Danfoss VLT Safety Option MCB 150, VLT Safety Option MCB 151 Installation Manual

Installation Guide

VLT® Safety Option MCB 150/151

Installation Guide | VLT® Safety Option MCB 150/151

Contents

Contents

1 Introduction 7

1.1 Purpose of this Operating Guide 7

1.2 Available Resources 7

1.3 Document Version 7

1.4 Type Approvals and Certifications 8

2 Legal Information an Safety 9

2.1 Legal Information 9

2.2 Warranty and Liability 9

2.3 Safety Symbols 9

2.4 Qualified Personnel 9

2.5 Responsibilities of Users of PDS(SR) 10

2.6 Safety Precautions 10

2.7 Risk Assessment 12

3 Functions and Systems Overview 13

3.1 System Overview 13

3.1.1 Behavior of Holding Brake 14

3.1.2 Safety Certification 14

3.1.3 Implementation in Control Systems 14

3.2 Functions 15

3.2.1 Specification of Safety Functions 15

3.2.1.1 Performance Level (PL) and Safety Integrity Level (SIL) 15

3.2.2 Validation of Performance Level 15

3.2.3 Activation of Safety Functions 15

3.2.4 Simultaneous Activation of Safety Functions 16

3.2.5 Functional Proof Tests 17

3.2.6 PFD and PFH Definitions 18

3.2.7 Intended Use of the Safety Option 18

3.2.8 MCT 10 Set-up Software with Safe Plug-in 18

3.3 Unit Features 18

3.4 Front View 19

3.5 Categories of Safe Stop 20

3.5.1 Operation and Requirements 20

3.5.2 Safety Functions 20

3.5.3 Safe Torque Off - STO 21

3.5.4 Safe Stop 1 - SS1 22

3.5.4.1 SS1 Delay 22

3.5.4.1.1 Selecting the SS1 Settings 23

3.5.4.2 SS1 Delay with S-ramp Stop Profile 24

AQ279747441421en-000101 / 130R0292 | 3Danfoss A/S © 2018.09

Installation Guide | VLT® Safety Option MCB 150/151

3.5.4.3 SS1 Ramp 25

3.5.4.4 SS1 Ramp Slope 25

3.5.4.5 SS1 Ramp Time 26

3.5.5 Safely Limited Speed 27

3.5.5.1 SLS without Ramp 28

3.5.5.2 SLS with Ramp 29

3.5.5.2.1 Configuring SLS Operation 30

3.6 Inputs and Output 31

3.6.1 Inputs 31

3.6.2 Reset Input (DI2) 32

3.6.3 Output 32

3.6.4 Allowed Sensor Types on Digital Inputs 32

3.6.5 Reset 32

3.6.6 Signal Filtering 33

3.6.7 Stable Signal Time from Safe Outputs 33

3.6.8 Zero Speed Timer Error Detection 34

3.6.9 Yearly Test 34

3.6.10 Safety Parameter Settings 35

3.6.11 Encoder Interface 35

3.7 Limitations 35

3.7.1 Exceeded Limit Value and Internal Errors 35

3.7.2 Compatibility between Safety and Drive Function 35

Contents

4 Installation 37

4.1 Installing the Option 37

4.1.1 Safety Instructions 37

4.1.2 Requirements for Safe Use 37

4.1.3 Protected Cable Installation 38

4.1.4 Installing the Option 38

4.1.5 General Wiring Guidelines 41

4.1.6 Connector Pin Assignment 43

4.2 Encoder 44

4.2.1 Allowed Encoder Cable Length 44

4.2.2 Encoder Wiring Examples 45

4.2.3 Proximity Switch 46

4.2.4 VLT® Sensorless Safety MCB 159 47

4.2.4.1 Connecting a VLT® Sensorless Safety MCB 159 (MCB 151 Only) 48

4.3 Application Examples 49

4.3.1 Connecting Safe Digital Inputs 49

5 Commissioning 52

5.1 Before Commissioning 52

AQ279747441421en-000101 / 130R02924 | Danfoss A/S © 2018.09

Installation Guide | VLT® Safety Option MCB 150/151

5.1.1 Safety Guidelines 52

5.1.2 Commissioning Requirements 52

5.2 Initial Commissioning 53

5.2.1 Power-up/Self-test 53

5.2.2 Initial Commissioning 53

5.2.3 Safety Option Customization 54

5.2.4 Setting Up the Encoder 55

5.2.5 Commissioning Test 55

5.3 Operation 56

Contents

6 General Parameter Set-up 57

6.1 Configuration 57

6.1.1 General Parameter Set-up 57

6.1.2 Configuration of Safety Functions 57

6.1.3 Password Protection 58

6.1.3.1 Resetting the Password 58

6.2 Reset and Status over Fieldbus 59

6.2.1 Reset of Safety Option and Pending Safe Function 59

6.2.2 Retrieving Safety Option Status 59

6.3 Parameter List 63

7 Service and Repair 68

7.1 Updates, Servicing, and Modifications 68

7.2 Repair 68

7.3 Replacement of Safety Option 69

7.3.1 Before Removing the Safety Option 69

7.3.2 Removing the Safety Option 69

7.3.3 Replacing the Safety Option 69

7.3.4 Copying Safe Parameter Set-up 70

7.3.4.1 Password Protection LCP Copy and Safe Parameter Mismatch 70

7.4 Commissioning Test 74

7.4.1 Safety Guidelines 75

7.4.2 Before Running the Commissioning Test 75

7.4.2.1 Checking Effectiveness of Safety Functions 75

7.4.3 Safety Functions in the Drive 75

8 Warnings and Alarms 81

8.1 Fault Types and Messages 81

8.1.1 Messages 81

8.2 Warnings and Alarms 82

8.2.1 Safety Option Warning 89

8.2.2 Safety Option Reset Message 90

AQ279747441421en-000101 / 130R0292 | 5Danfoss A/S © 2018.09

Installation Guide | VLT® Safety Option MCB 150/151

Contents

9 Technical Specifications 92

9.1 Consumption 92

9.2 Inputs 92

9.2.1 Digital Inputs 92

9.2.2 TTL Encoder Input (VLT® Safety Option MCB 150) 92

9.2.3 HTL Encoder Input (VLT® Safety Option MCB 151) 92

9.3 Outputs 93

9.3.1 Digital Output (Safe Output) 93

9.3.2 24 V Supply Output 93

9.4 Other Specifications 93

9.4.1 Ground I/O Section 93

9.4.2 Cable Cross-sections 93

9.4.3 Reset Characteristics 94

9.4.4 Response Time 94

9.4.5 Safety Characteristic Data 94

