Emergency stop shutdown up to SIL 3 or PL e and protective door monitoring with tumbler up to SIL 2 or PL d via AS-i ET 200SP Master
The fail-safe controller monitors the emergency stop command device and the safety switch on two channels. Both devices have an integrated AS-i slave and are thereby connected to the AS-Interface. The two signals are transmitted to the fail-safe controller using the combination of CM AS-i Master and F-CM AS-i Safety (modules of the ET 200SP station). The position of a protective door is monitored via one safety switch. In addition, the door is locked by means of a tumbler integrated in the safety switch. When the command to release the door is issued by means of a toggle switch, the fail-safe controller switches the power contactors off in a safety-related way. On expiry of a set time, the tumbler is unlocked and access to the machine is enabled. After the door has been closed and locked again, and the feedback circuit is closed, the Start button can be used to switch on again. When the emergency stop device is actuated, the fail-safe controller also switches off the power contactors in a safety-related way. If the emergency stop command device is reset and the feedback circuit is closed, the Start button can be used to switch on again. Start pushbuttons and toggle switches are also read in via AS-Interface.
The safety function "stopping in an emergency" is designed up to SIL 3 or PL e. The safety function "Protective door monitoring" and the safety function "Protective door tumbler" are designed for up to SIL 2 or PL d.Taking account of fault exclusions, use of only one safety switch with or without tumbler is permissible up to SIL 2 or PL d. For further information, refer to the letter given below. Safety-related components
A detailed description about this application example can be found in the manual
Safety engineering with AS-Interface in the SIMATIC ET 200SP, including typical circuit diagram