditional expressions of "master" and "reserve"
for dual-channel fault-tolerant systems in this description. The reserve always processes
events in synchronism with the master, and does not explicitly wait for any errors before
doing so.
The distinction made between the master and reserve CPUs is primarily important for
ensuring reproducible error reactions. For example, the reserve CPU may go into STOP
when the redundant link fails, while the master CPU remains in RUN.
S7-400H
System Manual, 07/2014, A5E00267695-13 115
System and operating states of the S7–400H
11.1 Introduction
Master/reserve assignment
When the S7-400H is initially switched on, the CPU that started up first assumes master
mode, and the partner CPU assumes reserve mode.
The preset master/reserve assignment is retained when both CPUs power up
simultaneously.
The master/reserve assignment changes when:
1. The reserve CPU starts up before the master CPU (interval of at least 3 s)
2. The master CPU fails or goes into STOP in redundant system mode
3. No error was found in ERROR-SEARCH mode (see also section ERROR-SEARCH mode
(Page 128))
4. Programmed master-standby switchover with SFC 90 "H_CTRL"
Synchronization is performed automatically by the operating system and has no effect on the
user program. You create your program in the same way as for standard S7-400 CPUs.
S7-400H
116 System Manual, 07/2014, A5E00267695-13
System and operating states of the S7–400H
11.2 System states of the S7–400H
Self-test
Malfunctions or errors must be detected, localized and reported as quickly as possible.
Consequently, extensive self-test functions have been implemented in the S7-400H that run
automatically and entirely in the background.
The following components and functions are tested:
● Coupling of the central racks
● Processor
● Internal memory of the CPU
● I/O bus
If the self-test detects an error, the fault-tolerant system tries to eliminate it or to suppress its
effects.
For detailed information on the self-test, refer to section Self-test (Page 130).
S7-400H
System Manual, 07/2014, A5E00267695-13 117
System and operating states of the S7–400H
11.2 System states of the S7–400H
Procedure:
1. In SIMATIC Manager, select a CPU with existing MPI connection.
2. Select the PLC > Operating mode menu command.
Result:
The "Operating mode" dialog shows the current system state of the fault-tolerant system, the
operating states of the individual CPUs, as well as the current position of the mode switches
on the modules.
The CPU that was selected in SIMATIC Manager when the menu command was executed is
the first one displayed in the table.
S7-400H
118 System Manual, 07/2014, A5E00267695-13
System and operating states of the S7–400H
11.2 System states of the S7–400H
Requirement
You have selected one of the two CPUs in SIMATIC Manager and opened the "Operating
mode" dialog using the PLC > Operating state menu command.
Result:
The CPU displayed first in the table starts up as master CPU. Then the second CPU starts
up and will become the standby CPU after link-up and update operations.
S7-400H
System Manual, 07/2014, A5E00267695-13 119
System and operating states of the S7–400H
11.2 System states of the S7–400H
11.2.4 System status change from the standalone mode system status
Requirements:
● You have opened the "Operating state" dialog using the PLC > Operating state menu
command in SIMATIC Manager.
● The standby CPU is not in ERROR-SEARCH operating state.
S7-400H
120 System Manual, 07/2014, A5E00267695-13
System and operating states of the S7–400H
11.2 System states of the S7–400H
Requirement:
You have opened the "Operating state" dialog using the PLC > Operating state menu
command in SIMATIC Manager.
Result:
The selected CPU goes into the STOP state, while the other CPU remains in RUN state; the
fault-tolerant system continues operating in standalone mode.
Procedure:
1. Select the fault-tolerant station in SIMATIC Manager.
2. Select the PLC > Diagnose hardware menu command.
3. In the "Select CPU" dialog, select the CPU and confirm with OK.
Result:
The operating state of the selected CPU can be identified based on the display of the
selected CPU in the "Diagnose hardware" dialog:
S7-400H
System Manual, 07/2014, A5E00267695-13 121
System and operating states of the S7–400H
11.3 The operating states of the CPUs
Note
The view is not updated automatically in the Online view. Use the F5 function key to view the
current operating mode.
S7-400H
122 System Manual, 07/2014, A5E00267695-13
System and operating states of the S7–400H
11.3 The operating states of the CPUs
S7-400H
System Manual, 07/2014, A5E00267695-13 123
System and operating states of the S7–400H
11.3 The operating states of the CPUs
Point Description
1. After the power supply has been turned on, the two CPUs (CPU 0 and CPU 1) are in STOP state.
2. CPU 0 changes to the STARTUP state and executes OB 100 or OB 102 according to the startup mode; see
also section STARTUP mode (Page 125).
3. If startup is successful, the master CPU (CPU 0) changes to standalone mode. The master CPU executes
the user program alone.
At the transition to the LINK-UP system state, no block may be opened by the "Monitor" option, and no tag
table may be active.
4. If the standby CPU (CPU 1) requests LINK-UP, the master and standby CPUs compare their user programs.
If any differences are found, the master CPU updates the user program of the standby CPU, see also
section LINK-UP and UPDATE modes (Page 126).
5. After a successful link-up, updating is started, see section Update sequence (Page 143). The master CPU
updates the dynamic data of the standby CPU. Dynamic data includes inputs, outputs, timers, counters, bit
memories and data blocks.
Following the update, the memories of both CPUs have the same content; see also section LINK-UP and
UPDATE modes (Page 126).
6. The master and standby CPUs are in RUN after the update. Both CPUs process the user program in
synchronous mode.
Exception: Master/standby changeover for configuration/program modifications.
The redundant system state is only supported with CPUs of the same version and firmware version.
Note
A system startup may trigger a master–standby changeover.
A fault-tolerant CPU can only exit the STOP state with a loaded configuration.
Memory reset
The memory reset function affects only the selected CPU. To reset both CPUs, you must
reset one and then the other.
S7-400H
124 System Manual, 07/2014, A5E00267695-13
System and operating states of the S7–400H
11.3 The operating states of the CPUs
Startup modes
The fault-tolerant CPUs distinguish between cold restart and warm restart.
Fault-tolerant CPUs do not support warm restarts.
S7-400H
System Manual, 07/2014, A5E00267695-13 125
System and operating states of the S7–400H
11.3 The operating states of the CPUs
Additional information
For detailed information on STARTUP mode, refer to the Programming with STEP 7 manual.
S7-400H
126 System Manual, 07/2014, A5E00267695-13
System and operating states of the S7–400H
11.3 The operating states of the CPUs
S7-400H
System Manual, 07/2014, A5E00267695-13 127
System and operating states of the S7–400H
11.3 The operating states of the CPUs
Properties
● Link-up and update operations are not available while the fault-tolerant CPU is in HOLD
mode; the reserve CPU remains in STOP and outputs a diagnostics message.
● It is not possible to set breakpoints when the fault-tolerant system is in redundant system
mode.
Note
If the master CPU changes to STOP during troubleshooting, the troubleshooting is continued
on the standby CPU. However, once troubleshooting is completed, the standby CPU does
not start up again.
S7-400H
128 System Manual, 07/2014, A5E00267695-13
System and operating states of the S7–400H
11.3 The operating states of the CPUs
4. If a multiple-bit error occurs on a CPU in redundant mode, that CPU will enter ERROR-
SEARCH mode. The partner CPU assumes master mode as required, and continues
operation in standalone mode.
But: OB 84 is called if 2 or more single-bit errors occur on a CPU in redundant operation
within 6 months. The CPU does not change to ERROR-SEARCH mode.
5. If synchronization is lost during redundant mode, the standby CPU changes to ERROR-
SEARCH mode. The other CPU remains master and continues operation in standalone
mode.
The purpose of ERROR-SEARCH mode is to find a faulty CPU. The standby CPU runs the
full self-test, while the master CPU remains in RUN. If a hardware fault is detected, the CPU
changes to DEFECTIVE state. If no fault is detected the CPU is linked up again. The fault-
tolerant system resumes the redundant system state. An automatic master-standby
changeover then takes place. This ensures that when the next error is detected in error-
search mode, the hardware of the previous master CPU is tested.
For CPU memories extended with FLASH Memory Cards, the following special condition
applies: A general reset request is set if the CPU exits the ERROR-SEARCH operating state
and is not able to establish a connection to the master CPU, e.g. when both synchronization
lines are interrupted. This prevents that the stand-by CPU starts up as second master CPU
using the configuration on the FLASH memory card.
No communication is possible, e.g. by means of access from a programming device, while
the CPU is in ERROR-SEARCH operating state. The ERROR-SEARCH operating state is
indicated by the RUN and STOP LEDs, see Chapter Status and error displays (Page 52).
For additional information on the self-test, refer to Chapter Self-test (Page 130)
S7-400H
System Manual, 07/2014, A5E00267695-13 129
System and operating states of the S7–400H
11.4 Self-test
11.4 Self-test
S7-400H
130 System Manual, 07/2014, A5E00267695-13
System and operating states of the S7–400H
11.4 Self-test
Checksum errors
When a checksum error occurs for the first time after the last POWER ON without backup,
the system reacts as follows:
S7-400H
System Manual, 07/2014, A5E00267695-13 131
System and operating states of the S7–400H
11.4 Self-test
Hardware fault with one-sided call of OB 121, checksum error, second occurrence
A CPU 41x–5H reacts to a second occurrence of a hardware fault with a one-sided call of
OB 121 and to checksum errors as set out in the table below, based on the various operating
modes of the CPU 41x–5H.
Table 11- 6 Hardware fault with one-sided call of OB 121, checksum error, second occurrence
Error CPU in standalone mode CPU in stand-alone mode CPU in redundant mode
Hardware fault OB 121 is executed OB 121 is executed The faulty CPU enters ERROR-
with one-sided call SEARCH mode. The fault-
of OB 121 tolerant system switches to
standalone mode.
Checksum errors The CPU enters the The CPU enters the The CPU enters the
DEFECTIVE state if two errors DEFECTIVE state if two errors DEFECTIVE state if a second
occur within two successive test occur within two successive test error triggered by the first error
cycles (configure the length of cycles (configure the length of event occurs in ERROR-
the test cycle in HW Config). the test cycle in HW Config). SEARCH mode.
If a second checksum error occurs in single/stand-alone mode after twice the test cycle time
has expired, the CPU reacts as it did on the first occurrence of the error. If a second error
(hardware fault with one-sided call of OB 121, checksum error) occurs in redundant mode
when troubleshooting is finished, the CPU reacts as it did on the first occurrence of the error.
Multiple-bit errors
The CPU changes to ERROR-SEARCH mode when a multiple-bit error is detected while the
fault-tolerant system is operating in redundant mode. When troubleshooting is finished, the
CPU can automatically connect and update itself, and resume redundant operation. At the
transition to error-search mode, the address of the errors is reported in the diagnostic buffer.
Single-bit errors
The CPU calls OB 84 after detection and elimination of the error.
Note
In a fail-safe system, you are not allowed to disable and then re-enable the cyclic self-tests.
For more details, refer to the S7-400F and S7-400FH Automation Systems manual.
S7-400H
132 System Manual, 07/2014, A5E00267695-13
System and operating states of the S7–400H
11.5 Evaluation of hardware interrupts in the S7-400H system
S7-400H
System Manual, 07/2014, A5E00267695-13 133
System and operating states of the S7–400H
11.5 Evaluation of hardware interrupts in the S7-400H system
S7-400H
134 System Manual, 07/2014, A5E00267695-13
Link-up and update 12
12.1 Effects of link-up and updating
Link-up and updating are indicated by the REDF LEDs on the two CPUs. During link-up, the
LEDs flash at a frequency of 0.5 Hz, and when updating at a frequency of 2 Hz.
Link-up and update have various effects on user program execution and on communication
functions.
S7-400H
System Manual, 07/2014, A5E00267695-13 135
Link-up and update
12.2 Conditions for link-up and update
Link-up and Size and type of FW version in the Available sync Hardware version
update as PG load memory in master and connections on master and
command: the master and reserve CPUs reserve CPU
reserve CPUs
Restart of the Are identical Are identical 2 Are identical
reserve
Switch to CPU RAM and EPROM Are identical 2 Are identical
with modified mixed
configuration
Switchover to Size of load Are identical 2 Are identical
CPU with memory in the
expanded memory reserve CPU is
configuration larger than that of
the master
Switchover to Are identical Are different 2 Are identical
CPU with modified
operating system
CPUs with Are identical Are identical 2 Are different
changed hardware
version
Only one Are identical Are identical 1 Are identical
synchronization
link-up is available
over only one
intact redundant
link
S7-400H
136 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.3 Link-up and update sequence
Note
If a link-up and update operation is interrupted on the standby CPU (for example due to
POWER OFF, STOP), this may cause data inconsistency and lead to a memory reset
request on this CPU.
The link-up and update functions are possible again after a memory reset on the standby.
S7-400H
System Manual, 07/2014, A5E00267695-13 137
Link-up and update
12.3 Link-up and update sequence
*) If the "Switchover to CPU with altered configuration" option is set, the content of the load
memory is not copied; what is copied from the user program blocks of the work memory
(OBs, FCs, FBs, DBs, SDBs) of the master CPU is listed in section Switch to CPU with
modified configuration or expanded memory configuration (Page 146)
S7-400H
138 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.3 Link-up and update sequence
S7-400H
System Manual, 07/2014, A5E00267695-13 139
Link-up and update
12.3 Link-up and update sequence
Figure 12-3 Example of minimum signal duration of an input signal during the update
S7-400H
140 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.3 Link-up and update sequence
S7-400H
System Manual, 07/2014, A5E00267695-13 141
Link-up and update
12.3 Link-up and update sequence
For information on the required steps based on the scenarios described above (alteration of
the hardware configuration, or of the type of load memory), refer to section Failure and
replacement of components during operation (Page 253).
Note
Even though you have not modified the hardware configuration or the type of load memory
on the reserve CPU, there is nevertheless a master/reserve changeover and the previous
master CPU changes to STOP.
Note
Assuming you have implemented a different type of load memory or operating system on the
reserve CPU, this CPU does not go into RUN, but rather returns to STOP and writes a
corresponding message to the diagnostic buffer.
Assuming you have not expanded load memory on the reserve CPU, this CPU does not go
into RUN, but rather returns to STOP and writes a corresponding message to the diagnostic
buffer.
The system does not perform a master/reserve changeover, and the previous master CPU
remains in RUN.
S7-400H
142 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.3 Link-up and update sequence
S7-400H
System Manual, 07/2014, A5E00267695-13 143
Link-up and update
12.3 Link-up and update sequence
8. Generating the start event for the cyclic interrupt OB with special handling.
Note
The cyclic interrupt OB with special handling is particularly important in situations where
you need to address certain modules or program parts within a specific time. This is a
typical scenario in fail-safe systems. For details, refer to the S7-400F and S7-400FH
Automation Systems and S7-300 Automation Systems, Fail-safe Signal Modules
manuals.
To prevent an extension of the special cyclic interrupt, the cyclic alarm OB with special
handling must be assigned top priority.
9. Transfer of outputs and of all data block contents modified again. Transfer of timers,
counters, bit memories, and inputs. Transfer of the diagnostic buffer.
During this data synchronization, the system interrupts the clock pulse for cyclic
interrupts, time-delay interrupts and S7 timers. This results in the loss of any synchronism
between cyclic and time-of-day interrupts.
10.Cancel all restrictions. Delayed interrupts and communication functions are executed. All
OBs are executed again.
A constant bus cycle time compared with previous calls can no longer be guaranteed for
delayed cyclic interrupt OBs.
Note
Process interrupts and diagnostic interrupts are stored by the I/O devices. Such interrupt
requests issued by distributed I/O modules are executed when the block is re-enabled.
Any such requests by central I/O modules can only be executed provided the same
interrupt request did not occur repeatedly while the status was disabled.
If the PG/ES requested a master/standby changeover, the previous standby CPU assumes
master mode and the previous master CPU goes into STOP when the update is completed.
Both CPUs will otherwise go into RUN (redundant system mode) and execute the user
program in synchronism.
When there is a master/standby changeover, in the first cycle after the update OB 1 is
assigned a separate identifier (see System Software for S7-300/400, System and Standard
Functions Reference Manual). For information on other aspects resulting from modifying the
configuration, refer to section Switch to CPU with modified configuration or expanded
memory configuration (Page 146).
S7-400H
144 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.3 Link-up and update sequence
Note
The last three of the functions listed are registered by a WinCC system, and automatically
repeated when the update is completed.
S7-400H
System Manual, 07/2014, A5E00267695-13 145
Link-up and update
12.3 Link-up and update sequence
Note
Even though you have not modified the hardware configuration or the type of load memory
on the reserve CPU, there is nevertheless a master/reserve changeover and the previous
master CPU changes to STOP.
Note
If you have downloaded connections using NETPRO, you can no longer change the memory
type of the load memory from RAM to FLASH.
When you initiate a link-up and update operation with the "Switch to CPU with modified
configuration" option in STEP 7, the system reacts as follows with respect to handling of the
memory contents.
Load memory
The contents of the load memory are not copied from the master to the reserve CPU.
Work memory
The following components are transferred from the work memory of the master CPU to the
reserve CPU:
● Contents of all data blocks assigned the same interface time stamp in both load
memories and whose attributes "read only" and "unlinked" are not set.
● Data blocks generated in the master CPU by SFCs.
The DBs generated in the reserve CPU by means of SFC are deleted.
If a data block with the same number is also found in the load memory of the reserve
CPU, link-up is cancelled with an entry in the diagnostic buffer.
● Process images, timers, counters, and bit memories
If there is insufficient memory, link-up is cancelled with an entry in the diagnostic buffer.
S7-400H
146 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.3 Link-up and update sequence
Note
When changing over to a CPU with modified configuration, the size of load memories in the
master and reserve may be different.
Note
Assuming you have implemented a different type of load memory or operating system on the
reserve CPU, this CPU does not go into RUN, but rather returns to STOP and writes a
corresponding message to the diagnostic buffer.
Assuming you have not expanded load memory on the reserve CPU, this CPU does not go
into RUN, but rather returns to STOP and writes a corresponding message to the diagnostic
buffer.
The system does not perform a master/reserve changeover, and the previous master CPU
remains in RUN.
For information on changing the type of memory or on load memory expansions, refer to
section Failure and replacement of components during operation (Page 253).
When you initiate a link-up and update with the "Switchover to CPU with expanded memory
configuration" option in STEP 7, the system reacts as follows with respect to the handling of
memory contents.
S7-400H
System Manual, 07/2014, A5E00267695-13 147
Link-up and update
12.3 Link-up and update sequence
CAUTION
Always perform link-up and update operations when the process is not in a critical state.
You can set specific start times for link-up and update operations at SFC 90 "H_CTRL". For
detailed information on this SFC, refer to the System Software for S7-300/400, System and
Standard Functions manual.
Note
If the process tolerates cycle time extensions at any time, you do not need to call SFC 90
"H_CTRL".
The CPU does not perform a self-test during link-up and updating. If you use a fail-safe user
program, you should avoid any excessive delay for the update operation. For more details,
refer to the S7-400F and S7-400FH Automation Systems manual.
S7-400H
148 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.4 Time monitoring
Note
If you have not defined any default values for the monitoring times, make allowance for the
update in the scan cycle monitoring time. If in this case the update is cancelled, the fault-
tolerant system switches to standalone mode: The previous master CPU remains in RUN,
and the standby CPU goes into STOP.
You can either configure all the monitoring times or none at all.
You made allowances for the technological requirements in your configuration of monitoring
times.
The monitoring times are described in detail below.
● Maximum cycle time extension
– Cycle time extension: The time during the update in which neither OB 1 nor any other
OBs up to priority class 15 are executed. "Normal" cycle time monitoring is disabled
within this time span.
– Max. cycle time extension: The maximum permissible cycle time extension configured
by the user.
● Maximum communication delay
– Communication delay: The time span during the update during which no
communication functions are processed. Note: The master CPU, however, maintains
all existing communication links.
– Maximum communication delay: The maximum permissible communication delay
configured by the user.
● Maximum inhibit time for priority classes > 15
– Inhibit time for priority classes > 15: The time span during an update during which no
OBs (and thus no user program) are executed nor any I/O updates are implemented.
– Maximum inhibit time for priority classes > 15: The maximum permissible inhibit time
for priority classes > 15 configured by the user.
● Minimum I/O retention time:
This represents the interval between copying of the outputs from the master CPU to the
standby CPU, and the time of the transition to the redundant system mode or
master/standby changeover (time at which the previous master CPU goes into STOP and
the new master CPU goes into RUN). Both CPUs control the outputs within this period, in
order to prevent the I/O from going down when the system performs an update with
master/standby changeover.
S7-400H
System Manual, 07/2014, A5E00267695-13 149
Link-up and update
12.4 Time monitoring
The minimum I/O retention time is of particular importance when updating with
master/standby changeover. If you set the minimum I/O retention time to 0, the outputs
could possibly shut down when you modify the system during operation.
The monitoring start times are indicated in the highlighted boxes in Figure 12-2. These times
expire when the system enters the redundant system mode or when there is a
master/standby changeover, i.e. on the transition of the new master to RUN when the update
is completed.
The figure below provides an overview of the relevant update times.
S7-400H
150 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.4 Time monitoring
Response to time-outs
If one of the times monitored exceeds the configured maximum value, the following
procedure is started:
1. Cancel update
2. Fault-tolerant system remains in standalone mode, with the previous master CPU in RUN
3. Cause of cancelation is entered in diagnostic buffer
4. Call OB 72 (with corresponding start information)
The standby CPU then reevaluates its system data blocks.
Then, but after at least one minute, the CPU tries again to perform the link-up and update. If
still unsuccessful after a total of 10 retries, the CPU abandons the attempt. You yourself will
then need to start the link-up and update again.
A monitoring timeout can be caused by:
● High interrupt load (e.g. from I/O modules)
● High communication load causing prolonged execution times for active functions
● In the final update phase, the system needs to copy large amounts of data to the
standby CPU.
S7-400H
System Manual, 07/2014, A5E00267695-13 151
Link-up and update
12.4 Time monitoring
As a simple approximation, we can interpret the maximum inhibit time to be configured for
priority classes > 15 as a function of the data volume in the work memory. The volume of
code in the work memory is irrelevant.
Note
The monitoring times determined by STEP 7 or by using formulas merely represent
recommended values.
These times are based on a fault-tolerant system with two communication peers and an
average communication load.
Your system profile may differ considerably from those scenarios, therefore the following
rules must be observed.
● The cycle time extension factor may increase sharply at a high communication load.
● Any modification of the system in operation may lead to a significant increase in cycle
times.
● Any increase in the number of programs executed in priority classes > 15 (in particular
processing of communication blocks) automatically increases the communication delay
and cycle time extension.
● You can even undercut the calculated monitoring times in small plants with high-
performance requirements.
S7-400H
152 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.4 Time monitoring
Figure 12-5 Correlation between the minimum I/O retention time and the maximum inhibit time for
priority classes > 15
S7-400H
System Manual, 07/2014, A5E00267695-13 153
Link-up and update
12.4 Time monitoring
Calculating the maximum inhibit time for priority classes > 15 (TP15)
The maximum inhibit time for priority classes > 15 is determined by 4 main factors:
● As shown in Figure 12–2, all the contents of data blocks modified since last copied to the
standby CPU are once again transferred to the standby CPU on completion of the
update. The number and structure of the DBs you write to in the high-priority classes is a
decisive factor in the duration of this operation, and thus in the maximum inhibit time for
priority classes > 15. Relevant information is available in the remedies described below.
● In the final update phase, all OBs are either delayed or inhibited. To avoid any
unnecessary extension of the maximum inhibit time for priority classes > 15 due to
unfavorable programming, you should always process the time-critical I/O components in
a selected cyclic interrupt. This is particularly relevant in fail-safe user programs. You can
define this cyclic interrupt in your configuration. It is then executed again right after the
start of the maximum inhibit time for priority classes > 15, provided you have assigned it a
priority class > 15.
● In link-up and update operations with master/standby changeover (see section Link-up
sequence (Page 141)), you also need to changeover the active communication channel
on the switched DP slaves and switched IO devices on completion of the update. This
operation prolongs the time within which valid values can neither be read nor output. How
long this process takes is determined by your hardware configuration.
● The technological conditions in your process also decide how long an I/O update can be
delayed. This is particularly important in time-monitored processes in fail-safe systems.
Note
For details, refer to the S7-400F and S7-400FH Automation Systems and S7-300
Automation Systems, Fail-safe Signal Modules manuals. This applies in particular to the
internal execution times of fail-safe modules.
1. Based on the bus parameters in STEP 7, for each DP master system you must define:
– TTR for the DP master system
– DP changeover time (referred to below as TDP_UM)
2. For each IO subsystem from the STEP 7 configuration,
– define the maximum update time of the IO subsystem (as of herewith named Tmax_Akt)
– PN changeover time (as of herewith named TPN_UM)
3. Based on the technical data of the switched DP slaves, define for each DP master
system:
– The maximum changeover time of the active communication channel
(referred to below as TSLAVE_UM).
4. Based on the technical specifications of the switched PN devices, determine the following
for each IO subsystem:
– the maximum changeover time of the active communication channel (as of herewith
named TDevice_UM) for each DP master system.
S7-400H
154 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.4 Time monitoring
Note
If TP15(DP master system) < 0 or TP15(IO subsystem) < 0, stop the calculation here.
Possible remedies are shown below the following example calculation. Make appropriate
changes and then restart the calculation at 1.
9. Select the minimum of all TP15 (DP master system, IO subsystem) values.
This time is then known as TP15_HW.
10.Define the share of the maximum inhibit time for I/O classes > 15 determined by the
minimum I/O retention time (TP15_OD):
TP15_OD = 50 ms + min. I/O retention time [2]
Note
If TP15_OD > TP15_HW, stop the calculation here. Possible remedies are shown below the
following example calculation. Make appropriate changes and then restart the calculation
at 1.
11.Using the information in Chapter Performance values for link-up and update
(Page 159), calculate the share of the maximum inhibit time for priority classes > 15 that
is required by the user program (TP15_AWP).
Note
If TP15_AWP > TP15_HW, stop the calculation here. Possible remedies are shown below the
following example calculation. Make appropriate changes and then restart the calculation
at 1.
12.The recommended value for the maximum inhibit time for priority classes > 15 is now
obtained from:
TP15 = MAX (TP15_AWP, TP15_OD) [3]
S7-400H
System Manual, 07/2014, A5E00267695-13 155
Link-up and update
12.4 Time monitoring
S7-400H
156 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.4 Time monitoring
S7-400H
System Manual, 07/2014, A5E00267695-13 157
Link-up and update
12.4 Time monitoring
● If you do not expect any significant load caused by interrupts or parameter assignments
in the various DP master systems, you can also reduce the calculated TTR times by
around 20% to 30%. However, this increases the risk of a station failure in the distributed
I/O.