10 Appendix 96

10.1 Abbreviations 96

10.2 Conventions 97

AQ279747441421en-000101 / 130R02926 | Danfoss A/S © 2018.09

2

3

MCT 10

1

e30bc961.13

+

+

Installation Guide | VLT® Safety Option MCB 150/151

Introduction

1 Introduction

1.1 Purpose of this Operating Guide

This operating guide provides information for safe installation and commissioning of the safety option. It is intended for use by
qualified personnel. Read and follow the instructions to use the option safely and professionally. Pay particular attention to the safety
instructions and general warnings. Always keep this operating guide available with the option.

1.2 Available Resources

Throughout this guide there are references to other manuals that are helpful when installing the VLT® Safety Option MCB 151/152.

1 Installation phase: Use this installation guide and refer to VLT

AutomationDrive FC 301/FC 302 Operating Guide.

2 Parameterization phase: Refer to VLT® Motion Control Tool

MCT 10 Set-up Software Operating Guide.

3 Test phase: Use the commissioning report generated via the

MCT 10 Safe Plug-in.

Illustration 1: System Overview

Also refer to www.danfoss.com/en/search/?filter=type%3Adocumentation%2Csegment%3Adds for more information.

1.3 Document Version

This manual is regularly reviewed and updated. All suggestions for improvement are welcome. See document version and changes
applied in table 1.

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 7

089

Installation Guide | VLT® Safety Option MCB 150/151

Table 1: Version and Changes Applied

Edition Remarks

MG34W4xx Editorial changes. Installation of VLT® Sensorless Safety MCB 159 added.

1.4 Type Approvals and Certifications

The following list is a selection of possible type approvals and certifications for Danfoss drives:

NOTI CE

Drives of enclosure size T7 (525–690 V) are not UL listed.

Introduction

NO TI CE

The specific approvals and certification for the drive are on the nameplate of the drive. For more information, contact the local
Danfoss office or partner.

For more information on UL 508C thermal memory retention requirements, refer to the section Motor Thermal Protection in the
product-specific design guide.

For more information on compliance with the European Agreement concerning International Carriage of Dangerous Goods by Inland
Waterways (ADN), refer to section AND-compliant Installation in the product-specific design guide.

8 | Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292

Installation Guide | VLT® Safety Option MCB 150/151

Legal Information an Safety

2 Legal Information an Safety

2.1 Legal Information

According to the Machinery Directive regulation, it is hereby stated that the original language of this operating guide is English UK.

2.2 Warranty and Liability

All claims to warranty and liability are rendered invalid if:

• The product was used contrary to the purpose for which it was intended.

• Damage can be attributed to not having followed the guidelines in the manual.

• Operating personnel are not suitably qualified.

• Any type of modification has been made (for example, exchanging components on the PCB boards, soldering work, and more).

2.3 Safety Symbols

The following symbols are used in this manual:

DA NG ER

Indicates a hazardous situation which, if not avoided, will result in death or serious injury.

WA RN IN G

Indicates a hazardous situation which, if not avoided, could result in death or serious injury.

CA UT IO N

Indicates a hazardous situation which, if not avoided, could result in minor or moderate injury.

NO TI CE

Indicates a property damage message.

2.4 Qualified Personnel

The products must only be assembled, installed, programmed, commissioned, maintained, and decommissioned by persons with
proven skills. Persons with proven skills:

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 9

Installation Guide | VLT® Safety Option MCB 150/151

• Are qualified electrical engineers, or persons who have received training from qualified electrical engineers and are suitably
experienced to operatre devices, systems, plant, and machinery in accordance with the general standards and guidelines for safety
technology.

• Are familiar with the basic regulations concerning health and safety/accident prevention.

• Have read and understood the safety guidelines given in this manual and also the instructions given in the operating guide of the
drive.

• Have good knowledge of the generic and specialist standards applicable to the specific application.

Legal Information an Safety

2.5 Responsibilities of Users of PDS(SR)

Context:

In EN ISO 12100, risk assessment is defined as an overall process comprising a risk analysis and a risk evaluation.

Procedure

1. Carry out a hazard and risk analysis of the application according to EN ISO 12100.

2. Ensure that the qualified personnel has experience with working in ATEX areas according to Directive 99/92/EC (also known as the

ATEX Workplace Directive).

