Beckhoff EL6910 Operation Manual

Operation Manual for

EL6910

TwinSAFE Logic Terminal

Version:
Date:

1.8.0
2019-01-09

Table of contents

Table of contents

1 Foreword ....................................................................................................................................................5

1.1 Notes on the documentation..............................................................................................................5

1.2 Safety instructions .............................................................................................................................6

1.2.1 Delivery state ..................................................................................................................... 6

1.2.2 Operator's obligation to exercise diligence ........................................................................ 6

1.2.3 Description of safety symbols ............................................................................................ 7

1.3 Documentation issue status ..............................................................................................................8

1.4 Version history of the TwinSAFE product..........................................................................................9

1.5 References ......................................................................................................................................10

2 TwinSAFE System Description ..............................................................................................................11

2.1 Extension of the Beckhoff I/O system with safety functions ............................................................11

2.2 Safety concept.................................................................................................................................11

3 Product description.................................................................................................................................12

3.1 EL6910 - TwinSAFE logic terminal..................................................................................................12

3.2 Intended use....................................................................................................................................13

3.3 Technical data .................................................................................................................................15

3.4 Safety parameters ...........................................................................................................................16

3.5 Dimensions......................................................................................................................................17

4 Operation..................................................................................................................................................18

4.1 Environmental conditions ................................................................................................................18

4.2 Installation .......................................................................................................................................18

4.2.1 Safety instructions ........................................................................................................... 18

4.2.2 Transport / storage .......................................................................................................... 18

4.2.3 Mechanical installation..................................................................................................... 18

4.2.4 Electrical installation ........................................................................................................ 25

4.2.5 TwinSAFE reaction times ................................................................................................ 28

4.3 Operation in potentially explosive atmospheres (ATEX) .................................................................30

4.3.1 Special conditions............................................................................................................ 30

4.3.2 Identification..................................................................................................................... 30

4.3.3 Date code and serial number........................................................................................... 31

4.3.4 Further ATEX documentation .......................................................................................... 31

4.4 Configuration of the terminal in TwinCAT........................................................................................32

4.4.1 Configuration requirements ............................................................................................. 32

4.4.2 Adding an EtherCAT coupler .......................................................................................... 32

4.4.3 Adding an EtherCAT Terminal......................................................................................... 32

4.4.4 Adding an EL6910 ........................................................................................................... 32

4.4.5 Address settings on TwinSAFE terminals with 1023 possible addresses ....................... 34

4.4.6 Creating a safety project in TwinCAT3 ........................................................................... 35

4.4.7 Downloading the safety application ................................................................................. 63

4.4.8 Online Mode .................................................................................................................... 67

4.4.9 New features in TC3.1 Build 4022 ................................................................................... 70

4.5 Info Data ..........................................................................................................................................89

4.5.1 Info data for the connection ............................................................................................ 89

EL6910 3Version: 1.8.0

Table of contents

4.5.2 Info data for function blocks............................................................................................. 91

4.5.3 Info data for the TwinSAFE group ................................................................................... 92

4.5.4 Info data for the device .................................................................................................... 93

4.6 Version history.................................................................................................................................93

4.7 User Administration .........................................................................................................................94

4.8 Backup/Restore ...............................................................................................................................97

4.9 Export/import of the safety project.................................................................................................100

4.10 Diag History tab .............................................................................................................................102

4.11 Configuration of the PROFIsafe slave...........................................................................................103

4.11.1 Configuration of the slave connection in the PROFIsafe master software .................... 105

4.11.2 Configuration of the PROFINET device......................................................................... 106

4.11.3 Sample program for parameterizationIn the following sample program the parameter data
are received, stored in the PLC as persistent data, resent to the EL6910 whenever the

device starts up, and stored in CoE object 0x8005. ...................................................... 107

4.12 Configuration of the PROFIsafe master ........................................................................................109

4.12.1 Valid PROFIsafe configurations..................................................................................... 111

4.12.2 Invalid PROFIsafe configurations .................................................................................. 112

4.13 TwinSAFE SC configuration ..........................................................................................................113

4.14 Customizing / disabling TwinSAFE groups....................................................................................117

4.15 Saving the analog group inputs persistently..................................................................................120

4.16 Project design limits of EL6910/EJ6910........................................................................................121

4.17 Sync-Manager Configuration.........................................................................................................121

4.18 Diagnostics ....................................................................................................................................124

4.18.1 Diagnostic LEDs ............................................................................................................ 124

4.18.2 Status LEDs................................................................................................................... 125

4.18.3 Diagnostic objects.......................................................................................................... 126

