Danfoss VLT MCB 150, VLT MCB 151 Operating Instructions Manual

MAKING MODERN LIVING POSSIBLE

Operating Instructions

Safety Option MCB 150/151

www.danfoss.com/drives

Contents Operating Instructions

Contents

1 Introduction

1.1 Purpose of the Manual

1.2 Overview of Documentation

1.3 Abbreviations and Definitions

2 Legal Information and Safety

2.1 Legal Information

2.1.1 Copyright and Revisions 8

2.1.2 Warranty and Liability 8

2.2 Safety

2.2.1 Safety Precautions 8

2.2.2 Risk Assessment 8

2.2.3 Safety Regulations 9

2.2.4 Qualified Personnel 9

3 Functions and System Overview

3.1 System Overview

3.1.1 Behaviour of Holding Brake 10

5 5 5 6

8 8

10 10

3.1.2 Safety Certification 11

3.1.3 Implementation in Control Systems 11

3.2 Functions

3.2.1 Specification of Safety Functions 11

3.2.1.1 Performance Level (PL) and Safety Integrity Level (SIL) 11

3.2.2 Validation of Performance Level 11

3.2.3 Activation of Safety Functions 12

3.2.4 Simultaneous Activation of Safety Functions 12

3.2.5 Functional Proof Tests 13

3.2.6 PFD and PFH Definitions 13

3.2.7 Intended Use of the Safety Option 13

3.2.8 MCT 10 Set-up Software with Safe Plug-in 13

3.3 Unit Features

3.4 Front View

3.5 Categories of Safe Stop

3.5.1 Operation and Requirements 14

3.5.2 Safety Functions 14

13 14 14

3.5.3 Safe Torque Off - STO 15

3.5.4 Safe Stop 1 - SS1 15

3.5.4.1 SS1 Delay 15

3.5.4.2 SS1 Delay with S-ramp Stop Profile 16

3.5.4.3 SS1 Ramp 17

Contents Operating Instructions

3.5.4.4 SS1 Ramp Slope 17

3.5.4.5 SS1 Ramp Time 18

3.5.5 Safely Limited Speed (SLS) 18

3.5.5.1 SLS without Ramp 19

3.5.5.2 SLS with Ramp 20

3.6 Inputs and Output

3.6.1 Inputs 21

3.6.2 Reset Input (DI2) 21

3.6.3 Output 22

3.6.4 Permitted Sensor Types on Digital Inputs 22

3.6.5 Reset 22

3.6.6 Signal Filtering 22

3.6.7 Stable Signal Time from Safe Outputs 23

3.6.8 Zero Speed Time Error Detection 23

3.6.9 Yearly Test 23

3.6.10 Safety Parameter Settings 23

3.6.11 Encoder Interface 24

3.7 Limitations

3.7.1 Exceeded Limit Value and Internal Errors 24

3.7.2 Compatibility between Safety and Frequency Converter Functions 24

4 Installation

4.1 Installing the Safety Option

25 25

4.1.1 Requirements for Safe Use 25

4.1.2 Protected Cable Installation 25

4.1.3 Installation 25

4.1.4 General Wiring Guidelines 27

4.1.5 Connector Pin Assignment 28

4.2 Encoder

4.2.1 Permissible Encoder Cable Length 30

4.2.2 Encoder Wiring Examples 30

4.2.3 Proximity Switch 30

4.3 Application Examples

4.3.1 Connecting Safe Digital Inputs 31

5 Commissioning

5.1 Before Commissioning

5.1.1 Safety Guidelines 33

5.1.2 Commissioning Requirements 33

5.2 Initial Commissioning

5.2.1 Power-up/Self-test 33

33 33

Contents Operating Instructions

5.2.2 Initial Commissioning 34

5.2.3 Safety Option Customisation 34

5.2.4 Setting up the Encoder 34

5.2.5 Commissioning Test 35

5.3 Operation

6 General Parameter Set-up

6.1 Configuration

6.1.1 General Parameter Set-up 36

6.1.2 Safety Functions Configuration 36

6.1.3 Password Protection 36

6.1.3.1 Password Forgotten 37

6.2 Reset and Status over Fieldbus

6.2.1 Reset of Safety Option and Pending Safe Function 37

6.2.2 Retrieving Safety Option Status 37

6.3 Parameter List

7 Service and Repair

7.1 Updates, Servicing and Modifications

7.2 Repair

7.3 Replacing

7.3.1 Removing the Safety Option 46

36 36

46 46 46 46

7.3.2 Replacing the Safety Option 46

7.3.3 Copying Safe Parameter Set-up 47

7.4 Commissioning Test

7.4.1 Safety Guidelines 51

7.4.2 Condition before Performing the Commissioning Test 51

7.4.3 Safety Functions of the Frequency Converter 53

7.5 Disposal

8 Warnings and Alarms

8.1 Fault Types and Messages

8.1.1 Messages 60

8.2 Warnings and Alarms

8.2.1 Safety Option Warning 68

8.2.2 Safety Option Reset Message 68

9 Technical Specifications

9.1 Consumption

9.2 Inputs

60 60

70 70 70

9.3 Outputs

9.4 Other Specifications

71 71

Contents Operating Instructions

9.5 Safety Characteristic Data

Index

Introduction Operating Instructions

1 Introduction

1.1 Purpose of the Manual

NOTICE

Retain this documentation for instruction and for future reference.

These Operating Instructions explain the function and operation and provide installation and wiring guidelines for the safety option. Also refer to the following documents from the motion control range:

MCT 10 Set-up Software Operating Instructions

•

describe the configuration of the safety option.

VLT® AutomationDrive FC 301/FC 302 Operating

•

Instructions describe the frequency converter. The online help for the MCT 10 Set-up Software

•

describes how to set the parameters for the frequency converter and the safety option.

Be conversant with the information in these documents to fully understand this manual.

Chapter 2 Legal Information and Safety

Provides information on the most important product features.

Chapter 4 Installation

Explains how to install and wire the product.