3. Identify safety functions required, and allocate SIL to each of the functions.

4. Identify other subsystems and validate the signals and commands from those subsystems.

5. Design appropriate safety-related control systems (hardware, software, parameterization, and more).

2.6 Safety Precautions

WA RN IN G

HIGH VOLTAGE

AC drives contain high voltage when connected to AC mains input , DC supply , or load sharing. Failure to perform installation ,
start-up, and maintenance by qualified personnel can result in death or serious injury.

Only qualified personnel must perform installation, start-up, and maintenance.

-

WA RN IN G

UNINTENDED START

When the drive is connected to the AC mains, DC supply, or load sharing, the motor may start at any time, causing risk of death,
serious injury, and equipment, or property damage. The motor may start by activation of an external switch, a fieldbus
command, an input reference signal from the LCP or LOP, via remote operation using MCT 10 Set-up software, or after a cleared
fault condition.

Press [Off] on the LCP before programming parameters.

-

Disconnect the drive from the mains whenever personal safety considerations make it necessary to avoid unintended

-

motor start.

Check that the drive, motor, and any driven equipment is in operational readiness.

-

10 | Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292

Installation Guide | VLT® Safety Option MCB 150/151

Legal Information an Safety

WA RN IN G

DISCHARGE TIME

The drive contains DC-link capacitors, which can remain charged even when the drive is not powered. High voltage can be
present even when the warning indicator lights are off.

Failure to wait the specified time after power has been removed before performing service or repair work could result in death
or serious injury.

Stop the motor.

-

Disconnect AC mains, permanent magnet type motors, and remote DC-link supplies, including battery back-ups, UPS, and

-

DC-link connections to other drives.

Wait for the capacitors to discharge fully. The minimum waiting time is specified in table Discharge time and is also visible

-

on the nameplate on top of the drive.

Before performing any service or repair work, use an appropriate voltage measuring device to make sure that the capacitors

-

are fully discharged.

Table 2: Discharge Time

Voltage [V] Minimum waiting time (minutes)

4 7 15

200–240 0.25–3.7 kW (0.34–5 hp) – 5.5–37 kW (7.5–50 hp)

380–500 0.25–7.5 kW (0.34–10 hp) – 11–75 kW (15–100 hp)

525–600 0.75–7.5 kW (1–10 hp) – 11–75 kW (15–100 hp)

525–690 – 1.5–7.5 kW (2–10 hp) 11–75 kW (15–100 hp)

WA RN IN G

NO ELECTRICAL SAFETY

This option is suitable for performing mechanical work on the drive system or affected area of a machine only. It doesn NOT
provide electrical safety. Using the option for starting or stopping the drive can cause personal injury.

No NOT use the option as a control for starting or stopping the drive.

-

Refer to ISO 12100 for more information about the application requirements.

-

WA RN IN G

LEAKAGE CURRENT HAZARD

Leakage currents exceed 3.5 mA. Failure to ground the drive properly can result in death or serious injury.

Ensure the correct grounding of the equipment by a certified electrical installer.

-

NO TI CE

The drive has more voltage sources than L1, L2, and L3 when load sharing (linking of DC link) or external 24 V DC are installed.

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 11

Installation Guide | VLT® Safety Option MCB 150/151

Legal Information an Safety

2.7 Risk Assessment

NO TI CE

The safety option is intended to be part of the safety-related control system of a machine. Before installation, perform a risk
assessment to determine whether the specifications of this safety option are suitable for all foreseeable operational and
environmental characteristics for the system in which it will be installed.

The system user is responsible for:

• Set-up, safety rating, and validation of any actuators connected to the system.

• Completing a system-level risk assessment and reassessing the system any time a change is made.

• Providing supposition (as needed for the application) that the system fulfills the requested safety rating.

• Project management and proof testing.

• Programming the application software and the safety option configurations in accordance with the information in this manual.

• Access to the control system.

• Analyzing all configuration settings and selecting the proper setting to achieve the required safety rating.

12 | Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292

e30bc308.11

Field bus
interface

MCB 150/151
Safety Option

Option A

Option B

Internal bus 1

Internal bus 2

µ

C

Control card

IGBT

STO

37

E

M

PLC

E

E

N

C

Y

G

S

T

O

P

Installation Guide | VLT® Safety Option MCB 150/151

3 Functions and Systems Overview

3.1 System Overview

Functions and Systems Overview

Illustration 2: Drive with Safety Option and Fieldbus Option

The safety option performs safety functions in accordance with EN IEC 61800-5-2. It monitors safe motion sequences on drives, which
are safely brought to a stop and shutdown if an error occurs.

The safety option:

• Activates safety functions.

• Monitors safe motion sequences.

• Signals the status of the safety functions to the safety control system via possible connected PROFIBUS fieldbus.

• Activates the selected failure reaction Safe Torque Off or Safe Stop 1 if an error occurs.

There are 2 variants of the safety option:

• With HTL encoder interface (MCB 151).

• With TTL encoder interface (MCB 150).

The safety option is constructed as a standard option for the VLT AutomationDrive FC 302 and is automatically detected after
mounting.

The safety option can be used to monitor the stopping, starting, or speed of a rotating or laterally moving device. As speed monitor,
the option is often used with hard guarding, access doors, and safety gates with solenoid-lock or -unlock safety switches. When the
speed of the monitored device drops below the set switch point (where its speed is no longer considered dangerous), the safety option
sets S37 output low. This allows the operator to open the safety gate. In speed monitor applications, the safety output S37 is high for
operation (when the motor speed of the monitored device is below the set switch point). When the speed exceeds the set value,
indicating a too high (dangerous) speed, the safety output is low.

The drive:

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 13

Installation Guide | VLT® Safety Option MCB 150/151

• Removed the power to the motor.

