Documentation | EN
TwinSAFE Loader
Tool to load and adapt a TwinSAFE project
2020-08-10 | Version: 2.4.0
Table of contents
Table of contents
1 Foreword ....................................................................................................................................................5
1.1 Notes on the documentation..............................................................................................................5
1.2 Safety instructions .............................................................................................................................6
1.2.1 Delivery state ..................................................................................................................... 6
1.2.2 Operator's obligation to exercise diligence ........................................................................ 6
1.2.3 Description of instructions.................................................................................................. 7
1.3 Documentation issue status ..............................................................................................................8
2 System description ...................................................................................................................................9
2.1 General..............................................................................................................................................9
2.2 System limits......................................................................................................................................9
3 Product description.................................................................................................................................10
3.1 System requirements.......................................................................................................................10
3.1.1 Operating System ............................................................................................................ 10
3.1.2 Target system .................................................................................................................. 11
3.1.3 Communication with the TwinSAFE logic component ..................................................... 12
3.2 Intended use....................................................................................................................................13
3.3 Functioning ......................................................................................................................................13
3.3.1 Communication................................................................................................................ 13
3.3.2 Authentication .................................................................................................................. 13
3.3.3 Loading a safety project................................................................................................... 14
3.3.4 Activation of a safety project............................................................................................ 14
3.3.5 Deleting a safety project .................................................................................................. 15
3.3.6 Customizing a safety project............................................................................................ 15
3.3.7 List of the current group configuration ............................................................................. 17
3.3.8 Additional functions.......................................................................................................... 17
3.4 List of all available parameters ........................................................................................................18
3.5 Safety parameters ...........................................................................................................................19
3.6 Error codes ......................................................................................................................................20
3.7 FMEDA ............................................................................................................................................20
4 EtherCAT Mailbox Gateway....................................................................................................................23
4.1 Settings EtherCAT Mailbox Gateway ..............................................................................................23
4.2 Beckhoff Virtual Ethernet Adapter ...................................................................................................24
4.3 Adding a route .................................................................................................................................26
5 Appendix ..................................................................................................................................................28
5.1 Support and Service ........................................................................................................................28
5.2 Certificates.......................................................................................................................................29
5.2.1 Letter of Confirmation ...................................................................................................... 29
TwinSAFE Loader 3Version: 2.4.0
Table of contents
TwinSAFE Loader4 Version: 2.4.0
Foreword
1 Foreword
1.1 Notes on the documentation
Intended audience
This description is only intended for the use of trained specialists in control and automation engineering who
are familiar with the applicable national standards.
It is essential that the following notes and explanations are followed when installing and commissioning
these components.
The responsible staff must ensure that the application or use of the products described satisfy all the
requirements for safety, including all the relevant laws, regulations, guidelines and standards.
Origin of the document
This original documentation is written in German. All other languages are derived from the German original.
Currentness
Please check whether you are using the current and valid version of this document. The current version can
be downloaded from the Beckhoff homepage at http://www.beckhoff.com/english/download/twinsafe.htm.
In case of doubt, please contact Technical Support [}28].
Product features
Only the product features specified in the current user documentation are valid. Further information given on
the product pages of the Beckhoff homepage, in emails or in other publications is not authoritative.
Disclaimer
The documentation has been prepared with care. The products described are subject to cyclical revision. For
that reason the documentation is not in every case checked for consistency with performance data,
standards or other characteristics. We reserve the right to revise and change the documentation at any time
and without prior announcement. No claims for the modification of products that have already been supplied
may be made on the basis of the data, diagrams and descriptions in this documentation.
Trademarks
Beckhoff®, TwinCAT®, EtherCAT®, EtherCATG®, EtherCATG10®, EtherCATP®, SafetyoverEtherCAT®,
TwinSAFE®, XFC®, XTS® and XPlanar® are registered trademarks of and licensed by Beckhoff Automation
GmbH. Other designations used in this publication may be trademarks whose use by third parties for their
own purposes could violate the rights of the owners.
Patent Pending
The EtherCAT Technology is covered, including but not limited to the following patent applications and
patents: EP1590927, EP1789857, EP1456722, EP2137893, DE102015105702 with corresponding
applications or registrations in various other countries.
TwinSAFE Loader 5Version: 2.4.0
Foreword
EtherCAT® and Safety over EtherCAT® are registered trademarks and patented technologies, licensed by
Beckhoff Automation GmbH, Germany.
Copyright
© Beckhoff Automation GmbH & Co. KG, Germany.
The reproduction, distribution and utilization of this document as well as the communication of its contents to
others without express authorization are prohibited.