Chapter 5 Commissioning

Describes how to commission the product.

Chapter 6 General Parameter Set-up

Describes the basic parameters for setting.

Chapter 7 Service and Repair

Describes how to replace a defective safety option and how to update, service and modify its firmware.

Chapter 8 Warnings and Alarms

Contains a table overview of the warnings and alarms. Troubleshooting tips are also part of the overview.

Chapter 9 Technical Specifications

Specifies the technical details of the safety option. The manuals listed below contain important information

about safety systems that must be used to mount and set up the speed monitoring safety functions of the safety option module.

VLT® is a registered trademark.

1.2

Overview of Documentation

Chapter 1 Introduction

Explains the contents, structure and specific order of this manual.

130BC961.11

+ MCT 10 + Safe Plug-in Commis sioning Report

Install

Use Manual for FC

Use Manual for MCB 150/151

Paramete rize

Use Manual for

MCT 10 Safe

Plug-in

Test

Use Commissioning

Report ge nerated via

MCT 10 Safe Plug-in

Report

Rev.Sequence: A, 3

MCT 10

Commisioning report

3 February 2012

Property of Danfoss A/S. Not to be handed over to, copied, or used by third party. Two - or three - dimensional

reproduction of contents to be authorized by Danfoss A/S.

302

FC 302 MCB 15x

Introduction Operating Instructions

Illustration 1.1 System Overview

Referenced literature

Error Discrepancy between a computed, observed or

measured value or condition and the specified or

VLT® AutomationDrive FC 301/FC 302 Operating

•

Instructions MCT 10 Set-up Software Operating Instruction

•

Also refer to www.danfoss.com/drives for additional information.

1.3 Abbreviations and Definitions

Blank Initial State Cat. Category (EN ISO 13849-1)

Factory settings

Error class Classification of errors into groups. The different

Factory setting Fatal error In the case of fatal error, the product is no

Fault Fault is a state that can be caused by an error Fault reset A function used to restore the frequency

CCF Common Cause Failure (IEC 61508, IEC 62061, EN

61511-1, EN ISO 13849-1) CCW Counter Clockwise CW Clockwise DC Diagnostic Coverage (EN ISO 13849-1, IEC

62061(IEC 61508-2)) Degree of protection

The degree of protection is a standardized

specification for electrical equipment that

describes the protection against the ingress of

foreign objects and water (for example: IP20).

MTTF/MTTFd Mean time to failure/Mean time to dangerous

OSSD Output Signal Switching Device (EN 61496-1) Parameter Device data and values that can be read and set

PDS(SR) Power Drive System (Safety Related) PELV Protective Extra Low Voltage, low voltage with

DIx DI1: Digital Input 1

DI2: Digital Input 2 EMC Electromagnetic compatibility

PFD Probability of Failure on Demand (IEC 61508, IEC

Encoder Sensor for detection of the angular position of a

rotating component. Installed on/in a motor, the

PFH Probability of Failure per Hour (IEC 62061 and

encoder shows the angular position of the rotor.

theoretically correct value or condition.

error classes allow for specific responses to errors, for example by severity. Factory settings when the product is shipped

longer able to control the motor so that the power stage must be immediately disabled.

converter to an operational state after a detected error is cleared by removing the cause of the error so that the error is no longer active.

failure (EN ISO 13849-1)

(to a certain extent) by the user

isolation. For more information: IEC 60364-4-41 or IEC 60204-1.

62061)

IEC61508)

PLC Programmable logic controller

Introduction Operating Instructions

PL/ Performance Level

PUST Power Up Self Test. Internal self test on the

RS-485 Fieldbus interface as per EIA-422/485 Bus

Safe state If a safe state fault is detected, the safety option

SF Safe Function SIL Safety Integrity level (IEC61508, IEC61800-5-2,

SLS - Safely limited speed

SO Safety Option SRECS Safety Related Electrical Control System (IEC

SRP/CS Safety related parts of control systems (EN ISO

SS1 - Safe Stop 1

STO - Safe Torque Off

TM Mission Time (EN ISO 13849-1) Warning If the term is used outside the context of safety

Discrete level used to specify the ability of

safety-related parts of control systems to perform

a safety function under foreseeable conditions

(EN ISO 13849-1)

safety option.

Description, which enables serial data

transmission with multiple devices.

goes into safe state. This includes faults related

to integrity of hardware or firmware.

IEC62061)

Safety function in accordance with EN IEC

61800-5-2, monitors the frequency converter to

check that it stays within a defined speed limit.

SLS is the abbreviation for safely limited speed.

62061)

13849-1)

Safety function in accordance with EN IEC

61800-5-2, ensures that the motor decelerates in

the expected way. SS1 is the abbreviation for

safe stop 1.

Safety function in accordance with EN IEC

61800-5-2, prevents torque from being

generated by the motor. This function is

integrated within the frequency converter as

standard. STO is the abbreviation for safe torque

off.

instructions, a warning alerts to a potential

problem that was detected by a monitoring

function. A warning is not an error and does not

cause a transition of the operating state.

Table 1.1 Abbreviations and Definitions

Legal Information and Safet...

Operating Instructions

2 Legal Information and Safety

2.1 Legal Information

2.2

Safety

According to the Machinery Directive regulation, it is hereby stated that the original language of these Operating Instructions is English UK.

2.1.1 Copyright and Revisions

This publication contains information proprietary to Danfoss and is protected by Copyright laws of Denmark, international treaties and most other countries. All trademarks in this publication are property of the respective companies. Danfoss and the Danfoss logotype are trademarks of Danfoss A/S. All rights reserved.

Although Danfoss has tested and reviewed the correctness, completeness and documentation of this publication, Danfoss makes no warranty or representation, neither express or implied, with respect to this publication, including but not limited to its quality, correctness, completeness, performance, or fitness for a particular purpose.

Danfoss reserves the right to revise, update and change this publication at any time without prior notice or specific obligation to inform former or present users of such revisions or changes.