• Switches the motor to torque-free if Safe Torque Off is activated.

The safe control system:

• Activates the safety functions via inputs on the safety option.

• Evaluates signals from safety devices, such as:

- E-STOP push buttons.

- Non-contact magnetic switch.

- Interlocking switch.

- Light curtain devices.

• Processes the safety option status function.

• Provides safe connection between safety option and safety control system.

• Provides fault detection at activation of safety functions (shorts across contact, short circuit) on signal between the safety control
system and the safety option.

Functions and Systems Overview

3.1.1 Behavior of Holding Brake

NO TI CE

RISK OF HAZARD

External forces acting on the motor (vertical axis) and unwanted movements, for example caused by gravity, can cause hazards
leading to death or serious injury.

Add measures for fall protection before operating the motor.

-

Triggering the Safe Torque Off safety function means that the delay time for motors with holding brake is not effective. The motor
cannot generate holding torque to bridge the time to application of the holding brake. Check whether more measures have to be
taken, for example, this may cause the load of vertical axes to lower.

3.1.2 Safety Certification

The safety option is certified for use in safety applications up to and including SIL 2 according to EN IEC 61508 and EN IEC 62061,
Performance Level PL d, and Category 3 according to EN ISO 13849-1. Safety requirements are based on the standards valid at the time
of certification. The IFA (Institute for Occupational Safety & Health) has approved the safety option for use in safety-related applications
where the de-energized state is considered to be the safe state. All examples related to I/O included in this manual are based on
achieving de-energization as the safe state.

3.1.3 Implementation in Control Systems

Often, design measures are not sufficient and protective devices are required to minimize the risk. In this context, safety functions
executed by SRP/CS (safety-related part of control systems) are defined. SRP/CS includes the entire safety chain with sensor (detect),
logic (process), and actuator (switch).

Safety functions are defined based on the application and the hazard. They are often specified in a Type C standard (a product
standard), which provides precise specifications for special machines. If a C standard is not available, the machine designer defines the
safety functions. Typical safety functions are described in more detail in EN ISO 13849-1, section 5, Specification of Safety Functions.
The safety functions for drive systems are described in IEC 61800-5-2.

14 | Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292

e30bc962.11

Detect

Senso

r

Process Switch

Logic

Actuator

For example lightcurtain

For example MCB 15x For example FC 302

Installation Guide | VLT® Safety Option MCB 150/151

Illustration 3: Sensor-Logic-Actuator Safety Chain

Functions and Systems Overview

3.2 Functions

3.2.1 Specification of Safety Functions

The standards require a specification of functional requirements. The specification must contain details about each safety function that
should be executed. Also define the:

• Necessary interfaces with other control functions.

• Required error responses.

• Performance level required PLr or achievable SIL level.

3.2.1.1 Performance Level (PL) and Safety Integrity Level (SIL)

For safety-related control systems, Performance Level (PL), according to EN ISO 13849-1, and SIL levels, according to EN IEC 61508 and
EN IEC 62061, include a rating of the system's ability to perform its safety functions.

All the safety-related components of the control system must be included in both a risk assessment and the determination of the
achieved levels. Refer to EN ISO 13849-1, EN IEC 61508, or EN IEC 62061 standards for complete information on requirements for PL and
SIL determination.

3.2.2 Validation of Performance Level

Check whether the required Performance Level “PLr”, determined in the risk assessment, is achieved by the selected system for each
safety function used. Check the calculation using the SISTEMA SW Tool of IFA (Institute for Occupational Safety & Health). Danfoss
provides a component library which can be used for the calculation. Danfoss offers corresponding services to support the system
check by calculation. Library can be downloaded from www.dguv.de/ifa/en/pra/softwa/sistema.

If using another validation method for the performance level, use the characteristic safety values specified.

3.2.3 Activation of Safety Functions

• The safety functions are activated using the dual-pole safe inputs on the safety option.

• These inputs operate in accordance with the fail-safe principle (on switching off). The safety control system activates the safety
functions via a 1/0 transition.

• Deactivate the safety functions before applying any changes to them.

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 15

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

3.2.4 Simultaneous Activation of Safety Functions

All safety functions can be active at the same time. However, Safe Torque Off has priority over all other safety functions. Functions
already started (for example Safe Stop 1 or safely limited speed) are canceled and the drive coasts.

• Safe Torque Off has the highest priority. If the Safe Torque Off function is triggered, a Safe Torque Off is managed no matter what
other functions are active.

• Safe Stop 1 has medium priority to the other safe functions.

• Safely Limited Speed has the lowest priority.

If 2 Safe Stop 1 functions are active at the same time, the function with the steepest ramp has higher priority than the function with the
less steep ramp.

If 2 safely limited speed functions are active at the same time, the function with the lowest speed limit has higher priority than the
function with higher speed limit.

If 2 equal safety functions have to be configured, they must be parameterized as SS1-a and SS1-b, or as SLS-a and SLS.b.

16 | Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292

e30bc373.11

t

f

t

f

A

B

C

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

A Ramp stop function 1

B Ramp stop function 2

C Actual ramp stop function

Illustration 4: Safe Stop 1 Safety Functions Active

See illustration 4 for an example of first activating a Safe Stop 1 function with a given ramp and afterwards activating a 2nd Safe Stop 1
function with a steeper ramp. The lower graph shows the actual ramp function.

3.2.5 Functional Proof Tests

The functional safety standards require that functional proof tests are performed on the equipment used in the system. Proof tests are
performed at user-defined intervals and depend on PFD and PFH values.