Offenders will be held liable for the payment of damages. All rights reserved in the event of the grant of a
patent, utility model or design.
Delivery conditions
In addition, the general delivery conditions of the company Beckhoff Automation GmbH & Co. KG apply.
1.2 Safety instructions
1.2.1 Delivery state
All the components are supplied in particular hardware and software configurations appropriate for the
application. Modifications to hardware or software configurations other than those described in the
documentation are not permitted, and nullify the liability of Beckhoff Automation GmbH & Co. KG.
1.2.2 Operator's obligation to exercise diligence
The operator must ensure that
• the TwinSAFE products are only used as intended (see chapter Product description);
• the TwinSAFE products are only operated in sound condition and in working order.
• the TwinSAFE products are operated only by suitably qualified and authorized personnel.
• the personnel is instructed regularly about relevant occupational safety and environmental protection
aspects, and is familiar with the operating instructions and in particular the safety instructions contained
herein.
• the operating instructions are in good condition and complete, and always available for reference at the
location where the TwinSAFE products are used.
• none of the safety and warning notes attached to the TwinSAFE products are removed, and all notes
remain legible.
TwinSAFE Loader6 Version: 2.4.0
1.2.3 Description of instructions
In these operating instructions the following instructions are used.
These instructions must be read carefully and followed without fail!
DANGER
Serious risk of injury!
Failure to follow this safety instruction directly endangers the life and health of persons.
WARNING
Risk of injury!
Failure to follow this safety instruction endangers the life and health of persons.
CAUTION
Personal injuries!
Failure to follow this safety instruction can lead to injuries to persons.
NOTE
Damage to the environment/equipment or data loss
Failure to follow this instruction can lead to environmental damage, equipment damage or data loss.
Foreword
Tip or pointer
This symbol indicates information that contributes to better understanding.
TwinSAFE Loader 7Version: 2.4.0
Foreword
1.3 Documentation issue status
Version Comment
2.4.0 • Semicolons removed from the csv tables
• Note on the different indexing in the Loader compared to the Safety Editor with regards to
the groups
• Added another example for the customizing
• Description of operating system extended
2.3.0 • Description of target system extended
• Added TwinSAFE Loader Version v7
2.2.0 • Added TwinSAFE Loader Version v6
2.1.1 • Note to Virtual Ethernet Adpater added
• Parameter --localams added
2.1.0 • Added extensions for TwinSAFE Loader, version v5
2.0.0 • Migration
• List of supported hardware updated
1.2.0 • Setting up EtherCAT Mailbox Gateway added
1.1.0 • Expanding system requirements
• Foreword updated
1.0.0 • First released version
0.0.7 • Functions Delete and Customize added
0.0.6 • Note added to FMEDA chapter
• Graphic added to Chapter 2.1
0.0.5 • Addition of the FMEDA
• Exchange of Chapters 3.2 and 3.3
0.0.4 • Resorting of chapters
0.0.3 • Chapter 3.7, CSV format added
0.0.2 • Revision of call parameters
0.0.1 • First draft
TwinSAFE Loader8 Version: 2.4.0
System description
2 System description
2.1 General
The TwinSAFE Loader is a software for loading a safety project to an EL69xx or EK19x0 safety controller
independently of the TwinCAT development environment. The starting point of a loading procedure is a
binary file that is exported in advance from the TwinCAT development environment.
Following the actual loading procedure, it is possible to adapt the safety project. To perform an adaptation,
the safety project must be configured accordingly in the TwinCAT development environment. The TwinSAFE
groups that are to be activated, deactivated or be passivated must be parametrized accordingly and the safe
substitute values for the outputs of the groups must be defined during the development by the programmer.
These substitute values are also part of the binary file that the programmer created after completion of the
safety program.
Fig.1: TwinSAFE Loader - Overview
2.2 System limits
The TwinSAFE Loader software is delivered as an executable program library and is available for the
Windows and Linux operating systems. This library can be integrated into applications. The various functions
of the program library are controlled by corresponding command line parameters.
The safety project can only be loaded for the EL6900 TwinSAFE logic terminal. It is not possible to adapt the
safety project here.
The safety project can be loaded and adapted for the EL6910 TwinSAFE logic terminal, the EK1960
TwinSAFE controller and any future TwinSAFE products.
A TwinCAT version 3.1 or higher is required to create a corresponding safety project.
TwinSAFE Loader 9Version: 2.4.0
Product description
3 Product description
The TwinSAFE Loader is a program library for the loading and adaptation of a safety project for TwinSAFE
logic components. Before describing the functional mode of the product in detail, the system requirements
for the successful use of the TwinSAFE Loader are dealt with in the following section.