● The time value TP15_AWP represents a guideline and depends on your program structure.
You can reduce it by taking the following measures, for example:
– Save data that changes often in different DBs than data that does not change as
often.
– Specify a smaller DB sizes in the work memory.
If you reduce the time TP15_AWP without taking the measures described, you run the risk that
the update operation will be canceled due to a monitoring timeout.
S7-400H
158 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.4 Time monitoring
User program share TP15_AWP of the maximum inhibit time for priority classes > 15
The user program share TP15_AWP of the maximum inhibit time for priority classes > 15 can be
calculated using the following formula:
TP15_AWP in ms = 0.7 x size of DBs in work memory in KB + 75
The table below shows the derived times for some typical values in work memory data.
S7-400H
System Manual, 07/2014, A5E00267695-13 159
Link-up and update
12.4 Time monitoring
CAUTION
The update delay increases the time of standalone mode operation of the fault-tolerant
system.
S7-400H
160 System Manual, 07/2014, A5E00267695-13
Link-up and update
12.5 Special features in link-up and update operations
S7-400H
System Manual, 07/2014, A5E00267695-13 161
Link-up and update
12.5 Special features in link-up and update operations
S7-400H
162 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H 13
This section provides an overview of the different I/O installations in the S7-400H automation
system and their availability. It also provides information on configuration and programming
of the selected I/O installation.
13.1 Introduction
Configuration Availability
Single-channel one-sided normal
Single-channel switched enhanced
System redundant enhanced
Dual-channel redundant high
A dual-channel redundant configuration at user level is also possible. You nevertheless need
to implement the high availability in the user program (see chapter Other options for
connecting redundant I/Os (Page 198)).
Addressing
No matter whether you are using a single-channel one-sided or switched I/O, you always
access the I/O via the same address.
S7-400H
System Manual, 07/2014, A5E00267695-13 163
Using I/Os in S7–400H
13.1 Introduction
Note
PROFIBUS DP and PROFINET IO in combination
You can operate PROFINET IO devices as well as PROFIBUS DP stations on a fault-
tolerant CPU.
Note
Fail-safe signal modules
If you want to operate fail-safe modules redundantly at the PNIO interface, you require the
optional package S7 F Systems as of V6.1 SP1.
S7-400H
164 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.2 Using single-channel, one-sided I/Os
S7-400H
System Manual, 07/2014, A5E00267695-13 165
Using I/Os in S7–400H
13.2 Using single-channel, one-sided I/Os
Note
The user program also has to update the process image for single-channel, one-sided output
modules when the system is in standalone mode (direct access, for example). If you use
process image partitions, the user program must update them (SFC 27 "UPDAT_PO") in OB
72 (recovery of redundancy). The system would otherwise first output old values on the
single-channel one-sided output modules of the standby CPU when the system changes to
redundant mode.
S7-400H
166 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.3 Using single-channel switched I/O
Figure 13-1 Single-channel switched distributed I/O configuration at the PROFIBUS DP interface
You can use the following interfaces for the I/O configuration at the PROFIBUS DP interface:
Table 13- 1 Interfaces for use of single-channel switched I/O configuration at the PROFIBUS DP
interface
Each S7–400H subsystem is interconnected with one of the two DP slave interfaces of the
ET 200M via a DP master interface.
PROFIBUS PA can be connected to a redundant system via a DP/PA link.
S7-400H
System Manual, 07/2014, A5E00267695-13 167
Using I/Os in S7–400H
13.3 Using single-channel switched I/O
Rule
A single-channel switched I/O configuration must always be symmetrical.
● This means, the fault-tolerant CPU and other DP masters must be installed in the same
slots in both subsystems (e.g. slot 4 in both subsystems)
● or the DP masters must be connected to the same integrated interface in both
subsystems (e.g. to the PROFIBUS DP interfaces of both fault-tolerant CPUs).
Figure 13-2 Single-channel switched distributed I/O configuration at the PROFINET interface
Each S7–400H subsystem is interconnected (via a PROFINET interface) separately with the
PROFINET interface of the ET 200M. Refer to chapter System redundancy (Page 99).
S7-400H
168 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.3 Using single-channel switched I/O
You can use the following interface for the I/O configuration at the PROFINET interface:
Table 13- 2 Interface for use of single-channel switched I/O configuration at the PROFINET interface
S7-400H
System Manual, 07/2014, A5E00267695-13 169
Using I/Os in S7–400H
13.3 Using single-channel switched I/O
If one channel has already failed, and the remaining (active) channel also fails, then there is
a complete station failure. This starts OB 86 (event W#16#39C4).
Note
If the DP master interface module can detect failure of the entire DP master system (due to
short-circuit, for example), it reports only this event ("Master system failure entering state"
W#16#39C3). The operating system no longer reports individual station failures. This feature
can be used to accelerate the changeover between the active and passive channel.
Note
When using fail-safe modules, always set a monitoring time for each fail-safe module that is
longer than the changeover time of the active channel in the fault-tolerant system. If you
ignore this rule, you risk failure of the fail-safe modules during the changeover of the active
channel.
Note
The above calculation also includes the processing time in OB 70 or OB 86. Make sure that
the processing time for a DP or PNIO station is no longer than 1 ms. In situations requiring
extensive processing, exclude this processing from direct execution of the OBs mentioned.
Note that the CPU can only detect a signal change if the signal duration is greater than the
specified changeover time.
When there is a changeover of the entire DP master system, the changeover time of the
slowest component applies to all DP components. A DP/PA link or Y link usually determines
the changeover time and the associated minimum signal duration. We therefore recommend
that you connect DP/PA and Y links to a separate DP master system.
When using fail-safe modules, always set a monitoring time for each fail-safe module that is
longer than the changeover time of the active channel in the fault-tolerant system. If you
ignore this, you risk failure of the fail-safe modules during the changeover of the active
channel.
S7-400H
170 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Note
PROFINET
The use of redundant I/O at the PROFINET interface is not possible.
S7-400H
System Manual, 07/2014, A5E00267695-13 171
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Configurations
The following redundant I/O configurations are supported:
1. Redundant signal modules in the central and expansion devices
For this purpose, the signal modules are installed in pairs in the CPU 0 and CPU 1
subsystems. Redundant I/O in central and expansion devices
S7-400H
172 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
S7-400H
System Manual, 07/2014, A5E00267695-13 173
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
S7-400H
174 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Note
Channel and channel group
Depending on the module, a channel group contains a single channel, a group of several
channels, or all channels of the module. You can therefore operate all modules with
redundancy capability in channel group-specific redundancy mode.
An up-to-date list of modules with redundancy capability can be found in section Signal
modules for redundancy (Page 179).
S7-400H
System Manual, 07/2014, A5E00267695-13 175
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Note
Operating redundant modules
When you are operating signal modules for the first time, use channel group-specific
redundancy with the blocks in the "Redundant IO CGP V50" library. This ensures maximum
flexibility when using redundant modules.
The "Functional I/O redundancy" block libraries that support the redundant I/O each contain
the following blocks:
● FC 450 "RED_INIT": Initialization function
● FC 451 "RED_DEPA": Initiate depassivation
● FB 450 "RED_IN": Function block for reading redundant inputs
● FB 451 "RED_OUT": Function block for controlling redundant outputs
● FB 452 "RED_DIAG": Function block for diagnostics of redundant I/O
● FB 453 "RED_STATUS": Function block for redundancy status information
Configure the numbers of the management data blocks for the redundant I/O in HW Config
"Properties CPU -> H Parameter". Assign free DB numbers to these data blocks. The data
blocks are created by FC 450 "RED_INIT" during CPU startup. The default setting for the
numbers of the management data blocks is 1 and 2. These data blocks are not the instance
data blocks of FB 450 "RED_IN" or FB 451 "RED_OUT".
You can open the libraries in the SIMATIC Manager with "File -> Open -> Libraries"
The functions and use of the blocks are described in the corresponding online help.
Note
Blocks from different libraries
Always use blocks from a single library. Simultaneous use of blocks from different libraries is
not permitted.
If you wish to replace one of the earlier libraries Redundant IO (V1) or Redundant IO CGP
with the Redundant IO CGP V5.0, you must first of all edit your user program accordingly.
Refer to the context-sensitive block help or the STEP 7 Readme for more information.
S7-400H
176 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Block OB
FC 450 "RED_INIT" • OB 72 "CPU redundancy error" (only with fault-tolerant systems)
FC 450 is only executed after the start event B#16#33:"Standby-
master changeover by operator"
• OB 80 "Timeout error" (only in standalone mode)
FC 450 is only executed after the start event "Resume RUN after
reconfiguring"
• OB 100 "Restart" (the administration DBs are recreated, see the
online help)
• OB 102 "Cold restart"
FC 451 "RED_DEPA" • OB 83 "insert/remove module interrupt" or OB 85"Program
execution error"
If you call FC 451 in OB 83 while inserting modules, or in OB 85
by means of outgoing interrupt, depassivation is delayed by 3
seconds.
• OB 1 "Cyclic program" and/or OB 30 to 38 "cyclic interrupt"
You must also call FC 451 conditionally in OB1 or OB 30 to 38
after having eliminated the malfunction, for example, with a user
acknowledgment. The FC 451 only depassivates modules in the
corresponding process image partition.
Depassivation is delayed by 10 seconds with Version 3.5 or higher of
FB 450 "RED_IN" in the library "Redundant IO MGP" and Version 5.8
or higher of FB 450 "RED_IN" in the library "Redundant IO CGP"
V50.
FB 450 "RED_IN" • OB 1 "Cyclic program"
• OB 30 to OB 38 "Cyclic interrupt"
FB 451 "RED_OUT" • OB 1 "Cyclic program"
• OB 30 to OB 38 "Cyclic interrupt"
S7-400H
System Manual, 07/2014, A5E00267695-13 177
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Block OB
FB 452 "RED_DIAG" • OB 72 "CPU redundancy error"
• OB 82 "Diagnostic interrupt"
• OB 83 "Swapping interrupt"
• OB 85 "Program execution error"
FB 453 "RED_STATUS" • OB 1 "Cyclic program" (fault-tolerant systems only)
• OB 30 to OB 38 "Cyclic interrupt"
To be able to address redundant modules using process image partitions in cyclic interrupts,
the relevant process image partition must be assigned to this pair of modules and to the
cyclic interrupt. Call FB 450 "RED_IN" in this cyclic interrupt before you call the user
program. Call FB 451 "RED_OUT" in this cyclic interrupt after you call the user program.
The valid values that can be processed by the user program are always located at the lower
address of both redundant modules. This means that only the lower address can be used for
the application; the values of the higher address are not relevant for the application.
Note
Use of FB 450 "RED_IN" and 451 "RED_OUT" when using process image partitions
For each priority class used (OB 1, OB 30 ... OB 38), you must use a separate process
image partition.
S7-400H
178 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Note
System modifications during operation are also supported with redundant I/O. You are
not permitted to change the parameter settings for a redundant module per SFC.
Note
Always switch off power to the station or rack before you remove a redundant digital input
module that does not support diagnostics functions and is not passivated. You might
otherwise passivate the wrong module. This procedure is necessary, for example, when
replacing the front connector of a redundant module.
Redundant modules must be in the process image of the inputs or outputs. Redundant
modules are always accessed using the process image.
When using redundant modules, select the "Cycle/Clock Memory" tab from "HW Config -
> Properties CPU 41x-H" and set the following:
"OB 85 call on I/O area access error > Only incoming and outgoing errors"
S7-400H
System Manual, 07/2014, A5E00267695-13 179
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Take into account that you can only use modules of the same product version and same
firmware version as redundant pairs.
You achieve this by connecting a resistor across the encoder. Its value
depends on the type of switch and usually ranges between 6800 and 8200
ohms for contacts.
You achieve this by connecting a resistor across the encoder. Its value
depends on the type of switch and usually ranges between 6800 and 8200
ohms for contacts.
S7-400H
180 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
S7-400H
System Manual, 07/2014, A5E00267695-13 181
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
S7-400H
182 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
S7-400H
System Manual, 07/2014, A5E00267695-13 183
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
S7-400H
184 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
S7-400H
System Manual, 07/2014, A5E00267695-13 185
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Note
You need to install the F ConfigurationPack for F modules.
The F ConfigurationPack can be downloaded free of charge from the Internet.
You can get it from Customer Support at:
http://www.siemens.com/automation/service&support.
S7-400H
186 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Note
The time that the system actually needs to determine a discrepancy depends on various
factors: Bus delay times, cycle and call times in the user program, conversion times, etc.
Redundant input signals can therefore be different for a longer period than the configured
discrepancy time.
Figure 13-7 Fault-tolerant digital input module in 1-out-of-2 configuration with one encoder
S7-400H
System Manual, 07/2014, A5E00267695-13 187
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
You will find interconnection examples in Appendix Connection examples for redundant I/Os
(Page 433).
Note
Remember that the proximity switches (Beros) must provide the current for the channels of
both digital input modules. The technical data of the respective modules, however, specify
only the required current per input.
Figure 13-8 Fault-tolerant digital input modules in 1-out-of-2 configuration with two encoders
The use of redundant encoders also increases their availability. A discrepancy analysis
detects all errors, except for the failure of a non-redundant load voltage supply. You can
enhance availability by installing redundant load power supplies.
You will find interconnection examples in Appendix Connection examples for redundant I/Os
(Page 433).
S7-400H
188 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
The digital output modules must be connected to a common load voltage supply.
You will find interconnection examples in Appendix Connection examples for redundant I/Os
(Page 433).
S7-400H
System Manual, 07/2014, A5E00267695-13 189
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Note
The time that the system actually needs to determine a discrepancy depends on various
factors: Bus delay times, cycle and call times in the user program, conversion times, etc.
Redundant input signals can therefore be different for a longer period than the configured
discrepancy time.
S7-400H
190 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Note
There is no discrepancy analysis when a channel reports an overflow with 16#7FFF or an
underflow with 16#8000. The relevant module/channel is passivated immediately.
You should therefore disable all unused inputs in HW Config using the "Measurement type"
parameter.
Figure 13-10 Fault-tolerant analog input modules in 1-out-of-2 configuration with one encoder
Remember the following when connecting an encoder to multiple analog input modules:
● Connect the analog input modules in parallel for voltage sensors (left in figure).
● You can convert a current into voltage using an external load to be able to use voltage
analog input modules connected in parallel (center in the figure).
● 2-wire transmitters are powered externally to allow you to repair the module online.
The redundancy of the fail-safe analog input modules enhances their availability.
You will find interconnection examples in Appendix Connection examples for redundant I/Os
(Page 433).
S7-400H
System Manual, 07/2014, A5E00267695-13 191
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
● Suitable encoder types are active 4-wire and passive 2-wire transmitters with output
ranges +/-20 mA, 0...20 mA, and 4...20 mA. 2-wire transmitters are powered by an
external auxiliary voltage.
● Criteria for the selection of resistance and input voltage range are the measurement
accuracy, number format, maximum resolution and possible diagnostics.
● In addition to the options listed, other input resistance and voltage combinations
according to Ohm’s law are also possible. Note, however, that such combinations may
lead to loss of the number format, diagnostics function and resolution. The measurement
error also depends largely on the size of the measure resistance of certain modules.
● Use a measure resistance with a tolerance of +/- 0.1% and TC 15 ppm.
The listed measuring error results solely from the interconnection of one or two voltage
inputs with a measure resistance. Allowance has neither been made here for the tolerance
nor for the basic/operational limits of the modules.
The measuring error for one or two inputs shows the difference in the measurement result
depending on whether two inputs or, in case of error, only one input acquires the current of
the transmitter.
AI 8x16bit 6ES7 331–7NF00–0AB0
● Use a 250 ohm resistor to map the current on a voltage:
S7-400H
192 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
S7-400H
System Manual, 07/2014, A5E00267695-13 193
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
● The 4-wire transmitters used must be capable of driving the load resulting from the circuit
above. You will find details in the technical specifications of the individual modules.
● When connecting up 2-wire transmitters, note that the Zener diode circuit weighs heavily
in the power budget of the transmitter. The required input voltages are therefore included
in the technical specifications of the individual modules. Together with the inherent supply
specified on the transmitter data sheet, the minimum supply voltage is calculated to L+ >
Ue-2w + UIS-TR
Figure 13-11 Fault-tolerant analog input modules in 1-out-of-2 configuration with two encoders
S7-400H
194 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Note
The output value drops briefly to half, and after the reaction in the program it is returned to
the proper value. The duration of the output value drop is determined by the following time
intervals:
• Time interval between the initial occurrence of an interrupt and the interrupt report
reaching the CPU.
• Time interval until the next FB 453 call.
• Time interval until the intact analog output module has doubled the output value.
S7-400H
System Manual, 07/2014, A5E00267695-13 195
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Note
If both channels of a channel pair were passivated (e.g. by OB 85), the respective half of the
current value is still output to both storage locations in the process image of outputs. If one
channel is depassivated, then the full value is output on the available channel. If this is not
required, a substitute value must be written to the lower channels of both modules prior to
executing FB 451 "RED_OUT".
Depassivation of modules
Passivated modules are depassivated by the following events:
● When the fault-tolerant system starts up
● When the fault-tolerant system changes over to "redundant" mode
● After system modifications during operation
● If you call FC 451 "RED_DEPA" and at least one redundant channel or module is
passivated.
The depassivation is executed in FB 450 "RED IN" after one of these events has occurred.
Completion of the depassivation of all modules is logged in the diagnostic buffer.
Note
When a redundant module is assigned a process image partition and the corresponding OB
is not available on the CPU, the complete passivation process may take approximately 1
minute.
S7-400H
196 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.4 Connecting redundant I/O to the PROFIBUS DP interface
Procedure
First, determine the passivation status by evaluating the status byte in the status/control
word "FB_RED_IN.STATUS_CONTROL_W". If you see that one or more modules have
been passivated, determine the status of the respective module pairs in
MODUL_STATUS_WORD.
S7-400H
System Manual, 07/2014, A5E00267695-13 197
Using I/Os in S7–400H
13.5 Other options for connecting redundant I/Os
Configurations
The following redundant I/O configurations are supported:
1. Redundant configuration with one-sided central and/or distributed I/O.
For this purpose, one signal module each is inserted into the CPU 0 and CPU 1
subsystems.
2. Redundant configuration with switched I/O
One signal module each is inserted into two ET 200M distributed I/O devices with active
backplane bus.
Note
When using redundant I/O, you may need to add time to the calculated monitoring times; see
section Determining the monitoring times (Page 152)
S7-400H
198 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.5 Other options for connecting redundant I/Os
Note
It is not advisable to configure the input and output modules with the same logical
addresses. Otherwise, in addition to the logical address, you will also need to query the
type (input or output) of the defective module in OB 122.
The user program also has to update the process image for redundant one-sided output
modules when the system is in single mode (direct access, for example). If you use
process image partitions, the user program must update them (SFC 27 "UPDAT_PO") in
OB 72 (recovery of redundancy). The system would otherwise first output old values on
the single-channel one-sided output modules of the reserve CPU when the system
changes to redundant mode.
Note
The MODA and IOAE_BIT variables must also be valid outside OB 1 and OB 122. The
ATTEMPT2 variable, however, is used only in OB 1.
S7-400H
System Manual, 07/2014, A5E00267695-13 199
Using I/Os in S7–400H
13.5 Other options for connecting redundant I/Os
S7-400H
200 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.5 Other options for connecting redundant I/Os
Example in STL
The required elements of the user program (OB 1, OB 122) are listed below.
STL Description
NOP 0;
SET;
R ATTEMPT2; //Initialization
A MODA; //Read module A first?
JCN CMOB; //If not, continue with module B
CMOA: SET;
R IOAE_BIT; //Delete IOAE bit
L PID 8; //Read from CPU 0
A IOAE_BIT; //Was IOAE detected in OB 122?
JCN IOOK; //If not, process access OK
A ATTEMPT2; //Was this access the second attempt?
JC CMO0; //If yes, use substitute value
SET;
R MODA; //Do not read module A first any more
//in future
S ATTEMPT2;
CMOB: SET;
R IOAE_BIT; //Delete IOAE bit
L PID 12; //Read from CPU 1
A IOAE_BIT; //Was IOAE detected in OB 122?
JCN IOOK; //If not, process access OK
A ATTEMPT2; //Was this access the second attempt?
JC CMO0; //If yes, use substitute value
SET;
S MODA; //Read module A first again in future
S ATTEMPT2;
JU CMOA;
CMO0: L SUBS; //Substitute value
IOOK: //The value to be used is in ACCU1
S7-400H
System Manual, 07/2014, A5E00267695-13 201
Using I/Os in S7–400H
13.5 Other options for connecting redundant I/Os
STL Description
// Does module A cause IOAE?
L OB122_MEM_ADDR; //Relevant logical base address
L W#16#8;
== I; //Module A?
JCN M01; //If not, continue with M01
//IOAE during access to module A
SET;
= IOAE_BIT; //Set IOAE bit
JU CONT;
// Does module B cause an IOAE?
M01: NOP 0;
L OB122_MEM_ADDR; //Relevant logical start address
L W#16#C;
== I; //Module B?
JCN CONT; //If not, continue with CONT
//IOAE during access to module B
SET;
= IOAE_BIT; //Set IOAE bit
CONT: NOP 0;
Note
If you have made I/O modules redundant and have taken account of this in your program,
you may need to add an overhead to the calculated monitoring times so that no bumps occur
at output modules (in HW Config -> Properties CPU -> H Parameter).
An overhead is only required if you operate modules from the following table as redundant
modules.
S7-400H
202 System Manual, 07/2014, A5E00267695-13
Using I/Os in S7–400H
13.5 Other options for connecting redundant I/Os
S7-400H
System Manual, 07/2014, A5E00267695-13 203
Using I/Os in S7–400H
13.5 Other options for connecting redundant I/Os
S7-400H
204 System Manual, 07/2014, A5E00267695-13
Communication 14
14.1 Communication services
Overview
S7-400H
System Manual, 07/2014, A5E00267695-13 205
Communication
14.1 Communication services
Note
Communication via the PNIO interface
If you want to use the PNIO interface of the module for communication in plant operation,
you must also network this in Step 7 / HW Config / Netpro.
CPU Total number of Can be used for Reserved from the total number for
connection resources S7-H connections PG communication OP communication
412-5H PN/DP 48 46 1 1
414-5H PN/DP 64 62 1 1
416-5H PN/DP 96 62 1 1
417-5H PN/DP 120 62 1 1
Free S7 connections can be used for any of the above communication services.
Note
Communication service via the PROFIBUS DP interface
A fixed default timeout of 40 s is specified for communication services using S7 connection
resources. Reliable operation of those communication services at a low baud rate via
PROFIBUS DP interface can be ensured in configurations with a Ttr (Target Rotation Time)
< 20 s.
S7-400H
206 System Manual, 07/2014, A5E00267695-13
Communication
14.1 Communication services
14.1.2 PG communication
Properties
Programming device communication is used to exchange data between engineering stations
(PG, PC, for example) and SIMATIC modules which are capable of communication. This
service is available for MPI, PROFIBUS and Industrial Ethernet subnets. Routing between
subnets is also supported.
You can use the programming device communication for the following actions:
● Loading programs and configuration data
● Performing tests
● Evaluating diagnostic information
These functions are integrated in the operating system of SIMATIC S7 modules.
A CPU can maintain several simultaneous online connections to one or multiple
programming devices.
14.1.3 OP communication
Properties
OP communication is used to exchange data between HMI stations, such as WinCC, OP, TP
and SIMATIC modules which are capable of communication. This service is available for
MPI, PROFIBUS and Industrial Ethernet subnets.
You can use the OP communication for operator control, monitoring and alarms. These
functions are integrated in the operating system of SIMATIC S7 modules. A CPU can
maintain several simultaneous connections to one or several OPs.
14.1.4 S7 communication
Properties
A CPU can always act as a server or client in S7 Communication. A connection is configured
permanently. The following connections are possible:
● One-sided configured connections (for PUT/GET only)
● Two-side configured connections (for USEND, URCV, BSEND, BRCV, PUT, GET)
You can use S7 communication via integral interfaces (MPI/DP, PROFIBUS-DP,
PROFINET) and, if necessary, via additional communication processors (CP443-1 for
Industrial Ethernet, CP443-5 for PROFIBUS).
The S7-400 features integrated S7 communication services that allow the user program in
the controller to initiate reading and writing of data. The S7 communication functions are
S7-400H
System Manual, 07/2014, A5E00267695-13 207
Communication
14.1 Communication services
called via SFBs in the user program. These functions are independent of the specific
network, allowing you to program S7 communication over PROFINET, Industrial Ethernet,
PROFIBUS, or MPI.
S7 communication services provide the following options:
● During system configuration, you configure the connections used by the
S7 communication. These connections remain configured until you download a new
configuration.
● You can establish several connections to the same partner. The number of
communication partners accessible at any time is restricted to the number of connection
resources available.
● You can configure fault-tolerant S7 connections using the integrated PROFINET
interface.
Note
Downloading the connection configuration in RUN
When you load a modified connection configuration during operation, connections which
have been set up which are not affected by changes in the connection configuration may
also be aborted.
S7 communication allows you to transfer a block of up to 64 KB per call to the SFB. An S7-
400 transfers a maximum of 4 tags per block call.
S7-400H
208 System Manual, 07/2014, A5E00267695-13
Communication
14.1 Communication services
14.1.5 S7 routing
Properties
You can access your S7 stations beyond subnet boundaries using the programming device /
PC. You can use them for the following actions:
● Downloading user programs
● Downloading a hardware configurations
● Performing tests and diagnostics functions
Note
On a CPU used as intelligent slave the S7 routing function is only available if the DP
interface is activated. In STEP 7, check the Test, Commissioning, Routing check box in
the properties dialog of the DP interface. For more information, refer to the Programming
with STEP 7 manual, or directly to the STEP 7 Online Help
Requirements
● The network configuration does not exceed project limits.
● The modules have loaded the configuration data containing the latest "knowledge" of the
entire network configuration of the project.
Reason: All modules connected to the network gateway must receive routing information
which defines the paths to other subnets.
● In your network configuration, the PG/PC you want to use to set up a connection via
gateway must be assigned to the network to which it is physically connected.
● The CPU must set to master mode, or
● if the CPU is configured as a slave, the "Programming, status/modify or other PG
functions" check box
must be activated in the properties of the DP interface for the DP slave in STEP 7.