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 17

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

3.2.6 PFD and PFH Definitions

Safety-related systems can be classified as operating in either a low-demand mode or in a high-demand/continuous mode.

Low-demand mode

The frequency of demands for operation made on a safety-related system is maximum once per year.

High-demand/continuous mode

The SIL value for a low-demand safety-related system is directly related to order-of-magnitude ranges on its average probability of
failure on demand (PFD). The SIL value for a high-demand/continuous mode safety-related system is directly related to the probability
of a dangerous failure per hour (PFH).

3.2.7 Intended Use of the Safety Option

WA RN IN G

RISK OF PERSONAL INJURY AND EQUIPMENT DAMAGE

Using the safety option for other purposes than what is intended, may cause personal injury and equipment damage. The
following is considered improper use:

Any component, technical, or electrical modification to the drive.

Use of the drive outside the allowed electrical and environmental conditions specified in the technical specifications and in the
VLT® AutomationDrive FC 301/FC302 Operating Guide.

Only use the safety option for its intended purpose.

-

The safety option is designed for use in safety-related applications. It meets the requirements for safety functions in accordance with
IEC 61800-5-2 regarding safe motion monitoring.

3.2.8 MCT 10 Set-up Software with Safe Plug-in

Use the MCT 10 Set-up Software to configure the safety functions supported in the safety option.

• Configuration of the safety functions is required for safe motion sequences. If an error or fault occurs, these functions shut down
the power element of the drive in a safe and controlled way.

• Setting of limit values, braking ramps for the safety functions, monitoring of motion sequences.

The software:

• Runs in full with a license key. All functions are available from MCT 10 Set-up Software version 3.18.

• Supports the configuration of applications with up to maximum 256 safety options per project.

• Has a simple language setting for the user interface.

A PDF file and a commissioning report can be generated for documentation of the project and all its settings.

3.3 Unit Features

The safety option has the following features:

18 | Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292

e30bc325.12

MCB 150
Safe Option
SW. ver. xx. xx

Option B
130B3280

LED:

1

2

3 4

TTL Enc.

interface

Y30/

DI1 A

GND

DI1 B

ENC A

DI2 A

ENC nA

ENC B

DI2 B

ENC nB

24V

GND

S37

1

2

3

4

5 6

7

8910

11 12

e30bc326.12

MCB 151
Safe Option

SW. ver. xx. xx

Option B

130B3290

LED:

1

2

3

4

HTL Enc.

interface

Y31/

DI1 A

GND

DI1 B

ENC A

DI2 A

ENC B

DI2 B

24V

GND

S37

1

2

3

4

5 6

7

8

9

10

11 12

GND

GND

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

• 2 dual-pole, digital inputs to activate the safety functions in accordance with EN IEC 61800-5-2:

- Safe Torque Off (STO).

- Safe Stop 1 (SS1).

- Safely Limited Speed (SLS).

• Reset function:

- DI2 can be used for resetting the safety option after an error or after deactivation of a safety function.

• Status indicators:

- Safe input status (LED 1 and LED 2).

- Safe output status (LED 4).

- LED 3 is reserved for future use (always in off state).

- By fault or warning, the LEDs indicate a failure via flash pattern, see

table 24.

• Supply voltage:

- Internally supplied by the drive.

- 24 V DC output for safety sensors and encoder available.

3.4 Front View

Illustration 5: VLT® Safety Option MCB 150

Illustration 6: VLT® Safety Option MCB 151

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 19

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

3.5 Categories of Safe Stop

International standard EN/ISO 13850 specifies the functional requirements and design principles of emergency stop devices.

It applies to all machines, whatever type of energy is used to control this function.

The standard allows 2 types of stop:

• Category 0 stop: Stopping by immediately cutting-off power or mechanical disconnection between the dangerous components.

• Category 1 stop: Controlled stopping with power maintained to the actuator to achieve stopping (braking for example), then cut­off of power when 0 speed is reached.

During a category 0 stop, the motor coasts down in an uncontrolled way. If access to the machine coasting down involves a hazard
(results of the hazard and risk analysis), take protective measures to avoid the hazard.

Refer to EN IEC 61800-5-2:2007 (4.2.2.2) for a definition of Safe Torque Off (STO).

A Category 1 stop triggers a controlled stop. The safety option monitors the controlled stop. If a power outage or an error occurs, a
controlled stop is impossible. Trigger the safety function Safe Torque Off after the stop to shut off the motor torque.

Refer to EN IEC 61800-5-2:2007 (4.2.2.3) for a definition of Safe Stop 1 (SS1).

An evaluation of the machine-related risks determines which of the 2 stopping methods to use.

NO TI CE

When designing the machine application, consider timing and distance for a coast to stop (Stop Category 0 or Safe Torque Off).
For more information regarding stop categories, refer to EN IEC 60204-1.

3.5.1 Operation and Requirements

The safety option is redundant and self-checking. It requires digital input signals from an input sensor (for example PNP proximity
switch) or higher resolution TTL or HTL encoders to monitor for either safe stop or speed conditions.

3.5.2 Safety Functions

Safety functions maintain a safe condition or prevent hazardous conditions from arising. The safety functions for drives are defined in
EN IEC 61800-5-2.

The safety option implements the following safety functions:

• Safe Torque Off (STO)

- No power is being fed to the motor which can generate a rotation. Stop category 0 to EN IEC 60204-1.

• Safe Stop 1 (SS1)

- Motor decelerates. Monitoring of deceleration ramp and Safe Torque Off following 0 speed, or Safe Torque Off at the end of a

deceleration time. Stop category 1 to EN IEC 60204-1.