Warranty and Liability

2.1.2

All claims to warranty and liability are rendered invalid if

2.2.1 Safety Precautions

WARNING

HIGH VOLTAGE!

Frequency converters contain high voltage when connected to AC mains input power. Installation, start up, and maintenance should be performed by qualified personnel only. Failure to perform installation, start up, and maintenance by qualified personnel could result in death or serious injury.

WARNING

UNINTENDED START!

When the frequency converter is connected to AC mains, the motor may start at any time. The frequency converter, motor, and any driven equipment must be in operational readiness. Failure to be in operational readiness when the frequency converter is connected to AC mains could result in death, serious injury, equipment, or property damage.

CAUTION

This option is suitable for performing mechanical work on the frequency converter system or affected area of a machine only. It does NOT provide electrical safety. This option should NOT be used as a control for starting and/or stopping the frequency converter. See the requirements for those applications in ISO 12100.

the product was used contrary to the purpose for

•

which it is intended. damage can be attributed to not having followed

•

the guidelines in the manual. operating personnel are not suitably qualified.

•

any type of modification has been made (e.g.

•

exchanging components on the PCB boards, soldering work etc.).

2.2.2 Risk Assessment

CAUTION

The safety option is intended to be part of the safetyrelated control system of a machine. Before installation, a risk assessment shall be performed to determine whether the specifications of this safety option are suitable for all foreseeable operational and environmental characteristics for the system in which it will be installed.

The system user is responsible for

the set-up, safety rating and validation of any

•

sensors or actuators connected to the system. completing a system-level risk assessment and

•

reassessing the system any time a change is made.

Legal Information and Safet...

Operating Instructions

providing supposition (as needed for the

•

application) that the system fulfills desired safety rating.

project management and proof testing.

•

programming the application software and the

•

safety option configurations in accordance with the information in this manual.

access to the control system.

•

analysing all configuration settings and selecting

•

the proper setting to achieve the required safety rating.

Safety Regulations

2.2.3

Check that the mains supply has been discon-

•

nected and that the necessary time has elapsed before removing motor and mains supply plugs and before commencing any repair work.

The [Off] key on the LCP does not disconnect

•

mains supply and must never be used as a safety switch.

Ensure the following in accordance with national

•

and local regulations:

The equipment must be properly

earthed The user must be protected against

supply voltage The motor must be protected against

overload

The earth leakage current exceeds 3.5 mA.

•

Protection against motor overload is not included

•

in the factory setting. If this function is desired, set 1-90 Motor Thermal Protection to data value [4] ETR trip 1 or data value [3] ETR warning 1.

Do not remove the plugs for the motor and

•

mains supply while the frequency converter is connected to mains.

NOTICE

The frequency converter has more voltage sources than L1, L2 and L3, when load sharing (linking of DC intermediate circuit) or external 24 V DC are installed.

engineers and are suitably experienced to operate devices, systems, plant and machinery in accordance with the general standards and guidelines for safety technology.

are familiar with the basic regulations concerning

•

health and safety/accident prevention have read and understood the safety guidelines

•

given in this description and also the instructions given in the VLT® AutomationDrive FC 301/FC 302

Operating Instructions. have a good knowledge of the generic and

•

specialist standards applicable to the specific application.

Users of PDS(SR)s are responsible for

hazard and risk analysis of the application.

•

identifying safety functions required and

•

allocating SIL or PLr to each of the functions. other subsystems and the validity of signals and

•

commands from them. designing appropriate safety-related control

•

systems (hardware, software, parameterisation, etc.).

The following symbols are used in this document:

WARNING

Indicates a potentially hazardous situation which could result in death or serious injury.

CAUTION

Indicates a potentially hazardous situation which could result in minor or moderate injury. It may also be used to alert against unsafe practices.

NOTICE

Indicates important information, including situations that may result in damage to equipment or property.

Approvals

2 2

2.2.4 Qualified Personnel

The products may only be assembled, installed, programmed, commissioned, maintained and decommissioned by persons with proven skills. Persons with proven skills

are qualified electrical engineers, or persons who

•

have received training from qualified electrical

130BC308.10

Field bus Interface

MCB 150/151 Safety Option

Option A

Option B

Inte rnal Bus 1

Inte rnal Bus 2

μ C

Control Card

IGBT

STO

PLC

Functions and System Overvi...

Operating Instructions

3 Functions and System Overview

3.1 System Overview

with hard guarding, access doors, and safety gates with solenoid-lock or -unlock safety switches. When the speed

of the monitored device drops below the set switch point (where its speed is no longer considered dangerous), the safety option sets S37 output low. This allows the operator to open the safety gate. In speed monitor applications, the safety output S37 is high for operation (when the motor speed of the monitored device is below the set switch point). When the speed exceeds the set value, indicating a too-high (dangerous) speed, the safety output is low.

The frequency converter

removes the power to the motor,

•

switches the motor to torque-free, if Safe Torque

•

Off is activated

The safety control system

activates the safety functions via inputs on the

•

safety option evaluates signals from safety devices, such as

•

Illustration 3.1 FC 302 with Safety Option and Fieldbus Option

The safty option performs safety functions in accordance with EN IEC 61800-5-2. It monitors safe motion sequences on frequency converters, which are safely brought to a stop and shut down in the event of an error.

The safety option

activates safety functions

•

monitors safe motion sequences

•

signals the status of safety functions to the safety

•

control system via possible connected Profibus fieldbus

activates the selected failure reaction Safe Torque

•

Off or Safe Stop 1, in the event of an error

There are 2 variants of the safety option, one with HTL encoder interface (MCB 151) and one with TTL encoder interface (MCB 150).

The safety option is constructed as a standard option for the VLT® AutomationDrive FC 302 and is automatically

detected after mounting.

The safety option can be used to monitor the stopping, starting or speed of a rotating or laterally moving device. As speed monitor, the option is often used in combination

3.1.1

RISK OF HAZARD!