3.1 System requirements
3.1.1 Operating System
To run the TwinSAFE Loader, the following system requirements must be met depending on the operating
system.
3.1.1.1 Windows
No additional components are required for the operating systems Windows7 (32/64bit) and Windows 10
(32/64 bit).
The following table lists the different versions of the TwinSAFE Loader and the associated SHA checksums.
File name Operating system Version SHA Checksum
TwinSAFE_Loader.exe Win32 v1 SHA1:
3dfc76aca223f04a0e91677f2c6452df8a39a8f9
v5 SHA256:
970a4ee096e181d20cea42d700c6ded1253a61a
34c9ea00a5db6cc9ee99693f6
v6 SHA256:
177f74ae6ce036ecc0f747f1f1324cfd890c627be9
1c111429a4bf124a3a1a1d
v7 SHA256:
e8287a0c23229cedb821e3a5b56459101ca45aa
badaa185e4313bd7ad3a92d47
TwinSAFE Loader10 Version: 2.4.0
Product description
3.1.1.2 Linux
No additional components are required for the operating system Ubuntu16.04.
The following table lists the different versions of the TwinSAFE Loader and the associated SHA checksums.
Filename Operating system Version SHA Checksum
TwinSAFE_Loader.bin Linux x86 64-Bit v1 SHA1:
c37f52a2fb8e3609346671feb2f60c9cba2bd2f9
v5 SHA256:
462a9f652eab4ad43fb0dbf487bb3db9fa71a596c
e339fb9fd5990f544d0a808
v6 SHA256:
972391f4aa88322dc8ffad415919ae814095ab73
49f059ffcb03e8a8c5d0f8a5
v7 SHA256:
b184816a9a17caeb1d7baca2395d30207cac463
b63638930de0dc4f20539bedf
TwinSAFE_Loader-i386.bin Linux x86 32-Bit v5 SHA256:
4b25dbd486cd56a3da411e7b1643be6834b7db5
1c3cb58bfb9caecdd36bdc9e1
v6 SHA256:
11ed882fd06dd28f19ec3a7c458fdebf87b8fdd26
9bec930a145056ece4dc835
v7 SHA256:
3af9a3a22fffa7a399c9aa5c1763ba588bc2680be
b8d3cadfd165739f4dca099
3.1.2 Target system
The supported TwinSAFE logic components can be taken from the following list:
Product name SW version
EL6900 05 or newer (Production from week 02/2014)
EL6910 01 or newer
EK1960 01 or newer
EL1918 01 or newer
EL2911 01 or newer
EP1957-0022 01 or newer
EJ6910 01 or newer
EJ1914 01 or newer
EJ1918 01 or newer
EJ2914 01 or newer
EJ2918 01 or newer
EJ1957 01 or newer
The components listed in the table above are directly supported in the current version of the TwinSAFE
loader.
NOTE
Integration of new TwinSAFE logic components
If a new TwinSAFE logic component is available which is not directly supported in the current version of the
TwinSAFE loader, it can be included by an additional configuration file.
TwinSAFE Loader 11Version: 2.4.0
Product description
To integrate a new TwinSAFE logic component, an additional file "custom_terminals.csv" must be created in
the directory of the TwinSAFE Loader execution file. This file can then be filled in the following syntax so that
new components can be supported (lines 1 and 2 are fixed). Using the example of a new logic component
ELxxxx, which is based on the TwinSAFE Logic EL6910, the file would have to be extended as shown in line
5.
File: custom_terminals.csv
1
class;type
EL6910;EL6910
EL6910;EP1957-0022
EL6910;ELxxxx
Furthermore, an updated version of this configuration file can always be found on the Beckhoff website when
new components are introduced without direct support from the TwinSAFE Loader.
3.1.3 Communication with the TwinSAFE logic component
The TwinSAFE Loader supports the following protocols for the loading or adaptation of a safety project to a
TwinSAFE logic component.
ADS over EtherCAT (AoE)
EtherCAT Mailbox Gateway
For successful communication with the TwinSAFE logic component, the TwinSAFE Loader must be able to
establish a connection with the EtherCAT master existing in the system. The following system requirements
must be fulfilled for this:
3.1.3.1 ADS over EtherCAT (AoE)
The EtherCAT master must be configured so that it accepts AoE connections (according to ETG.1020) on
port 0xBF02 (TCP/IP).
3.1.3.2 EtherCAT Mailbox Gateway
The EtherCAT master must be configured so that it accepts packets of the EtherCAT mailbox gateway
(according to ETG.8200) on port 0x88A4 (UDP/IP).
TwinSAFE Loader12 Version: 2.4.0
Product description
3.2 Intended use
WARNING
Risk of injury!