• Safely limited speed (SLS)

- Prevents exceeding a defined speed value.

The safety option implements the following safety functions

20 | Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

3.5.3 Safe Torque Off - STO

The safety function Safe Torque Off disconnects power to the motor. It is implemented via the shutdown path of the drive and the safe
outputs of the safety option.

Features of the safety function

• The motor becomes torque-free and no longer generates any hazardous movements.

• To prevent the drive from running down in an uncontrolled manner. In normal operation, activate the safety function Safe Torque
Off via the safety function Safe Stop 1.

• Safe Torque Off is only activated directly when:

- There is an internal error on the safety option.

- The Safe Stop 1 delay time is set to 0.

- One of the inputs, DI1 or DI2, has been selected as Safe Torque Off function.

• The safety function Safe Torque Off corresponds to a category 0 stop (uncontrolled stop) in accordance with EN IEC 60204-1.

Prerequisites for normal operation

• Input DI1 or DI2: "1" Signal (+24 V DC).

• S37 output: "1" Signal (+24 V DC).

Safety function is activated

• By an error after limit values have been exceeded for Safe Stop 1 and Safely Limited Speed.

• By an internal error on the safety option or drive, if the drive can no longer be controlled.

• By executing the safety function Safe Stop 1 (1/0 transition). In this case, the drive is monitored before it is switched to torque-free.

• By download of parameterization via MCT 10 Safe Plug-in if the current drive is running.

• By executing the safety function Safe Torque Off (1/0 transition). This function ensures that no torque-generating energy can
continue to affect a motor and prevents unintentional start-ups.

NO TI CE

RISK OF HAZARD

External forces acting on the motor (vertical axis) and unwanted movements, for example caused by gravity, can cause hazards
leading to death or serious injury.

Add measures for fall protection before operating the motor.

-

The STO may be used where power removal is required to prevent an unintended start. The function disables the control voltage of the
drive output stage. Thus, it prevents the drive from generating the voltage required to rotate the motor, see illustration 7. The function
allows performing maintenance work on non-electrical parts of the machinery without switching off the power supply to the drive.

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 21

f

e30bc318.11

t

1

2

A

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

A Actual frequency

1 Activation of STO

2 Motor standstill

Illustration 7: Safe Torque Off

3.5.4 Safe Stop 1 - SS1

The safety function Safe Stop 1 monitors the deceleration to 0 speed in a controlled manner and activates Safe Torque Off after
detection of stop. The Safe Stop 1 can either be configured as SS1 Delay or SS1 Ramp.

Features of the safety function

• The safety function Safe Stop 1 corresponds to a category 1 stop (controlled braking) in accordance with EN IEC 60204-1.

• Monitoring the speed deceleration after which the energy supply to the motor is safely interrupted.

• The motor becomes torque-free and removes hazardous movements.

3.5.4.1 SS1 Delay

Select the SS1 Delay to activate the Safe Stop 1 function while a parameterized safety delay timer expires. STO is activated immediately
when the configured stop delay has expired, regardless of speed, see 6.3 Parameter List for parameter settings.

By using SS1 Delay, the drive attempts to follow the selected ramp. After a specified delay time, STO is activated and the motor is made
torque free.

NO TI CE

Using SS1 Delay may result in the motor still spinning when the Safe Torque Off is activated. The risk analysis for the machine
must indicate that this behavior can be tolerated. An interlock may be required.

22 | Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292

e30bc321.11

1

2

t

f

3

4

A

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

Default value in parameter 42-40 Type is [0] Delay. If this value is selected, the Safe Stop 1 function activates a braking ramp defined
from a selected time delay in parameter 42-42 Delay Time. This means that the braking ramp is linear. Select the value of parameter
42-43 Delta T (the % of the delay time), which is a reasonable tolerance after the SS1 Delay Time has expired.

NO TI CE

The SS1 Delay function does not monitor the stopping of the drive. The safety relevant time, Delta T, allows the drive to come
to a stop before Safe Torque Off is activated. Thus ensuring that the system is also stopped before Safe Torque Off is activated.
If a fault occurs, the drive does not come to a stop. It coasts after the time delay no matter of the speed of the drive.

A Actual frequency

2 Activation of STO

1 Activation of the SS1 Delay Timer

3 Parameter 42-42 Delay Time

4 Parameter 42-43 Delta T

Illustration 8: SS1 Delay

When Safe Stop 1 function is active, the drive brings the motor to 0 speed. The Safe Torque Off function is triggered after a specified
safety-relevant time. This safety function corresponds to a controlled stop of the drive according to EN IEC 60204-1, stop category 1.

3.5.4.1.1 Selecting the SS1 Settings

Procedure

1. Enter parameter 42-41 Ramp Profile.

Select:

[0] Linear, if the ramp must follow a linear curve.

[2] S-ramp Const Time, if the ramp should follow an S-ramp.

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 23

130BC322.11

1

2

t

f

3

4

actual
frequency

5

6

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

3.5.4.2 SS1 Delay with S-ramp Stop Profile

Context:

An S-ramp gives non-linear deceleration, compensating for jerks in the application.

Procedure

1. Define a speed profile by a delay (a worst-case delay from actual frequency to 0 speed) and a delay tolerance.

The safety relevant time, Delta T, allows the drive to come to a stop before STO is activated. Thus ensuring that the system is also
stopped before STO is activated. If a fault occurs, the drive does not come to a stop. It coasts after the time delay regardless of the
drive speed.