If external forces act on the motor (vertical axis) and an unwanted movement, for example caused by gravity, could cause a hazard, add measures for fall protection before operating the motor.

Triggering the Safe Torque Off safety function means that the delay time for motors with holding brake is not effective. The motor cannot generate holding torque to bridge the time to application of the holding brake. Check whether additional measures have to be taken; for example, this may cause the load of vertical axes to lower.

processes the safety option status function

•

provides safe connection between safety option

•

and safety control system provides fault detection at activation of safety

•

functions (shorts across contacts, short circuit) on signal between the safety control system and safety option

Behaviour of Holding Brake

CAUTION

E-STOP push buttons

Non Contact Magnetic switch

Interlocking switch

Light curtain devices

130BC962.10

Detect

Sensor

E.g. lightcurtain

Process Switch

Logic

E.g. MCB 15x

Actuator

E.g. FC 302

Functions and System Overvi... Operating Instructions

3.1.2 Safety Certification

The safety option is certified for use in safety applications up to and including SIL 2 according to EN IEC 61508 and EN IEC 62061, Performance Level PL d and Category 3 according to EN ISO 13849-1. Safety requirements are based on the standards valid at the time of certification. The IFA (Institute for Occupational Safety & Health) has approved the safety option for use in safety-related applications where the de-energised state is considered to be the safe state. All of the examples related to I/O included in this manual are based on achieving de-energisation as the safe state.

3.1.3 Implementation in Control Systems

In many cases design measures are not sufficient and protective devices are needed to minimise risk. In this context, safety functions executed by SRP/CS (safety related parts of control systems) are defined. SRP/CS includes the entire safety chain with sensor (detect), logic (process) and actuator (switch).

Safety functions are defined on the basis of both the application and the hazard. They are often specified in a Type C standard (a product standard) which provides precise specifications for special machines. If a C standard is not available, the machine designer defines the safety functions. Typical safety functions are described in more detail in EN ISO 13849-1, section 5, Specification of Safety Functions. The safety functions for frequency converter systems are described in IEC 61800-5-2.

3 3

Illustration 3.2 Sensor-Logic-Actuator Safety Chain

3.2 Functions

3.2.1 Specification of Safety Functions

The standards require a specification of functional requirements. The specification must contain details about each safety function that should be executed. Also define the

necessary interfaces with other control functions

•

required error responses

•

performance level required PLr or achievable SIL

•

level

3.2.1.1

Performance Level (PL) and Safety Integrity Level (SIL)

For safety-related control systems, Performance Level (PL), according to EN ISO 13849-1, and SIL levels, according to EN IEC 61508 and EN IEC 62061, include a rating of the system's ability to perform its safety functions.

All of the safety-related components of the control system must be included in both a risk assessment and the determination of the achieved levels. Refer to EN ISO 13849-1, EN IEC 61508 or EN IEC 62061 standards for complete information on requirements for PL and SIL determination.

3.2.2 Validation of Performance Level

Check whether the required Performance Level “PLr”, determined in the risk assessment, is achieved by the selected system for each safety function used. Check the calculation using the SISTEMA SW Tool of IFA (Institute for Occupational Safety & Health). Danfoss provides a component library which can be used for the calculation. Danfoss offers corresponding services to support the system check by calculation. Library can be downloaded from www.dguv.de/ifa/en/pra/softwa/sistema.

If using another validation method for the performance level, use the characteristic safety values specified.

130BC373.11

time

frequency

time

frequency

Functions and System Overvi...

Operating Instructions

3.2.3 Activation of Safety Functions

The safety functions are activated using the dual-

•

pole safe inputs on the safety option. These inputs operate in accordance with the fail-

•

safe principle (on switching off). The safety control system activates the safety functions via a 1/0 transition.

Deactivate the safety functions before applying

•

any changes to them.

3.2.4 Simultaneous Activation of Safety Functions

All safety functions can be active at the same time. However, Safe Torque Off has priority over all other safety functions. Functions already started (e.g. Safe Stop 1 or Safely Limited Speed) are canceled and the frequency converter coasts.

Safe Torque Off has the highest priority. If the

•

Safe Torque Off function is triggered, a Safe Torque Off is managed no matter what other

If 2 Safe Stop 1 functions are active at the same time, the function with the steepest ramp has higher priority than the function with less steep ramp.

If 2 Safely Limited Speed functions are active at the same time, the function with the lowest speed limit has higher priority than the function with higher speed limit.

If 2 equal safety functions have to be configured, they must be parameterised as SS1-a and SS1-b or SLS-a and SLS-b.

functions are active. Safe Stop 1 has medium priority to the other safe

•

functions. Safely Limited Speed has the lowest priority.

•

Ramp stop function 1

B Ramp stop function 2 C Actual ramp stop function

Illustration 3.3 2 Safe Stop 1 Safety Functions Active

Illustration 3.3 shows the result of activating first a Safe Stop 1 function with a given ramp and afterwards

Functions and System Overvi...

Operating Instructions

activating a second Safe Stop 1 function with a steeper ramp. The lower graph shows the actual ramp function.

3.2.5 Functional Proof Tests

The functional safety standards require that functional proof tests are performed on the equipment used in the system. Proof tests are performed at user-defined intervals and are dependent on PFD and PFH values.

3.2.6 PFD and PFH Definitions

Safety-related systems can be classified as operating in either a Low Demand mode, or in a High Demand/ Continuous mode.

Low demand mode

The frequency of demands for operation made on a safetyrelated system is no greater than once per year.

High Demand/Continuous mode

The frequency of demands for operation made on a safetyrelated system is greater than once per year.

The SIL value for a low demand safety-related system is directly related to order-of-magnitude ranges of its average probability of failure on demand (PFD). The SIL value for a High Demand/continuous mode safety-related system is directly related to the probability of a dangerous failure per hour (PFH).

Intended Use of the Safety Option

3.2.7

CAUTION

RISK OF PERSONAL INJURY AND EQUIPMENT DAMAGE!