S7-400H
System Manual, 07/2014, A5E00267695-13 209
Communication
14.1 Communication services
S7-400H
210 System Manual, 07/2014, A5E00267695-13
Communication
14.1 Communication services
S7-400H
System Manual, 07/2014, A5E00267695-13 211
Communication
14.1 Communication services
Reference
● You can find additional information on configuring in STEP 7 in the Configuring Hardware
and Connections with STEP 7
(http://support.automation.siemens.com/WW/view/en/18652631) manual
● More basic information is available in the Communication with SIMATIC
(http://support.automation.siemens.com/WW/view/en/25074283)manual.
● For more information about the TeleService adapter, refer to the manual TS-Adapter
(http://support.automation.siemens.com/WW/view/en/20983182)
● For additional information about SFCs, refer to the Instructions list.
(http://support.automation.siemens.com/WW/view/en/44395684)
For more information, refer to the STEP 7 Online Help, or to the System and Standard
Functions (http://support.automation.siemens.com/WW/view/de/44240604/0/en) manual.
S7-400H
212 System Manual, 07/2014, A5E00267695-13
Communication
14.1 Communication services
Introduction
The S7-400 has a powerful timer system. You can synchronize this timer system using a
higher-level time generator, which will allow you to synchronize, trace, record, and archive
sequences.
Interfaces
Time synchronization is possible via every interface of the S7-400:
● MPI
You can configure the CPU as a time master or a time slave.
● PROFIBUS DP interface
You can configure the CPU as a time master or a time slave.
● PROFINET interface via Industrial Ethernet
Time synchronization using the NTP method; the CPU is the client.
Time synchronization using the SIMATIC method as master or slave
● Via the S7-400 backplane bus
You can configure the CPU as a time master or a time slave.
S7-400H
System Manual, 07/2014, A5E00267695-13 213
Communication
14.1 Communication services
Availability
S7-400H CPUs as of firmware version 6.0 support data set routing. The CPUs must also be
configured in this or a higher firmware version for this.
S7-400H
214 System Manual, 07/2014, A5E00267695-13
Communication
14.1 Communication services
See also
For more information on SIMATIC PDM, refer to the The Process Device Manager manual.
S7-400H
System Manual, 07/2014, A5E00267695-13 215
Communication
14.1 Communication services
Availability
S7-400H CPUs as of firmware version 6.0 support the SNMP network protocol. The CPUs
must also be configured in this or a higher firmware version for this.
Properties
SNMP (Simple Network Management Protocol) is the standardized protocol for diagnostics
of the Ethernet network infrastructure. In the office setting and in automation engineering,
devices from many different manufacturers support SNMP on the Ethernet. SNMP-based
applications can be operated on the same network in parallel to applications with
PROFINET.
Configuration of the SNMP OPC server is integrated in the STEP 7 Hardware Configuration
application. Already configured S7 modules from the STEP 7 project can be transferred
directly. As an alternative to STEP 7, you can also perform the configuration with the NCM
PC (included on the SIMATIC NET CD). All Ethernet devices can be detected by means of
their IP address and/or the SNMP protocol (SNMP V1) and transferred to the configuration.
Use the profile MIB_II_V10.
Applications based on SNMP can be operated on the same network at the same time as
applications with PROFINET.
Note
MAC addresses
During SNMP diagnostics, the following MAC addresses are shown for the ifPhysAddress
parameter as of FW V5.1:
Interface 1 (PN interface) = MAC address (specified on the front panel of the CPU)
Interface 2 (port 1) = MAC address + 1
Interface 3 (port 2) = MAC address + 2
Reference
For further information on the SNMP communication service and diagnostics with SNMP,
refer to the PROFINET System Description.
S7-400H
216 System Manual, 07/2014, A5E00267695-13
Communication
14.1 Communication services
Availability
S7-400H CPUs with firmware version 6.0 support "open communication over Industrial
Ethernet" (in short: open IE communication). The CPUs must also be configured accordingly
with this or a higher firmware version.
Functionality
The following services are available for open IE communication:
● Connection-oriented protocols:
Prior to data transmission connection-oriented protocols establish a logical connection to
the communication partner and close this again, if necessary, after transmission is
completed. Connection-oriented protocols are used when security is especially important
in data transmission. A physical cable can generally accommodate several logical
connections. The maximum job length is 32 KB.
The following connection-oriented protocols are supported for the FBs for open IE
communication:
– TCP to RFC 793
– ISO on TCP according to RFC 1006
Note
ISOonTCP
For data communication with third-party systems via RFC1006, the connection partner
must adhere to the maximum TPDU size (TPDU = Transfer Protocol Data Unit)
negotiated in the ISOonTCP connection establishment.
● Connectionless protocols:
Connectionless protocols operate without a logical connection. There is also no
establishing or terminating a connection to remote partner. Connectionless protocols
transfer the data unacknowledged and thus unsecured to the remote partner. The
maximum message frame length is 1472 bytes.
The following connectionless protocols are supported for the FBs for open
communication by means of Industrial Ethernet:
– UDP according to RFC 768
The single-cast and broadcast modes are supported.
S7-400H
System Manual, 07/2014, A5E00267695-13 217
Communication
14.1 Communication services
S7-400H
218 System Manual, 07/2014, A5E00267695-13
Communication
14.1 Communication services
Message frame CPU 41x-5H PN/DP CPU 41x-5H PN/DP with CP 443-1
TCP 32 KB -
ISO-on-TCP 32 KB 1452 bytes
UDP 1472 bytes -
"local_device_id" parameter for the connection description
Dev. ID 16#5 for CPU 0 16#0 for CPU 0
16#15 for CPU1 16#10 for CPU1
S7-400H
System Manual, 07/2014, A5E00267695-13 219
Communication
14.2 Basics and terminology of fault-tolerant communication
Connection diagnostics
In Step7, you can read detailed information on the configured connections by selecting
"Module state -> Communication -> Open communication over Industrial Ethernet".
Reference
For detailed information on the blocks described above, refer to the STEP 7 Online Help.
Overview
Increased demands on the availability of an overall system require increased reliability of the
communication systems, which means implementing redundant communication.
Below you will find an overview of the fundamentals and basic concepts which you ought to
know with regard to using fault-tolerant communications.
Fault-tolerant communication
Fault-tolerant communication is the deployment of S7 communication SFBs over fault-
tolerant S7 connections.
Fault-tolerant S7 connections need a redundant communication system.
S7-400H
220 System Manual, 07/2014, A5E00267695-13
Communication
14.2 Basics and terminology of fault-tolerant communication
Redundancy nodes
Redundancy nodes represent extreme reliability of communication between two fault-tolerant
systems. A system with multi-channel components is represented by redundancy nodes.
Redundancy nodes are independent when the failure of a component within the node does
not result in any reliability impairment in other nodes.
Even with fault-tolerant communication, only single errors/faults can be tolerated. If more
than one error occurs between communication endpoints, communication can no longer be
guaranteed.
Note
Generally speaking, "connection" in this manual means a "configured S7 connection". For
other types of connection, please refer to the SIMATIC NET NCM S7 for PROFIBUS and
SIMATIC NET NCM S7 for Industrial Ethernet manuals.
Fault-tolerant S7 connections
The requirement for higher availability with communication components (for example CPs
and buses) means that redundant communication connections are necessary between the
systems involved.
Unlike an S7 connection, a fault-tolerant S7 connection consists of at least two underlying
subconnections. From the user program, configuration and connection diagnostics
perspective, the fault-tolerant S7 connection with its underlying subconnections is
represented by exactly one ID (just like a standard S7 connection). Depending on the
configuration, it can consist of up to four subconnections, of which two are always
established (active) to maintain communication in the event of an error. The number of
subconnections depends on the possible alternative paths (see figure below) and is
S7-400H
System Manual, 07/2014, A5E00267695-13 221
Communication
14.2 Basics and terminology of fault-tolerant communication
Figure 14-6 Example that shows that the number of resulting partial connections depends on the
configuration
S7-400H
222 System Manual, 07/2014, A5E00267695-13
Communication
14.3 Usable networks
If the active subconnection fails, the already established second subconnection automatically
takes over communication.
Note
If you have configured several fault-tolerant S7 connections for a fault-tolerant station,
establishing them may take a considerable time. If the configured maximum communication
delay is set too short, link-up and updating is canceled and the redundant system mode is no
longer reached (see section Time monitoring (Page 149)).
Each CPU provides the connection resources according to its configuration, which means
that a CPU 417-5H that was configured as CPU 412-5H only provides the connection
resources of a CPU 412-5H.
S7-400H
System Manual, 07/2014, A5E00267695-13 223
Communication
14.4 Usable communication services
Configuration
S7 connections are configured in STEP 7.
Programming
All communication functions are supported for S7 communication on a fault-tolerant system.
The communication SFBs are used in STEP 7 to program communication.
S7-400H
224 System Manual, 07/2014, A5E00267695-13
Communication
14.5 Communication via S7 connections
Note
The START and STOP communication functions act on exactly one CPU or on all CPUs of
the fault-tolerant system (for more details refer to the System Software for S7-300/400,
System and Standard Functions Reference Manual).
Note
Downloading the connection configuration in RUN
If you download a connection configuration during operation, any established connections
could be canceled.
S7-400H
System Manual, 07/2014, A5E00267695-13 225
Communication
14.5 Communication via S7 connections
Availability
Availability is also enhanced by using a redundant plant bus instead of a simple bus (see
image below) for communication between a fault-tolerant system and a standard system.
Figure 14-7 Example of linking standard and fault-tolerant systems in a simple bus system
With this configuration and redundant operation, the fault-tolerant system is connected via
bus1 with the standard system. This applies no matter which CPU is the master CPU.
For linked fault-tolerant and standard systems, the availability of communication cannot be
improved by means of a dual electrical bus system. To be able to use the second bus
system as redundancy, a second S7 connection must be used and managed accordingly in
the user program (see next figure).
S7-400H
226 System Manual, 07/2014, A5E00267695-13
Communication
14.5 Communication via S7 connections
Figure 14-8 Example of linking standard and fault-tolerant systems in a redundant bus system
On a plant bus configured as duplex fiber-optic ring, communication between the partner
systems is maintained if the duplex fiber-optic cable breaks. The systems then communicate
as if they were connected to a bus system (linear structure); see following figure.
Figure 14-9 Example of linking of standard and fault-tolerant systems in a redundant ring
S7-400H
System Manual, 07/2014, A5E00267695-13 227
Communication
14.5 Communication via S7 connections
Response to failure
Duplex fiber-optic ring and bus system
Because S7 connections are used here (the connection ends at the CPU of the subsystem,
in this case CPUa1), an error in the fault-tolerant system (e.g. CPUa1 or CPa1) or in system
b (e.g. CP b) results in total failure of communication between the participating systems(see
previous figures).
There are no bus system-specific differences in the response to failure.
S7-400H
228 System Manual, 07/2014, A5E00267695-13
Communication
14.5 Communication via S7 connections
Availability
Availability can be enhanced by using a redundant plant bus and two separate CPs in a
standard system.
Redundant communication can also be operated with standard connections. For this two
separate S7 connections must be configured in the program in order to implement
connection redundancy. In the user program, both connections require the implementation of
monitoring functions in order to allow the detection of failures and to change over to the
standby connection.
The following figure shows such a configuration.
Figure 14-10 Example of redundancy with fault-tolerant systems and a redundant bus system with
redundant standard connections
Response to failure
Double errors in the fault-tolerant system (i.e. CPUa1 and CPa 2) or in the standard system
(CPb1 and CPb2), and single errors in the standard system (CPUb1) lead to a total failure of
communication between the systems involved (see previous figure).
S7-400H
System Manual, 07/2014, A5E00267695-13 229
Communication
14.5 Communication via S7 connections
Configuring connections
Redundant connections between the point-to-point CP and the fault-tolerant system are not
necessary.
S7-400H
230 System Manual, 07/2014, A5E00267695-13
Communication
14.5 Communication via S7 connections
Response to failure
Double errors in the fault-tolerant system (i.e. CPUa1 and IM153) and single errors in the
third-party system lead to a total failure of communication between the systems involved
(see previous figure).
The point-to-point CP can also be inserted centrally in "Fault-tolerant system a". However, in
this configuration even the failure of the CPU, for example, will cause a total failure of
communication.
Configuring connections
Redundant connections between the gateway CP and the single-channel system are not
required.
S7-400H
System Manual, 07/2014, A5E00267695-13 231
Communication
14.6 Communication via fault-tolerant S7 connections
The gateway CP is located on a PC system which has fault-tolerant connections to the fault-
tolerant system.
To configure fault-tolerant S7 connections between fault-tolerant system A and the gateway,
you first need to install S7-REDCONNECT on the gateway. The functions for preparing data
for their transfer via the single-channel link must be implemented in the user program.
For additional information, refer to the "Industrial Communications IK10" Catalog.
Requirement
The essential requirement for the configuration of fault-tolerant connections with STEP 7 is a
configured hardware installation.
The hardware configuration in both subsystems of a fault-tolerant system must be identical.
This applies in particular to the slots.
Depending on the network used, CPs can be used for fault-tolerant and fail-safe
communication, see Appendix Function modules and communication processors supported
by the S7-400H (Page 429)
S7-400H
232 System Manual, 07/2014, A5E00267695-13
Communication
14.6 Communication via fault-tolerant S7 connections
Only Industrial Ethernet with the ISO protocol or PROFIBUS without distributed I/O and ISO-
on-TCP as of version 6.0 is supported. Fault-tolerant S7 connections via Industrial Ethernet
with ISO-on-TCP are supported by the integrated PN interface and corresponding CPs. You
require a suitable CP for fault-tolerant S7 connections via Industrial Ethernet with ISO
protocol or via PROFIBUS. These connections are not possible via the internal PROFIBUS-
DP interface.
Only Industrial Ethernet is supported for connecting to PC stations using fault-tolerant S7
connections. To be able to use fault-tolerant S7 connections between a fault-tolerant system
and a PC, you must install the "S7-REDCONNECT" software package on the PC. The
software is part of the SIMATIC Net CD. Communication via ISO-on-TCP is also supported
as of version 8.1.2. Please refer to the product information on the SIMATIC NET PC
software to learn more about the CPs you can use at the PC end.
Communication combinations
The following table shows the possible combinations of fault-tolerant connections via
Industrial Ethernet.
PC station CP1623 as of V8.1.2 TCP CPU-PN interface TCP CPU 41xH V6 S7 fault
with TCP CP443-1 ( EX11/20 ) TCP CPU 41xH V6 tolerant
Simatic connection
Net CD via
ISOonTCP
PC station CP1623 as of V8.1.2 ISO CP443-1 ( EX11/20 ) ISO CPU 41xH V6 S7 fault
with ISO CP443-1 ( EX11/20 ) ISO CPU 41xH V4.5 tolerant
Simatic ISO CP443-1 ( EX11 ) ISO CPU 41xH V4.0 connection
Net CD ISO CP443-1 ( EX11 ) ISO CPU 41xH V3.0 via ISO
PC station CP1623 up to V7.x ISO CP443-1 ( EX11/20 ) ISO CPU 41xH V6 S7 fault
with ISO CP443-1 ( EX11/20 ) ISO CPU 41xH V4.5 tolerant
Simatic ISO CP443-1 ( EX11 ) ISO CPU 41xH V4.0 connection
Net CD ISO CP443-1 ( EX11 ) ISO CPU 41xH V3.0 via ISO
S7-400H
System Manual, 07/2014, A5E00267695-13 233
Communication
14.6 Communication via fault-tolerant S7 connections
Configuration
The availability of the system, including the communication, is set during configuration. Refer
to the STEP 7 documentation to find out how to configure connections.
Only S7 communication is used for fault-tolerant S7 connections. To set this up, open the
"New Connection" dialog box, then select "S7 Connection Fault-Tolerant" as the type.
The number of required redundant subconnections is determined by STEP 7 as a function of
the redundancy nodes. Up to four redundant connections can be generated, if supported by
the network. Higher redundancy cannot be achieved even by using more CPs.
In the "Properties - Connection" dialog box you can also modify specific properties of a fault-
tolerant connection if necessary. When using more than one CP, you can also route the
connections in this dialog box. This may be practical, because by default all connections are
routed initially through the first CP. If all the connections are busy there, any further
connections are routed via the second CP, etc.
You have to extend the monitoring time of the connection when you use long
synchronization cables.
Example: If you are operating 5 fault-tolerant S7 connections with a monitoring time of
500 ms and short synchronization cables (up to 10m) and want to convert to long
synchronization cables (10km), you must increase the monitoring time to 1000 ms.
To ensure CIR capability of the fault tolerant system, activate the option "Save connections
prior to loading" in Step7 Netpro.
Programming
Fault-tolerant communication can be implemented on the fault-tolerant CPU and is
implemented by means of S7 communication.
This is possible only within an S7 project/multiproject.
Fault-tolerant communication is programmed in STEP 7 by means of communication SFBs.
Those blocks can be used to transfer data on subnets (Industrial Ethernet, PROFIBUS). The
standard communication SFBs integrated into the operating system offer you the option of
acknowledged data transfer. In addition to data transfer, you can also use other
communication functions for controlling and monitoring the communication peer.
User programs written for S7 connections can also be run for fault-tolerant S7 connections
without program modification. Cable and connection redundancy has no effect on the user
program.
S7-400H
234 System Manual, 07/2014, A5E00267695-13
Communication
14.6 Communication via fault-tolerant S7 connections
Note
For information on programming the communication, refer to the STEP 7 documentation
(e.g. Programming with STEP 7).
The START and STOP communication functions act on exactly one CPU or on all CPUs of
the fault-tolerant system (for more details refer to the System Software for S7-300/400,
System and Standard Functions Reference Manual).
Any disruption of subconnections while communication jobs are active over fault-tolerant S7
connections leads to extended delay times.
Note
Downloading the connection configuration in RUN
If you download a connection configuration during operation, any established connections
could be canceled.
Availability
The easiest way to enhance availability between linked systems is to implement a redundant
plant bus, using a duplex fiber-optic ring or a dual electrical bus system. The connected
nodes may consist of simple standard components.
Availability can best be enhanced using a duplex fiber-optic ring. If the one of the multimode
fiber-optic cables breaks, communication between the systems involved is maintained. The
systems then communicate as if they were connected to a bus system (line). A ring topology
basically contains two redundant components and automatically forms a 1-out-of-2
redundancy node. A fiber-optic network can be set up as a line or star topology. However,
the line topology does not permit cable redundancy.
If one electrical cable segment fails, communication between the participating systems is
also upheld (1-out-of-2 redundancy).
The examples below illustrate the differences between the two variants.
Note
The number of connection resources required on the CPs depends on the network used.
If you implement a duplex fiber-optic ring (see figure below), two connection resources are
required per CP. In contrast, only one connection resource is required per CP if a double
electrical network (see figure after next) is used.
S7-400H
System Manual, 07/2014, A5E00267695-13 235
Communication
14.6 Communication via fault-tolerant S7 connections
Figure 14-14 Example of redundancy with fault-tolerant system and redundant ring
Figure 14-15 Example of redundancy with fault-tolerant system and redundant bus system
S7-400H
236 System Manual, 07/2014, A5E00267695-13
Communication
14.6 Communication via fault-tolerant S7 connections
You decide during configuration if the additional CPs are used to increase resources or
availability. This configuration is typically used to increase availability.
Note
Internal and external interface
Communication between fault-tolerant systems may only take place between internal
interfaces or external interfaces (CP). Communication between internal interface and CP is
not possible.
Response to failure
If a duplex fiber-optic ring is used, only a double error within a fault-tolerant system (e.g.
CPUa1 and CPa2 in one system) leads to total failure of communication between the
systems involved (see first figure).
If a double error (e.g. CPUa1 and CPb2) occurs in the first case of a redundant electrical bus
system (see second figure), this results in a total failure of communication between the
systems involved.
In the case of a redundant electrical bus system with CP redundancy (see third figure), only
a double error within a fault-tolerant system (e.g. CPUa1 and CPUa2) or a triple error (e.g.
CPUa1, CPa22, and bus2) will result in a total failure of communication between the systems
involved.
S7-400H
System Manual, 07/2014, A5E00267695-13 237
Communication
14.6 Communication via fault-tolerant S7 connections
Fault-tolerant S7 connections
Any disruption of subconnections while communication jobs are active over fault-tolerant S7
connections leads to extended delay times.
Availability
Availability can be enhanced by using a redundant plant bus and by using a fault-tolerant
CPU in a standard system.
If the communication peer is a fault-tolerant CPU, redundant connections can also be
configured, in contrast to systems with a standard CPU.
Note
Fault-tolerant connections use two connection resources on CP b1 for the redundant
connections. One connection resource each is occupied on CP a1 and CP a2 respectively.
In this case, the use of further CPs in the standard system only serves to increase the
resources.
Figure 14-17 Example of redundancy with fault-tolerant system and fault-tolerant CPU
Response to failure
Double errors in the fault-tolerant system (i.e. CPUa1 and CPa2) or single errors in a
standard system (CPUb1) lead to a total failure of communication between the systems
involved; see previous figure.
S7-400H
238 System Manual, 07/2014, A5E00267695-13
Communication
14.6 Communication via fault-tolerant S7 connections
Availability
PCs are not fault-tolerant due to their hardware and software characteristics. They can be
arranged redundantly within a system, however. The availability of such a PC (OS) system
and its data management is ensured by means of suitable software such as WinCC
Redundancy.
Communication takes place via fault-tolerant S7 connections.
The "S7-REDCONNECT" software package is required for fault-tolerant communication on a
PC. S7-REDCONNECT is used to connect a PC to a redundant bus system using one or two
CPs. The second CP is merely used to redundantly connect the PC to the bus system and
does not increase the availability of the PC. Always use the latest version of this software.
Only Industrial Ethernet is supported for connecting PC systems. The SIMATIC Net software
V 8.1.2 is required for connection via ISOonTCP. This corresponds to the configuration
TCP/RFC1006 at the PC end.
Note
The PROFINET MRP (Media Redundancy Protocol) for PROFINET ring topologies is not
supported by SIMATIC NET PC modules. System buses as optical two-fiber ring cannot be
operated with MRP.
Configuring connections
The PC must be engineered and configured as a SIMATIC PC station. Additional
configuration of fault-tolerant communication is not necessary at the PC end. The connection
configuration is uploaded from the STEP 7 project to the PC station.
You can find out how to use STEP 7 to integrate fault-tolerant S7 communication for a PC
into your OS system in the WinCC documentation.
S7-400H
System Manual, 07/2014, A5E00267695-13 239
Communication
14.6 Communication via fault-tolerant S7 connections
Figure 14-18 Example of redundancy with fault-tolerant system and redundant bus system
Figure 14-19 Example of redundancy with a fault-tolerant system, redundant bus system, and CP
redundancy on PC.
Response to failure
Double errors in the fault-tolerant system, e.g., CPUa1 and CPa2, or failure of the PC result
in a total failure of communication between the systems involved; see previous figures.
S7-400H
240 System Manual, 07/2014, A5E00267695-13
Communication
14.7 Communication performance
Operating range
In every automation system there is a linear operating range in which an increase in
communication load will also lead to an increase in data throughput. This then results in
reasonable response times which are acceptable for the automation task at hand.
A further increase in communication load will push data throughput into the saturation range.
Under certain conditions, the automation system therefore may no longer be capable of
processing the request volume within the response time demanded. Data throughput
reaches its maximum, and the reaction time rises exponentially; see the figures below.
Data throughput may even be reduced somewhat due to additional internal loads inside the
device.
S7-400H
System Manual, 07/2014, A5E00267695-13 241
Communication
14.7 Communication performance
Communication statistics
You can determine the distribution of the communication load across all connections of a
CPU or the redundant fault tolerant system via STEP 7 "Module state -> Communication
statistics".
S7-400H
242 System Manual, 07/2014, A5E00267695-13
Communication
14.7 Communication performance
S7-400H
System Manual, 07/2014, A5E00267695-13 243
Communication
14.8 General issues regarding communication
S7-400H
244 System Manual, 07/2014, A5E00267695-13
Communication
14.8 General issues regarding communication
OPC servers
When OPC is used to connect several HMI devices for your visualization tasks to a fault-
tolerant system, you should keep the number of OPC servers accessing the fault-tolerant
system as low as possible. OPC clients should address a shared OPC server, which then
fetches the data from the fault-tolerant system.
You can optimize data exchange by using WinCC and its client/server concept.
Various HMI devices of third-party vendors support the S7 communication protocol. You
should utilize this option.
S7-400H
System Manual, 07/2014, A5E00267695-13 245
Communication
14.8 General issues regarding communication
S7-400H
246 System Manual, 07/2014, A5E00267695-13
Configuring with STEP 7 15
This section provides an overview of fundamental issues you must observe when you
configure a fault-tolerant system.
The second section covers the PG functions in STEP 7.
For detailed information, refer to Configuring fault-tolerant systems in the basic help.
Note
OBs required
Always download these error OBs to the S7-400H CPU: OB 70, OB 72, OB 80, OB 82,
OB 83, OB 85, OB 86, OB 87, OB 88, OB 121 and OB 122. If you do not download these
OBs, the fault-tolerant system goes into STOP when an error occurs.
S7-400H
System Manual, 07/2014, A5E00267695-13 247
Configuring with STEP 7
15.1 Configuring with STEP 7
● Insert an external DP master interface for redundant DP master systems only into the
CPUs and not into the expansion devices.
● Redundantly used CPUs (e.g. CPU 41x-5H PN/DP) must be identical, i.e. they must have
the same order number, the same product version and firmware version. It is not the
marking on the front side is decisive for the product version, but the revision of the
"Hardware" component ("Module status" dialog mask) to be read using step 7.
● Redundantly used modules (e.g. DP slave interface module IM 153-2) must be identical,
i.e. they must have the same order number, the same product version and - if available -
the same firmware version.
Layout rules
● A fault-tolerant station may contain up to 20 expansion devices.
● Assign module racks with even numbers only to central rack 0, and racks with odd
numbers only to central rack 1.
● Modules with communication bus interface can be operated only in racks 0 through 6.
● Communication-bus capable modules are not permissible in switched I/O.
● Pay attention to the rack numbers for operation of CPs for fault-tolerant communication in
expansion devices:
The numbers must be directly sequential and begin with the even number, e.g. rack
numbers 2 and 3, but not rack numbers 3 and 4.
● A rack number is also assigned for DP master no. 9 onwards if the central rack contains
DP master modules. The number of possible expansion racks is reduced as a result.