4.18.4 Cycle time of the safety project...................................................................................... 127

4.19 Diagnosis History...........................................................................................................................127

4.20 Maintenance ..................................................................................................................................130

4.21 Service life .....................................................................................................................................131

4.22 Decommissioning ..........................................................................................................................131

4.23 Firmware update of TwinSAFE products.......................................................................................132

5 Appendix ................................................................................................................................................135

5.1 Support and Service ......................................................................................................................135

5.2 Certificates.....................................................................................................................................136

5.2.1 EN 81-20, EN 81-22 and EN 81-50 ............................................................................... 138

EL69104 Version: 1.8.0

Foreword

1 Foreword

1.1 Notes on the documentation

Intended audience

This description is only intended for the use of trained specialists in control and automation engineering who
are familiar with the applicable national standards.

It is essential that the following notes and explanations are followed when installing and commissioning
these components.

The responsible staff must ensure that the application or use of the products described satisfy all the
requirements for safety, including all the relevant laws, regulations, guidelines and standards.

Origin of the document

This documentation was originally written in German. All other languages are derived from the German
original.

Currentness

Please check whether you are using the current and valid version of this document. The current version can
be downloaded from the Beckhoff homepage at http://www.beckhoff.com/english/download/twinsafe.htm.
In case of doubt, please contact Technical Support [}135].

Product features

Only the product features specified in the current user documentation are valid. Further information given on
the product pages of the Beckhoff homepage, in emails or in other publications is not authoritative.

Disclaimer

The documentation has been prepared with care. The products described are subject to cyclical revision. For
that reason the documentation is not in every case checked for consistency with performance data,
standards or other characteristics. We reserve the right to revise and change the documentation at any time
and without prior announcement. No claims for the modification of products that have already been supplied
may be made on the basis of the data, diagrams and descriptions in this documentation.

Trademarks

Beckhoff®, TwinCAT®, EtherCAT®, EtherCATP®, SafetyoverEtherCAT®, TwinSAFE®, XFC® and XTS® are
registered trademarks of and licensed by Beckhoff Automation GmbH.
Other designations used in this publication may be trademarks whose use by third parties for their own
purposes could violate the rights of the owners.

Patent Pending

The EtherCAT Technology is covered, including but not limited to the following patent applications and
patents: EP1590927, EP1789857, DE102004044764, DE102007017835 with corresponding applications or
registrations in various other countries.

The TwinCAT Technology is covered, including but not limited to the following patent applications and
patents: EP0851348, US6167425 with corresponding applications or registrations in various other countries.

EL6910 5Version: 1.8.0

Foreword

EtherCAT® and Safety over EtherCAT® are registered trademarks and patented technologies, licensed by
Beckhoff Automation GmbH, Germany.

Copyright

© Beckhoff Automation GmbH & Co. KG, Germany.
The reproduction, distribution and utilization of this document as well as the communication of its contents to
others without express authorization are prohibited.
Offenders will be held liable for the payment of damages. All rights reserved in the event of the grant of a
patent, utility model or design.

Delivery conditions

In addition, the general delivery conditions of the company Beckhoff Automation GmbH & Co. KG apply.

1.2 Safety instructions

1.2.1 Delivery state

All the components are supplied in particular hardware and software configurations appropriate for the
application. Modifications to hardware or software configurations other than those described in the
documentation are not permitted, and nullify the liability of Beckhoff Automation GmbH & Co. KG.

1.2.2 Operator's obligation to exercise diligence

The operator must ensure that

• the TwinSAFE products are only used as intended (see chapter Product description);

• the TwinSAFE products are only operated in sound condition and in working order.

• the TwinSAFE products are operated only by suitably qualified and authorized personnel.

• the personnel is instructed regularly about relevant occupational safety and environmental protection
aspects, and is familiar with the operating instructions and in particular the safety instructions contained
herein.

• the operating instructions are in good condition and complete, and always available for reference at the
location where the TwinSAFE products are used.

• none of the safety and warning notes attached to the TwinSAFE products are removed, and all notes
remain legible.

EL69106 Version: 1.8.0

1.2.3 Description of safety symbols

In these operating instructions the following instructions are used.
These instructions must be read carefully and followed without fail!

DANGER

Serious risk of injury!

Failure to follow this safety instruction directly endangers the life and health of persons.

WARNING

Risk of injury!

Failure to follow this safety instruction endangers the life and health of persons.

CAUTION

Personal injuries!

Failure to follow this safety instruction can lead to injuries to persons.