To avoid personal injury and equipment damage, only use the safety option for its intended purpose. The following is considered as improper use

any component, technical or electrical modifi-

•

cation to the frequency converter use of the frequency converter outside the

•

allowed electrical and environmental conditions specified in chapter 9 Technical Specifications and in the VLT® AutomationDrive FC 301/FC 302 Operating Instructions.

The safety option is designed for use in safety-related applications. It meets the requirements for safety functions in accordance with IEC 61800-5-2, regarding safe motion monitoring.

3.2.8

MCT 10 Set-up Software with Safe Plug-in

Use MCT 10 Set-up Software to configure the safety functions supported in safety option.

Configuration of the safety functions is required

•

for safe motion sequences. In the event of an error or fault, these functions shut down the frequency converter's power element in a safe and controlled way.

Setting of limit values, braking ramps for the

•

safety functions, monitoring of motion sequences.

The software

runs in full with a license key. All functions are

•

available from MCT 10 Set-up Software version

3.18. supports the configuration of applications with

•

up to max. 256 safety options per project has a simple language setting for the user

•

interface.

A PDF file and a commissioning report can be generated for documentation of the project and all its settings.

3.3

Unit Features

The safety option has the following features

2 Dual-pole, digital inputs to activate the safety

•

functions in accordance with EN IEC 61800-5-2

Safe Torque Off (STO)

Safe Stop 1 (SS1)

Safely Limited Speed (SLS)

Reset function

•

Digital input 2 can be used for resetting

the safety option after an error or after deactivation of a safety function.

Status indicators

•

Safe input status (LED 1 and LED 2)

Safe output status (LED 4)

LED 3 reserved for future use (always in

off state) By Fault or warning the LEDs indicate a

failure via flash pattern, see Table 8.2

Supply voltage

•

Internally supplied by the frequency

converter. 24 V DC output for safety sensors and

encoder available.

3 3

E30BC325.11

MCB 150

Safe Option

SW. ver. xx. xx

Option B 130B3280

LED:

123 4

TTL Enc. interface

Y30/

DI1 A

GND

DI1 B

ENC A

DI2 A

ENC nA

ENC B

DI2 B

ENC nB

24V

GND

S37

1 2 3 4 5 6 7 8 9 10 11 12

E30BC326.11

MCB 151

Safe Option

SW. ver. xx. xx

Option B

130B3290

LED:

3 4

HTL Enc. interface

Y31/

DI1 A

GND

DI1 B

ENC A

DI2 A

ENC B

DI2 B

24V

GND

S37

1 2 3 4 5 6 7 8 9 10 11 12

GND

Functions and System Overvi...

Operating Instructions

3.4 Front View

Refer to EN IEC 61800-5-2:2007 (4.2.2.2) for a definition of Safe Torque Off (STO).

A Category 1 stop triggers a controlled stop. The safety option monitors the controlled stop. If a power outage or an error occurs, a controlled stop is impossible. Trigger the

safety function Safe Torque Off after the stop to shut off the motor torque.

Refer to EN IEC 61800-5-2:2007 (4.2.2.3) for a definition of Safe Stop 1 (SS1).

An evaluation of the machine-related risks determines

Illustration 3.4 MCB 150

which of the 2 stopping methods to use.

NOTICE

When designing the machine application, consider timing and distance for a coast to stop (Stop Category 0 or Safe Torque Off). For more information regarding stop categories, refer to EN IEC 60204-1.

3.5.1 Operation and Requirements

3.5 Categories of Safe Stop

International standard EN/ISO 13850 specifies the functional requirements and design principles of emergency stop devices.

It applies to all machines, whatever type of energy is used to control this function.

The standard allows 2 types of stop

During a category 0 stop, the motor coasts down in an uncontrolled way. If access to the machine coasting down involves a hazard (results of the hazard and risk analysis), take protective measures to avoid the hazard.

Illustration 3.5 MCB 151

Category 0 stop: Stopping by immediately

•

cutting-off power or mechanical disconnection between the dangerous components

Category 1 stop: Controlled stopping with power

•

maintained to the actuator to achieve stopping (braking for example), then cut-off of power when zero speed is reached.

The safety option is redundant and self-checking. It requires digital input signals from an input sensor (e.g., PNP proximity switch) or higher resolution TTL or HTL encoders to monitor for either safe stop or speed conditions.

Safety Functions

3.5.2

Safety functions maintain a safe condition or prevent hazardous conditions from arising. The safety functions for frequency converters are defined in EN IEC 61800-5-2.

The safety option implements the following safety functions

Safe Torque Off (STO)

•

No power is being fed to the motor

which can generate a rotation. Stop category 0 to EN IEC 60204-1

Safe stop 1 (SS1)

•

Motor decelerates. Monitoring of

deceleration ramp and Safe Torque Off following zero speed, or Safe Torque Off at the end of a deceleration time. Stop category 1 to EN IEC 60204-1

Safely limited speed (SLS)

•

Prevents exceeding a defined speed

value

frequency

130BC318.10

time

Functions and System Overvi...

Operating Instructions

3.5.3 Safe Torque Off - STO

The safety function Safe Torque Off disconnects power to the motor. It is implemented via the frequency converter's shutdown path and the safety option’s safe outputs.

Features of the safety function

The motor becomes torque-free and no longer

•

generates any hazardous movements To prevent the frequency converter from running

•

down in an uncontrolled manner. In normal operation, activate the safety function Safe Torque Off via the safety function Safe Stop 1

Safe Torque Off is only activated directly when

•

There is an internal error on the safety

option The Safe Stop 1 delay time is set to 0

One of the inputs DI1 or DI2 has been

selected as Safe Torque Off function

The safety function Safe Torque Off corresponds

•

to a category 0 stop (uncontrolled stop) in accordance with EN IEC 60204-1.

Prerequisites for normal operation

Input DI1 or DI2: "1" Signal (+24 V DC)

•

S37 output: "1" Signal (+24 V DC).