TwinSAFE terminals may only be used for the purposes described below!
CAUTION
Follow the machinery directive!
The TwinSAFE terminals may only be used in machines according to the machinery directive.
WARNING
Loading and adapting the project - workflow!
For loading and adapting a safety project, the user must specify a workflow in order to ensure that the correct safety project for the application is activated on the TwinSAFE logic component.
WARNING
Loading and adapting the project - authentication!
The user must ensure that only authorized persons are able to load or adapt the safety project.
3.3 Functioning
The task of the TwinSAFE Loader is to load a safety project to a TwinSAFE logic component independently
of the TwinCAT development environment or to adapt a safety project already existing on a TwinSAFE logic
component.
The data packets necessary for this are transmitted via the EtherCAT master existing in the system to the
corresponding component. The functions of the TwinSAFE Loader are controlled by command line
parameters.
3.3.1 Communication
The following parameters must be used to control communication.
Command line parameters Description
--gw <IPv4 address> Specification of the IPv4 address of the EtherCAT
mailbox gateway or, in AoE mode, the IPv4 address
of the EtherCAT master. As of version v5, the
EtherCAT master can also be addressed via the host
name in AoE mode.
--ams <NetId> Specification of the AmsNetID, if ADS over EtherCAT
(AoE) is to be used.
--localams <NetId> if --ams is used the local AMSNetID can be specified.
If the parameter is not used, the AmsNetID is formed
from its own IP address + ".1.1".
3.3.2 Authentication
The following parameters must be used to authenticate a user on the TwinSAFE logic.
Command line parameters Description
--user <user name> Name of the user with the appropriate rights to
perform the desired function.
--pass <password> Password of the user.
TwinSAFE Loader 13Version: 2.4.0
Product description
User management
Each TwinSAFE logic component has its own user administration. Only users registered in the
TwinSAFE logic component can perform certain functions.
3.3.3 Loading a safety project
The following parameters must be used to load a safety project.
Command line parameters Description
--slave <EtherCat address of the EtherCAT
slave>
--proj <path to the binary file> Specification of the path to the binary file of the safety
Loading a safety project
The loading of a safety project typically consists of a two-step process. The safety project must be activated
after loading it to the TwinSAFE logic component.
This division of the process enables measures to be taken to ensure that the correct safety project for the
respective application on the TwinSAFE logic component is switched to active. The user must define these
measures. The user shall bear full responsibility to provide proof for the accuracy and efficacy of these
measures. See also Chapter FMEDA [}20].
In the TwinCAT development environment, for example, the checksum of the transferred safety project is
checked and a repeat login carried out before the safety project is really enabled (see chapter Intended use
[}13]).
Specification of the EtherCAT slave address of the
TwinSAFE logic component.
project.
WARNING
The loading of a safety project takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.254 --user Administrator --pass TwinSAFE --slave 1007 --proj ./
example.bin
Fig.2: Call to load a safety project
3.3.4 Activation of a safety project
The following parameters must be used to activate a safety project.
Command line parameters Description
--slave <EtherCat address of the EtherCAT slave> Specification of the EtherCAT slave address of the
TwinSAFE logic component.
--proj <path to the binary file> Specification of the path to the binary file of the safety
project.
--crc <project CRC of the safety project to be
activated>
The activation of a safety project takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.117 --ams 192.168.1.117.2.1 --user Administrator --pass TwinSAFE -slave 1007 --proj ./example.bin --crc 0x4273
Specification of the project CRC of the safety project
to be activated.
TwinSAFE Loader14 Version: 2.4.0
Product description
Fig.3: Call to activate a safety project
3.3.5 Deleting a safety project
The following parameters must be used to delete a safety project.
Command line parameters Description
--slave <EtherCat address of the EtherCAT slave> Specification of the EtherCAT slave address of the
TwinSAFE logic component.
--delete Command to delete the project
The deletion of a safety project takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.254 --user Administrator --pass TwinSAFE --slave 1007 --delete
Fig.4: Call to delete a safety project
3.3.6 Customizing a safety project
The following parameters must be used to customize a safety project.
Command line parameters Description
--slave <EtherCat address of the EtherCAT slave> Specification of the EtherCAT slave address of the
TwinSAFE logic component.