NOTE

Damage to the environment/equipment or data loss

Failure to follow this instruction can lead to environmental damage, equipment damage or data loss.

Foreword

Tip or pointer

This symbol indicates information that contributes to better understanding.

EL6910 7Version: 1.8.0

Foreword

1.3 Documentation issue status

Version Comment

1.8.0 • Description Multiple Download added

• Note added to Project Settings

• Description of mounting rail installation updated

1.7.0 • Note added to Customizing

• Description of firmware update added

• Version history of the TwinSAFE product added

• Note EN81 updated

• Foreword updated

• Safety instructions adapted to IEC 82079-1.

1.6.0 • Description of the new features in TwinCAT 3.1 Build 4022 added

• Notes for the extension of certificates with EN 81-20, EN 81-22 and EN 81-50 added

• Notes on diagnostic history added

• Project planning limits updated

• Notes on the arrangement of TwinSAFE components added

• References and note for info data added

1.5.0 • Explanatory text and sequence chart added under Backup/Restore

• Explanatory text for input and output process image added

• Description added to Sync Manager configuration

• TwinSAFE SC description updated

1.4.1 • Technical data for permissible air pressure expanded

1.4.0 • User administration screenshots updated

• State and Diag of the TwinSAFE group updated

• Type examination certificate added

1.3.0 • Screenshots updated

• Certificate added

1.2.0 • Standards reference updated

• Safety parameters updated

1.1.0 • Description of diagnostic object 0xFEA0 expanded

1.0.0 • First released version

• Backup/Restore description expanded

EL69108 Version: 1.8.0

Foreword

Version Comment

0.5.0 • Descriptions of external connections, properties of FB ports, parameterization of Alias Devices,
Variable Mapping and Customizing updated

0.4.0 • Description of the group sequence added

• Check Safe Addresses description added

0.3.0 • System description added

0.2.0 • Screenshots for TwinCAT release adapted

• Description of info data revised

• LED description added

0.1.0 • Migration and structural adaptation

0.0.7 • System description updated

0.0.6 • Online View extended

0.0.5 • TwinSAFE group description extended

0.0.4 • PROFIsafe master/slave description extended

0.0.3 • Customizing extended

0.0.2 • Creating network and group descriptions

0.0.1 • Creation of the document

1.4 Version history of the TwinSAFE product

This version history lists the software and hardware version numbers. A description of the changes
compared to the previous version is also given.

Updated hardware and software

TwinSAFE products are subject to a cyclical revision. We reserve the right to revise and change the
TwinSAFE products at any time and without prior notice.
No claims for changes to products already delivered can be asserted from these hardware and/or
software changes.

A description of how a firmware (software) update can be performed can be found in chapter Firmware
update of TwinSAFE products [}132].

Date Software ver-

sion

25.01.2017 01 00 First release

06.02.2017 02 00 • Time stamp of diag messages optimized

03.08.2018 03 00 • Swapping of data bytes for PROFIsafe implemented

Hardware
version

Modifications

• Revision display implemented

• Update of the CoE Online display

• Optimization in case of communication errors at low
temperatures

• FB Muting: After an FB error in Backwards mode, the FB
error can be acknowledged without restarting the TwinSAFE
group.

• An error acknowledgement is now required after a user has
logged into the logic without deleting the project.

EL6910 9Version: 1.8.0

Foreword

1.5 References

No Version Title / description

[1] 3.1.0 or newer Documentation – TwinSAFE Logic FB

This document describes the safety-related function blocks that are
available in the TwinSAFE Logic and form the safety-related application.

[2] 1.8.0 or newer TwinSAFE Application Guide

The application guide provides the user with examples for the calculation of
safety parameters for safety functions according to the standards DIN EN
ISO 13849-1 and EN 62061 or EN 61508:2010 (if applicable), such as are
typically used on machines.

EL691010 Version: 1.8.0

TwinSAFE System Description

2 TwinSAFE System Description

2.1 Extension of the Beckhoff I/O system with safety functions

The TwinSAFE products from Beckhoff enable convenient expansion of the Beckhoff I/O system with safety
components, and integration of all the cabling for the safety circuit within the existing fieldbus cable. Safe
signals can be mixed with standard signals as required. The transfer of safety-related TwinSAFE telegrams
is handled by the standard controller. Maintenance is simplified significantly thanks to faster diagnosis and
simple replacement of components.