•

Safety function is activated

By an error after limit values have been exceeded

•

for Safe Stop 1 and Safely Limited Speed By an internal error on the safety option or

•

frequency converter, if the frequency converter can no longer be controlled

By executing the safety function Safe Stop 1 (1/0

•

transition). In this case the frequency converter is monitored before it is switched to torque-free.

By download of parameterisation via MCT 10 Safe

•

Plug-in if the current frequency converter is running.

By executing the safety function Safe Torque Off

•

(1/0 transition). This function ensures that no torque-generating energy can continue to affect a motor and prevents unintentional start-ups.

WARNING

If any external forces influence the motor axis (e.g. suspended loads), additional measures (e.g. a safety holding brake) are required to eliminate hazards.

The Safe Torque Off (STO) may be used where power removal is required to prevent an unintended start. The function disables the control voltage of the frequency converter output stage. Thus, it prevents the frequency

converter from generating the voltage required to rotate the motor (see Illustration 3.6). The function allows for performing maintenance work on non-electrical parts of the machinery without switching off the power supply to the frequency converter.

A Actual frequency 1 Activation of Safe Torque Off 2 Motor standstill

Illustration 3.6 Safe Torque Off

Safe Stop 1 - SS1

3.5.4

The safety function Safe Stop 1 monitors the deceleration to zero speed in a controlled manner and activates Safe Torque Off after detection of stop. The Safe Stop 1 can either be configured as SS1 Delay or SS1 Ramp.

Features of the safety function

The safety function Safe Stop 1 corresponds to a

•

category 1 stop (controlled braking) in accordance with EN IEC 60204-1

Monitoring the speed deceleration after which

•

the energy supply to the motor is safely interrupted

The motor becomes torque-free and removes

•

hazardous movements

3.5.4.1

Select SS1 Delay to activate Safe Stop 1 function while a parameterised safety delay timer expires.

SS1 Delay

3 3

130BC321.10

1 2

time

frequency

Functions and System Overvi...

Safe Torque Off is activated immediately when the configured Stop Delay has expired, regardless of speed, see chapter 6.1 Configuration for parameter settings.

Selecting the SS1 settings

Enter 42-41 Ramp Profile

2. Select 2a

[0] Linear, if the ramp must follow a linear curve

[2] S-ramp Const Time, if the ramp should follow an S-ramp

By using SS1 Delay, the frequency converter attempts to follow the selected ramp. After a specified delay time, Safe Torque Off is activated and the motor is made torque free.

Operating Instructions

CAUTION

Using SS1 Delay may result in the motor still spinning when the Safe Torque Off is activated. The risk analysis for the machine must indicate that this behaviour can be tolerated. An interlock may be required.

Default value in 42-40 Type is [0] Delay. If this value is selected, the Safe Stop 1 function activates a braking ramp defined from a selected time delay in 42-42 Delay Time. This means that the braking ramp is linear. Select the value of 42-43 Delta T (the % of the delay time), which is a reasonable tolerance after the SS1 Delay Time has expired.

NOTICE

The SS1 delayu function does not monitor the stopping of the frequency converter! The safety relevant time, Delta T, allows the frequency converter to come to a stop before Safe Torque Off is activated. Thus ensuring that the system is also stopped before Safe Torque Off is activated. If a fault occurs, the frequency converter does not come to a stop. It coasts after the time delay no matter of the speed of the frequency converter.

A Actual frequency 1 Activation of SS1 Delay Timer 2 Activation of Safe Torque Off 3 42-42 Delay Time 4 42-43 Delta T

Illustration 3.7 SS1 Delay

When Safe Stop 1 function is active, the frequency converter brings the motor to zero speed. The Safe Torque Off function is triggered after a specified safety-relevant time. This safety function corresponds to a controlled stop of the frequency converter according to EN IEC 60204-1, stop category 1.

3.5.4.2

An S-ramp gives non-linear deceleration, compensating for jerks in the application.

SS1 Delay with S-ramp Stop Profile

1. Define a speed profile by a delay (a ”worst case” delay from actual frequency to zero speed) and a delay tolerance. The safety relevant time, Delta T, allows the frequency converter to come to a stop before Safe Torque Off is activated. Thus ensuring that the system is also stopped before Safe Torque Off is activated. If a fault occurs, the frequency converter does not come to a stop. It coasts after the time delay regardless of the frequency converter speed.

2. Define an S-ramp configuration, which achieves zero speed within the delay.

130BC322.11

time

frequency

actual frequency

Functions and System Overvi...

Operating Instructions

3. Configure the S-Ramp ratio at deceleration start

in 42-48 S-ramp Ratio at Decel. Start and set 42-49 S-ramp Ratio at Decel. End for S-Ramp ratio at deacceleration end.

Parameter Unit Range Default

42-42 Delay Time s 0.1-3600.0 s 1.0 s 42-43 Delta T % 0-50% 5% 42-48 S-ramp Ratio at Decel. Start % 1-99 50 42-49 S-ramp Ratio at Decel. End % 1-99 50

Table 3.1 Parameters for SS1 Delay with S-ramp Stop Profile

A Actual frequency 1 Activation of SS1 Ramp Delay 2 Activation of Safe Torque Off 3 42-42 Delay Time 4 42-43 Delta T 5 42-48 S-ramp Ratio at Decel. Start 6 42-49 S-ramp Ratio at Decel. End

Illustration 3.8 SS1 Delay with S-ramp Stop Profile

3.5.4.3

SS1 Ramp

NOTICE

The SS1 Ramp function can only be used when an encoder is connected to the safety option.

This Safe Stop type allows access to the hazard area immediately after motion is detected as stopped rather than waiting until a specific time has elapsed.

The safety option monitors the following functions

Braking ramp

•

In the MCT 10 Set-up Software Safe

Plug-in, the braking ramp is specified and monitoring is activated. The braking period depends on the speed of the motor when braking is started. The braking ramp can be monitored via a maximum speed error specified in the MCT 10 Set-up Software tolerable in 42-45 Delta V.