--customize <path to csv file> Specification of the path to the csv file for the group
configuration
The customizing of a safety project takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.254 --user Administrator --pass TwinSAFE --slave 1007 --customize ./
groupconfig.csv
Fig.5: Call to customize a safety project
Using the function block NT_StartProcess from the library Tc2_Utilities, customizing can also be started via
the PLC, for example:
NT_StartProcess_Customizing:NT_StartProcess;
NT_StartProcess_NetId:T_AmsNetID:='';
NT_StartProcess_Err:BOOL;
NT_StartProcess_ErrId:UDINT;
NT_StartProcess_Start:BOOL;
NT_StartProcess_Tmout:TIME;
NT_StartProcess_Busy:BOOL;
TwinSAFE Loader 15Version: 2.4.0
Product description
Fig.6: Call of the function block NT_StartProcess for customizing
3.3.6.1 CSV format of the group configuration
The CSV file for the customization consists of several lines of ASCII text, whose columns are separated by
semicolons. The column order is fixed and includes the following information:
1st column: ID of the TwinSAFE group
(Please note that the index starts with 1, whereas the execution order of the groups in the TwinSAFE Editor
is zero-based)
2nd column: Indicates whether the group should be activated
3rd column: Indicates whether the group can and should be passivated
4th column: Indicates whether the group can and should be temporarily deactivated
5th column: Indicates whether the group can and should be permanently deactivated
The first line contains an unsigned integer, which is interpreted as the version number of the csv format:
"1"
The second line contains the header:
"id;activate;passivate;temporarily;permanent"
The (2+n)th line contains the configuration of the nth TwinSAFE group in the format:
<id>;[AE];[ADE]; [ADE]; [ADE]
A: Active
D: cannot be activated
E: can be activated, but is currently inactive
Example Logic Terminal Listing (Tabular form)
1
id activate passivate temporarily permanent
1 E E E A
2 E A D D
Example of TwinSAFE group configuration (plain text)
1
id;activate;passivate;temporarily;permanent
1;E;E;E;A
2;E;A;D;D
This is a version-1 csv format.
The file contains a configuration for a TwinSAFE project with 2 groups:
1. The first group can be activated, passivated, temporarily deactivated and permanently deactivated. Its
current state is permanently deactivated.
2. The second group can only be activated or passivated. Its current state is passivated.
TwinSAFE Loader16 Version: 2.4.0
Product description
3.3.7 List of the current group configuration
The following parameters must be used to list the groups of a safety project.
Command line parameters Description
--slave <EtherCat address of the EtherCAT slave> Specification of the EtherCAT slave address of the
TwinSAFE logic component.
--list <file name> Saves the list of the group configuration as a CSV list
in the specified file.
The listing of the groups of a safety project takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.254 --user Administrator --pass TwinSAFE --slave 1007 --list ./
groupconfig.csv
Fig.7: Call to list the groups of a safety project
3.3.7.1 CSV format of the group configuration
The csv format corresponds to the csv format from chapter 3.3.6.1 [}16].
3.3.8 Additional functions
The following additional functions can be used via parameters.
Command line parameters Description
--list <file name> Saves the list of all available slaves as a CSV list in
the specified file.
The listing of the available slaves takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.254 --list ./safetyterminals.csv
3.3.8.1 CSV format of the list of all available slaves
The CSV file listing the compatible EtherCAT slaves consists of several lines of ASCII text, whose columns
are separated by semicolons. The column order is fixed and includes the following information
1st column: EtherCat address of the slave
2nd column: FsoE address of the slave
3rd column: Terminal type of the slave
4th column: Project CRC of the project currently active on the slave
5th column: Name of the EtherCAT slave in TwinCAT
The first line contains the header:
"EtherCAT address; "FSoE address; type; project crc; name"
The (1+n)th row contains the configuration of the nth EtherCAT slave in the format:
TwinSAFE Loader 17Version: 2.4.0
Product description
<EtherCAT address>;<FSoE address>;<Type>;<Project CRC>;<Name>
Sample Logic Terminal Listing (Tabular form)
EtherCAT address FSoE address type project crc name;
1001 1 EL6900 0x0 Term 2 (EL6900)
1003 3 EL6910 0x0 Term 4 (EL6910)
1004 50 EL6930 0x4539 Term 5 (EL6930)
Sample Logic Terminal Listing (Clear text)
EtherCAT address;FSoE address;type;project crc;name
1001;1;EL6900;0x0;Term 2 (EL6900)
1003;3;EL6910;0x0;Term 4 (EL6910)
1004;50;EL6930;0x4539;Term 5 (EL6930)
The file contains a listing of three logic terminals
1. The first logic terminal is accessible via the EtherCAT address "1001", it has the FSoE address "1", it
is of the type "EL6900", no project is currently active on it ("0x0") and it is called "Term 2 (EL6900)"
2. The second logic terminal is accessible via the EtherCAT address "1003", it has the FSoE address "3",
it is of the type "EL6910", no project is currently active on it ("0x0") and it is called "Term 4 (EL6910)"
3. The third logic terminal is accessible via the EtherCAT address "1004", it has the FSoE address "50",
it is of the type "EL6930", the project with the CRC "0x4539" is currently active on it and it is called
"Term 5 (EL6930)"
3.4 List of all available parameters
Command line parameters Description
--gw <IPv4 address> Specification of the IPv4 address of the EtherCAT
mailbox gateway or, in AoE mode, the IPv4 address
of the EtherCAT master.