The following basic functionalities are included in the TwinSAFE components:
digital inputs (e.g. EL19xx, EP1908), digital outputs (e.g. EL29xx), drive components (e.g. AX5805) and logic
units (e.g. EL6900, EL6910). For a large number of applications, the complete safety sensor and actuator
technology can be wired on these components. The required logical link of the inputs and the outputs is
handled by the EL69xx. In addition to Boolean operations, the EL6910 now also enables analog operations.

2.2 Safety concept

TwinSAFE: Safety and I/O technology in one system

• Extension of the familiar Beckhoff I/O system with TwinSAFE components

• Safe and non-safe components can be combined as required

• Logical link of the I/Os in the EL69xx TwinSAFE logic terminal

• Suitable for applications up to SIL3 according to EN61508:2010 and Cat4, PLe according to
DINENISO13849-1:2016-06

• Safety-relevant networking of machines via bus systems

• In the event of an error, all TwinSAFE components always switch to the wattless and therefore safe
state

• No safety requirements for the higher-level standard TwinCAT system

Safety over EtherCAT protocol (FSoE)

• Transfer of safety-relevant data via any media (“genuine black channel”)

• TwinSAFE communication via fieldbus systems such as EtherCAT, Lightbus, PROFIBUS, PROFINET
or Ethernet

• IEC 61508:2010 SIL 3 compliant

• FSoE is IEC standard (IEC 61784-3-12) and ETG standard (ETG.5100)

Fail-safe principle (fail stop)

The basic rule for a safety system such as TwinSAFE is that failure of a part, a system component or the
overall system must never lead to a dangerous condition. The safe state is always the switched off and
wattless state.

CAUTION

Safe state

For all TwinSAFE components the safe state is always the switched-off, wattless state.

EL6910 11Version: 1.8.0

Product description

3 Product description

3.1 EL6910 - TwinSAFE logic terminal

The TwinSAFE Logic terminal is the link unit between the TwinSAFE inputs and outputs.

The EL6910 meets the requirements of EN62061:2005/A2:2015 and EN61508:2010SIL3, EN81-20:2014,
EN81-22:2014, EN81-50:2014 and ENISO13849-1:2015 (Cat4,PLe).

Fig.1: EL6910 - TwinSAFE Logic terminal

EL691012 Version: 1.8.0

Product description

3.2 Intended use

WARNING

Caution - Risk of injury!

TwinSAFE components may only be used for the purposes described below!

The TwinSAFE terminals expand the application range of Beckhoff Bus Terminal system with functions that
enable them to be used for machine safety applications. The TwinSAFE terminals are designed for machine
safety functions and directly associated industrial automation tasks. They are therefore only approved for
applications with a defined fail-safe state. This safe state is the wattless state. Fail-safety according to the
relevant standards is required.

The EL6910 TwinSAFE Logic terminal is suitable for operation at the

• Beckhoff Bus Couplers, EK1xxx series

• Beckhoff CXxxxx series Embedded PCs with E-bus connection

WARNING

System limits

The TÜV SÜD certificate applies to the EL6910, the function blocks available in it, the documentation and
the engineering tool. Approved engineering tools are TwinCAT 3.1, TwinSAFE Loader and CODESYS
Safety for EtherCAT Safety Module. Any deviations from these procedures or tools, particularly externally
generated xml files for TwinSAFE import or externally generated automatic project creation procedures, are
not covered by the certificate.

WARNING

Power supply from SELV/PELV power supply unit!

The TwinSAFE components must be supplied with 24VDC by an SELV/PELV power supply unit with an out­put voltage limit U

of 36VDC. Failure to observe this can result in a loss of safety.

max

CAUTION

Follow the machinery directive!

The TwinSAFE components may only be used in machines as defined in the machinery directive.

CAUTION

Ensure traceability!

The buyer has to ensure the traceability of the device via the serial number.

EL6910 13Version: 1.8.0

Product description

CAUTION

Note on approval according to EN 81-20, EN 81-22 and EN 81-50

• The TwinSAFE components may only be used in machines that have been designed and installed in ac­cordance with the requirements of the EN60204-1 standard.

• Provide a surge filter for the supply voltage of the TwinSAFE components against overvoltages. (Reduc­tion to overvoltage category II)

• EN81 requires that in the case of devices with internal temperature monitoring, a stop must be reached
in the event of an overtemperature. In this case, passengers must be able to disembark (see EN81-20
chapter 5.10.4.3, for example). To ensure this, application measures are necessary. The internal termi­nal temperature of the TwinSAFE components can be read out by the user. There is a direct switch-off at
the maximum permissible temperature of the respective TwinSAFE component (see chapter Tempera­ture measurement).
The user must select a temperature threshold below the maximum temperature such that a stop can be
reached in all cases before the maximum temperature is reached. Information on the optimum terminal
configuration can be found under Notes on the arrangement of TwinSAFE components and under Exam­ple configuration for temperature measurement.