2. Define an S-ramp configuration, which achieves 0 speed within the delay.

3. Configure the S-Ramp ratio at deceleration start in parameter 42-48 S-ramp Ratio at Decel. Start and set parameter 42-49 S-ramp Ratio

at Decel. End for S-Ramp ratio at deceleration end.

Example:

Table 3: Parameters for SS1 Delay with S-ramp Stop Profile

Parameter Unit Range Default

Parameter 42-42 Delay Time s 0.1–3600.0 s 1.0 s

Parameter 42-43 Delta T % 0–50% 5%

Parameter 42-48 S-ramp Ratio at Decel. Start % 1–99 50

42-49 S-ramp Ratio at Decel. End % 1–99 50

A Actual frequency

2 Activation of STO

4 Parameter 42-43 Delta T

24 | Danfoss A/S © 2018.09

1 Activation of SS1 Ramp Delay

3 Parameter 42-42 Delay Time

5 Parameter 42-48 S-ramp Ratio at Decel. Start

AQ279747441421en-000101 / 130R0292

Installation Guide | VLT® Safety Option MCB 150/151

6 Parameter 42-49 S-ramp Ratio at Decel. End

Illustration 9: SS1 Delay with S-ramp Stop Profile

Functions and Systems Overview

3.5.4.3 SS1 Ramp

NO TI CE

The SS1 Ramp function can only be used when an encoder is connected to the safety option.

This Safe Stop type allows access to the hazard area immediately after motion is detected as stopped rather than waiting until a
specific time has elapsed.

The safety option monitors the following functions

• Braking ramp:

- In the MCT 10 Set-up Software Safe Plug-in, the braking ramp is specified and monitoring is activated. The braking period

depends on the speed of the motor when braking is started. The braking ramp can be monitored via a maximum speed error
specified in the MCT 10 Set-up Software tolerable in parameter 42-45 Delta V.

• Braking ramp in normal operation:

- The drive starts with the configured braking ramp when safety function Safe Stop 1 has been activated. Once the speed is at 0

speed limit, STO is activated.

• Safety function STO is activated when the configured limit value for the position error is exceeded.

A standstill threshold 0 speed (parameter 42-46 Zero Speed) for activating the safety function STO can be specified in MCT 10 Set-up
Software.

Safety function STO is activated when 0 speed is achieved.

3.5.4.4 SS1 Ramp Slope

For the stopping process, the safety option initiates a stop signal to the drive and monitors the controlled braking by monitoring the
braking ramp. The admissible deceleration ramp is specified in parameter 42-44 Deceleration Rate. If the safety option requests a Safe
Stop 1, the drive must decelerate at least with the steepness of this deceleration ramp, even under heavy load. If the drive does not
fulfill the admissible deceleration ramp during a Safe Stop 1 requested by the safety option, an STO is triggered immediately. The
motor then performs an uncontrolled stop. This action prevents the drive from continuing to run or even accelerating if an error
occurs.

Table 4: Parameters for SS1 Ramp Slope

Parameter Unit Range Default

Parameter 42-44 Deceleration Rate RPM/s 1–30000 RPM/s 1500 RPM/s

Parameter 42-45 Delta V RPM 1–10000 RPM 120 RPM

Parameter 42-46 Zero Speed RPM 1–600 RPM 10 RPM

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 25

e30bc319.11

6

4

3

7

1 2

5

t

f

6

A

B

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

A Actual frequency

1 Activation of SS1 Ramp Slope

3 Parameter 42-44 Deceleration Rate

5 Parameter 42-46 Zero Speed

B SS1 ramp

2 Activation of STO

4 Parameter 42-45 Delta V

6 Safety function monitors

7 Activation of failure function

Illustration 10: SS1 Ramp Slope

When the Safe Stop 1 function is active, the drive brings the motor to 0 speed. The deceleration is monitored. If the monitored
deceleration is slower than expected or at 0 speed, STO is triggered.

This safety function corresponds to a controlled stop of the drive according to EN IEC 60204-1, stop category.

3.5.4.5 SS1 Ramp Time

Define a speed monitoring profile by a deceleration time and a tolerable speed (Delta V).

Table 5: Parameters for SS1 Ramp Time

Parameter Unit Range Default

Parameter 42-47 Ramp Time s 0.1–3600.0 s 1.0 s

Parameter 42-45 Delta V RPM 1–10000 RPM 120 RPM

Parameter 42-46 Zero Speed RPM 1–600 RPM 10 RPM

26 | Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292

e30bc320.11

6

4

7

1

2

5

t

f

6

3

A

B

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

A Actual frequency

1 Activation of SS1 Ramp Time

3 Parameter 42-47 Ramp Time

5 Parameter 42-46 Zero Speed

B SS1 ramp

2 Activation of STO

4 Parameter 42-45 Delta V

6 Safety function monitors

7 Activation of failure function STO

Illustration 11: SS1 Ramp Time

3.5.5 Safely Limited Speed

NO TI CE

The Safely Limited Speed function can only be used when an encoder is connected to the safety option.

This function is used to limit a machine speed. The main goal is to monitor the motor speed and to adjust the speed to a setpoint.
There are 2 types of Safely Limited Speed:

• SLS without ramp: Monitors the motor speed and, depending on the setting of parameter 42-52 Fail Safe Reaction, trips in Safe
Torque Off or Safe Stop 1 if an overspeed occurs.

• SLS with ramp: Limits the motor speed to a setpoint and, depending on the setting of parameter 42-52 Fail Safe Reaction, trips in
STO or Safe Stop 1, if an overspeed occurs.