Compliance with the rules is monitored automatically by STEP 7 and considered accordingly
during configuration.
S7-400H
248 System Manual, 07/2014, A5E00267695-13
Configuring with STEP 7
15.1 Configuring with STEP 7
Introduction
Assigning parameters to modules in a fault-tolerant station is no different from assigning
parameters to modules in S7-400 standard stations.
Procedure
All parameters of the redundant components (with the exception of MPI and communication
addresses) must be identical.
S7-400H
System Manual, 07/2014, A5E00267695-13 249
Configuring with STEP 7
15.1 Configuring with STEP 7
Note
The specific fault-tolerant CPU parameters, and thus also the monitoring times, are
calculated automatically. The work memory allocation of all data blocks is based on a CPU-
specific default value. If your fault-tolerant system does not link up, check the data memory
allocation (HW Config > CPU Properties > H Parameters > Work memory used for all data
blocks).
Note
A CP 443-5 Extended (order number 6GK7443–5DX03) may only be used for transfer rates
of up to 1.5 MBaud in an S7–400H or S7–400FH when a DP/PA or Y link is connected
(IM157, order number 6ES7157-0AA00-0XA0, 6ES7157-0AA80-0XA0, 6ES7157-0AA81-
0XA0). Remedy: see FAQ 11168943 in
Service & Support (http://www.siemens.com/automation/service&support)
S7-400H
250 System Manual, 07/2014, A5E00267695-13
Configuring with STEP 7
15.1 Configuring with STEP 7
● If only one DP master system is available (in practice usually fiber-optic cables), four
connecting paths are used for a connection between two fault-tolerant stations. All CPs
are in this subnet:
S7-400H
System Manual, 07/2014, A5E00267695-13 251
Configuring with STEP 7
15.2 Programming device functions in STEP 7
Communication functions
For programming device (PG) functions that establish online connections (e.g. downloading
and deleting blocks), one of the two CPUs has to be selected even if the function affects the
entire system over the redundant link.
● Data which is modified in one of the central processing units in redundant operation affect
the other CPUs over the redundant link.
● Data which is modified when there is no redundant link (i.e. in single mode) initially affects
only the processed CPU. The blocks are applied by the master CPU to the reserve CPU
during the next link-up and update. Exception: No new blocks are applied after changing
the configuration. Loading the blocks is then the responsibility of the user.
S7-400H
252 System Manual, 07/2014, A5E00267695-13
Failure and replacement of components during
operation 16
16.1 Failure and replacement of components during operation
One factor that is crucial to the uninterrupted operation of the fault-tolerant controller is the
replacement of failed components during operation. Quick repairs will recover fault-tolerant
redundancy.
We will show you in the following sections how simple and fast it can be to repair and
replace components in the S7-400H. Also refer to the tips in the corresponding sections of
the manual S7-400 Automation Systems, Installation
S7-400H
System Manual, 07/2014, A5E00267695-13 253
Failure and replacement of components during operation
16.2 Failure and replacement of components during operation
Note
New CPUs are always shipped with the latest operating system version. If this differs
from the version of the operating system of the remaining CPU, you will have to equip the
new CPU with the same version of the operating system. Either create an operating
system update card for the new CPU and use this to load the operating system on the
CPU or load the required operating system in HW Config with "PLC -> Update Firmware",
see section Updating the firmware without a memory card (Page 77).
Procedure
Follow the steps below to replace a CPU:
S7-400H
254 System Manual, 07/2014, A5E00267695-13
Failure and replacement of components during operation
16.2 Failure and replacement of components during operation
Procedure
Follow the steps below to replace the load memory:
Starting situation
Both CPUs are in RUN.
Procedure
Proceed as follows to replace a power supply module in the central rack:
S7-400H
System Manual, 07/2014, A5E00267695-13 255
Failure and replacement of components during operation
16.2 Failure and replacement of components during operation
Note
Redundant power supply
If you use a redundant power supply (PS 407 10A R), two power supply modules are
assigned to one fault-tolerant CPU. If a part of the redundant PS 407 10A R power supply
module fails, the associated CPU keeps on running. The defective part can be replaced
during operation.
Starting situation
Procedure
CAUTION
Note the different procedures.
Minor injury or damage to equipment is possible.
The procedure for replacing and input/output or function module differs for modules of the
S7-300 and S7-400.
Use the correct procedure when replacing a module. The correct procedure is described
below for the S7-300 and the S7-400.
S7-400H
256 System Manual, 07/2014, A5E00267695-13
Failure and replacement of components during operation
16.2 Failure and replacement of components during operation
To replace signal and function modules of an S7-300, perform the following steps:
To replace signal and function modules of an S7-400, perform the following steps:
S7-400H
System Manual, 07/2014, A5E00267695-13 257
Failure and replacement of components during operation
16.2 Failure and replacement of components during operation
Starting situation
Connection failed
• In communication via redundant connections:
Procedure
If you want to use a communication module that is already being used by another system,
you have to ensure that there are no parameter data saved in the module's integrated
FLASH-EPROM before you swap it.
Proceed as follows to replace a communication module for PROFIBUS or Industrial
Ethernet:
S7-400H
258 System Manual, 07/2014, A5E00267695-13
Failure and replacement of components during operation
16.2 Failure and replacement of components during operation
Starting situation
Procedure
Follow the steps below to replace a synchronization module or fiber-optic cable:
S7-400H
System Manual, 07/2014, A5E00267695-13 259
Failure and replacement of components during operation
16.2 Failure and replacement of components during operation
Note
If both fiber-optic cables or synchronization modules are damaged or replaced one after the
other, the system responses are the same as described above.
The only exception is that the reserve CPU does not change to STOP but instead requests a
memory reset.
Starting situation
S7-400H
260 System Manual, 07/2014, A5E00267695-13
Failure and replacement of components during operation
16.2 Failure and replacement of components during operation
Procedure
The double error described results in loss of redundancy. In this event proceed as follows:
S7-400H
System Manual, 07/2014, A5E00267695-13 261
Failure and replacement of components during operation
16.2 Failure and replacement of components during operation
Starting situation
Procedure
Follow the steps below to replace an interface module:
S7-400H
262 System Manual, 07/2014, A5E00267695-13
Failure and replacement of components during operation
16.3 Failure and replacement of components of the distributed I/Os
Note
Replacing I/O and function modules located in a distributed station is described in section
Failure and replacement of an input/output or function module (Page 256).
Starting situation
Procedure
Proceed as follows to replace a PROFIBUS DP master:
S7-400H
System Manual, 07/2014, A5E00267695-13 263
Failure and replacement of components during operation
16.3 Failure and replacement of components of the distributed I/Os
S7-400H
264 System Manual, 07/2014, A5E00267695-13
Failure and replacement of components during operation
16.3 Failure and replacement of components of the distributed I/Os
Starting situation
Replacement procedure
Proceed as follows to replace the PROFIBUS DP interface module:
S7-400H
System Manual, 07/2014, A5E00267695-13 265
Failure and replacement of components during operation
16.3 Failure and replacement of components of the distributed I/Os
Starting situation
Procedure
Proceed as follows to replace a DP slave:
Starting situation
S7-400H
266 System Manual, 07/2014, A5E00267695-13
Failure and replacement of components during operation
16.3 Failure and replacement of components of the distributed I/Os
Replacement procedure
Proceed as follows to replace PROFIBUS DP cables:
S7-400H
System Manual, 07/2014, A5E00267695-13 267
Failure and replacement of components during operation
16.3 Failure and replacement of components of the distributed I/Os
S7-400H
268 System Manual, 07/2014, A5E00267695-13
System modifications during operation 17
17.1 System modifications during operation
In addition to the options described in chapter Failure and replacement of components
during operation (Page 253) for replacing failed components during operation,
you can also make changes to the system in a fault-tolerant system without interrupting the
running program.
The procedure partially depends on whether you are working with your user software in PCS
7 or STEP 7.
The procedures described below for changes during operation are
designed so that you start with the redundant system mode (see chapter The system states
of the S7-400H (Page 117)) with the aim of returning to this mode when the procedures are
completed.
Note
Keep strictly to the rules described in this section with regard to modifications of the system
in runtime. If you contravene one or more rules, the response of the fault-tolerant system can
result in its availability being restricted or even failure of the entire automation system.
Only perform a system change in runtime when there is no redundancy error, i.e. when the
REDF LED is not lit. The automation system may otherwise fail.
The cause of a redundancy error is listed in the diagnostic buffer.
Safety-related components are not taken into account in this description. For more
information on dealing with fail-safe systems refer to the S7-400F and S7-400FH Automation
Systems manual.
S7-400H
System Manual, 07/2014, A5E00267695-13 269
System modifications during operation
17.2 Possible hardware modifications
WARNING
During a hardware modification, you can either remove or add modules. If you want to alter
your fault-tolerant system such that you remove modules and add others, you have to make
two hardware changes.
Note
Always download configuration changes to the CPU using the "Configure hardware" function.
Load memory data of both CPUs must be updated several times in the process. It is
therefore advisable to expand the integrated load memory with a RAM card (at least
temporarily).
You may only change the FLASH card to a RAM card as required for this if the FLASH card
has as much maximum storage space as the largest RAM card available. If you cannot
obtain a RAM card with a capacity to match the FLASH card memory space, split the
relevant configuration and program modifications into several smaller steps in order to
provide sufficient space in the integrated load memory.
Synchronization link
Whenever you make hardware modifications, make sure that the synchronization link
between the two CPUs is established before you start or turn on the reserve CPU. If the
power supply to the CPUs is on, the LEDs IFM1F and IFM2F that indicate errors on the
module interfaces on the two CPUs should go off.
If one of the IFM LEDs continues to be lit even after you have replaced the relevant
synchronization modules, the synchronization cables and even the reserve CPU, there is an
error in the master CPU. In this case, you can, however, switch to the reserve CPU by
selecting the "via only one intact redundancy link" option in the "Switch" STEP 7 dialog box.
S7-400H
270 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.2 Possible hardware modifications
Note
Always switch off power before you add or remove IM460 and IM461 interface modules,
external CP443-5 Extended DP master interface modules, and their connecting cables.
Note
No changes to the PROFINET interface at runtime
I/O components that are connected to a PROFINET interface as well as parameters of
the PROFINET interface cannot be modified during operation.
When you make any modifications, keep to the rules for the configuration of a fault-tolerant
station (see section Rules for the assembly of fault-tolerant stations (Page 31)).
S7-400H
System Manual, 07/2014, A5E00267695-13 271
System modifications during operation
17.2 Possible hardware modifications
● Modular DP slave stations (ET 200M), DP/PA links and Y links must always be installed
with an active backplane bus and fitted with all the bus modules required wherever
possible, because the bus modules cannot be installed and removed during operation.
● Always terminate both ends of PROFIBUS DP and PROFIBUS PA bus cables using
active bus terminating elements in order to ensure proper termination of the cables while
you are reconfiguring the system.
● PROFIBUS PA bus systems should be built up using components from the SpliTConnect
product range (see interactive catalog CA01) so that separation of the lines is not
required.
● Loaded data blocks must not be deleted and created again. In other words, SFC 22
(CREATE_DB) and SFC 23 (DEL_DB) may not be applied to DB numbers occupied by
loaded DBs.
● Always ensure that the current status of the user program is available as STEP 7 project
in block format at the PG/ES when you modify the system configuration. It is not enough
to upload the user program back from one of the CPUs to the PG/ES or to compile it
again from an STL source.
Note
After reloading connections/gateways, it is no longer possible to change from a RAM card to
a FLASH card.
S7-400H
272 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.3 Adding components in PCS 7
Special features
● Keep changes to a manageable extent. We recommend that you modify only one DP
master and/or a few DP slaves (e.g. no more than 5) per reconfiguration run.
● When using an IM 153-2, active bus modules can only be plugged in if the power supply
is off.
Note
Remember the following when using redundant I/O that you have implemented as one-
sided I/O at the user level (see section Other options for connecting redundant I/Os
(Page 198)):
Due to the link-up and update process carried out after a system modification, the I/O
data of the previous master CPU may be temporarily deleted from the process image
until all (changed) I/Os of the "new" master CPU are written to the process image.
During the first update of the process image after a system modification, you may
(incorrectly) have the impression that the redundant I/O has failed completely or that a
redundant I/O exists. So correct evaluation of the redundancy status is not possible until
the process image has been fully updated.
This does not apply for modules that have been enabled for redundant operation (see
section Connecting redundant I/O to the PROFIBUS DP interface (Page 171)).
Preparations
To minimize the time during which the fault-tolerant system has to run in single mode,
perform the following steps before making the hardware change:
● Check whether the CPUs provide sufficient memory capacity for the new configuration
data and user program. If necessary, first expand the memory configuration (see section
Changing the CPU memory configuration (Page 313)).
● Always ensure that plugged modules which are not configured yet do not have any
unwanted influence on the process.
Starting situation
You have verified that the CPU parameters (e.g. monitoring times) match the planned new
program. Adapt the CPU parameters first, if necessary (see section Editing CPU parameters
(Page 308)).
The fault-tolerant system is operating in redundant system mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 273
System modifications during operation
17.3 Adding components in PCS 7
Procedure
Carry out the steps listed below to add hardware components to a fault-tolerant system in
PCS 7. Details of each step are described in a subsection.
Exceptions
This procedure for system modification does not apply in the following cases:
● To use free channels on an existing module
● For adding interface modules (see section Adding interface modules in PCS 7
(Page 282))
Note
After changing the hardware configuration, it is downloaded practically automatically. This
means that you no longer need to perform the steps described in sections PCS 7, step 3:
Stopping the reserve CPU (Page 276) to PCS 7, step 6: Transition to redundant system
mode (Page 278). The system behavior remains unchanged as already described.
You will find more information in the HW Config online help, "Download to module ->
Download station configuration in RUN mode".
S7-400H
274 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.3 Adding components in PCS 7
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. Add the new components to the system.
– Plug new central modules into the racks.
– Plug new module into existing modular DP stations
– Add new DP stations to existing DP master systems.
Note
With switched I/O: Always complete all changes on one segment of the redundant DP
master system before you modify the next segment.
Result
The insertion of non-configured modules will have no effect on the user program. The same
applies to adding DP stations.
The fault-tolerant system continues to operate in redundant system mode.
New components are not yet addressed.
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. Perform all the modifications to the hardware configuration relating to the added hardware
offline. Assign appropriate icons to the new channels to be used.
2. Compile the new hardware configuration, but do not load it into the target system just yet.
Result
The modified hardware configuration is in the PG/ES. The target system continues operation
with the old configuration in redundant system mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 275
System modifications during operation
17.3 Adding components in PCS 7
Configuring connections
The interconnections with added CPs must be configured on both connection partners after
you complete the HW modification.
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, select the reserve CPU, then click "Stop".
Result
The reserve CPU switches to STOP mode, the master CPU remains in RUN mode, the fault-
tolerant system works in single mode. The one-sided I/O of the reserve CPU is no longer
addressed.
Although I/O access errors of the one-sided I/O will result in OB 85 being called, due to the
higher-priority CPU redundancy loss (OB 72) they will not be reported. OB 70 (I/O
redundancy loss) is not called.
S7-400H
276 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.3 Adding components in PCS 7
17.3.4 PCS 7, step 4: Loading a new hardware configuration in the reserve CPU
Starting situation
The fault-tolerant system is operating in single mode.
Procedure
Load the compiled hardware configuration in the reserve CPU that is in STOP mode.
Note
The user program and connection configuration cannot be downloaded in single mode.
Result
The new hardware configuration of the reserve CPU does not yet have an effect on ongoing
operation.
Starting situation
The modified hardware configuration is downloaded to the reserve CPU.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, click the "Switch to..." button.
In the "Switch" dialog box, select the "with altered configuration" option and click the
"Switch" button.
3. Acknowledge the prompt for confirmation with "OK".
Result
The reserve CPU links up, is updated (see chapter Link-up and update (Page 135)) and
becomes the master. The previous master CPU switches to STOP mode, the fault-tolerant
system operates with the new hardware configuration in single mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 277
System modifications during operation
17.3 Adding components in PCS 7
Starting situation
The fault-tolerant system is operating with the new hardware configuration in single mode.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. From the "Operating Mode" dialog box, select the reserve CPU, then click "Warm
Restart".
Result
The reserve CPU links up and is updated. The fault-tolerant system is operating with the new
hardware configuration in redundant system mode.
S7-400H
278 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.3 Adding components in PCS 7
Type of I/O One-sided I/O of reserve One-sided I/O of master Switched I/O
CPU CPU
Added I/O are given new parameter are updated by the CPU.
modules settings and updated by Driver blocks are not yet present. Process or
the CPU. diagnostic interrupts are detected, but are not
Driver blocks are not yet reported.
present. Any interrupts
occurring are not
reported.
I/O modules still are given new parameter continue operation without interruption.
present settings1) and updated by
the CPU.
Added DP stations as for added I/O modules Driver blocks are not yet present. Any interrupts
(see above) occurring are not reported.
1) Central modules are first reset. Output modules briefly output 0 during this time (instead of the
configured substitute or hold values).
Starting situation
The fault-tolerant system is operating with the new hardware configuration in redundant
system mode.
CAUTION
The following program modifications are not possible in redundant system mode and result
in the system mode Stop (both CPUs in STOP mode):
• Structural modifications to an FB interface or the FB instance data.
• Structural modifications to global DBs.
• Compression of the CFC user program.
Before the entire program is recompiled and reloaded due to such modifications the
parameter values must be read back into the CFC, otherwise the modifications to the block
parameters could be lost. You will find more detailed information on this topic in the CFC for
S7, Continuous Function Chart manual.
S7-400H
System Manual, 07/2014, A5E00267695-13 279
System modifications during operation
17.3 Adding components in PCS 7
Procedure
1. Adapt the program to the new hardware configuration. You can add the following
components:
– CFCs and SFCs
– Blocks in existing charts
– Connections and parameter settings
2. Assign parameters for the added channel drivers and interconnect them with the newly
assigned icons (see section PCS 7, step 2: Offline modification of the hardware
configuration (Page 275)).
3. In SIMATIC Manager, select the charts folder and choose the "Options > Charts >
Generate Module Drivers" menu command.
4. Compile only the modifications in the charts and download them to the target system.
5. Configure the interconnections for the new CPs on both communication partners and
download them to the target system.
Result
The fault-tolerant system processes the entire system hardware with the new user program
in redundant system mode.
Non-configurable modules
Free channels can be switched and used in the user program at any time in case of non-
configurable modules.
Configurable modules
The hardware configuration first has to be matched to the used sensors or actuators for
configurable modules. This step usually requires a new configuration of the entire module in
most cases.
This means an uninterrupted operation of the respective modules is no longer possible:
● One-sided output modules briefly output 0 during this time (instead of the configured
substitute or hold values).
● Modules in switched DP stations are not reconfigured when you switch over to the CPU
with the modified configuration.
S7-400H
280 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.3 Adding components in PCS 7
Note
The respective modules are not addressed between the two changeover steps (steps V
and 5); respective output modules output the value 0. The existing channel drivers in the
user program hold their signals.
If this behavior is unacceptable for the process to be controlled, there is no other way to
use previously free channels. In this case you must install additional modules to expand
the system.
S7-400H
System Manual, 07/2014, A5E00267695-13 281
System modifications during operation
17.3 Adding components in PCS 7
Procedure
1. Change the hardware configuration offline (see section PCS 7, step 2: Offline
modification of the hardware configuration (Page 275))
2. Stop the reserve CPU (see section PCS 7, step 3: Stopping the reserve CPU (Page 276))
3. Download the new hardware configuration to the reserve CPU (see section PCS 7, step
4: Loading a new hardware configuration in the reserve CPU (Page 277))
4. Proceed as follows to expand the subsystem of the present reserve CPU:
– Switch off the power supply of the reserve subsystem.
– Insert the new IM460 into the central unit, then establish the link to a new expansion
unit.
or
– Add a new expansion unit to an existing chain.
or
– Plug in the new external DP master interface, and set up a new DP master system.
– Switch on the power supply of the reserve subsystem again.
5. Switch to CPU with altered configuration (see section PCS 7, step 5: Switch to CPU with
modified configuration (Page 277))
6. Proceed as follows to expand the subsystem of the original master CPU (currently in
STOP mode):
– Switch off the power supply of the reserve subsystem.
– Insert the new IM460 into the central unit, then establish the link to a new expansion
unit.
or
– Add a new expansion unit to an existing chain.
or
– Plug in the new external DP master interface, and set up a new DP master system.
– Switch on the power supply of the reserve subsystem again.
7. Change to redundant system mode (see section PCS 7, step 6: Transition to redundant
system mode (Page 278))
8. Modify and download the user program (see section PCS 7, step 7: Editing and
downloading the user program (Page 279))
S7-400H
282 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.4 Removing components in PCS 7
Starting situation
You have verified that the CPU parameters (e.g. monitoring times) match the planned new
program. Adapt the CPU parameters first, if necessary (see section Editing CPU parameters
(Page 308)).
The modules to be removed and their connected sensors and actuators are no longer of any
significance to the process being controlled. The fault-tolerant system is operating in
redundant system mode.
Procedure
Carry out the steps listed below to remove hardware components from a fault-tolerant
system in PCS 7. Details of each step are described in a subsection.
Exceptions
This general procedure for system modifications does not apply to removing interface
modules (see section Removing interface modules in PCS 7 (Page 290)).
Note
After changing the hardware configuration, download takes place practically automatically.
This means that you no longer need to perform the steps described in sections PCS 7, step
3: Stopping the reserve CPU (Page 286) to PCS 7, step 6: Transition to redundant system
mode (Page 288). The system behavior remains as described.
You will find more information in the HW Config online help, "Download to module ->
Download station configuration in RUN mode".
S7-400H
System Manual, 07/2014, A5E00267695-13 283
System modifications during operation
17.4 Removing components in PCS 7
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. Perform offline only the configuration modifications relating to the hardware being
removed. As you do, delete the icons to the channels that are no longer used.
2. Compile the new hardware configuration, but do not load it into the target system just yet.
Result
The modified hardware configuration is in the PG/ES. The target system continues operation
with the old configuration in redundant system mode.
S7-400H
284 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.4 Removing components in PCS 7
Starting situation
The fault-tolerant system is operating in redundant system mode.
CAUTION
The following program modifications are not possible in redundant system mode and result
in the system mode Stop (both CPUs in STOP mode):
• Structural modifications to an FB interface or the FB instance data.
• Structural modifications to global DBs.
• Compression of the CFC user program.
Before the entire program is recompiled and reloaded due to such modifications the
parameter values must be read back into the CFC, otherwise the modifications to the block
parameters could be lost. You will find more detailed information on this topic in the CFC for
S7, Continuous Function Chart manual.
Procedure
1. Edit only the program elements related to the hardware removal. You can delete the
following components:
– CFCs and SFCs
– Blocks in existing charts
– Channel drivers, interconnections and parameter settings
2. In SIMATIC Manager, select the charts folder and choose the "Options > Charts >
Generate Module Drivers" menu command.
This removes the driver blocks that are no longer required.
3. Compile only the modifications in the charts and download them to the target system.
Note
Until an FC is called the first time, the value of its output is undefined. This must be taken
into account in the interconnection of the FC outputs.
Result
The fault-tolerant system continues to operate in redundant system mode. The modified user
program will no longer attempt to access the hardware being removed.
S7-400H
System Manual, 07/2014, A5E00267695-13 285
System modifications during operation
17.4 Removing components in PCS 7
Starting situation
The fault-tolerant system is operating in redundant system mode. The user program will no
longer attempt to access the hardware being removed.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, select the reserve CPU, then click "Stop".
Result
The reserve CPU switches to STOP mode, the master CPU remains in RUN mode, the fault-
tolerant system works in single mode. The one-sided I/O of the reserve CPU is no longer
addressed.
17.4.4 PCS 7, step 4: Downloading a new hardware configuration to the reserve CPU
Starting situation
The fault-tolerant system is operating in single mode.
Procedure
Load the compiled hardware configuration in the reserve CPU that is in STOP mode.
Note
The user program and connection configuration cannot be downloaded in single mode.
Result
The new hardware configuration of the reserve CPU does not yet have an effect on ongoing
operation.
S7-400H
286 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.4 Removing components in PCS 7
Starting situation
The modified hardware configuration is downloaded to the reserve CPU.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, click the "Switch to..." button.
3. In the "Switch" dialog box, select the "with altered configuration" option and click the
"Switch" button.
4. Acknowledge the prompt for confirmation with "OK".
Result
The reserve CPU links up, is updated (see section Link-up and update (Page 135)) and
becomes the master. The previous master CPU switches to STOP mode, the fault-tolerant
system operates with the new hardware configuration in single mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 287
System modifications during operation
17.4 Removing components in PCS 7
Starting situation
The fault-tolerant system is operating with the new hardware configuration in single mode.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. From the "Operating Mode" dialog box, select the reserve CPU, then click "Warm
Restart".
Result
The reserve CPU links up and is updated. The fault-tolerant system is operating with the new
hardware configuration in redundant system mode.
Type of I/O One-sided I/O of reserve One-sided I/O of master Switched I/O
CPU CPU
I/O modules to be are no longer addressed by the CPU.
removed1) Driver blocks are no longer present.
I/O modules still are given new parameter continue operation without interruption.
present settings2) and updated by
the CPU.
DP stations to be as for I/O modules to be removed (see above)
removed
1) No longer included in the hardware configuration, but still plugged in
2) Central modules are first reset. Output modules briefly output 0 during this time (instead of the
configured substitute or hold values).
S7-400H
288 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.4 Removing components in PCS 7
Starting situation
The fault-tolerant system is operating with the new hardware configuration in redundant
system mode.
Procedure
1. Disconnect all the sensors and actuators from the components you want to remove.
2. Unplug modules of the one-sided I/Os that are no longer required from the racks.
3. Unplug components that are no longer required from the modular DP stations.
4. Remove DP stations that are no longer required from the DP master systems.
Note
With switched I/O: Always complete all changes on one segment of the redundant DP
master system before you modify the next segment.
Result
The removal of non-configured modules does not influence the user program. The same
applies to removing DP stations.
The fault-tolerant system continues to operate in redundant system mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 289
System modifications during operation
17.4 Removing components in PCS 7
Procedure
1. Change the hardware configuration offline (see section PCS 7, step 1: Editing the
hardware configuration offline (Page 284))
2. Modify and download the user program (see section PCS 7, step 2: Editing and
downloading the user program (Page 285))
3. Stop the reserve CPU (see section PCS 7, step 3: Stopping the reserve CPU (Page 286))
4. Download the new hardware configuration to the reserve CPU (see section PCS 7, step
4: Downloading a new hardware configuration to the reserve CPU (Page 286))
5. Follow the steps below to remove an interface module from the subsystem of the reserve
CPU:
– Switch off the power supply of the reserve subsystem.