• For the use of the TwinSAFE components according to EN81-22 and EN81-50, the conditions de­scribed in the manuals for achieving category4 according to ENISO13849-1:2015 must be observed.

• The use of TwinSAFE components is limited to indoor applications.

• Basic protection against direct contact must be provided, either by fulfilling protection class IP2X or by
installing the TwinSAFE components in a control cabinet which corresponds at least to protection class
IP54 according to EN60529.

• The ambient conditions regarding temperature, humidity, heat dissipation, EMC and vibrations, as speci­fied in the operating instructions under technical data, must be observed.

• The operating conditions in potentially explosive atmospheres (ATEX) are specified in the operating in­structions.

• The safe state (triggering) of the application must be the de-energized state. The safe state of the Twin­SAFE components is always the de-energized, switched-off state, and this cannot be changed.

• The service life specified in the operating instructions must be observed.

• If the TwinSAFE component is operated outside the permissible temperature range, it changes to
"Global Shutdown" state.

• The TwinSAFE components must be installed in a control cabinet with protection class IP54 according to
EN60529, so that the requirement for contamination level3 according to EN60664-1 can be reduced to
level2.

• The TwinSAFE components must be supplied by a SELV/PELV power supply unit with a maximum volt­age of U

<=36VDC.

max

EL691014 Version: 1.8.0

Product description

3.3 Technical data

Product designation EL6910

Number of inputs 0
Number of outputs 0
Status display 4 diagnostic LEDs
Minimum/maximum cycle time approx. 1 ms / according the project size
Fault response time ≤ watchdog times
Watchdog time min. 2ms, max. 60000ms
Input process image Dynamic, according to the TwinSAFE configuration in TwinCAT3
Output process image Dynamic, according to the TwinSAFE configuration in TwinCAT3
Supply voltage (SELV/PELV) 24VDC (–15%/+20%)
Current consumption via E-bus approx. 160mA
Power dissipation of the terminal typically 1W
Dimensions (WxHxD) 12mmx100mmx68mm
Weight approx.50g
Permissible ambient temperature (operation)

Permissible ambient temperature (transport/storage) -40°C to +70°C
Permissible air humidity 5% to 95%, non-condensing
Permissible air pressure (operation/storage/transport) 750hPa to 1100hPa

Climate category according to EN 60721-3-3 3K3

Permissible level of contamination according to EN60664-1
Inadmissible operating conditions TwinSAFE Terminals must not be used under the following operat-

Vibration / shock resistance conforms to EN60068-2-6/ EN60068-2-27
EMC immunity/emission conforms to EN61000-6-2/ EN61000-6-4
Shocks 15g with pulse duration 11ms in all three axes
Protection class IP20
Permitted operating environment In the control cabinet or terminal box, with minimum protection

correct installation position
Approvals CE, cULus, TÜVSÜD

-25°C to +55°C (see notes in section Sample configuration for
temperature measurement [}20])

(this corresponds to an altitude of approx. -690m to 2450m above
sea level, assuming an international standard atmosphere)

(the deviation from 3K3 is possible only with optimal environmental
conditions and also applies only to the technical data which are
specified differently in this documentation)

Contamination level 2 (note chapter Maintenance [}130])

ing conditions:

• under the influence of ionizing radiation (exceeding the
natural background radiation)

• in corrosive environments

• in an environment that leads to unacceptable soiling of the
Bus Terminal

class IP54 according to IEC60529
see chapter Installation position and minimum distances [}19]

EL6910 15Version: 1.8.0

Product description

3.4 Safety parameters

Characteristic numbers EL6910

Lifetime [a] 20
Proof test interval [a] not required
PFH

D

%SIL3 of PFH
PFD

avg

%SIL3 of PFD
MTTF
DC high
Performance level PLe
Category 4
HFT 1
Classification element

1. Special proof tests are not required during the entire service life of the EL6910 EtherCAT Terminal.

2. Classification according to IEC61508-2:2010 (see chapters 7.4.4.1.2 and 7.4.4.1.3)

D

avg

D

2)

1.79E-09

1.79%

2.54E-05

2.54%
high

Type B

The EL6910 EtherCAT Terminal can be used for safety-related applications according to IEC62061 and
IEC61508:2010 up to SIL3 and ENISO13849-1:2015 up to PLe(Cat4).