Braking ramp in normal operation

•

The frequency converter starts with the

configured braking ramp when safety function Safe Stop 1 has been activated. Once the speed is at zero speed limit, Safe Torque Off is activated.

Safety function Safe Torque Off is activated when

•

the configured limit value for the position error is exceeded

A standstill threshold Zero speed (42-46 Zero Speed) for activating the safety function Safe Torque Off can be specified in MCT 10 Set-up Software.

Safety function Safe Torque Off is activated when zero speed is achieved.

Prerequisites for normal operation

Input DI1 or DI2: "1" Signal (+24 V DC)

•

S37 output: "1" Signal (+24 V DC). The safety

•

option is ready for operation

A 1/0 transition at the selected DI1 or DI2 input activates the safety function.

Signal status of the inputs DI1 and DI2

The Safe Stop 1 ramp starts when one of the 2 inputs is set to “0”. The safety function Safe Torque Off is activated once the braking ramp has reached zero speed.

3.5.4.4

For the stopping process, the safety option initiates a stop signal to the frequency converter and monitors the controlled braking by monitoring the braking ramp. The admissible deceleration ramp is specified in 42-44 Deceleration Rate. The frequency converter must decelerate at least with the steepness of this deceleration ramp in the event of a Safe Stop 1 request from the safety option, even under heavy load. If the frequency converter does not fulfill the admissible deceleration ramp during a Safe Stop 1 requested by the safety option, a Safe Torque Off is triggered immediately. The motor then performs an uncontrolled stop. This action prevents the frequency converter from continuing to run or even accelerating in the event of an error.

SS1 Ramp Slope

3 3

130BC319.10

1 2

time

frequency

130BC320.10

1 2

time

frequency

Functions and System Overvi...

Operating Instructions

Parameter Unit Range Default

42-44 Deceleration Rate RPM/s 1-30000 RPM/s 1500 RPM/s 42-45 Delta V RPM 1-10000 RPM 120 RPM 42-46 Zero Speed RPM 1-600 RPM 10 RPM

Table 3.2 Parameters for SS1 Ramp Slope

Parameter Unit Range Default

42-47 Ramp Time s 0.1 - 3600.0 s 1.0 s 42-45 Delta V RPM 1 - 10000 RPM 120 RPM 42-46 Zero Speed RPM 1 - 600 RPM 10 RPM

Table 3.3 Parameters for SS1 Ramp Time

A Actual frequency B SS1 Ramp 1 Activation of SS1 Ramp Slope 2 Activation of STO 3 42-44 Deceleration Rate 4 42-45 Delta V 5 42-46 Zero Speed 6 Safety function monitors 7 Activation of failure function

Illustration 3.9 SS1 Ramp Slope

A Actual frequency B SS1 ramp 1 Activation of SS1 Ramp Time 2 Activation of STO 3 42-47 Ramp Time 4 42-45 Delta V 5 42-46 Zero Speed 6 Safety function monitors 7 Activation of failure function Safe Torque Off

Illustration 3.10 SS1 Ramp Time

When the Safe Stop 1 function is active, the frequency converter brings the motor to zero speed. The deceleration is monitored. If the monitored deceleration is slower than expected or at zero speed, Safe Torque Off is triggered.

This safety function corresponds to a controlled stop of the frequency converter according to EN IEC 60204-1, stop category.

3.5.4.5

Define a speed monitoring profile by a deceleration time and a tolerable speed (Delta V).

SS1 Ramp Time

Safely Limited Speed (SLS)

3.5.5

NOTICE

The Safely Limited Speed function can only be used when an encoder is connected to the safety option.

This function is used to limit a machine speed. The main goal is to monitor the motor speed and to adjust the speed to a set point. There are 2 types of Safely Limited Speed

SLS without ramp: Monitors the motor speed and,

•

depending on the setting of 42-52 Fail Safe

time

frequency

130BC324.10

Functions and System Overvi... Operating Instructions

Reaction, trips in Safe Torque Off or Safe Stop 1 if an overspeed occurs

SLS with ramp: Limits the motor speed to a set

•

point and, depending on the setting of 42-52 Fail Safe Reaction, trips in Safe Torque Off or Safe

Stop 1, if an overspeed occurs

The Safe Limited Speed is given as speed limit in 42-51 Speed Limit. The value for the cut-off speed partly depends on the motor that is being used. A suggested value from MCT 10 Set-up Software calculates a value for which Danfoss guarantees functionality. This value is called delta speed limit and is added to the selected speed limit and suggested as value in 42-50 Cut Off Speed.

3 3

3.5.5.1

SLS without Ramp

The safety function Safely Limited Speed monitors whether a specified velocity value is exceeded since it was activated via DI1 or DI2. The function is active until the selected input has been put to high again.

If 2 Safe Speed limits must be monitored, set one of the 2 Safe Digital Inputs DI1 or DI2 in 42-20 Safe Function to SLSa or SLS-b. Then select the input type under 42-21 Type.

The cut-off speed represents the maximum allowed frequency of the actual motor frequency. If the motor frequency accelerates above that value, the safety option enters external fault selected (STO or SS1 Ramp), and the error is given. The frequency value at which a shutdown is realised should be parameterised in 42-50 Cut Off Speed.

Parameter Unit Range Default

42-50 Cut Off Speed RPM 120-10000 RPM 270 RPM 42-51 Speed Limit RPM 1-9999 RPM 150 RPM 42-52 Fail Safe Reaction

Table 3.4 Parameters for SLS without Ramp

n/a Safe Torque Off/Safe

Stop 1

Safe Torque Off

Actual frequency

A B SLS limit 1 SLS is activated 2 42-51 Speed Limit 3 42-50 Cut Off Speed 4 Delta speed limit 5

Activation of failure function set in 42-52 Fail Safe Reaction

Fixed value of 120 RPM in 42-19 Zero Speed Limit

Illustration 3.11 SLS without Ramp

If speed exceeds the limit, 42-52 Fail Safe Reaction is activated. The safety function can either be Safe Torque Off or SS1 Ramp Time. Safe Stop 1 can only be triggered as error response if one Safe Stop 1 function has been set as Safe Stop 1 with ramp time function, set in 42-40 Type.