– Remove an IM460 from the central unit.
or
– Remove an expansion unit from an existing chain.
or
– Remove an external DP master interface module.
– Switch on the power supply of the reserve subsystem again.
6. Switch to CPU with altered configuration (see section PCS 7, step 5: Switching to CPU
with modified configuration (Page 287))
7. Proceed as follows to remove an interface module from the subsystem of the original
master CPU (currently in STOP mode):
– Switch off the power supply of the reserve subsystem.
– Remove an IM460 from the central unit.
or
– Remove an expansion unit from an existing chain.
or
– Remove an external DP master interface module.
– Switch on the power supply of the reserve subsystem again.
8. Change to redundant system mode (see section PCS 7, step 6: Transition to redundant
system mode (Page 288))
S7-400H
290 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.5 Adding components in STEP 7
Starting situation
You have verified that the CPU parameters (e.g. monitoring times) match the planned new
program. Adapt the CPU parameters first, if necessary (see section Editing CPU parameters
(Page 308)).
The fault-tolerant system is operating in redundant system mode.
Procedure
Carry out the steps listed below to add hardware components to a fault-tolerant system in
STEP 7. Details of each step are described in a subsection.
S7-400H
System Manual, 07/2014, A5E00267695-13 291
System modifications during operation
17.5 Adding components in STEP 7
Exceptions
This procedure for system modification does not apply in the following cases:
● To use free channels on an existing module
● For adding interface modules (see section Adding interface modules in STEP 7
(Page 299))
Note
After changing the hardware configuration, download takes place practically
automatically. This means that you no longer need to perform the steps described in
sections STEP 7, step 4: Stopping the reserve CPU (Page 294) to STEP 7, step 8:
Editing and downloading the user program (Page 297). The system behavior remains as
described.
You will find more information in the HW Config online help "Download to module ->
Download station configuration in RUN mode".
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. Add the new components to the system.
– Plug new central modules into the racks.
– Plug new module into existing modular DP stations
– Add new DP stations to existing DP master systems.
Note
With switched I/O: Always complete all changes on one segment of the redundant DP
master system before you modify the next segment.
Result
The insertion of non-configured modules will have no effect on the user program. The same
applies to adding DP stations.
The fault-tolerant system continues to operate in redundant system mode.
New components are not yet addressed.
S7-400H
292 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.5 Adding components in STEP 7
Starting situation
The fault-tolerant system is operating in redundant system mode. The modules added are
not yet addressed.
Procedure
1. Perform all the modifications to the hardware configuration relating to the added hardware
offline.
2. Compile the new hardware configuration, but do not load it into the target system just yet.
Result
The modified hardware configuration is in the PG. The target system continues operation
with the old configuration in redundant system mode.
Configuring connections
The interconnections with added CPs must be configured on both connection partners after
you complete the HW modification.
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. Verify that the interrupt OBs 4x, 82, 83, 85, 86, OB 88 and 122 react to any interrupts of
the new components as intended.
2. Download the modified OBs and the corresponding program elements to the target
system.
Result
The fault-tolerant system is operating in redundant system mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 293
System modifications during operation
17.5 Adding components in STEP 7
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, select the reserve CPU, then click "Stop".
Result
The reserve CPU switches to STOP mode, the master CPU remains in RUN mode, the fault-
tolerant system works in single mode. The one-sided I/O of the reserve CPU is no longer
addressed. OB 70 (I/O redundancy loss) is not called due to the higher-priority CPU
redundancy loss (OB72).
17.5.5 STEP 7, step 5: Loading a new hardware configuration in the reserve CPU
Starting situation
The fault-tolerant system is operating in single mode.
Procedure
Load the compiled hardware configuration in the reserve CPU that is in STOP mode.
Note
The user program and connection configuration cannot be downloaded in single mode.
Result
The new hardware configuration of the reserve CPU does not yet have an effect on ongoing
operation.
S7-400H
294 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.5 Adding components in STEP 7
Starting situation
The modified hardware configuration is downloaded to the reserve CPU.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, click the "Switch to..." button.
3. In the "Switch" dialog box, select the "with altered configuration" option and click the
"Switch" button.
4. Acknowledge the prompt for confirmation with "OK".
Result
The reserve CPU links up, is updated and becomes the master. The previous master CPU
switches to STOP mode, the fault-tolerant system operates with the new hardware
configuration in single mode.
Type of I/O One-sided I/O of previous One-sided I/O of new master Switched I/O
master CPU CPU
Added I/O modules are not addressed by the CPU. are given new parameter settings and updated by the CPU.
The output modules temporarily output the configured
substitution values.
I/O modules still are no longer addressed by the are given new parameter continue operation without
present CPU. settings1) and updated by the interruption.
Output modules output the CPU.
configured substitute or holding
values.
Added DP stations are not addressed by the CPU. as for added I/O modules (see above)
1) Central modules are first reset. Output modules briefly output 0 during this time (instead of the configured substitute or
hold values).
S7-400H
System Manual, 07/2014, A5E00267695-13 295
System modifications during operation
17.5 Adding components in STEP 7
Starting situation
The fault-tolerant system is operating with the new hardware configuration in single mode.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. From the "Operating Mode" dialog box, select the reserve CPU, then click "Warm
Restart".
Result
The reserve CPU links up and is updated. The fault-tolerant system is operating with the new
hardware configuration in redundant system mode.
Type of I/O One-sided I/O of reserve CPU One-sided I/O of master CPU Switched I/O
Added I/O modules are given new parameter are updated by the CPU. are updated by the CPU.
settings and updated by the Generate insertion interrupt;
CPU. must be ignored in OB 83.
The output modules
temporarily output the
configured substitution values.
I/O modules still are given new parameter continue operation without interruption.
present settings1) and updated by the
CPU.
Added DP stations as for added I/O modules (see are updated by the CPU.
above)
1) Central modules are first reset. Output modules briefly output 0 during this time (instead of the configured substitute or
hold values).
S7-400H
296 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.5 Adding components in STEP 7
Starting situation
The fault-tolerant system is operating with the new hardware configuration in redundant
system mode.
Restrictions
CAUTION
Procedure
1. Adapt the program to the new hardware configuration.
You can add, edit or remove OBs, FBs, FCs and DBs.
2. Download only the program changes to the target system.
3. Configure the interconnections for the new CPs on both communication partners and
download them to the target system.
Note
Until an FC is called the first time, the value of its output is undefined. This must be taken
into account in the interconnection of the FC outputs.
Result
The fault-tolerant system processes the entire system hardware with the new user program
in redundant system mode.
Non-configurable modules
Free channels can be switched and used in the user program at any time in case of non-
configurable modules.
S7-400H
System Manual, 07/2014, A5E00267695-13 297
System modifications during operation
17.5 Adding components in STEP 7
Configurable modules
The hardware configuration first has to be matched to the used sensors or actuators for
configurable modules. This step usually requires a new configuration of the entire module in
most cases.
This means an uninterrupted operation of the respective modules is no longer possible:
● One-sided output modules briefly output 0 during this time (instead of the configured
substitute or hold values).
● Modules in switched DP stations are not reconfigured when you switch over to the CPU
with the modified configuration.
Proceed as follows to change the channel use:
● In steps 1 to 5, you completely remove the respective module from the hardware
configuration and the user program. But it can remain inserted in the DP station.
● In steps 3 to 8, you add the module with the modified use once again to the hardware
configuration and the user program.
Note
The respective modules are not addressed between the two changeover steps (steps V
and 6); respective output modules output the value 0.
If this behavior is unacceptable for the process to be controlled, there is no other way to
use previously free channels. In this case you must install additional modules to expand
the system.
S7-400H
298 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.5 Adding components in STEP 7
Procedure
1. Change the hardware configuration offline (see section STEP 7, step 2: Offline
modification of the hardware configuration (Page 293))
2. Expand and download the organization blocks (see section STEP 7, step 3: Expanding
and downloading OBs (Page 293))
3. Stop the reserve CPU (see section STEP 7, step 4: Stopping the reserve CPU
(Page 294))
4. Download the new hardware configuration to the reserve CPU (see section STEP 7, step
5: Loading a new hardware configuration in the reserve CPU (Page 294))
5. Proceed as follows to expand the subsystem of the present reserve CPU:
– Switch off the power supply of the reserve subsystem.
– Insert the new IM460 into the central unit, then establish the link to a new expansion
unit.
or
– Add a new expansion unit to an existing chain.
or
– Plug in the new external DP master interface, and set up a new DP master system.
– Switch on the power supply of the reserve subsystem again.
6. Switch to CPU with altered configuration (see section STEP 7, step 6: Switch to CPU with
modified configuration (Page 295))
7. Proceed as follows to expand the subsystem of the original master CPU (currently in
STOP mode):
– Switch off the power supply of the reserve subsystem.
– Insert the new IM460 into the central unit, then establish the link to a new expansion
unit.
or
– Add a new expansion unit to an existing chain.
or
– Plug in the new external DP master interface, and set up a new DP master system.
– Switch on the power supply of the reserve subsystem again.
S7-400H
System Manual, 07/2014, A5E00267695-13 299
System modifications during operation
17.6 Removing components in STEP 7
8. Change to redundant system mode (see section STEP 7, step 7: Transition to redundant
system mode (Page 296))
9. Modify and download the user program (see section STEP 7, step 8: Editing and
downloading the user program (Page 297))
Starting situation
You have verified that the CPU parameters (e.g. monitoring times) match the planned new
program. Adapt the CPU parameters first, if necessary (see section Editing CPU parameters
(Page 308)).
The modules to be removed and their connected sensors and actuators are no longer of any
significance to the process being controlled. The fault-tolerant system is operating in
redundant system mode.
Procedure
Carry out the steps listed below to remove hardware components from a fault-tolerant
system in STEP 7. Details of each step are described in a subsection.
S7-400H
300 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.6 Removing components in STEP 7
Exceptions
This general procedure for system modifications does not apply to removing interface
modules (see section Removing interface modules in STEP 7 (Page 306)).
Note
After changing the hardware configuration, download takes place practically automatically.
This means that you no longer need to perform the steps described in sections STEP 7, step
3: Stopping the reserve CPU (Page 302) to STEP 7, step 6: Transition to redundant system
mode (Page 304). The system behavior remains as described.
You will find more information in the HW Config online help "Download to module ->
Download station configuration in RUN mode".
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. Perform all the modifications to the hardware configuration relating to the hardware being
removed offline.
2. Compile the new hardware configuration, but do not load it into the target system just yet.
Result
The modified hardware configuration is in the PG. The target system continues operation
with the old configuration in redundant system mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 301
System modifications during operation
17.6 Removing components in STEP 7
Starting situation
The fault-tolerant system is operating in redundant system mode.
Restrictions
CAUTION
Procedure
1. Edit only the program elements related to the hardware removal.
You can add, edit or remove OBs, FBs, FCs and DBs.
2. Download only the program changes to the target system.
Result
The fault-tolerant system continues to operate in redundant system mode. The modified user
program will no longer attempt to access the hardware being removed.
Starting situation
The fault-tolerant system is operating in redundant system mode. The user program will no
longer attempt to access the hardware being removed.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, select the reserve CPU, then click "Stop".
Result
The reserve CPU switches to STOP mode, the master CPU remains in RUN mode, the fault-
tolerant system works in single mode. The one-sided I/O of the reserve CPU is no longer
addressed.
S7-400H
302 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.6 Removing components in STEP 7
17.6.4 STEP 7, step 4: Downloading a new hardware configuration to the reserve CPU
Starting situation
The fault-tolerant system is operating in single mode.
Procedure
Load the compiled hardware configuration in the reserve CPU that is in STOP mode.
Note
The user program and connection configuration cannot be downloaded in single mode.
Result
The new hardware configuration of the reserve CPU does not yet have an effect on ongoing
operation.
Starting situation
The modified hardware configuration is downloaded to the reserve CPU.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, click the "Switch to..." button.
3. In the "Switch" dialog box, select the "with altered configuration" option and click the
"Switch" button.
4. Acknowledge the prompt for confirmation with "OK".
Result
The reserve CPU links up, is updated (see section Link-up and update (Page 135)) and
becomes the master. The previous master CPU switches to STOP mode, the fault-tolerant
system continues operating in single mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 303
System modifications during operation
17.6 Removing components in STEP 7
Type of I/O One-sided I/O of previous One-sided I/O of new master Switched I/O
master CPU CPU
I/O modules to be are no longer addressed by the CPU.
removed1)
I/O modules still are no longer addressed by the are given new parameter continue operation without
present CPU. settings2) and updated by the interruption.
Output modules output the CPU.
configured substitute or holding
values.
DP stations to be as for I/O modules to be removed (see above)
removed
1) No longer included in the hardware configuration, but still plugged in
2) Central modules are first reset. Output modules briefly output 0 during this time (instead of the configured substitute or
hold values).
Starting situation
The fault-tolerant system is operating with the new (restricted) hardware configuration in
single mode.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. From the "Operating Mode" dialog box, select the reserve CPU, then click "Warm
Restart".
Result
The reserve CPU links up and is updated. The fault-tolerant system is operating in redundant
system mode.
S7-400H
304 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.6 Removing components in STEP 7
Type of I/O One-sided I/O of reserve CPU One-sided I/O of master CPU Switched I/O
I/O modules to be are no longer addressed by the CPU.
removed1)
I/O modules still are given new parameter continue operation without interruption.
present settings2) and updated by the
CPU.
DP stations to be as for I/O modules to be removed (see above)
removed
1) No longer included in the hardware configuration, but still plugged in
2) Central modules are first reset. Output modules briefly output 0 during this time (instead of the configured substitute or
hold values).
Starting situation
The fault-tolerant system is operating with the new hardware configuration in redundant
system mode.
Procedure
1. Disconnect all the sensors and actuators from the components you want to remove.
2. Remove the relevant components from the system.
– Remove the central modules from the rack.
– Remove the modules from modular DP stations
– Remove DP stations from DP master systems.
Note
With switched I/O: Always complete all changes on one segment of the redundant DP
master system before you modify the next segment.
S7-400H
System Manual, 07/2014, A5E00267695-13 305
System modifications during operation
17.6 Removing components in STEP 7
Result
The removal of non-configured modules does not influence the user program. The same
applies to removing DP stations.
The fault-tolerant system continues to operate in redundant system mode.
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. Make sure that the interrupt OBs 4x and 82 no longer contain any interrupts of the
removed components.
2. Download the modified OBs and the corresponding program elements to the target
system.
Result
The fault-tolerant system is operating in redundant system mode.
Procedure
1. Change the hardware configuration offline (see section STEP 7, step 1: Editing the
hardware configuration offline (Page 301))
2. Modify and download the user program (see section STEP 7, step 2: Editing and
downloading the user program (Page 302))
3. Stop the reserve CPU (see section STEP 7, step 3: Stopping the reserve CPU
(Page 302))
4. Download the new hardware configuration to the reserve CPU (see section STEP 7, step
4: Downloading a new hardware configuration to the reserve CPU (Page 303))
S7-400H
306 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.7 Editing CPU parameters
5. Follow the steps below to remove an interface module from the subsystem of the reserve
CPU:
– Switch off the power supply of the reserve subsystem.
– Remove an IM460 from the central unit.
or
– Remove an expansion unit from an existing chain.
or
– Remove an external DP master interface module.
– Switch on the power supply of the reserve subsystem again.
6. Switch to CPU with altered configuration (see section STEP 7, step 5: Switching to CPU
with modified configuration (Page 303))
7. Proceed as follows to remove an interface module from the subsystem of the original
master CPU (currently in STOP mode):
– Switch off the power supply of the reserve subsystem.
– Remove an IM460 from the central unit.
or
– Remove an expansion unit from an existing chain.
or
– Remove an external DP master interface module.
– Switch on the power supply of the reserve subsystem again.
8. Change to redundant system mode (see section STEP 7, step 6: Transition to redundant
system mode (Page 304))
9. Modify and download the user organization blocks (see section STEP 7, step 8: Editing
and downloading organization blocks (Page 306))
S7-400H
System Manual, 07/2014, A5E00267695-13 307
System modifications during operation
17.7 Editing CPU parameters
Note
If you edit any protected parameters, the system will reject any attempt to changeover to the
CPU containing those modified parameters. The event W#16#5966 is written to the
diagnostic buffer. and you will then have to restore the wrongly changed parameters in the
parameter configuration to their last valid values.
S7-400H
308 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.7 Editing CPU parameters
The selected new values should match both the currently loaded and the planned new user
program.
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
To edit the CPU parameters of a fault-tolerant system, follow the steps outlined below.
Details of each step are described in a subsection.
Note
After changing the hardware configuration, download takes place practically automatically.
This means that you no longer need to perform the steps described in sections Step 2:
Stopping the reserve CPU (Page 310) to Step 5: Transition to redundant system mode
(Page 312). The system behavior remains as described.
You will find more information in the HW Config online help "Download to module ->
Download station configuration in RUN mode". You will find more information in the HW
Config online help "Download to module -> Download station configuration in RUN mode".
S7-400H
System Manual, 07/2014, A5E00267695-13 309
System modifications during operation
17.7 Editing CPU parameters
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. Edit the relevant CPU properties offline in HW Config.
2. Compile the new hardware configuration, but do not load it into the target system just yet.
Result
The modified hardware configuration is in the PG/ES. The target system continues operation
with the old configuration in redundant system mode.
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, select the reserve CPU, then click "Stop".
Result
The reserve CPU switches to STOP mode, the master CPU remains in RUN mode, the fault-
tolerant system works in single mode. The one-sided I/O of the reserve CPU is no longer
addressed.
S7-400H
310 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.7 Editing CPU parameters
Starting situation
The fault-tolerant system is operating in single mode.
Procedure
Load the compiled hardware configuration in the reserve CPU that is in STOP mode.
Note
The user program and connection configuration cannot be downloaded in single mode.
Result
The modified CPU parameters in the new hardware configuration of the standby CPU do not
yet have an effect on ongoing operation.
Starting situation
The modified hardware configuration is downloaded to the reserve CPU.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, click the "Switch to..." button.
3. In the "Switch" dialog box, select the "with altered configuration" option and click the
"Switch" button.
4. Acknowledge the prompt for confirmation with "OK".
Result
The reserve CPU links up, is updated and becomes the master. The previous master CPU
switches to STOP mode, the fault-tolerant system continues operating in single mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 311
System modifications during operation
17.7 Editing CPU parameters
Type of I/O One-sided I/O of previous One-sided I/O of new master Switched I/O
master CPU CPU
I/O modules are no longer addressed by the are given new parameter continue operation without
CPU. settings1) and updated by the interruption.
Output modules output the CPU.
configured substitute or holding
values.
1) Central modules are first reset. Output modules briefly output 0 during this time (instead of the configured substitute or
hold values).
Starting situation
The fault-tolerant system operates with the modified CPU parameters in single mode.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. From the "Operating Mode" dialog box, select the reserve CPU, then click "Warm
Restart".
Result
The reserve CPU links up and is updated. The fault-tolerant system is operating in redundant
system mode.
S7-400H
312 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.8 Changing the CPU memory configuration
Type of I/O One-sided I/O of reserve CPU One-sided I/O of master CPU Switched I/O
I/O modules are given new parameter continue operation without interruption.
settings1) and updated by the
CPU.
1) Central modules are first reset. Output modules briefly output 0 during this time (instead of the configured substitute or
hold values).
S7-400H
System Manual, 07/2014, A5E00267695-13 313
System modifications during operation
17.8 Changing the CPU memory configuration
Restrictions
Memory should preferably be expanded using RAM cards, because this will ensure that the
user program is copied to load memory of the reserve CPU in the link-up process.
In principle, it is also possible to use FLASH Cards to expand load memory. However, it is
then your responsibility to download the entire user program and the hardware configuration
to the new FLASH Card (see procedure in section Changing the type of load memory
(Page 314)).
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
Proceed as follows in the specified sequence:
S7-400H
314 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.8 Changing the CPU memory configuration
contents of the unchanged blocks of the user program (see section Switch to CPU with
modified configuration or expanded memory configuration (Page 146)).
It is your responsibility to download the entire user program to the new load memory.
Note
After reloading connections/gateways, it is no longer possible to change from a RAM card to
a FLASH card.
Starting situation
The fault-tolerant system is operating in redundant system mode.
The current status of the user program is available on the PG/ES as a STEP 7 project in
block format.
CAUTION
You cannot deploy a user program you uploaded from the target system here.
It is not permissible to recompile the user program from an STL source file, because this
action would set a new time stamp at all blocks and so prevent the block contents from
being copied when there is a master-reserve changeover.
Procedure
Proceed as follows in the specified sequence:
S7-400H
System Manual, 07/2014, A5E00267695-13 315
System modifications during operation
17.8 Changing the CPU memory configuration
Note
If you want to change to FLASH Cards, you can load them with the user program and
hardware configuration in advance without inserting them in the CPU. Steps 4 and 7 can
then be omitted.
However, the memory cards in both CPUs must be loaded in the same sequence. Changing
the order of blocks in the load memories will lead to termination of the link-up process.
S7-400H
316 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.9 Re-parameterization of a module
Note
If you edit any protected parameters, the system will reject any attempt to changeover to the
CPU containing those modified parameters. The event W#16#5966 is written to the
diagnostic buffer. and you will then have to restore the wrongly changed parameters in the
parameter configuration to their last valid values.
The selected new values must match the current and the planned user program.
Starting situation
The fault-tolerant system is operating in redundant system mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 317
System modifications during operation
17.9 Re-parameterization of a module
Procedure
To edit the parameters of modules in a fault-tolerant system, perform the steps outlined
below. Details of each step are described in a subsection.
Note
After changing the hardware configuration, download takes place practically automatically.
This means that you no longer need to perform the steps described in sections Step 2:
Stopping the reserve CPU (Page 319) to Step 5: Transition to redundant system mode
(Page 321). The system behavior remains as described.
You will find more information in the HW Config online help "Download to module ->
Download station configuration in RUN mode".
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. Edit the module parameters offline in HW Config.
2. Compile the new hardware configuration, but do not load it into the target system just yet.
Result
The modified hardware configuration is in the PG/ES. The target system continues operation
with the old configuration in redundant system mode.
S7-400H
318 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.9 Re-parameterization of a module
Starting situation
The fault-tolerant system is operating in redundant system mode.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, select the reserve CPU, then click "Stop".
Result
The reserve CPU switches to STOP mode, the master CPU remains in RUN mode, the fault-
tolerant system works in single mode. The one-sided I/O of the reserve CPU is no longer
addressed.
Starting situation
The fault-tolerant system is operating in single mode.
Procedure
Load the compiled hardware configuration in the reserve CPU that is in STOP mode.
Note
The user program and connection configuration cannot be downloaded in single mode.
Result
The modified parameters in the new hardware configuration of the reserve CPU do not yet
have an effect on ongoing operation.
S7-400H
System Manual, 07/2014, A5E00267695-13 319
System modifications during operation
17.9 Re-parameterization of a module
Starting situation
The modified hardware configuration is downloaded to the reserve CPU.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. In the "Operating Mode" dialog box, click the "Switch to..." button.
3. In the "Switch" dialog box, select the "with altered configuration" option and click the
"Switch" button.
4. Acknowledge the prompt for confirmation with "OK".
Result
The reserve CPU links up, is updated and becomes the master. The previous master CPU
switches to STOP mode, the fault-tolerant system continues operating in single mode.
Type of I/O One-sided I/O of previous One-sided I/O of new master Switched I/O
master CPU CPU
I/O modules are no longer addressed by the are given new parameter continue operation without
CPU. settings1) and updated by the interruption.
Output modules output the CPU.
configured substitute or holding
values.
1) Central modules are first reset. Output modules briefly output 0 during this time (instead of the configured substitute or
hold values).
S7-400H
320 System Manual, 07/2014, A5E00267695-13
System modifications during operation
17.9 Re-parameterization of a module
Calling OB 83
After transferring the parameter data records to the desired modules, OB 83 is called. The
sequence is as follows:
1. After you have made the parameter changes to an module in STEP 7 and loaded them in
RUN in the CPU, the OB 83 is started (trigger event W#16#3367). Relevant in the OB start
information are the logical start address (OB83_MDL_ADDR) and the module type
(OB83_MDL_TYPE). From now on, the input and/or output data of the module might no
longer be correct, and no SFCs that send data records to this module may be active.
2. After termination of OB 83, the parameters of the module are reset.
3. After termination of the parameter reset operation, the OB 83 is started again (trigger
event W#16#3267 if the parameterization was successful, or W#16#3968 if it was
unsuccessful). The input and output data of the module is the same as after an insertion
interrupt, meaning that under certain circumstances may not yet be correct. With immediate
effect, you can again call SFCs that send data records to the module.
Starting situation
The fault-tolerant system operates with the modified parameters in single mode.
Procedure
1. In SIMATIC Manager, select a CPU of the fault-tolerant system, then choose "PLC >
Operating Mode" from the menu.
2. From the "Operating Mode" dialog box, select the reserve CPU, then click "Warm
Restart".
Result
The reserve CPU links up and is updated. The fault-tolerant system is operating in redundant
system mode.
Type of I/O One-sided I/O of reserve CPU One-sided I/O of master CPU Switched I/O
I/O modules are given new parameter continue operation without interruption.
settings1) and updated by the
CPU.
1) Central modules are first reset. Output modules briefly output 0 during this time (instead of the configured substitute or
hold values).
S7-400H
System Manual, 07/2014, A5E00267695-13 321
System modifications during operation
17.9 Re-parameterization of a module
S7-400H
322 System Manual, 07/2014, A5E00267695-13
Synchronization modules 18
18.1 Synchronization modules for S7–400H
Long synchronization cables may increase cycle times This extension can have the factor 2 -
5 with a cable length of 10 km.
Note
A fault-tolerant system requires 4 synchronization modules of the same type.
S7-400H
System Manual, 07/2014, A5E00267695-13 323
Synchronization modules
18.1 Synchronization modules for S7–400H
Mechanical configuration
① Dummy plugs
CAUTION
Class 1 laser product
Risk of injury.
The synchronization module is equipped with a laser system and is classified as a "CLASS
1 LASER PRODUCT" according to IEC 60825–1.
Avoid direct contact with the laser beam. Do not open the housing. Always observe the
information provided in this manual, and keep the manual to hand as a reference.