1)

Further information on calculating or estimating the MTTFD value from the PFHD value can be found in the
TwinSAFE Application Guide or in ENISO13849-1:2015, TableK.1.

In terms of safety-related parameters, the Safety-over-EtherCAT communication is already considered with
1% of SIL3 according to the protocol specification.

EL691016 Version: 1.8.0

3.5 Dimensions

Product description

Fig.2: Dimensions of the EL6910

Width: 12 mm (side-by-side installation)
Height: 100 mm
Depth: 68 mm

EL6910 17Version: 1.8.0

Operation

4 Operation

4.1 Environmental conditions

Please ensure that the TwinSAFE components are only transported, stored and operated under the specified
conditions (see technical data)!

WARNING

Risk of injury!

The TwinSAFE components must not be used under the following operating conditions.

• under the influence of ionizing radiation (that exceeds the level of the natural environmental radiation)

• in corrosive environments

• in an environment that leads to unacceptable soiling of the TwinSAFE component

NOTE

Electromagnetic compatibility

The TwinSAFE components comply with the current standards on electromagnetic compatibility with regard
to spurious radiation and immunity to interference in particular.
However, in cases where devices such as mobile phones, radio equipment, transmitters or high-frequency
systems that exceed the interference emissions limits specified in the standards are operated near Twin­SAFE components, the function of the TwinSAFE components may be impaired.

4.2 Installation

4.2.1 Safety instructions

Before installing and commissioning the TwinSAFE components please read the safety instructions in the
foreword of this documentation.

4.2.2 Transport / storage

Use the original packaging in which the components were delivered for transporting and storing the
TwinSAFE components.

CAUTION

Note the specified environmental conditions

Please ensure that the digital TwinSAFE components are only transported and stored under the specified
environmental conditions (see technical data).

4.2.3 Mechanical installation

DANGER

Risk of injury!

Bring the bus system into a safe, de-energized state before starting installation, disassembly or wiring of
the devices!

EL691018 Version: 1.8.0

Operation

4.2.3.1 Control cabinet / terminal box

The TwinSAFE terminals must be installed in a control cabinet or terminal box with IP54 protection class
according to IEC60529 as a minimum.

4.2.3.2 Installation position and minimum distances

For the prescribed installation position the mounting rail is installed horizontally and the mating surfaces of
the EL/KL terminals point toward the front (see illustration below). The terminals are ventilated from below,
which enables optimum cooling of the electronics through convection. The direction indication “down”
corresponds to the direction of positive acceleration due to gravity.

Fig.3: Installation position and minimum distances

In order to ensure optimum convection cooling, the distances to neighboring devices and to control cabinet
walls must not be smaller than those shown in the diagram.

EL6910 19Version: 1.8.0

Operation

4.2.3.3 Sample configuration for temperature measurement

Fig.4: Sample configuration for temperature measurement

The sample configuration for the temperature measurement consists of an EK1100 EtherCAT coupler with
connected terminals that match the typical distribution of digital and analog signal types at a machine. On the
EL6910 a safety project is active, which reads safe inputs and enables all 4 safe outputs during the
measurement.

External heat sources / radiant heat / impaired convection

The maximum permissible ambient temperature of 55°C was checked with the above sample con­figuration. Impaired convection, an unfavorable location near heat sources or an unfavorable config­uration of the EtherCAT Terminals may result in overheating of the terminals.

The key parameter is always the maximum permitted internally measured temperature of 95°C,
above which the TwinSAFE terminals switch to safe state and report an error. The internal tempera­ture can be read from the TwinSAFE components via CoE.

EL691020 Version: 1.8.0

Operation

4.2.3.4 Installation on mounting rails

WARNING

Risk of electric shock and damage of device!

Bring the bus terminal system into a safe, powered down state before starting installation, disassembly or
wiring of the Bus Terminals!

Mounting

Fig.5: Installation on the mounting rail

The Bus Couplers and Bus Terminals are attached to commercially available 35mm mounting rails (DIN rail
according to EN60715) by applying slight pressure:

1. First attach the Fieldbus Coupler to the mounting rail.

2. The Bus Terminals are now attached on the right-hand side of the Fieldbus Coupler. Join the compo­nents with slot and key and push the terminals against the mounting rail, until the lock clicks onto the
mounting rail.
If the terminals are clipped onto the mounting rail first and then pushed together without slot and key,
the connection will not be operational! When correctly assembled, no significant gap should be visible
between the housings.