--ams <NetId> Specification of the AmsNetID, if ADS over EtherCAT
(AoE) is to be used.
--localams <local AMSNetID> if --ams is used the local AMSNetID can be specified.
If the parameter is not used, the AmsNetID is formed
from its own IP address + ".1.1".
--user <user name> Name of the user with the appropriate rights to
perform the desired function.
--pass <password> Password of the user.
--slave <EtherCat address of the EtherCAT slave> Specification of the EtherCAT slave address of the
TwinSAFE logic component.
--proj <path to the binary file> Specification of the path to the binary file of the safety
project.
--crc <project CRC of the safety project to be
activated>
--list <file name> Together with the command parameter --gw:
--list <file name> Together with the command parameters --gw and --
--customize <path to csv file> Specification of the path to the csv file for the group
--delete Command to delete the project
Specification of the project CRC of the safety project
to be activated.
Saves the list of all available slaves as a CSV list in
the specified file.
slave:
saves the list of the group configuration as a CSV list
in the specified file.
configuration
TwinSAFE Loader18 Version: 2.4.0
3.5 Safety parameters
The product is classified in accordance with IEC 61508:2010 as a T2 tool.
Product description
TwinSAFE Loader 19Version: 2.4.0
Product description
3.6 Error codes
The product has the following error codes.
Error code Meaning Possible cause
0x0000 No error Action successfully carried out
0x0001 Invalid parameter Command-line parameter was incorrect
0x0002 File does not exist or is corrupted Project file is corrupted or the specified path is invalid
0x0003 Login failed The specified user name or password is invalid on the logic
terminal
0x0004 Unknown EtherCAT slave No slave could be found for the specified EtherCAT
address
0x0005 Error during the data transmission The communication connection was disconnected
3.7 FMEDA
The following table contains the FMEDA for the TwinSAFE loader. The errors are described in the
FailureMode column, in Effect the effect and in Diagnostics how the errors are detected or not detected.
CAUTION
FMEDA
The last column, User measures required of the following table indicates whether the user has to take action to handle the errors described under FailureMode in a safe manner. These measures must be defined
and implemented by the user in the form of e.g. process descriptions or software specifications. The user
shall bear full responsibility to provide proof for the accuracy and efficacy of these measures.
TwinSAFE Loader20 Version: 2.4.0
Product description
FMEDAIDFailureMode Effect Diagnostics User mea-
1 A download with a defec-
tive project file is starting.
2 A download with a project
file is starting which does
not contain the expect
project.
11 A download and an acti-
vation of the project are
being carried out on a target system which was not
intended from the point of
view of the secure address.
3 The download and the
activation are being carried out with an unexpected project.
5 A user is attempting to
carry out a download with
false access data.
7 An unauthorized user is
attempting to carry out a
download with valid access data.
Prior to the actual download the current
safety project is deleted by the tool. The
download with the new project file is carried out by the tool.
Download will be carried out completely
and validly by the tool, but it won’t be activated yet.
Download will be carried out completely
and validly by the tool, but it won’t be activated yet.
Download is carried out completely and
validly by the tool.
Prior to start of the actual download
process a login is carried out with the invalid access data on the target system.
The download is successfully carried out. Error is not detected by the tool. Yes
During the download the checksums
of the download packages are
checked by the target system. The
download is canceled in the event of
discrepancy of the checksums..
Activation only occurs if the project
CRC of the activation record matches
the project CRC of the target system.
A discrepancy leads to cancellation
of the activation.
Activation only occurs if the secure
address in the activation record
matches the secure address of the
target system. A discrepancy leads to
cancellation of the activation.
Error is not detected by the tool. Yes
Invalid access data is detected on the
target system during the login, the
download is refused and a feedback
is given to the tool.
sures required
No
Yes
No
No
13 Customizing is being car-
ried out by an unauthorized user with valid access data.
14 Customizing is being car-
ried out by a user with
false access data.
8 Customizing record is be-
ing incorrectly transmitted.
12 The wrong customizing
record is being transmitted.
9 A communication connec-
tion cannot be established with the target system.
15 While carrying out the
download the communication connection to the
target system is canceled.