130BC959.10

frequency

time

Functions and System Overvi... Operating Instructions

Safe jog in combination with SLS

Limited Speed limit, the limit comes into effect immediately without ramping. When the Safely Limited Speed function is deactivated, the speed limits are ramped up back to the values defined in parameter group 3-1* References, and the actual speed returns to the reference value if it was limited by this function.

Follow these steps to configure the Safely Limited Speed operation

1. If a safe speed limit must be monitored, set one of the 2 safe digital inputs, DI1 or DI2, to [1] SLS-a or [2] SLS-b in 42-20 Safe Function.

Select input type in 42-21 Type.

Select 42-53 Start Ramp to run Safely Limited Speed with monitored braking ramp. The default

A Actual frequency B SLS limit 1 SLS is activated 2 42-51 Speed Limit 3 42-50 Cut Off Speed 4 Delta speed limit 5

Activation of failure function set in 42-52 Fail Safe Reaction

Fixed value of 120 RPM in 42-19 Zero Speed Limit

Illustration 3.12 Safe Jog

When the safety option actively monitors Safely Limited Speed, and the motor speed is at or below the configured safe speed limit, the function monitors the speed until the function is deactivated.

value is [0] No for applications without SLS Ramp control.

4. Set the time allowed to reach Safe Limited Speed in 42-54 Ramp Down Time.

Set the value in 42-50 Cut Off Speed.

Access under specific conditions of reduced risk

Under specific conditions of reduced risk, safe jog allows for access to areas for fault-finding, commissioning, etc. On machines where safe jog (jogging or inching) is needed, this is also possible from zero speed setpoint. By activating Safely Limited Speed, the motor can be moved at safe jog resulting in a number of cycles and with safely monitored movements. The motor can be started and stopped continuously also from zero speed.

3.5.5.2

SLS with Ramp

If this safety function is needed, configure the safety option for Safely Limited Speed (SLS). When the inputs DI1 or DI2 are selected as SLS, input is OFF, feedback velocity is monitored and compared against a configurable safe speed limit.

Select 42-53 Start Ramp to configure an SLS Monitoring Ramp. The ramping begins when SLS monitoring is requested by the selected input for SLS transition from ON to OFF. The safety option starts monitoring for safe limited speed when the ramp-down times out. If the system speed exceeds or is equal to the configured safe speed limit during Safely Limited Speed monitoring, a Safely Limited Speed fault occurs and the safety option initiates the configured Safe Stop type selected in 42-52 Fail Safe Reaction.

The ramping begins at the absolute value of the actual speed. If the actual speed is already below the Safely

130BC323.10

1 2

frequency

time

Functions and System Overvi...

Operating Instructions

Shorts between the 2 lines of a dual channel input are not detected. Therefore the cables of the channels must be routed separately to exclude short circuits.

NOTICE

A Actual frequency B SLS limit 1 Safely Limited Speed is activated with SS1 Ramp 2 Safely Limited Speed speed limit reached 3 Ramp down time 4 Delta speed limit 5 Zero speed limit, fixed value of 120 RPM 6 Cut-off speed 7

Activation of failure function set in 42-52 Fail Safe Reaction

Illustration 3.13 SLS with Ramp

Routing of the sensor cables

All proximity switch sensor/encoder cables must be shielded when laid. The shielding must be connected to chassis at both ends.

3.6.1 Inputs

The Dual-pole digital inputs are used to activate the safety functions. DI 1 can be

STO: Safe Torque Off

•

SS1: Safe stop 1

•

SLS: Safely limited speed

•

Signals at DI 1

1/0 transition at the input: Activates the safety

•

function “0” signal (0 V) at the input: Activates the safety

•

function “1” signal (+24 V) at the input: Does not activate

•

the safety function

DI 2 can be

3 3

STO: Safe Torque Off

Activation of failure function set in 42-52 Fail Safe Reaction.

Parameter Unit Range Default

42-50 Cut Off Speed RPM 120-10000 RPM 270 RPM 42-51 Speed Limit RPM 1-9999 RPM 150 RPM 42-52 Fail Safe Reaction 42-53 Start Ramp n/a No/Yes No 42-54 Ramp Down Time

Table 3.5 Parameters for SLS with Ramp

If the speed exceeds the limit, 42-52 Fail Safe Reaction is activated. The safety function can either be Safe Torque Off or SS1 Ramp Time. SS1 can only be triggered as error response if one digital input is selected as SS1 with ramp time function, set in 42-40 Type.

3.6

Inputs and Output

An internal diagnostic function in the safety option cyclically tests the correct function of the output. A detected fault sets the safety option into an alarm status. At the same time, the option output S37 goes low.

n/a Safe Torque Off/

Safe Stop 1

s 0.1-3600.0 s 1.0 s

Safe Torque Off

•

SS1: Safe stop 1

•

SLS: Safely limited speed

•

Reset: Additional safe input to reset the safety

•

option after an error, or after deactivating a safety function on input DI1

Signals at DI 2

1/0 transition at the input: Activates the safety

•

function “0” signal (0 V) at the input: Activates the safety

•

function “1” signal (+24 V) at the input: Does not activate

•

the safety function 0/1 transition at the DI2 input if configured to

•

reset: Resets the safety option

3.6.2

Reset Input (DI2)

The reset input is for resetting the safety circuit selected on DI1. Configure the reset input for automatic or manual reset types. If manual reset is configured, wire the DI2A reset input terminal to a 24 V DC via an NO switch.

+ 53 hidden pages

Danfoss VLT MCB 150, VLT MCB 151 Operating Instructions Manual

Specifications and Main Features

Frequently Asked Questions

User Manual