Fastening of mounting rails

The locking mechanism of the terminals and couplers protrudes into the profile of the mounting rail.
When installing the components, make sure that the locking mechanism doesn't come into conflict
with the fixing bolts of the mounting rail. For fastening mounting rails with a height of 7.5mm under
the terminals and couplers, use flat fastening components such as countersunk head screws or
blind rivets.

EL6910 21Version: 1.8.0

Operation

Disassembly

Fig.6: Removal from mounting rail

Each terminal is secured by a lock on the mounting rail, which must be released for disassembly:

1. Pull down the terminal at its orange-colored straps from the mounting rail by approx. 1 cm. The rail
locking of this terminal is automatically released, and you can now pull the terminal out of the Bus Ter­minal block with little effort.

2. To do this, grasp the unlocked terminal simultaneously at the top and bottom of the housing surfaces
with your thumb and index finger and pull it out of the Bus Terminal block.

EL691022 Version: 1.8.0

Operation

4.2.3.5 Notes on the arrangement of TwinSAFE components

The following notes show favorable and unfavorable arrangement of the terminals in relation to thermal

aspects. Components with higher waste heat are marked with a red symbol and components with low

waste heat with a blue symbol .

EtherCAT coupler EK11xx and power supply terminal EL9410

The more terminals are connected behind an EtherCAT coupler or a power supply terminal, the higher is the
E-Bus current, which must be supplied by their power supply units. As the current increases, the waste heat
of the power supply units is also increased..

EL69x0

The EL69x0 has a rather high waste heat because it has a high internal clock and high logic power.

EL2904

The EL2904 has a rather high waste heat, due to the possibly high output current of the connected
actuators.

EL1904

Even the EL1904 has a rather high waste heat, although the external load by clock outputs and safe inputs is
rather low.

EL6910 23Version: 1.8.0

Operation

Thermally unfavorable arrangement of the TwinSAFE terminals

The following structure is rather unfavorable, since terminals with rather high waste heat are connected
directly to couplers or power supply terminals with high E-Bus load. The additional external heating of the
TwinSAFE terminals by the adjacent power supply units increases the internal terminal temperature, which
can lead to the maximum permissible temperature being exceeded. This leads to a diagnosis message
"overtemperature”.

Fig.7: Thermally unfavorable arrangement of the TwinSAFE terminals

EL691024 Version: 1.8.0

Operation

Thermally favorable arrangement of the TwinSAFE terminals

The following structure is thermally favorable, since between the coupler / power supply terminal and
terminals with rather high waste heat, terminals with low current consumption and thus rather low waste heat
are placed.

Fig.8: Thermally favorable arrangement of the TwinSAFE terminals

4.2.4 Electrical installation

4.2.4.1 Connections within a Bus Terminal block

The electric connections between the Bus Coupler and the Bus Terminals are automatically realized by
joining the components:

Spring contacts (E-bus)

The six spring contacts of the E-bus deal with the transfer of the data and the supply of the Bus Terminal
electronics.

NOTE

Observe the E-bus current

Observe the maximum current that your Bus Coupler can supply to the E-bus! Use the EL9410 Power Sup­ply Terminal if the current consumption of your terminals exceeds the maximum current that your Bus Cou­pler can feed to the E-bus supply.

Power contacts

The power contacts deal with the supply for the field electronics and thus represent a supply rail within the
Bus Terminal block. The power contacts are supplied via terminals on the Bus Coupler.

EL6910 25Version: 1.8.0

Operation

Note the connection of the power contacts

During the design of a Bus Terminal block, the pin assignment of the individual Bus Terminals must
be taken account of, since some types (e.g. analog Bus Terminals or digital 4-channel Bus Termi­nals) do not or not fully loop through the power contacts.
Potential supply terminals (EL91xx, EL92xx) interrupt the power contacts and thus represent the
start of a new supply rail.

PE power contact

The power contact labelled PE can be used as a protective earth. For safety reasons this contact mates first
when plugging together, and can ground short-circuit currents of up to 125A.

Fig.9: PE power contact

CAUTION

Insulation tests

Note that, for reasons of electromagnetic compatibility, the PE contacts are capacitatively coupled to the
mounting rail. This may lead to incorrect results during insulation testing or to damage on the terminal (e.g.
disruptive discharge to the PE line during insulation testing of a consumer with a rated voltage of 230V).
For insulation testing, disconnect the PE supply line at the Bus Coupler or the Potential Supply Terminal! In
order to decouple further feed points for testing, these Power Feed Terminals can be released and pulled at
least 10mm from the group of terminals.

DANGER

Serious risk of injury!

The PE power contact must not be used for other potentials!