S7-400H
324 System Manual, 07/2014, A5E00267695-13
Synchronization modules
18.1 Synchronization modules for S7–400H
OB 84
If the CPU was configured as V 4.5: In case of a reduced performance in the redundant link
between the two CPUs in redundant system mode, the CPU's operating system calls OB 84.
The event "Reduced performance of the redundancy link" in the configuration as V4.5
corresponds to the event "Functional error of network component" in case of a configuration
as V6.0. OB 82 is called in case of a configuration as V6.0.
You can determine the detail diagnostics by means of SFB52 or SFB54 in case of a
configuration as V6.0.
In solo mode and in stand-alone operation the error identifier 0x3592 points to an error in a
synchronization component. This error has no effect on the funtionality of the CPU in Solo
mode or in stand-alone operation. However, redundant mode is no longer possible. To
exchange the CPU in Solo mode, perform a master change with the function "Switch over to
CPU in rack .. via only one intact redundant link".
OB 82
When operating in redundant system mode, the CPU's operating system calls OB 82 if it
detects a reduced performance in the redundant link between the two CPUs.
If OB 82 was called, you can only determine the cause later if the data were read out with
SFB 52 or SFB 54.
The cause for this reduced performance can be found in the "Sync module diagnostics" tab
in HW Config -> PLC -> Module state. For the selected synchronization module, you can
display here the following channel-specific diagnostics data:
● Overtemperature
The synchronization module is too hot.
● Fiber-optic error
The sender of the electro-optical component has reached the end of its service life.
● Violation of lower limit
The sent or received optical performance is low or too low.
● Violation of upper limit
The sent or received optical performance is high or too high.
● Functional error of the network component
The quality of the redundancy link between the CPUs (transmission distance including
synchronization modules and fiber-optic cables) is reduced so that transmission errors
are occurring frequently.
In redundant mode the OB82 is also called at Power Off/On or at a firmware update of the
partner CPU. This does not indicate any problem with the synchronization link but is instead
due to the fact that the synchronization modules are not emitting any light at this moment.
S7-400H
System Manual, 07/2014, A5E00267695-13 325
Synchronization modules
18.1 Synchronization modules for S7–400H
NOTICE
Reduced optical performance due to soiling
Even small amounts of dirt in a fiber-optic interface adversely affect the quality of the signal
transmission. This can lead to synchronization losses during operation. Protect the fiber-
optic interfaces against dirt during storage and installation of the synchronization modules.
Note
Wiring synchronization modules crosswise
If you wire synchronization modules crosswise, i.e. the IF1 interface of the first CPU with
the IF2 interface of the second CPU and vice versa, the two CPUs take over the master
role and the system will now function properly. The LEDs IFM 1 and IFM 2 are lit on both
CPUs.
Make sure that you connect the IF1 interface of the first CPU with the IF1 interface of the
second CPU and the IF2 interface of the first CPU with the IF2 interface of the second
CPU.
S7-400H
326 System Manual, 07/2014, A5E00267695-13
Synchronization modules
18.2 Installation of fiber-optic cables
Technical data
See also
Installation of fiber-optic cables (Page 327)
Introduction
Fiber-optic cables may only be installed by trained and qualified personnel. Always observe
the applicable rules and statutory regulations. The installation must be carried out with
meticulous care, because faulty installations represent the most common source of error.
Causes are:
● Kinking of the fiber-optic cable due to an insufficient bending radius.
● Crushing of the cable as a result of excess forces caused by persons treading on the
cable, or by pinching, or by the load of other heavy cables.
● Overstretching due to high tensile forces.
● Damage on sharp edges etc.
S7-400H
System Manual, 07/2014, A5E00267695-13 327
Synchronization modules
18.2 Installation of fiber-optic cables
Points to observe when installing the fiber-optic cables for the S7-400H synchronization link
Always route the two fiber-optic cables separately. This increases availability and protects
the fiber-optic cables from potential double errors caused, for example, by interrupting both
cables at the same time.
Always make sure the fiber-optic cables are connected to both CPUs before switching on the
power supply or the system, otherwise the CPUs may process the user program as the
master CPU.
NOTICE
Reduced optical performance due to dirt
Even slight amounts of dirt at the end of a fiber-optic cable will adversely affect its optical
performance and thus the quality of the signal transmission. This can lead to
synchronization losses during operation. Protect the ends of the fiber-optic cables against
dirt during storing and installation. If the ends of the fiber-optic cable are covered when
delivered, do not remove these covers.
S7-400H
328 System Manual, 07/2014, A5E00267695-13
Synchronization modules
18.2 Installation of fiber-optic cables
Cable pull-in
Note the points below when pulling-in fiber-optic cables:
● Always observe the information on pull forces in the data sheet of the corresponding
fiber-optic cable.
● Do not reel off any greater lengths when you pull in the cables.
● Install the fiber-optic cable directly from the cable drum wherever possible.
● Do not spool the fiber-optic cable sideways off the drum flange (risk of twisting).
● You should use a cable pulling sleeve to pull in the fiber-optic cable.
● Always observe the specified bending radii.
● Do not use any grease or oil-based lubricants.
You may use the lubricants listed below to support the pulling-in of fiber-optic cables.
– Yellow compound (Wire-Pulling, lubricant from Klein Tools; 51000)
– Soft soap
– Dishwashing liquid
– Talcum powder
– Detergent
Pressure
Do not exert any pressure on the cable, for example, by the inappropriate use of clamps
(cable quick-mount) or cable ties. Your installation should also prevent anyone from stepping
onto the cable.
Influence of heat
Fiber-optic cables are highly sensitive to direct heat, which means the cables must not be
worked on using hot-air guns or gas burners as used in heat-shrink tubing technology.
S7-400H
System Manual, 07/2014, A5E00267695-13 329
Synchronization modules
18.3 Selecting fiber-optic cables
Cable length up to 10 m
The synchronization module 6ES7 960–1AA06–0XA0 can be operated in pairs with fiber-
optic cables up to a length of 10 m.
Select cables with the following specification for lengths up to 10 m:
● Multimode fiber 50/125 µ or 62.5/125 µ
● Patch cable for indoor applications
● 2 x duplex cables per fault-tolerant system, cross-over
● Connector type LC–LC
Such cables are available in the following length as accessories for fault-tolerant systems:
S7-400H
330 System Manual, 07/2014, A5E00267695-13
Synchronization modules
18.3 Selecting fiber-optic cables
Cable length up to 10 km
The synchronization module 6ES7 960-1AB06-0XA0 can be operated in pairs with fiber-optic
cables up to a length of 10 km.
The following rules apply:
● Make sure of adequate strain relief on the modules if you use fiber-optic cables longer
than 10 m.
● Keep to the specified environmental conditions of the fiber-optic cables used (bending
radii, pressure, temperature...)
● Observe the technical specifications of the fiber-optic cable (attenuation, bandwidth...)
Fiber-optic cables with lengths above 10 m usually have to be custom-made. First, select the
following specification:
● Single-mode fiber (mono-mode fiber) 9/125 µ
In exceptional situations, you may also use the lengths up to 10 m available as
accessories for short distances when testing and commissioning. However, only the use
of specified cables with single-mode fibers is allowed for continuous operation.
Note
Cable up to 10 m lenght on the synchronization module 6ES7 960-1AB06-0XA0
Cables up to a length of 10 m are available on order as accessories. If you use one of
these cables on the synchronization module 6ES7 960-1AB06-0XA0 , you may see the
error message "Optical perforrmance too high" at the call of OB 82.
The table below shows the further specifications, based on your application:
S7-400H
System Manual, 07/2014, A5E00267695-13 331
Synchronization modules
18.3 Selecting fiber-optic cables
S7-400H
332 System Manual, 07/2014, A5E00267695-13
Synchronization modules
18.3 Selecting fiber-optic cables
S7-400H
System Manual, 07/2014, A5E00267695-13 333
Synchronization modules
18.3 Selecting fiber-optic cables
S7-400H
334 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times 19
This section describes the decisive factors in the cycle and response times of your of S7-400
station.
You can read out the cycle time of the user program from the relevant CPU using the
programming device (refer to the manual Configuring Hardware and Connections with STEP
7).
The examples included show you how to calculate the cycle time.
An important aspect of a process is its response time. How to calculate this factor is
described in detail in this section. When operating a CPU 41x-H as master on the
PROFIBUS DP network, you also need to include the additional DP cycle times in your
calculation (see section Response time (Page 347)).
Additional information
For more detailed information on the following execution times, refer to the S7–400H
instruction list. This lists all the STEP 7 instructions that can be executed by the particular
CPUs along with their execution times and all the SFCs/SFBs integrated in the CPUs and
the IEC functions that can be called in STEP 7 with their execution times.
Process image
During cyclic program processing, the CPU requires a consistent image of the process
signals. To ensure this, the process signals are read/written prior to program execution.
Subsequently, during program processing the CPU does not access the signal modules
S7-400H
System Manual, 07/2014, A5E00267695-13 335
S7-400 cycle and response times
19.1 Cycle time
directly when addressing the input (I) and output (O) address areas, but rather it accesses
the CPU's internal memory area containing the I/O process image.
Step Sequence
1 The operating system initiates the scan cycle monitoring time.
2 The CPU copies the values from the process output images to the output modules.
3 The CPU reads the status of inputs of the input modules, and then updates the process
image of the inputs.
4 The CPU processes the user program in time slices and executes the instructions
specified in the program.
5 At the end of a cycle, the operating system executes pending tasks, e.g. loading and
deleting of blocks.
6 Finally, on expiration of any given minimum cycle time, the CPU returns to the start of
the cycle and restarts cycle monitoring.
S7-400H
336 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.2 Calculating the cycle time
Influencing factors
The table below shows the factors influencing the cycle time.
Factors Remark
Transfer time for the process See tables from 19-3 onwards
output image (POI) and process
input image (PII)
User program execution time This value is calculated based on the execution times of the
various statements (see the S7-400 statement list).
Operating system execution time See Table 19-7
at the cycle control point
Extension of cycle time due to You configure the maximum permitted communication load on
communication load the cycle as a percentage in STEP 7 (Programming with STEP 7
manual). See section Communication load (Page 345).
Load on cycle times due to Interrupt requests can always stop user program execution. See
interrupts Table 19-8
S7-400H
System Manual, 07/2014, A5E00267695-13 337
S7-400 cycle and response times
19.2 Calculating the cycle time
Table 19- 3 Portion of the process image transfer time, CPU 412-5H
S7-400H
338 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.2 Calculating the cycle time
Table 19- 4 Portion of the process image transfer time, CPU 414-5H
Table 19- 5 Portion of the process image transfer time, CPU 416-5H
S7-400H
System Manual, 07/2014, A5E00267695-13 339
S7-400 cycle and response times
19.2 Calculating the cycle time
Table 19- 6 Portion of the process image transfer time, CPU 417-5H
S7-400H
340 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.2 Calculating the cycle time
Long synchronization cables may increase cycle times This extension can have the factor 2 -
5 with a cable length of 10 km.
Table 19- 8 Operating system execution time at the cycle control point
S7-400H
System Manual, 07/2014, A5E00267695-13 341
S7-400 cycle and response times
19.3 Different cycle times
CPU Hardware Diagnostic Time-of- Delay interrupt Cyclic Programming I/O Asynchro
interrupt interrupt day interrup error access nous
interrupt t error
error
CPU 412-5H 240 µs 240 µs 230 µs 150 µs 150 µs 80 µs 80 µs 180 µs
stand-alone
mode
CPU 412–5H 680 µs 550 µs 700 µs 580 µs 450 µs 350 µs 179 µs 550 µs
redundant
CPU 414–5H 160 µs 120 µs 150 µs 100 µs 100 µs 60 µs 60 µs 120 µs
stand-alone
mode
CPU 414–5H 420 µs 400 µs 490 µs 360 µs 280 µs 220 µs 120 µs 306 µs
redundant
CPU 416–5H 120 µs 110 µs 100 µs 80 µs 60 µs 40 µs 40 µs 80 µs
stand-alone
mode
CPU 416–5H 300 µs 250 µs 370 µs 220 µs 200 µs 150 µs 90 µs 230 µs
redundant
CPU 417–5H 90 µs 70 µs 70 µs 50 µs 50 µs 30 µs 30 µs 70 µs
stand-alone
mode
CPU 417–5H 200 µs 170 µs 230 µs 150 µs 150 µs 100 µs 45 µs 133 µs
redundant
The program runtime at interrupt level must be added to this time extension.
The corresponding times are added together if the program contains nested interrupts.
S7-400H
342 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.3 Different cycle times
Fluctuation of the block processing time (e.g. OB 1) may also be a factor causing cycle time
fluctuation, due to:
● conditional instructions
● conditional block calls
● different program paths
● loops, etc.
S7-400H
System Manual, 07/2014, A5E00267695-13 343
S7-400 cycle and response times
19.3 Different cycle times
The actual cycle time is the sum of Tcyc and Twait. It is thus always longer or equal to Tmin.
S7-400H
344 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.4 Communication load
Data consistency
The user program is interrupted to process communications. This interruption can be
triggered after any statement. These communication jobs may lead to a change in user data.
As a result, data consistency cannot be ensured over several accesses.
How to ensure data consistency in operations comprising more than one command is
described in the "Consistent data" section.
The operating system takes a certain portion of the remaining time slice for internal tasks.
This portion is included in the factor defined in the tables starting at 16-3.
S7-400H
System Manual, 07/2014, A5E00267695-13 345
S7-400 cycle and response times
19.4 Communication load
equivalent to 13 times 1-ms time slice = 13 ms, if the CPU fully utilizes the configured
communication load.
That is to say, 20% communication does not extend the cycle by a linear amount of 2 ms,
but by 3 ms.
S7-400H
346 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.5 Response time
Remarks
● Change the value of the "communication load" parameter to check the effects on the
cycle time during system runtime.
● Always take the communication load into account when you set the maximum cycle time,
otherwise you risk timeouts.
Recommendations
● Use the default setting whenever possible.
● Increase this value only if the CPU is used primarily for communication, and if time is not
a critical factor for the user program! In all other situations you should only reduce this
value!
Fluctuation range
The actual response time lies between the shortest and the longest response time. You must
always assume the longest response time when configuring your system.
The section below deals with the shortest and longest response times, in order to provide an
overview of the fluctuation in the length of response times.
Factors
The response time depends on the cycle time and the following factors:
● Delay of the inputs and outputs
● Additional DP cycle times on the PROFIBUS DP network
● Execution in the user program
S7-400H
System Manual, 07/2014, A5E00267695-13 347
S7-400 cycle and response times
19.5 Response time
S7-400H
348 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.5 Response time
If you are operating a PROFIBUS DP network with more than one master, you will need to
take the DP cycle time into account for each master. In other words, perform a separate
calculation for each master and add the results together.
S7-400H
System Manual, 07/2014, A5E00267695-13 349
S7-400 cycle and response times
19.5 Response time
Calculation
The (shortest) response time is calculated as follows:
● 1 x process image transfer time of the inputs +
● 1 x process image transfer time of the outputs +
● 1 x program processing time +
● 1 x operating system processing time at the SCCP +
● Delay of the inputs and outputs
The result is equivalent to the sum of the cycle time plus the I/O delay times.
Note
If the CPU and signal module are not in the central unit, you will have to add twice the delay
time of the DP slave frame (including processing in the DP master).
S7-400H
350 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.5 Response time
Calculation
The (longest) response time is calculated as follows:
● 2 x process image transfer time of the inputs +
● 2 x process image transfer time of the outputs +
● 2 x operating system processing time +
● 2 x program processing time +
● 2 x delay of the DP slave frame (including processing in the DP master) +
● Delay of the inputs and outputs
This is equivalent to the sum of twice the cycle time and the delay in the inputs and outputs
plus twice the DP cycle time.
S7-400H
System Manual, 07/2014, A5E00267695-13 351
S7-400 cycle and response times
19.5 Response time
Table 19- 10 Direct access of the CPUs to I/O modules in the central rack
Access mode 412-5H 412-5H 414-5H 414-5H 416-5H 416-5H 417-5H 417-5H
stand- redundant stand- redundant stand- redundant stand- redundant
alone alone alone alone
mode mode mode mode
Read byte 3.0 µs 33.9 µs 2.6 µs 21.0 µs 2.3 µs 15.9 µs 2.2 µs 11.2 µs
Read word 4.0 µs 33.9 µs 4.0 µs 24.5 µs 4.0 µs 16.2 µs 3.9 µs 11.7 µs
Read double 7.0 µs 33.9 µs 7.0 µs 24.5 µs 7.0 µs 17.2 µs 7.0 µs 14.7 µs
word
Write byte 3.0 µs 33.9 µs 2.6 µs 21.5 µs 2.4 µs 16.0 µs 2.3 µs 11.3 µs
Write word 4.0 µs 33.9 µs 4.0 µs 24.5 µs 4.0 µs 16.2 µs 3.9 µs 11.8 µs
Write double 7.5 µs 33.9 µs 7.4 µs 24.5 µs 7.3 µs 18.5 µs 7.1 µs 15.0 µs
word
S7-400H
352 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.5 Response time
Table 19- 11 Direct access of the CPUs to I/O modules in the expansion unit with local link
Access mode 412-5H 412-5H 414–5H 414–5H 416-5H 416-5H 417–5H 417–5H
stand- redundant stand- redundant stand- redundant stand- redundant
alone alone alone alone
mode mode mode mode
Read byte 6.0 µs 36.0 µs 5.6 µs 24.5 µs 5.6 µs 16.1 µs 5.6 µs 13.4 µs
Read word 11.0 µs 41.3 µs 10.5 µs 32.1 µs 10.5 µs 23.8 µs 10.5 µs 18.6 µs
Read double 20.0 µs 49.0 µs 19.9 µs 40.0 µs 19.9 µs 31.7 µs 19.9 µs 28.7 µs
word
Write byte 5.3 µs 35.3 µs 5.3 µs 24.5 µs 5.3 µs 16.1 µs 5.3 µs 13.4 µs
Write word 10.6 µs 41.3 µs 10.2 µs 28.6 µs 10.2 µs 21.5 µs 10.2 µs 18.3 µs
Write double 19.8 µs 49.0 µs 19.8 µs 39.8 µs 19.8 µs 31.5 µs 19.8 µs 28.0 µs
word
Table 19- 12 Direct access of the CPUs to I/O modules in the expansion unit with remote link, setting 100 m
Access mode 412-5H 412-5H 414–5H 414–5H 416-5H 416-5H 417–5H 417–5H
stand- redundant stand- redundant stand- redundant Einzel- redundant
alone alone alone betrieb
mode mode mode
Read byte 11.5 µs 41.3 µs 11.5 µs 27.5 µs 11.4 µs 20.3 µs 11.3 µs 17.0 µs
Read word 23.0 µs 49.0 µs 23.0 µs 39.8 µs 22.8 µs 31.5 µs 22.8 µs 28.6 µs
Read double 46.0 µs 72.1 µs 46.0 µs 62.9 µs 45.9 µs 54.5 µs 45.9 µs 51.7 µs
word
Write byte 11.0 µs 41.3 µs 11.0 µs 27.0 µs 10.8 µs 20.2 µs 10.8 µs 16.8 µs
Write word 22.0 µs 49.0 µs 22.0 µs 39.8 µs 21.9 µs 31.5 µs 21.9 µs 27.8 µs
Write double 44.5 µs 72.1 µs 44.5 µs 62.9 µs 44.0 µs 54.5 µs 44.0 µs 50.0 ms
word
Note
You can also achieve fast response times by using hardware interrupts; see section Interrupt
response time (Page 358).
S7-400H
System Manual, 07/2014, A5E00267695-13 353
S7-400 cycle and response times
19.6 Calculating cycle and response times
Cycle time
1. Using the Instruction List, determine the runtime of the user program.
2. Calculate and add the process image transfer time. You will find guide values for this in
the tables starting at 16-3.
3. Add the processing time at the scan cycle checkpoint. You will find guide values for this in
Table 16–8.
4. Multiply the calculated value by the factor in Table 16–7.
The final result is the cycle time.
S7-400H
354 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.7 Examples of calculating the cycle and response times
Example I
You have installed an S7-400 with the following modules in the central unit:
● a CPU 414–5H in redundant mode
● 2 digital input modules SM 421; DI 32xDC 24 V (each with 4 bytes in the PI)
● 2 digital output modules SM 422; DO 32xDC 24 V/0.5 (each with 4 bytes in the PI)
User program
According to the instruction list, the user program runtime is 15 ms.
S7-400H
System Manual, 07/2014, A5E00267695-13 355
S7-400 cycle and response times
19.7 Examples of calculating the cycle and response times
Example II
You have installed an S7-400 with the following modules:
● a CPU 414–5H in redundant mode
● 4 digital input modules SM 421; DI 32×DC 24 V (each with 4 bytes in the PI)
● 3 digital output modules SM 422; DO 16xDC 24 V /2 (each with 2 bytes in the PI)
● 2 analog input modules SM 431; AI 8x13 bit (not in the PI)
● 2 analog output modules SM 432; AO 8x13 bit (not in the PI)
CPU parameters
The CPU was parameterized as follows:
● Cycle load due to communication: 40 %
User program
According to the instruction list, the user program runtime is 10.0 ms.
S7-400H
356 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.7 Examples of calculating the cycle and response times
S7-400H
System Manual, 07/2014, A5E00267695-13 357
S7-400 cycle and response times
19.8 Interrupt response time
Table 19- 14 Process and interrupt response times; maximum interrupt response time without
communication
S7-400H
358 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.8 Interrupt response time
Signal modules
The process interrupt response time of signal modules is made up as follows:
● Digital input modules
Process interrupt response time = internal interrupt processing time + input delay
You will find these times in the data sheet for the respective digital input module.
● Analog input modules
Process interrupt response time = internal interrupt processing time + conversion time
The internal interrupt processing time for analog input modules can be neglected. The
conversion times can be found in the data sheet for the individual analog input modules.
The diagnostic interrupt response time of the signal modules is the time from detection of a
diagnostic event by the signal module to the triggering of the diagnostic interrupt by the
signal module. This short time can be neglected.
S7-400H
System Manual, 07/2014, A5E00267695-13 359
S7-400 cycle and response times
19.9 Example of calculation of the interrupt response time
Calculation
In this example, the process interrupt response time is based on following time factors:
● Process interrupt response time of CPU 417-5H: Approx. 0.3 ms (mean value in
redundant system mode)
● Extension due to communication according to the description in section Interrupt
response time (Page 358):
100 µs + 1000 µs × 20% = 300 µs = 0.3 ms
● Process interrupt response time of SM 421; DI 16×UC 24/60 V:
– Internal interrupt processing time: 0.5 ms
– Input delay: 0.5 ms
● The DP cycle time on the PROFIBUS DP is irrelevant, because the signal modules are
installed in the central unit.
The process interrupt response time is equivalent to the sum of the listed time factors:
Process interrupt response time = 0.3 ms + 0.3 ms + 0.5 ms + 0.5 ms = approx. 1.6 ms.
This calculated process interrupt response time is the time between detection of a signal at
the digital input and the call of the first instruction in OB 4x.
S7-400H
360 System Manual, 07/2014, A5E00267695-13
S7-400 cycle and response times
19.10 Reproducibility of delay and watchdog interrupts
Definition of "reproducibility"
Time-delay interrupt:
The period that expires between the call of the first operation in the interrupt OB and the
programmed time of interrupt.
Cyclic interrupt:
The fluctuation range of the interval between two successive calls, measured between the
respective initial operations of the interrupt OB.
Reproducibility
The following table contains the reproducibility of time-delay and cyclic interrupts of the
CPUs.
Module Reproducibility
Time-delay interrupt Cyclic interrupt
CPU 412-5H stand-alone mode ± 230 µs ± 250 µs
CPU 412–5H redundant ± 430 µs ± 520 µs
CPU 414–5H stand-alone mode ± 160 µs ± 240 µs
CPU 414–5H redundant ± 280 µs ± 280 µs
CPU 416–5H stand-alone mode ± 130 µs ± 190 µs
CPU 416–5H redundant ± 230 µs ± 210 µs
CPU 417–5H stand-alone mode ± 120 µs ± 160 µs
CPU 417–5H redundant ± 200 µs ± 180 µs
These times only apply if the interrupt can actually be executed at this time and if it is not
delayed, for example, by higher-priority interrupts or queued interrupts of equal priority.