16 While carrying out the
customizing the communication connection to the
target system is canceled.
The customizing is successfully carried
out.
Prior to starting the actual customizing
process a login is carried out on the target
system with the invalid access data.
The customizing is successfully carried
out.
Customizing action is carried out completely and validly by the tool.
No action is executed on the target system.
Prior to the actual download the current
safety project is deleted by the tool. The
download of a safety project only leads to
a successful change of the active safety
project if all steps of the download were
correctly carried out and the safety project
was activated. A cancellation of this
process leads to an empty target system.
The customizing is carried out by a single
transaction. If this transaction is interrupted, no action will be carried out on the
target system. If the transaction is carried
out, the correct action takes place on the
target system (provided there are no further errors such as e.g. FMEDA ID 8).
Error is not detected by the tool. Yes
Invalid access data is detected on the
target system during the login, customizing is refused and a feedback is
given to the tool.
Error is not detected by the tool. Yes
Error is not detected by the tool. Yes
An error code indicates a communication error.
An error code indicates the cancellation of the action.
An error code indicates the cancellation of the action.
No
No
No
No
TwinSAFE Loader 21Version: 2.4.0
Product description
FMEDAIDFailureMode Effect Diagnostics User mea-
10 The execution of the tool
is unexpectedly interrupted during the download of a safety project.
18 The execution of the tool
is unexpectedly interrupted during the customizing of a safety
project.
24 A file is being specified
for the customizing that
does not correspond to
the CSV format.
Prior to the actual download the current
safety project is deleted by the tool. The
download of a safety project only leads to
a successful change of the active safety
project if all steps of the download were
correctly carried out and the safety project
was activated. A cancellation of this
process leads to an empty target system.
The customizing is carried out by a single
transaction. If this transaction is interrupted, no action will be carried out on the
target system. If the transaction is carried
out, the correct action takes place on the
target system (provided there are no further errors such as e.g. FMEDA ID 8).
No action is executed on the target system.
A successful download includes the
login on the target system, the deletion of the existing safety project, the
download of the new safety project
and the activation of the new safety
project. Only the successful execution of all of the steps results in a
valid change of the safety project.
Current configuration data of the target system.
If the tool detects an unexpected
character during the processing of a
CSV file, further processing is canceled and an error is reported.
sures required
Yes
Yes
No
TwinSAFE Loader22 Version: 2.4.0
EtherCAT Mailbox Gateway
4 EtherCAT Mailbox Gateway
The EtherCAT Mailbox Gateway is required to access TwinSAFE logic components when ADS cannot be
used for communication.
The following description shows which settings must be made by way of example in order to be able to
communicate via the EtherCAT Mailbox Gateway.
The configuration for using the EtherCAT Mailbox Gateway consists of a TwinSAFE Loader PC on which the
TwinSAFE Loader is installed and a TwinCAT PC which serves as a gateway to route the requests from the
TwinSAFE Loader PC to the EtherCAT network and to the TwinSAFE logic components.
Fig.8: EtherCAT Mailbox Gateway
4.1 Settings EtherCAT Mailbox Gateway
Activation of the EtherCAT Mailbox Gateway is performed via the advanced settings of the EtherCAT master.
These can be found under the EtherCAT tab when the EtherCAT master is selected in the TwinCAT tree
structure.
The settings for the EtherCAT Mailbox Gateway are summarized under the entry EoE Support. The Virtual
Ethernet Switch, Connect to TCP / IP Stack, and IP Enable Router must be enabled. In addition, the
EtherCAT Mailbox Gateway must be activated and an IP address outside the existing networks must be
selected. These settings require a restart of the TwinCAT PC.
TwinSAFE Loader 23Version: 2.4.0
EtherCAT Mailbox Gateway
Fig.9: EoE Support
Whether these settings are correct should be checked locally with the ping command on the TwinCAT
computer. In this case, the command would read as follows:
ping 192.198.67.254
Fig.10: The command ping 192.198.67.254
4.2 Beckhoff Virtual Ethernet Adapter
If the ping command has not yet delivered a positive result, it may be that the Beckhoff Virtual Ethernet
Adapter has yet to be configured.
To do this, open the network settings and select the Properties via the context menu of the Beckhoff Virtual
Ethernet Adapter.
TwinSAFE Loader24 Version: 2.4.0
Fig.11: Network settings - context menu of the Beckhoff virtual Ethernet adapter
Beckhoff Virtual Ethernet Adapter
If there is no Virtual Ethernet adapter in the system listed, an EoE device (e.g. EL6601) can be
added under TwinCAT. Under the Extended EtherCAT settings of this device, under EoE the Virtual
Ethernet port can be activated.