4.2.4.2 Overvoltage protection

If protection against overvoltage is necessary in your plant, provide a surge filter for the voltage supply to the
Bus Terminal blocks and the TwinSAFE terminals.

EL691026 Version: 1.8.0

4.2.4.3 EL6900/EL6910 pin assignment

Operation

Fig.10: EL6900/EL6910 pin assignment

Terminal point Output Signal

1 - not used, no function
2 not used, no function
3 - not used, no function
4 not used, no function
5 - not used, no function
6 not used, no function
7 - not used, no function
8 not used, no function

EL6910 27Version: 1.8.0

Operation

4.2.5 TwinSAFE reaction times

The TwinSAFE terminals form a modular safety system that exchanges safety-oriented data via the Safety­over-EtherCAT protocol. This chapter is intended to help you determine the system's reaction time from the
change of signal at the sensor to the reaction at the actuator.

Typical reaction time

The typical reaction time is the time that is required to transmit information from the sensor to the actuator, if
the overall system is working without error in normal operation.

Fig.11: Typical reaction time

Definition Description

RTSensor Reaction time of the sensor until the signal is provided at the interface. Typically supplied by

the sensor manufacturer.

RTInput Reaction time of the safe input, such as EL1904 or EP1908. This time can be found in the

technical data. In the case of the EL1904 it is 4 ms.

RTComm Reaction time of the communication This is typically 3x the EtherCAT cycle time, because

new data can only be sent in a new Safety-over-EtherCAT telegram. These times depend
directly on the higher-level standard controller (cycle time of the PLC/NC).

RTLogic Reaction time of the logic terminal. This is the cycle time of the logic terminal and typically

ranges from 500 µs to 10 ms for the EL6900, depending on the size of the safety project.

The actual cycle time can be read from the terminal.
RTOutput Reaction time of the output terminal. This typically lies within the range of 2 to 3 ms.
RTActor Reaction time of the actuator. This information is typically supplied by the actuator

manufacturer
WDComm Watchdog time of the communication

This results in the following equation for the typical reaction time:

with, for example

Worst-case reaction time

The worst case reaction time is the maximum time required to switch off the actuator in the case of an error.

EL691028 Version: 1.8.0

Operation

Fig.12: Worst-case reaction time

This assumes that a signal change occurs at the sensor and is transmitted to the input. A communication
error occurs at precisely the moment when the signal is to be transferred to the communication interface.
This is detected by the logic following the watchdog time of the communication link. This information should
then be transferred to the output, but a further communication error occurs here. This error is detected at the
output following the expiry of the watchdog time and leads to the switch-off.

This results in the following equation for the worst-case reaction:

with, for example

EL6910 29Version: 1.8.0

Operation

4.3 Operation in potentially explosive atmospheres (ATEX)

4.3.1 Special conditions

WARNING

Observe the special conditions for the intended use of Beckhoff fieldbus components in
potentially explosive atmospheres (directive 2014/34/EU)!

The certified components are to be installed in a suitable housing that guarantees a protection class of at
least IP54 in accordance with EN60529! The environmental conditions during use are thereby to be taken
into account.

If the temperatures during rated operation are higher than 70°C at the feed-in points of cables, lines or
pipes, or higher than 80°C at the wire branching points, then cables must be selected whose temperature
data correspond to the actual measured temperature values!

Observe the permissible ambient temperature range of 0 to 55 °C when using Beckhoff fieldbus compo­nents in potentially explosive atmospheres!

Measures must be taken to protect against the rated operating voltage being exceeded by more than 40%
due to short-term interference voltages!

The individual terminals may only be unplugged or removed from the Bus Terminal system if the supply
voltage has been switched off or if a non-explosive atmosphere is ensured!

The connections of the certified components may only be connected or disconnected if the supply voltage
has been switched off or if a non-explosive atmosphere is ensured!

The fuses of the EL92xx power feed terminals may only be exchanged if the supply voltage has been
switched off or if a non-explosive atmosphere is ensured!

Address selectors and ID switches may only be adjusted if the supply voltage has been switched off or if a
non-explosive atmosphere is ensured!

The fundamental health and safety requirements are fulfilled by compliance with the following standards:

• EN 60079-0 : 2103

• EN 60079-15 : 2011

4.3.2 Identification

Beckhoff fieldbus components that are certified for use in potentially explosive atmospheres bear one of the
following markings:

II 3 G Ex nA II T4 KEMA 10ATEX0075 X Ta: 0 - 55°C

or

II 3 G Ex nA nC IIC T4 KEMA 10ATEX0075 X Ta: 0 - 55°C

EL691030 Version: 1.8.0