S7-400H
System Manual, 07/2014, A5E00267695-13 361
S7-400 cycle and response times
19.10 Reproducibility of delay and watchdog interrupts
S7-400H
362 System Manual, 07/2014, A5E00267695-13
Technical data 20
20.1 Technical specification of the CPU 412–5H PN/DP; (6ES7 412–
5HK06–0AB0)
• Default From C 0 to C 7
S7 timers 2048
• Retentivity, configurable From T 0 to T 2047
S7-400H
System Manual, 07/2014, A5E00267695-13 363
Technical data
20.1 Technical specification of the CPU 412–5H PN/DP; (6ES7 412–5HK06–0AB0)
Blocks
OBs See instruction list
• Size Maximum 64 KB
S7-400H
364 System Manual, 07/2014, A5E00267695-13
Technical data
20.1 Technical specification of the CPU 412–5H PN/DP; (6ES7 412–5HK06–0AB0)
DP interface 4 KB/4 KB
PN interface 8 KB/8 KB
Process image 8 KB / 8 KB (configurable)
• Default 256 bytes/256 bytes
Configuration
Central controllers/expansion units Maximum 2/20
Multicomputing No
Number of plug-in IMs (total) Maximum 6
• IM 460 Maximum 6
Number of DP masters
• integrated 2
• PROFIBUS and Ethernet CPs, including CP Maximum 14, of which max. 10 CPs as DP
443–5 Extended masters
Connectable OPs 47
Time
Clock (real-time clock) Yes
• Buffered Yes
• Resolution 1 ms
S7-400H
System Manual, 07/2014, A5E00267695-13 365
Technical data
20.1 Technical specification of the CPU 412–5H PN/DP; (6ES7 412–5HK06–0AB0)
• Retentive Yes
• Default 300
Forcing Yes
• Tag Inputs/outputs, bit memories, distributed I/O
S7-400H
366 System Manual, 07/2014, A5E00267695-13
Technical data
20.1 Technical specification of the CPU 412–5H PN/DP; (6ES7 412–5HK06–0AB0)
• Default 120
Communication
PG/OP communication Yes
Routing Yes
S7 communication Yes
• User data per job Maximum 64 KB
S7 basic communication No
Global data communication No
S5-compatible communication Using FC AG_SEND and AG_RECV, max. via 10
CPs 443–1 or 443–5
• User data per job Maximum 8 KB
S7-400H
System Manual, 07/2014, A5E00267695-13 367
Technical data
20.1 Technical specification of the CPU 412–5H PN/DP; (6ES7 412–5HK06–0AB0)
Interfaces
You may not configure the CPU as DP slave
1st interface
Interface designation X1
Type of interface integrated
Physics RS 485/PROFIBUS and MPI
Electrically isolated Yes
Power supply to interface (15 V DC to 30 V DC) Max. 150 mA
Number of connection resources MPI: 32, DP: 16
If a diagnostics repeater is used on the segment,
the number of connection resources on the
segment is reduced by 1
Functionality
• MPI Yes
• PROFIBUS DP DP master
• Routing Yes
• S7 communication Yes
• S7 basic communication No
• Routing Yes
• S7 communication Yes
S7-400H
368 System Manual, 07/2014, A5E00267695-13
Technical data
20.1 Technical specification of the CPU 412–5H PN/DP; (6ES7 412–5HK06–0AB0)
• S7 basic communication No
• Isochronous mode No
• SYNC/FREEZE No
• Enable/disable DP slaves No
• Routing Yes
• S7 communication Yes
• S7 basic communication No
• SYNC/FREEZE No
• Enable/disable DP slaves No
S7-400H
System Manual, 07/2014, A5E00267695-13 369
Technical data
20.1 Technical specification of the CPU 412–5H PN/DP; (6ES7 412–5HK06–0AB0)
Utilities
• PG communication Yes
• OP communication Yes
• S7 communication Yes
Maximum number of configurable connections 48, one of each reserved for programming device
Maximum number of instances and OP
600
• S7 routing Yes
S7-400H
370 System Manual, 07/2014, A5E00267695-13
Technical data
20.1 Technical specification of the CPU 412–5H PN/DP; (6ES7 412–5HK06–0AB0)
• PROFINET I-Device No
• PROFINET CBA No
Open IE communication
• over TCP/IP Yes
• ISO-on-TCP Yes
• UDP Yes
PROFINET IO
PNO ID (hexadecimal) Vendor ID: 0x002A
Device ID: 0x0102
Number of integrated PROFINET IO controllers 1
Number of PROFINET IO devices that can be 256
connected
Number of connectable IO devices for RT 256
of which are in line 256
Shared Device, supported No
Address range Maximum 8 KB inputs/outputs
Number of submodules Maximum 8192
Mixed modules count twice
Maximum user data length, including user data 1440 bytes
qualifiers
Maximum user data consistency, including user 1024 bytes
data qualifiers
Send clock cycles 250 µs, 500 µs, 1 ms, 2 ms, 4 ms
Update Time 250 μs, 0.5 ms, 1 ms, 2 ms, 4 ms, 8 ms, 16 ms,
32 ms, 64 ms, 128 ms, 256 ms, and 512 ms
The minimum value depends on the
communication slice set for PROFINET IO, the
number of IO devices, and the amount of
configured user data.
Maximum user data length 1024 bytes per address range
Maximum consistency of user data 1024 bytes per address range
S7 protocol functions
• PG functions Yes
• OP functions Yes
S7-400H
System Manual, 07/2014, A5E00267695-13 371
Technical data
20.1 Technical specification of the CPU 412–5H PN/DP; (6ES7 412–5HK06–0AB0)
• SFC 58 "WR_REC" 8
• SFC 55 "WR_PARM" 8
• SFC 57 "PARM_MOD" 1
• SFC 56 "WR_DPARM" 2
• SFC 13 "DPNRM_DG" 8
• SFC 51 "RDSYSST" 8
The total number of active SFCs on all external segments may be four times more than on one single
segment.
System function blocks (SFB) See instruction list
Number of simultaneously active SFBs per
segment
• SFB 52 "RDREC" 8
• SFB 53 "WRREC" 8
The total number of active SFBs on all external segments may be four times more than on one single
segment.
User program protection Password protection
Access-protected blocks Yes, with S7 Block Privacy
Access to consistent data in the process image Yes
CiR synchronization time (in stand-alone mode)
Total load 100 ms
Dimensions
Mounting dimensions W x H x D (mm) 50 x 290 x 219
Slots required 2
Weight Approx. 995 g
Voltages and currents
Current consumption from S7-400 bus (5 V DC) Typ. 1.6 A
Max. 1.9 A
S7-400H
372 System Manual, 07/2014, A5E00267695-13
Technical data
20.1 Technical specification of the CPU 412–5H PN/DP; (6ES7 412–5HK06–0AB0)
Current consumption from S7-400 bus (24 V DC) Total current consumption of the components
The CPU does not consume any current at 24 V, connected to the MPI/DP interfaces, but
it only makes this voltage available on the maximum 150 mA per interface
MPI/DP interface.
Current output to DP interface (5 V DC) Max. 90 mA
Backup current Typically 180 µA (up to 40 °C)
Maximum 1000 µA
Maximum backup time See Module Specifications Reference Manual,
chapter 3.3.
Feed of external backup voltage to the CPU 5 V DC to 15 V DC
Power loss Typ. 7.5 W
S7-400H
System Manual, 07/2014, A5E00267695-13 373
Technical data
20.2 Technical specifications of the CPU 414–5H PN/DP; (6ES7 414–5HM06–0AB0)
• Default From C 0 to C 7
S7 timers 2048
• Retentivity, configurable From T 0 to T 2047
S7-400H
374 System Manual, 07/2014, A5E00267695-13
Technical data
20.2 Technical specifications of the CPU 414–5H PN/DP; (6ES7 414–5HM06–0AB0)
Bit memory 8 KB
• Retentivity, configurable From MB 0 to MB 8191
Blocks
OBs See instruction list
• Size Maximum 64 KB
S7-400H
System Manual, 07/2014, A5E00267695-13 375
Technical data
20.2 Technical specifications of the CPU 414–5H PN/DP; (6ES7 414–5HM06–0AB0)
Number of DP masters
• integrated 2
• PROFIBUS and Ethernet CPs, including CP Maximum 14, of which max. 10 CPs as DP
443–5 Extended masters
Connectable OPs 63
Time
Clock Yes
• Buffered Yes
• Resolution 1 ms
S7-400H
376 System Manual, 07/2014, A5E00267695-13
Technical data
20.2 Technical specifications of the CPU 414–5H PN/DP; (6ES7 414–5HM06–0AB0)
• Retentive Yes
• Default 900
Forcing Yes
• Tag Inputs/outputs, bit memories, distributed I/O
• Default 120
S7-400H
System Manual, 07/2014, A5E00267695-13 377
Technical data
20.2 Technical specifications of the CPU 414–5H PN/DP; (6ES7 414–5HM06–0AB0)
Communication
PG/OP communication Yes
Routing Yes
S7 communication Yes
• User data per job Maximum 64 KB
S7 basic communication No
Global data communication No
S5-compatible communication Using FC AG_SEND and AG_RECV, max. via 10
CPs 443–1 or 443–5
• User data per job Maximum 8 KB
S7-400H
378 System Manual, 07/2014, A5E00267695-13
Technical data
20.2 Technical specifications of the CPU 414–5H PN/DP; (6ES7 414–5HM06–0AB0)
Interfaces
You may not configure the CPU as DP slave
1st interface
Interface designation X1
Type of interface integrated
Physics RS 485/Profibus
Electrically isolated Yes
Power supply to interface (15 V DC to 30 V DC) Max. 150 mA
Number of connection resources MPI: 32, DP: 16
If a diagnostic repeater is used on the segment,
the number of connection resources on the
segment is reduced by 1.
Functionality
• MPI Yes
• PROFIBUS DP DP master
• Routing Yes
• S7 communication Yes
• S7 basic communication No
• Routing Yes
• S7 communication Yes
• S7 basic communication No
• SYNC/FREEZE No
• Enable/disable DP slaves No
S7-400H
System Manual, 07/2014, A5E00267695-13 379
Technical data
20.2 Technical specifications of the CPU 414–5H PN/DP; (6ES7 414–5HM06–0AB0)
• Routing Yes
• S7 communication Yes
• S7 basic communication No
• SYNC/FREEZE No
• Enable/disable DP slaves No
S7-400H
380 System Manual, 07/2014, A5E00267695-13
Technical data
20.2 Technical specifications of the CPU 414–5H PN/DP; (6ES7 414–5HM06–0AB0)
Utilities
• PG communication Yes
• OP communication Yes
• S7 communication Yes
Maximum number of configurable connections 64, one of each reserved for programming device
Maximum number of instances and OP
2500
• S7 routing Yes
• PROFINET I-Device No
• PROFINET CBA No
Open IE communication
• over TCP/IP Yes
• ISO-on-TCP Yes
S7-400H
System Manual, 07/2014, A5E00267695-13 381
Technical data
20.2 Technical specifications of the CPU 414–5H PN/DP; (6ES7 414–5HM06–0AB0)
• UDP Yes
PROFINET IO
PNO ID (hexadecimal) Vendor ID: 0x002A
Device ID: 0x0102
Number of integrated PROFINET IO controllers 1
Number of PROFINET IO devices that can be 256
connected
Number of connectable IO devices for RT 256
of which are in line 256
Shared Device, supported No
Address range Maximum 8 KB inputs/outputs
Number of submodules Maximum 8192
Mixed modules count twice
Maximum user data length, including user data 1440 bytes
qualifiers
Maximum user data consistency, including user 1024 bytes
data qualifiers
Send clock cycles 250 µs, 500 µs, 1 ms, 2 ms, 4 ms
Update Time 250 μs, 0.5 ms, 1 ms, 2 ms, 4 ms, 8 ms, 16 ms,
32 ms, 64 ms, 128 ms, 256 ms, and 512 ms
The minimum value depends on the
communication slice set for PROFINET IO, the
number of IO devices, and the amount of
configured user data.
IRT (Isochronous Real Time) No
S7 protocol functions
• PG functions Yes
• OP functions Yes
Prioritized startup No
Accelerated (ASU) and Fast Startup Mode (FSU)
Tool change No
Changing an IO device without Micro Memory Yes
Card or PG
4th and 5th interface
Designation of the interfaces IF1, IF2
Type of interface Plug-in synchronization module (FOC)
Usable interface module Synchronization module IF 960 (only in
redundant mode; in stand-alone mode the
interface remains free/covered)
Length of the synchronization cable Maximum 10 km
Programming
Programming language LAD, FBD, STL, SCL, CFC, Graph, HiGraph®
Instruction set See instruction list
Nesting levels 7
S7-400H
382 System Manual, 07/2014, A5E00267695-13
Technical data
20.2 Technical specifications of the CPU 414–5H PN/DP; (6ES7 414–5HM06–0AB0)
• SFC 58 "WR_REC" 8
• SFC 55 "WR_PARM" 8
• SFC 57 "PARM_MOD" 1
• SFC 56 "WR_DPARM" 2
• SFC 13 "DPNRM_DG" 8
• SFC 51 "RDSYSST" 8
The total number of active SFCs on all external segments may be four times more than on one single
segment.
System function blocks (SFB) See instruction list
Number of simultaneously active SFBs per
segment
• SFB 52 "RDREC" 8
• SFB 53 "WRREC" 8
The total number of active SFBs on all external segments may be four times more than on one single
segment.
User program protection Password protection
Access-protected blocks Yes, with S7 Block Privacy
Access to consistent data in the process image Yes
CiR synchronization time (in stand-alone mode)
Total load 100 ms
Dimensions
Mounting dimensions W x H x D (mm) 50 x 290 x 219
Slots required 2
Weight Approx. 995 g
Voltages and currents
Current consumption from S7–400 bus (5 V DC) Typ. 1.6 A
Max. 1.9 A
Current consumption from S7-400 bus (24 V DC) Total current consumption of the components
The CPU does not consume any current at 24 V, connected to the MPI/DP interfaces, but
it only makes this voltage available on the maximum 150 mA per interface
MPI/DP interface.
Current output to DP interface (5 V DC) Max. 90 mA
Backup current Typically 180 µA (up to 40 °C)
Maximum 1000 µA
Maximum backup time See Module Specifications Reference Manual,
chapter 3.3.
Feed of external backup voltage to the CPU 5 V DC to 15 V DC
Power loss Typ. 7.5 W
S7-400H
System Manual, 07/2014, A5E00267695-13 383
Technical data
20.2 Technical specifications of the CPU 414–5H PN/DP; (6ES7 414–5HM06–0AB0)
S7-400H
384 System Manual, 07/2014, A5E00267695-13
Technical data
20.3 Technical specifications of the CPU 416–5H PN/DP; (6ES7 416–5HS06–0AB0)
• Floating-point arithmetic 25 ns
• Default From C 0 to C 7
S7 timers 2048
• Retentivity, configurable From T 0 to T 2047
S7-400H
System Manual, 07/2014, A5E00267695-13 385
Technical data
20.3 Technical specifications of the CPU 416–5H PN/DP; (6ES7 416–5HS06–0AB0)
Bit memory 16 KB
• Retentivity, configurable From MB 0 to MB 16383
Blocks
OBs See instruction list
• Size Maximum 64 KB
S7-400H
386 System Manual, 07/2014, A5E00267695-13
Technical data
20.3 Technical specifications of the CPU 416–5H PN/DP; (6ES7 416–5HS06–0AB0)
Configuration
Central controllers/expansion units Maximum 2/20
Multicomputing No
Number of plug-in IMs (total) Maximum 6
• IM 460 Maximum 6
Number of DP masters
• integrated 2
• PROFIBUS and Ethernet CPs, including CP Maximum 14, of which max. 10 CPs as DP
443–5 Extended masters
Connectable OPs 95
Time
Clock Yes
• Buffered Yes
• Resolution 1 ms
S7-400H
System Manual, 07/2014, A5E00267695-13 387
Technical data
20.3 Technical specifications of the CPU 416–5H PN/DP; (6ES7 416–5HS06–0AB0)
• Retentive Yes
• Default 1200
Forcing Yes
• Tag Inputs/outputs, bit memories, distributed I/O
S7-400H
388 System Manual, 07/2014, A5E00267695-13
Technical data
20.3 Technical specifications of the CPU 416–5H PN/DP; (6ES7 416–5HS06–0AB0)
• Default 120
Communication
PG/OP communication Yes
Routing Yes
S7 communication Yes
• User data per job Maximum 64 KB
S7 basic communication No
Global data communication No
S5-compatible communication Using FC AG_SEND and AG_RECV, max. via 10
CPs 443–1 or 443–5
• User data per job Maximum 8 KB
S7-400H
System Manual, 07/2014, A5E00267695-13 389
Technical data
20.3 Technical specifications of the CPU 416–5H PN/DP; (6ES7 416–5HS06–0AB0)
Interfaces
You may not configure the CPU as DP slave
1st interface
Interface designation X1
Type of interface integrated
Physics RS 485/Profibus
Electrically isolated Yes
Power supply to interface (15 V DC to 30 V DC) Max. 150 mA
Number of connection resources MPI: 44, DP: 32
If a diagnostic repeater is used on the segment,
the number of connection resources on the
segment is reduced by 1.
Functionality
• MPI Yes
• PROFIBUS DP DP master
• Routing Yes
• S7 communication Yes
• S7 basic communication No
• Routing Yes
• S7 communication Yes
• S7 basic communication No
• SYNC/FREEZE No
S7-400H
390 System Manual, 07/2014, A5E00267695-13
Technical data
20.3 Technical specifications of the CPU 416–5H PN/DP; (6ES7 416–5HS06–0AB0)
• Enable/disable DP slaves No
• Routing Yes
• S7 communication Yes
• S7 basic communication No
• SYNC/FREEZE No
• Enable/disable DP slaves No
S7-400H
System Manual, 07/2014, A5E00267695-13 391
Technical data
20.3 Technical specifications of the CPU 416–5H PN/DP; (6ES7 416–5HS06–0AB0)
Utilities
• PG communication Yes
• OP communication Yes
• S7 communication Yes
Maximum number of configurable connections 96, one of each reserved for programming device
Maximum number of instances and OP
10000
• S7 routing Yes
• PROFINET I-Device No
• PROFINET CBA No
Open IE communication
• over TCP/IP Yes
• ISO-on-TCP Yes
S7-400H
392 System Manual, 07/2014, A5E00267695-13
Technical data
20.3 Technical specifications of the CPU 416–5H PN/DP; (6ES7 416–5HS06–0AB0)
• UDP Yes
PROFINET IO
PNO ID (hexadecimal) Vendor ID: 0x002A
Device ID: 0x0102
Number of integrated PROFINET IO controllers 1
Number of PROFINET IO devices that can be 256
connected
Number of connectable IO devices for RT 256
of which are in line 256
Shared Device, supported No
Address range Maximum 8 KB inputs/outputs
Number of submodules Maximum 8192
Mixed modules count twice
Maximum user data length, including user data 1440 bytes
qualifiers
Maximum user data consistency, including user 1024 bytes
data qualifiers
Send clock cycles 250 µs, 500 µs, 1 ms, 2 ms, 4 ms
Update Time 250 μs, 0.5 ms, 1 ms, 2 ms, 4 ms, 8 ms, 16 ms,
32 ms, 64 ms, 128 ms, 256 ms, and 512 ms
The minimum value depends on the
communication slice set for PROFINET IO, the
number of IO devices, and the amount of
configured user data.
S7 protocol functions
• PG functions Yes
• OP functions Yes
S7-400H
System Manual, 07/2014, A5E00267695-13 393
Technical data
20.3 Technical specifications of the CPU 416–5H PN/DP; (6ES7 416–5HS06–0AB0)
• SFC 58 "WR_REC" 8
• SFC 55 "WR_PARM" 8
• SFC 57 "PARM_MOD" 1
• SFC 56 "WR_DPARM" 2
• SFC 13 "DPNRM_DG" 8
• SFC 51 "RDSYSST" 8
The total number of active SFCs on all external segments may be four times more than on one single
segment.
System function blocks (SFB) See instruction list
Number of simultaneously active SFBs per
segment
• SFB 52 "RDREC" 8
• SFB 53 "WRREC" 8
The total number of active SFBs on all external segments may be four times more than on one single
segment.
User program protection Password protection
Access-protected blocks Yes, with S7 Block Privacy
Access to consistent data in the process image Yes
CiR synchronization time (in stand-alone mode)
Total load 100 ms
Dimensions
Mounting dimensions W x H x D (mm) 50 x 290 x 219
Slots required 2
Weight Approx. 995 g
Voltages and currents
Current consumption from S7–400 bus (5 V DC) Typ. 1.6 A
Max. 1.9 A
Current consumption from S7-400 bus (24 V DC) Total current consumption of the components
The CPU does not consume any current at 24 V, connected to the MPI/DP interfaces, but
it only makes this voltage available on the maximum 150 mA per interface
MPI/DP interface.
Current output to DP interface (5 V DC) Max. 90 mA
Backup current Typically 180 µA (up to 40 °C)
Maximum 1000 µA
Maximum backup time See Module Specifications Reference Manual,
chapter 3.3.
Feed of external backup voltage to the CPU 5 V DC to 15 V DC
Power loss Typ. 7.5 W
S7-400H
394 System Manual, 07/2014, A5E00267695-13
Technical data
20.4 Technical specifications of the CPU 417–5H PN/DP; (6ES7 417–5HK06–0AB0)
• Floating-point arithmetic 15 ns
• Default From C 0 to C 7
S7 timers 2048
• Retentivity, configurable From T 0 to T 2047
S7-400H
System Manual, 07/2014, A5E00267695-13 395
Technical data
20.4 Technical specifications of the CPU 417–5H PN/DP; (6ES7 417–5HK06–0AB0)
Total retentive data area (incl. bit memories, Total work and load memory (with backup
timers, counters) battery)
Bit memory 16 KB
• Retentivity, configurable From MB 0 to MB 16383
Blocks
OBs See instruction list
• Size Maximum 64 KB
S7-400H
396 System Manual, 07/2014, A5E00267695-13
Technical data
20.4 Technical specifications of the CPU 417–5H PN/DP; (6ES7 417–5HK06–0AB0)
Number of DP masters
• integrated 2
• PROFIBUS and Ethernet CPs, including CP Maximum 14, of which max. 10 CPs as DP
443–5 Extended masters
Connectable OPs 63
Time
Clock Yes
• Buffered Yes
• Resolution 1 ms
S7-400H
System Manual, 07/2014, A5E00267695-13 397
Technical data
20.4 Technical specifications of the CPU 417–5H PN/DP; (6ES7 417–5HK06–0AB0)
• Number/number range 0 to 15
• Retentive Yes
• Default 1200
Forcing Yes
• Tag Inputs/outputs, bit memories, distributed I/O
S7-400H
398 System Manual, 07/2014, A5E00267695-13
Technical data
20.4 Technical specifications of the CPU 417–5H PN/DP; (6ES7 417–5HK06–0AB0)
• Default 120
Communication
PG/OP communication Yes
Routing Yes
Number of connection resources for S7 120, incl. one each reserved for programming
connections across all interfaces and CPs device and OP
62 reserved for fault-tolerant connections
S7 communication Yes
• User data per job Maximum 64 KB
S7-400H
System Manual, 07/2014, A5E00267695-13 399
Technical data
20.4 Technical specifications of the CPU 417–5H PN/DP; (6ES7 417–5HK06–0AB0)
Interfaces
You may not configure the CPU as DP slave
1st interface
Interface designation X1
Type of interface integrated
Physics RS 485/Profibus
Electrically isolated Yes
Power supply to interface (15 V DC to 30 V DC) Max. 150 mA
Number of connection resources MPI: 44, DP: 32
If a diagnostic repeater is used on the segment,
the number of connection resources on the
segment is reduced by 1.
Functionality
• MPI Yes
• PROFIBUS DP DP master
• Routing Yes
• S7 communication Yes
• S7 basic communication No
• Routing Yes
• S7 communication Yes
• S7 basic communication No
S7-400H
400 System Manual, 07/2014, A5E00267695-13
Technical data
20.4 Technical specifications of the CPU 417–5H PN/DP; (6ES7 417–5HK06–0AB0)
• SYNC/FREEZE No
• Enable/disable DP slaves No
• Routing Yes
• S7 communication Yes
• S7 basic communication No
• SYNC/FREEZE No
• Enable/disable DP slaves No
S7-400H
System Manual, 07/2014, A5E00267695-13 401
Technical data
20.4 Technical specifications of the CPU 417–5H PN/DP; (6ES7 417–5HK06–0AB0)
Utilities
• PG communication Yes
• OP communication Yes
• S7 communication Yes
Maximum number of configurable connections 120, one of each reserved for programming
Maximum number of instances device and OP
10000
• S7 routing Yes
• PROFINET I-Device No
• PROFINET CBA No
Open IE communication
• over TCP/IP Yes
S7-400H
402 System Manual, 07/2014, A5E00267695-13
Technical data
20.4 Technical specifications of the CPU 417–5H PN/DP; (6ES7 417–5HK06–0AB0)
• ISO-on-TCP Yes
• UDP Yes
PROFINET IO
PNO ID (hexadecimal) Vendor ID: 0x002A
Device ID: 0x0102
Number of integrated PROFINET IO controllers 1
Number of PROFINET IO devices that can be 256
connected
Number of connectable IO devices for RT 256
of which are in line 256
Shared Device, supported No
Address range Maximum 8 KB inputs/outputs
Number of submodules Maximum 8192
Mixed modules count twice
Maximum user data length, including user data 1440 bytes
qualifiers
Maximum user data consistency, including user 1024 bytes
data qualifiers
Send clock cycles 250 µs, 500 µs, 1 ms, 2 ms, 4 ms
Update Time 250 μs, 0.5 ms, 1 ms, 2 ms, 4 ms, 8 ms, 16 ms,
32 ms, 64 ms, 128 ms, 256 ms, and 512 ms
The minimum value depends on the
communication slice set for PROFINET IO, the
number of IO devices, and the amount of
configured user data.
S7 protocol functions
• PG functions Yes
• OP functions Yes
S7-400H
System Manual, 07/2014, A5E00267695-13 403
Technical data
20.4 Technical specifications of the CPU 417–5H PN/DP; (6ES7 417–5HK06–0AB0)
Nesting levels 7
System functions (SFC) See instruction list
Number of simultaneously active SFCs per
segment
• SFC 59 "RD_REC" 8
• SFC 58 "WR_REC" 8
• SFC 55 "WR_PARM" 8
• SFC 57 "PARM_MOD" 1
• SFC 56 "WR_DPARM" 2
• SFC 13 "DPNRM_DG" 8
• SFC 51 "RDSYSST" 8
The total number of active SFCs on all external segments may be four times more than on one single
segment.
System function blocks (SFB) See instruction list
Number of simultaneously active SFBs per
segment
• SFB 52 "RDREC" 8
• SFB 53 "WRREC" 8
The total number of active SFBs on all external segments may be four times more than on one single
segment.
User program protection Password protection
Access-protected blocks Yes, with S7 Block Privacy
Access to consistent data in the process image Yes
CiR synchronization time (in stand-alone mode)
Total load 60 ms
Dimensions
Mounting dimensions W x H x D (mm) 50 x 290 x 219
Slots required 2
Weight Approx. 995 g
Voltages and currents
Current consumption from S7–400 bus (5 V DC) Typ. 1.6 A
Max. 1.9 A
Current consumption from S7-400 bus (24 V DC) Total current consumption of the components
The CPU does not consume any current at 24 V, connected to the MPI/DP interfaces, but
it only makes this voltage available on the maximum 150 mA per interface
MPI/DP interface.
Current output to DP interface (5 V DC) Max. 90 mA
Backup current Typically 180 µA (up to 40 °C)
Maximum 1000 µA
Maximum backup time See the Module Specifications reference manual,
chapter 3.3.
S7-400H
404 System Manual, 07/2014, A5E00267695-13
Technical data
20.4 Technical specifications of the CPU 417–5H PN/DP; (6ES7 417–5HK06–0AB0)
S7-400H
System Manual, 07/2014, A5E00267695-13 405
Technical data
20.5 Technical data of memory cards
Data
S7-400H
406 System Manual, 07/2014, A5E00267695-13
Technical data
20.6 Runtimes of the FCs and FBs for redundant I/Os
S7-400H
System Manual, 07/2014, A5E00267695-13 407
Technical data
20.6 Runtimes of the FCs and FBs for redundant I/Os
Note
These are guide values, not absolute values. The actual value may deviate from these
specifications in some cases. This overview is intended as a guide and should help you
estimate how use of the RED_IO library may change the cycle time.
S7-400H
408 System Manual, 07/2014, A5E00267695-13
Characteristic values of redundant automation
systems A
This appendix provides a brief introduction to the characteristic values of redundant
automation systems, and shows the practical effects of redundant configurations, based on a
selection of configurations.