EtherCAT Mailbox Gateway
In the properties of this network adapter, you set a fixed IP address that is within the network area of the
EtherCAT Mailbox Gateway. In the example, this is the IP address 192.198.67.13 with the subnet mask
255.255.255.0.
Fig.12: Properties of the Beckhoff virtual Ethernet adapter
TwinSAFE Loader 25Version: 2.4.0
EtherCAT Mailbox Gateway
Whether this setting is correct should be checked again with the ping command locally on the TwinCAT
computer. The command would again be as follows:
ping 192.198.67.254
4.3 Adding a route
After all settings on the TwinCAT PC have been carried out and the local execution of the ping command
has been successful, an IP route has to be added to the TwinSAFE Loader PC.
The route is added by command route add from the command line.
The command prompt to add a route must be started as an administrator.
Fig.13: Start the Windows command prompt as administrator
The route is then added using the following command:
route add 192.198.67.0 mask 255.255.255.0 172.17.42.29
The command returns an OK! when adding the route was successful.
The current routes can be displayed using the route print 192.198.* command.
TwinSAFE Loader26 Version: 2.4.0
EtherCAT Mailbox Gateway
Fig.14: Windows command prompt
To check the function, a ping command should now be sent from the TwinSAFE Loader PC to the EtherCAT
Mailbox Gateway.
ping 192.198.67.254
Fig.15: Windows command prompt - command ping 192.198.67.254
If the ping command returns a positive result, the EtherCAT Mailbox Gateway can also be used with the
TwinSAFE Loader.
TwinSAFE Loader 27Version: 2.4.0
Appendix
5 Appendix
5.1 Support and Service
Beckhoff and their partners around the world offer comprehensive support and service, making available fast
and competent assistance with all questions related to Beckhoff products and system solutions.
Beckhoff's branch offices and representatives
Please contact your Beckhoff branch office or representative for local support and service on Beckhoff
products!
The addresses of Beckhoff's branch offices and representatives round the world can be found on her internet
pages:
http://www.beckhoff.com
You will also find further documentation for Beckhoff components there.
Beckhoff Headquarters
Beckhoff Automation GmbH & Co. KG
Huelshorstweg 20
33415 Verl
Germany
Phone: +49 5246 963 0
Fax: +49 5246 963 198
e-mail: info@beckhoff.com
Beckhoff Support
Support offers you comprehensive technical assistance, helping you not only with the application of
individual Beckhoff products, but also with other, wide-ranging services:
• support
• design, programming and commissioning of complex automation systems
• and extensive training program for Beckhoff system components
Hotline: +49 5246 963 157
Fax: +49 5246 963 9157
e-mail: support@beckhoff.com
Beckhoff Service
The Beckhoff Service Center supports you in all matters of after-sales service:
• on-site service
• repair service
• spare parts service
• hotline service
Hotline: +49 5246 963 460
Fax: +49 5246 963 479
e-mail: service@beckhoff.com
TwinSAFE Loader28 Version: 2.4.0
5.2 Certificates
5.2.1 Letter of Confirmation
Appendix
TwinSAFE Loader 29Version: 2.4.0
Table of figures
Table of figures
Fig. 1 TwinSAFE Loader - Overview ..................................................................................................... 9
Fig. 2 Call to load a safety project ......................................................................................................... 14
Fig. 3 Call to activate a safety project.................................................................................................... 15
Fig. 4 Call to delete a safety project ...................................................................................................... 15
Fig. 5 Call to customize a safety project................................................................................................ 15
Fig. 6 Call of the function block NT_StartProcess for customizing........................................................ 16
Fig. 7 Call to list the groups of a safety project...................................................................................... 17
Fig. 8 EtherCAT Mailbox Gateway ........................................................................................................ 23
Fig. 9 EoE Support ................................................................................................................................ 24
Fig. 10 The command ping 192.198.67.254 ............................................................................................ 24
Fig. 11 Network settings - context menu of the Beckhoff virtual Ethernet adapter .................................. 25
Fig. 12 Properties of the Beckhoff virtual Ethernet adapter ..................................................................... 25
Fig. 13 Start the Windows command prompt as administrator ................................................................ 26
Fig. 14 Windows command prompt ......................................................................................................... 27
Fig. 15 Windows command prompt - command ping 192.198.67.254 .................................................... 27
TwinSAFE Loader30 Version: 2.4.0
More Information:
www.beckhoff.de/english/twinsafe/default.htm
Beckhoff Automation GmbH & Co. KG
Hülshorstweg 20
33415 Verl
Germany
Phone: +49 5246 9630
info@beckhoff.com
www.beckhoff.com
Loading...