The Safe Limited Speed is given as speed limit in parameter 42-51 Speed Limit. The value for the cut-off speed partly depends on the
motor that is being used. A suggested value from the MCT 10 Set-up Software calculates a value for which Danfoss guarantees
functionality. This value is called delta speed limit and is added to the selected speed limit and suggested as value in parameter 42-50
Cut Off Speed.

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 27

t

1

2

4

5

3

6

f

e30bc324.11

A

B

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

3.5.5.1 SLS without Ramp

The safety function Safely Limited Speed monitors whether a specified velocity value is exceeded since it was activated via DI1 or DI2.
The function is active until the selected input has been put to high again.

If 2 safe-speed limits must be monitored, set 1 of the 2 Safe Digital Inputs DI1 or DI2 in parameter 42-20 Safe Function to SLSa or SLS-b.
Then select the input type in parameter 42-21 Type.

The cut-off speed represents the maximum allowed frequency of the actual motor frequency. If the motor frequency accelerates above
that value, the safety option enters external fault selected (STO or SS1 Ramp), and the error is given. The frequency value at which a
shutdown is realized should be parameterized in parameter 42-50 Cut Off Speed.

Table 6: Parameters for SLS without Ramp

Parameter Unit Range Default

Parameter 42-50 Cut Off Speed RPM 120–10000 RPM 270 RPM

Parameter 42-51 Speed Limit RPM 1–9999 150 RPM

Parameter 42-52 Fail Safe Reaction n/a STO/SS1 STO

1 SLS is activated

3 Parameter 42-50 Cut Off Speed

5 Activation of failure function set in parameter 42-52 Fail Safe

A Actual frequency

B SLS limit

2 Parameter 42-51 Speed Limit

4 Delta speed limit

6 Fixed value of 120 RPM in parameter 42-19 Zero Speed Limit

Reaction

Illustration 12: SLS without Ramp

28 | Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292

e30bc959.11

4

2

3

6

1

5

f

t

A

B

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

If speed exceeds the limit, parameter 42-52 Fail Safe Reaction is activated. The safety function can either be STO or SS1 Ramp Time. SS1
can only be triggered as error response if a Safe Stop 1 function has been set as Safe Stop 1 with ramp time function, set in parameter
42-40 Type.

Safe jog withSLS

A Actual frequency

1 SLS is activated

3 Parameter 42-50 Cut Off Speed

5 Activation of failure function set in parameter 42-52 Fail Safe

B SLS limit

2 Parameter 42-51 Speed Limit

4 Delta speed limit

6 Fixed value of 120 RPM in parameter 42-19 Zero Speed Limit

Reaction

Illustration 13: Safe Jog

Access under specific conditions of reduced risk

Under specific conditions of reduced risk, safe jog allows access to areas for fault-finding, commissioning, and more. On machines
where safe jog (jogging or inching) is required, this is also possible from 0 speed setpoint. By activating SLS, the motor can be moved at
safe jog resulting in several cycles and with safely monitored movements. The motor can be started and stopped continuously also
from 0 speed.

3.5.5.2 SLS with Ramp

If this safety function is needed, configure the safety option for Safely Limited Speed (SLS). When the inputs DI1 or DI2 are selected as
SLS, input is OFF, feedback velocity is monitored and compared against a configurable safe speed limit.

Select parameter 42-53 Start Ramp to configure an SLS Monitoring Ramp. The ramping begins when SLS monitoring is requested by the
selected input for SLS transition from ON to OFF. The safety option starts monitoring for safe limited speed when the ramp-down times
out. If the system speed exceeds or is equal to the configured safe speed limit during Safely Limited Speed monitoring, a Safely Limited
Speed fault occurs. The safety option then initiates the configured Safe Stop type selected in parameter -52 Fail Safe Reaction.

The ramping begins at the absolute value of the actual speed. If the actual speed is already below the Safely Limited Speed limit, the
limit comes into effect immediately without ramping. When the Safely Limited Speed function is deactivated, the speed limits are
ramped up back to the values defined in parameter group 3-1* References. The actual speed then returns to the reference value if it was
limited by this function.

Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292 | 29

e30bc323.11

1

2

f

3

5

6

4

t

4

7

A

B

Installation Guide | VLT® Safety Option MCB 150/151

Functions and Systems Overview

3.5.5.2.1 Configuring SLS Operation

Procedure

1. If a safe speed limit must be monitored, set 1 of the 2 safe digital inputs, DI1 or DI2, to [1] SLS-a or [2] SLS-b in parameter 42-20 Safe

Function.

2. Select input type in parameter 42-21 Type.

3. Select parameter 42-53 Start Ramp to run Safely Limited Speed with monitored braking ramp. The default value is [0] No for

applications without SLS Ramp control.

4. Set the time allowed to reach Safe Limited Speed in parameter 42-54 Ramp Down Time.

When the safety option actively monitors Safely Limited Speed, and the motor speed is at or below the configured safe speed
limit, the function monitors the speed until the function is deactivated.

5. Set the value in parameter 42-50 Cut Off Speed.

Example:

A Actual frequency

1 SLS is activated with SS1 Ramp

3 Ramp-down time

5 0 speed limit, fixed value of 120 RPM

7 Activation of failure function set in parameter 42-52 Fail Safe

Reaction

Illustration 14: SLS with Ramp

Table 7: Parameters for SLS with Ramp

Parameter Unit Range Default

B SLS limit

2 SLS speed limit reached

4 Delta speed limit

6 Cut-off speed

Parameter 42-50 Cut Off Speed RPM 120–10000 RPM 270 RPM

30 | Danfoss A/S © 2018.09

AQ279747441421en-000101 / 130R0292