You will find an overview of the MTBF of various SIMATIC products in the SIMATIC FAQ at:
http://support.automation.siemens.com
under entry ID 16818490
Reliability
Reliability refers to the capability of technical equipment to fulfill its function during its
operating period. This is usually no longer the case if any of its components fails.
So a commonly used measure for reliability is the MTBF (Mean Time Between Failure). This
can be analyzed statistically based on the parameters of running systems, or by calculating
the failure rates of the components used.
Reliability of modules
The reliability of SIMATIC components is extremely high as a consequence of extensive
quality assurance measures in design and production.
S7-400H
System Manual, 07/2014, A5E00267695-13 409
Characteristic values of redundant automation systems
A.1 Basic concepts
S7-400H
410 System Manual, 07/2014, A5E00267695-13
Characteristic values of redundant automation systems
A.1 Basic concepts
The figure below shows the parameters included in the calculation of the MTBF of a system.
Requirements
This analysis assumes the following conditions:
● The failure rate of all components and all calculations is based on an average
temperature of 40 °C.
● The system installation and configuration is free of errors.
● All replacement parts are available locally, in order to prevent extended repair times due
to missing spare parts. This keeps the component MDT down to a minimum.
● The MDT of individual components is 4 h. The system's MDT is calculated based on the
MDT of the individual components plus the system structure.
● The MTBF of the components meets the following standards:
– SN 29500
This standard is compliant with MIL–HDBK 217–F.
– IEC 60050
– IEC 61709
● The calculations are made using the diagnostic coverage of each component.
● A CCF factor between 0.2% and 2% is assumed, depending on the system configuration.
S7-400H
System Manual, 07/2014, A5E00267695-13 411
Characteristic values of redundant automation systems
A.1 Basic concepts
Reliability of an S7-400H
The use of redundant modules prolongs the system MTBF by a large factor. The integrated
high-grade self-test and the test/message functions of the S7-400H CPUs enable the
detection and localization of virtually all errors. The calculated diagnostic coverage is around
90%.
The reliability in stand-alone mode is described by the corresponding failure rate. The failure
rate for all S7 components is calculated according to the SN29500 standard.
The reliability in redundant mode is described by the failure rate of the components involved.
This is termed "MTBF" below. Those combinations of failed components which cause a
system failure are described and calculated using Markov models. Calculations of the
system MTBF take account of the diagnostic coverage and the common cause factor.
S7-400H
412 System Manual, 07/2014, A5E00267695-13
Characteristic values of redundant automation systems
A.2 Comparison of MTBF for selected configurations
Availability
Availability is the probability that a system is operable at a given point of time. This can be
enhanced by means of redundancy, for example by using redundant I/O modules or multiple
encoders at the same sampling point. Redundant components are arranged such that
system operability is not affected by the failure of a single component. Here, again, an
important element of availability is a detailed diagnostics display.
The availability of a system is expressed as a percentage. It is defined by the mean time
between failure (MTBF) and the mean time to repair MTTR (MDT). The availability of a two-
channel (1-out-of-2) fault-tolerant system can be calculated using the following formula:
S7-400H
System Manual, 07/2014, A5E00267695-13 413
Characteristic values of redundant automation systems
A.2 Comparison of MTBF for selected configurations
S7-400H
414 System Manual, 07/2014, A5E00267695-13
Characteristic values of redundant automation systems
A.2 Comparison of MTBF for selected configurations
S7-400H
System Manual, 07/2014, A5E00267695-13 415
Characteristic values of redundant automation systems
A.2 Comparison of MTBF for selected configurations
The estimate applies if the process allows for any device to fail.
S7-400H
416 System Manual, 07/2014, A5E00267695-13
Characteristic values of redundant automation systems
A.2 Comparison of MTBF for selected configurations
Summary
There are now several thousand applications of redundant automation systems in the field,
in various configurations. To calculate the MTBF, we assumed an average configuration.
Based on experience in the field, an assumption of MTBF of 3000 years is 95% reliable.
The system MTBF value calculated is about 230 years for a system configuration with
redundant CPU 417-5H.
S7-400H
System Manual, 07/2014, A5E00267695-13 417
Characteristic values of redundant automation systems
A.2 Comparison of MTBF for selected configurations
S7-400H
418 System Manual, 07/2014, A5E00267695-13
Stand-alone operation B
Overview
This appendix provides you with the information for stand-alone operation of a fault-tolerant
CPU. You will learn:
● how stand-alone mode is defined
● when stand-alone mode is required
● what you have to take into account for stand-alone operation
● how the fault tolerance-specific LEDs react
● how to configure stand-alone operation of a fault-tolerant CPU
● how you can expand it to form a fault-tolerant system
The differences from a standard S7-400 CPU that you have to take into account when
configuring and programming the fault-tolerant CPU are given in appendix Differences
between fault-tolerant systems and standard systems (Page 425).
Definition
By stand-alone operation, we mean the use of a fault-tolerant CPU in a standard SIMATIC-
400 station.
Note
The self-test of the fault-tolerant CPU is also performed in stand-alone mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 419
Stand-alone operation
What you have to take into account for stand-alone operation of a fault-tolerant CPU
Note
When operating a fault-tolerant CPU in stand-alone mode, no synchronization modules may
be connected. The rack number must be set to "0".
Although a fault-tolerant CPU has additional functions compared to a standard S7-400 CPU,
it does not support specific functions. So particularly when programming your automation
system, you need to know the CPU on which you are going to run the user program. A user
program written for a standard S7-400 CPU usually will not run on a fault-tolerant CPU in
stand-alone mode without adaptations.
The table below lists the differences between the operation of a fault-tolerant CPU in stand-
alone mode and in redundant mode.
Table B-1 Differences between stand-alone mode and redundant mode
S7-400H
420 System Manual, 07/2014, A5E00267695-13
Stand-alone operation
LED Behavior
REDF Dark
IFM1F Dark
IFM2F Dark
MSTR Lit
RACK0 Lit
RACK1 Dark
S7-400H
System Manual, 07/2014, A5E00267695-13 421
Stand-alone operation
Note
You can only expand your system to a fault-tolerant system if you have not assigned any
odd numbers to expansion units in stand-alone mode.
S7-400H
422 System Manual, 07/2014, A5E00267695-13
Stand-alone operation
Figure B-1 Overview: System structure for system modifications during operation
S7-400H
System Manual, 07/2014, A5E00267695-13 423
Stand-alone operation
● If you want to add entire stations: Make sure that you have the required connectors,
repeaters, etc.
● If you want to add PA slaves (field devices): Use IM 157, MLFB 6ES7 157-0AA82-0XA00
or higher, in the corresponding DP/PA link.
Note
You can freely combine components which support system modifications during
operation with those that do not. Depending on your selected configuration, there may be
restrictions affecting the components on which you can make system modifications during
operation.
S7-400H
424 System Manual, 07/2014, A5E00267695-13
Differences between fault-tolerant systems and
standard systems C
When configuring and programming a fault-tolerant automation system with fault-tolerant
CPUs, you must make allowances for a number of differences from the standard S7-400
CPUs. A fault-tolerant CPU has additional functions compared to a standard S7-400 CPU,
on the other hand it does not support specific functions. This has to be taken in account
particularly if you wish to run a program that was created for a standard S7-400 CPU on a
fault-tolerant CPU.
The ways in which the programming of fault-tolerant systems differs from that for standard
systems are summarized below. You will find further differences in appendix Stand-alone
operation (Page 419).
If you use any of the affected calls (OBs and SFCs) in your user program, you will need to
adapt your program accordingly.
S7-400H
System Manual, 07/2014, A5E00267695-13 425
Differences between fault-tolerant systems and standard systems
S7-400H
426 System Manual, 07/2014, A5E00267695-13
Differences between fault-tolerant systems and standard systems
S7-400H
System Manual, 07/2014, A5E00267695-13 427
Differences between fault-tolerant systems and standard systems
See also
System and operating states of the S7–400H (Page 115)
S7-400H
428 System Manual, 07/2014, A5E00267695-13
Function modules and communication processors
supported by the S7-400H D
You can use the following function modules (FMs) and communication processors (CPs) on
an S7-400H automation system.
Note
There may be further restriction for individual modules. Refer to the information in the
corresponding product information and FAQ, or in SIMATIC NET News.
S7-400H
System Manual, 07/2014, A5E00267695-13 429
Function modules and communication processors supported by the S7-400H
Note
You can use all the FMs and CPs released for the ET 200M with the S7-400H in distributed
and one-sided mode.
S7-400H
430 System Manual, 07/2014, A5E00267695-13
Function modules and communication processors supported by the S7-400H
Note
One-sided or switched function and communication modules are
not synchronized in the fault-tolerant system if they are in pairs, e.g. two identical FM 450
modules operating in one-sided mode do not synchronize their counter states.
S7-400H
System Manual, 07/2014, A5E00267695-13 431
Function modules and communication processors supported by the S7-400H
S7-400H
432 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os E
E.1 SM 321; DI 16 x DC 24 V, 6ES7 321–1BH02–0AA0
The diagram below shows the connection of two redundant encoders to two SM 321; DI 16 x
DC 24 V. The encoders are connected to channel 0.
S7-400H
System Manual, 07/2014, A5E00267695-13 433
Connection examples for redundant I/Os
E.2 SM 321; DI 32 x DC 24 V, 6ES7 321–1BL00–0AA0
S7-400H
434 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.3 SM 321; DI 16 x AC 120/230V, 6ES7 321–1FH00–0AA0
S7-400H
System Manual, 07/2014, A5E00267695-13 435
Connection examples for redundant I/Os
E.4 SM 321; DI 8 x AC 120/230 V, 6ES7 321–1FF01–0AA0
S7-400H
436 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.5 SM 321; DI 16 x DC 24V, 6ES7 321–7BH00–0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 437
Connection examples for redundant I/Os
E.6 SM 321; DI 16 x DC 24V, 6ES7 321–7BH01–0AB0
S7-400H
438 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.7 SM 326; DO 10 x DC 24V/2A, 6ES7 326–2BF01–0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 439
Connection examples for redundant I/Os
E.8 SM 326; DI 8 x NAMUR, 6ES7 326–1RF00–0AB0
S7-400H
440 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.9 SM 326; DI 24 x DC 24 V, 6ES7 326–1BK00–0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 441
Connection examples for redundant I/Os
E.10 SM 421; DI 32 x UC 120 V, 6ES7 421–1EL00–0AA0
S7-400H
442 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.11 SM 421; DI 16 x DC 24 V, 6ES7 421–7BH01–0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 443
Connection examples for redundant I/Os
E.12 SM 421; DI 32 x DC 24 V, 6ES7 421–1BL00–0AB0
S7-400H
444 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.13 SM 421; DI 32 x DC 24 V, 6ES7 421–1BL01–0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 445
Connection examples for redundant I/Os
E.14 SM 322; DO 8 x DC 24 V/2 A, 6ES7 322–1BF01–0AA0
S7-400H
446 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.15 SM 322; DO 32 x DC 24 V/0,5 A, 6ES7 322–1BL00–0AA0
S7-400H
System Manual, 07/2014, A5E00267695-13 447
Connection examples for redundant I/Os
E.16 SM 322; DO 8 x AC 230 V/2 A, 6ES7 322–1FF01–0AA0
S7-400H
448 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.17 SM 322; DO 4 x DC 24 V/10 mA [EEx ib], 6ES7 322–5SD00–0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 449
Connection examples for redundant I/Os
E.18 SM 322; DO 4 x DC 15 V/20 mA [EEx ib], 6ES7 322–5RD00–0AB0
S7-400H
450 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.19 SM 322; DO 8 x DC 24 V/0.5 A, 6ES7 322–8BF00–0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 451
Connection examples for redundant I/Os
E.20 SM 322; DO 16 x DC 24 V/0.5 A, 6ES7 322–8BH01–0AB0
S7-400H
452 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.21 SM 332; AO 8 x 12 Bit, 6ES7 332–5HF00–0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 453
Connection examples for redundant I/Os
E.22 SM 332; AO 4 x 0/4...20 mA [EEx ib], 6ES7 332–5RD00–0AB0
S7-400H
454 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.23 SM 422; DO 16 x AC 120/230 V/2 A, 6ES7 422–1FH00–0AA0
S7-400H
System Manual, 07/2014, A5E00267695-13 455
Connection examples for redundant I/Os
E.24 SM 422; DO 32 x DC 24 V/0.5 A, 6ES7 422–7BL00–0AB0
S7-400H
456 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.25 SM 331; AI 4 x 15 Bit [EEx ib]; 6ES7 331–7RD00–0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 457
Connection examples for redundant I/Os
E.26 SM 331; AI 8 x 12 Bit, 6ES7 331–7KF02–0AB0
S7-400H
458 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.27 SM 331; AI 8 x 16 Bit; 6ES7 331–7NF00–0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 459
Connection examples for redundant I/Os
E.28 SM 331; AI 8 x 16 Bit; 6ES7 331–7NF10–0AB0
S7-400H
460 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.29 AI 6xTC 16Bit iso, 6ES7331-7PE10-0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 461
Connection examples for redundant I/Os
E.30 SM331; AI 8 x 0/4...20mA HART, 6ES7 331-7TF01-0AB0
S7-400H
462 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.30 SM331; AI 8 x 0/4...20mA HART, 6ES7 331-7TF01-0AB0
The diagram below shows the connection of a 2-wire transmitter to two redundant SM 331;
AI 8 x 0/4...20mA HART.
S7-400H
System Manual, 07/2014, A5E00267695-13 463
Connection examples for redundant I/Os
E.31 SM 332; AO 4 x 12 Bit; 6ES7 332–5HD01–0AB0
S7-400H
464 System Manual, 07/2014, A5E00267695-13
Connection examples for redundant I/Os
E.32 SM332; AO 8 x 0/4...20mA HART, 6ES7 332-8TF01-0AB0
S7-400H
System Manual, 07/2014, A5E00267695-13 465
Connection examples for redundant I/Os
E.33 SM 431; AI 16 x 16 Bit, 6ES7 431–7QH00–0AB0
S7-400H
466 System Manual, 07/2014, A5E00267695-13
Glossary
1-out-of-2 system
See dual-channel fault-tolerant system
Comparison error
An error that may occur while memories are being compared on a fault-tolerant system.
ERROR-SEARCH
An operating mode of the reserve CPU of a fault-tolerant system in which the CPU performs
a complete self-test.
Fail-safe systems
Fail-safe systems are characterized by the fact that, when certain failures occur, they remain
in a safe state or go directly to another safe state.
Fault-tolerant station
A fault-tolerant station containing two central processing units (master and reserve).
Fault-tolerant system
A fault-tolerant system consists of at least two central processing units (master and reserve).
The user program is processed identically in both the master and reserve CPUs.
Fault-tolerant systems
Fault-tolerant systems are designed to reduce production downtime. Availability can be
enhanced, for example, by means of component redundancy .
I/O, one-sided
We speak of a one-sided I/O when an input/output module can be accessed by only one of
the redundant central processing units. It may be single-channel or multi-channel
(redundant) module.
S7-400H
System Manual, 07/2014, A5E00267695-13 467
Glossary
I/O, redundant
We speak of a redundant I/O when there is more than one input/output module available for
a process signal. It may be connected as one-sided or switched module. Terminology:
"Redundant one-sided I/O" or "Redundant switched I/O"
I/O, single-channel
When there is only one input/output module for a process signal, in contrast to a redundant
I/O, this is known as a single-channel I/O. It may be connected as one-sided or switched
module.
I/O, switched
We speak of a switched I/O when an input/output module can be accessed by all of the
redundant central processing units of a fault-tolerant system. It may be single-channel or
multi-channel (redundant) module.
Link-up
In the link-up system mode of a fault-tolerant system, the master CPU and the reserve CPU
compare the memory configuration and the contents of the load memory. If they establish
differences in the user program, the master CPU updates the user program of the reserve
CPU.
Master CPU
The central processing unit that is the first redundant central processing unit to start up . It
continues to operate as the master when the redundancy connection is lost . The user
program is processed identically in both the master and reserve CPUs.
S7-400H
468 System Manual, 07/2014, A5E00267695-13
Glossary
Redundancy, functional
Redundancy with which the additional technical means are not only constantly in operation
but also involved in the scheduled function. Synonym: active redundancy.
Redundant
In redundant system mode of a fault-tolerant system the central processing units are in RUN
mode and are synchronized over the redundant link.
Redundant link
A link between the central processing units of a fault-tolerant system for synchronization and
the exchange of data .
Redundant systems
Redundant systems are characterized by the fact that important automation system
components are available more than once (redundant). When a redundant component fails,
processing of the program is not interrupted.
Reserve CPU
The redundant central processing unit of a fault-tolerant system that is linked to the master
CPU. It goes to STOP mode when the redundancy connection is lost. The user program is
processed identically in both the master and reserve CPUs.
Self-test
In the case of fault-tolerant CPUs defined self-tests are executed during startup, cyclical
processing and when comparison errors occur. They check the contents and the state of the
CPUs and the I/Os.
Single mode
An H system changes to single mode, when it was configured to be redundant and only one
CPU is in RUN. This CPU is then automatically the master CPU.
Stand-alone operation
Stand-alone mode is the use of a fault-tolerant CPU in a standard SIMATIC-400 station.
Stop
With fault-tolerant systems: In the stop system mode of a fault-tolerant system, the central
processing units of the fault-tolerant system are in STOP mode.
S7-400H
System Manual, 07/2014, A5E00267695-13 469
Glossary
Synchronization module
An interface module for the redundant link in a fault-tolerant system.
Update
In the update system mode of a fault-tolerant system, the master CPU updates the dynamic
data of the reserve CPU.
S7-400H
470 System Manual, 07/2014, A5E00267695-13
Index
Communication blocks
Consistency, 106
A Communication functions, 145
Communication processors, 429
A&D Technical Support, 22
Communication services
Address range
Overview, 205
CPU 41x-H, 81
S7 communication, 208
Analog output signals, 195
Communication via MPI and communication bus
Applied value, 190
Cycle load, 337
Availability
Comparison error, 131
Communication, 34
Components
Definition, 413
Basic system, 31
I/O, 163
Duplicating, 27
of plants, 26
Configuration, 29, 34
Configuration, 29, 34
Configuring, 247
B
Connecting with diodes, 195
Backup, 113 Connection
basic knowledge Fault-tolerant S7,
Required, 20 S7, 221
Basic system, 31 Connection resources, 206
Block stack, 112 Consistent data, 105
Blocks Accessing work memory, 106
Compatibility, 93 Consistent data access, 109
Bus connectors, 66 Continued bumpless operation, 117
MPI, 65 CPU
PROFIBUS DP interface, 66 Mode switch, 55
Bus interruption, 87 Parameter, 69
Bus topology, 84 Resetting to the factory settings, 75
BUS1F, 53 CPU 41x-5H
BUS2F, 53 Operator controls and display elements, 45
BUS5F, 53 CPU 41xH
BUSF, 85 DP master: diagnostics with LEDs, 85
CPU 41x-H
DP address areas, 81
C CPU redundancy errors, 36
CPU-CPU communication, 65
Central processing unit, 32
Cycle control
Change memory type, 314
Execution time, 341
Checksum errors, 131
Cycle load
Cold restart, 59
Communication via MPI and communication
Operating sequence, 59
bus, 337
Commissioning, 39
Cycle time, 335
Requirements, 39
Elements, 336
Commissioning the S7-400H, 41
Extending, 337
Communication, 34
Cyclic self-test, 132
CPU services, 205
Open IE communication, 217
S7 communication, 207
S7-400H
System Manual, 07/2014, A5E00267695-13 471
Index
D F
Data consistency, 105 Factory settings, 75
Determining memory requirements, 64 Fail-safe, 25
Diagnostic address, 87 Failure of a CPU, 42
Diagnostic buffer, 55 Failure of a fiber-optic cable, 42
Diagnostics Failure of a power supply module, 42
Evaluating, 86 Failure of a redundancy node, 28
Digital output Failure of components, 253
Fault-tolerant, 189, 195 in central and expansion racks, 253
Direct current measurement, 193 of distributed I/Os, 263
Direct I/O access, 352 Fault-tolerant, 25
Discrepancy Fault-tolerant communication, 220
Digital input modules, 186 Fault-tolerant connections
Discrepancy time, 186, 190 Configuration, 234
Documentation, 37 Programming, 224, 234
DP interface, 66 Fault-tolerant station, 247
DP master Fault-tolerant system
Diagnostics using LEDs, 85 Starting,
Diagnostics with STEP 7, 85 FB 450 RED_IN, 176
DP master system FB 451 RED_OUT, 176
Startup, 82 FB 452 RED_DIAG, 176
DPV1, 83 FB 453 RED_STATUS, 176
DPV1 and EN 50170, 83 FC 450 RED_INIT, 176
DPV1 master, 83 FC 451 RED_DEPA, 176
DPV1 mode, 83 Fiber-optic cable, 32
DPV1 slaves, 83 Cable pull-in, 329
Installation, 327
Replacement, 259
E Selection, 330
Storage, 328
EN 50170, 83
Firmware
Encoders
Updating, 77
Double redundant, 188
FLASH card, 62, 63
Error LEDs
Flexible memory space, 113
All CPUs, 53
FRCE, 53
CPU 412-5H, 54
Function modules, 429
CPU 414-5H, 54
Functional I/O redundancy, 176
CPU 416-5H, 54
CPU 417-5H, 54
Error messages, 49
G
Execution time
Cycle control, 341 Gateway, 210
Operating system, 341
Process image update, 337
User program, 337 H
Expanded memory configuration, 142
Hardware
Expanding the load memory, 60
Components, 31
External backup voltage, 48
Configuration, 40, 41, 248
External diodes, 189
Hardware interrupt
EXTF, 53
in the S7-400H system, 133
Hardware interrupt processing, 359
HOLD, 128
S7-400H
472 System Manual, 07/2014, A5E00267695-13
Index
Hotline, 22 Purpose, 19
Scope of validity, 20
Master CPU, 115
I Master/reserve assignment, 116
Maximum communication delay
I/O, 33, 163
Calculation, 158
Design versions, 33
Definition, 149
One-sided, 165
Maximum cycle time extension
Redundant, 171
Calculation, 158
Switched, 167
Definition, 149
I/O redundancy errors, 36
Maximum inhibit time for priority classes > 15
IE communication, 218
Calculation, 154
Data blocks, 218
Definition, 149
IFM1F, 53
MDT, 409
IFM2F, 53
Media redundancy protocol (MRP), 97
Indirect current measurement, 191
Memory areas
Installation types
Basis for the calculation, 113
I/O, 163
Memory areas, 111
interface
Memory card, 60
PROFINET, 47
Function, 60
INTF, 53
Serial number, 61
IP address
Memory card slot, 46
Assigning, 66
Memory expansion, 313
Memory reset, 124
Operating sequence, 57
L
Sequence, 57
LED Memory size, 113
BUSF, 85 Message functions, 145
LED displays, 45 Minimum I/O retention time
LED MAINT, 55 Calculation, 153
LINK, 54 Definition, 149
LINK1 OK, 55 Mode switch, 46, 55
LINK2 OK, 55 Monitoring functions, 49
Link-up, 135, 136, 137, 141, 148, 151, 202 Monitoring times, 149
Flow chart, 138 Accuracy, 152
Monitoring times, 202 Configuration, 153
Sequence, 141 MPI, 65
Time response, 151 MPI/DP interface, 47
LINK-UP, 126 MRP (media redundancy protocol ), 97
Link-up and update MSTR, 52
Disabling, 148 MTBF, 409, 413
Effects, 135 Multiple-bit errors, 132
Sequence, 137
Starting, 137
Link-up with master/reserve changeover, 141 N
Link-up, update, 127
Network configuration, 251
Load memory, 146
Network functions
Loss of redundancy, 117
S7 communication, 208
Networking configuration, 251
Non-redundant encoders, 187, 191
M
Manual
S7-400H
System Manual, 07/2014, A5E00267695-13 473
Index
O PROFINET interface, 47
Properties, 67
OB 121, 130
PROFINET IO
OB 70, 94
Organization blocks, 94
OB 83, 94
Overview of functions, 91
OB 86, 94
System and standard functions, 93
Online help, 21
System status list, 95
Operating mode
Programming, 34
Changing, 422
Programming via PROFIBUS, 82
Operating objectives, 25
Operating state changes, 87
Operating states
R
CPU, 123
HOLD, 128 Rack, 32
LINK-UP, 126 Rack number
RUN, 127 Setting, 47
STARTUP, 125 RACK0, 52
STOP, 124 RACK1, 52
System, 117 RAM card, 62
UPDATE, 126 RAM/POI comparison error, 131
Operating system Reading data consistently from a DP standard
Execution time, 341 slave, 107
Order numbers REDF, 54
Memory cards, 406 Redundancy
Organization blocks, 36, 94 Active, 115
Overview Active, 115
PROFINET IO functions, 91 Redundancy nodes, 27, 221
Redundant analog output modules, 195
Redundant automation systems, 25
P Redundant communication system, 220
Redundant encoders, 188
Parameter, 69
Analog input modules, 194
Parameter assignment tool, 70
Redundant I/O, 26, 171
Parameter block, 69
Analog input modules, 190
PG functions, 252
Configuration, 179
PG/OP-CPU communication, 65
Configurations, 172
Power supply, 32
Digital input modules, 186
Process image update
Digital output modules, 189
Execution time, 337
in central and expansion devices, 172
Process interrupt response time
in standalone mode, 174
of signal modules, 359
in the one-sided DP slave,
of the CPUs, 358, 359
in the switched DP slave, 174
PROFIBUS address, 82
Redundant system mode, 127
PROFIBUS DP
Reliability, 409
Diagnostic address, 87
Repair, 253
Organization blocks, 94
Replacement during operation, 253
System and standard functions, 93
in central and expansion racks, 253
System status list, 95
of distributed I/Os, 263
PROFIBUS DP interface, 47
Response time
PROFINET, 66, 89
Calculation of the, 350, 351
Device replacement without removable medium, 96
Elements, 347
Media redundancy, 97
Longest, 351
Shared Device, 97
Reducing, 352
S7-400H
474 System Manual, 07/2014, A5E00267695-13
Index
S7-400H
System Manual, 07/2014, A5E00267695-13 475
Index
T
Technical data
Memory cards, 406
Technical Support, 22
Time monitoring, 149
Time response, 160
Time-out, 151
Toggle switch, 56
Tolerance window, 190
Tools, 35
S7-400H
476 System Manual, 07/2014, A5E00267695-13