Lenze E84Dxxxxx User Manual
Inverter
8400
Inverter Drives 8400 protec · Drive-based safety _ _ _ _ _ _ _ _ _ _
E84Dxxxxx...
Software manual EN
Ä.A+0ä
13321015
L
Contents
Contents
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
1 About this documentation _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 4
1.1 Document history _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 4
1.2 Conventions used _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 5
1.3 Terminology used _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 6
1.4 Terms and abbreviations used in drive-based safety _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 7
1.5 Notes used _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 8
2Introduction _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 9
2.1 Functional range of the functional safety (short overview) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 9
2.2 Function mode of safety engineering _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 10
2.3 Connection to the application _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 11
2.3.1 "LS_SMInterface" system block _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 12
2.3.1.1 Status information _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 12
2.3.1.2 I/O-Status information _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 13
2.3.1.3 Control information _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 13
2.3.1.4 Transferring the control information to the application _ _ _ _ _ _ _ _ _ _ _ 14
2.3.1.5 Interconnection examples _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 15
2.4 Parameter setting and configuration _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 18
2.5 Diagnostics & error management _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 20
3 Safe configuration _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 22
3.1 Change parameter settings _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 23
3.2 Import/export parameter settings _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 24
3.3 Plausibility check _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 25
3.4 General parameters _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 25
3.4.1 Setting of the safety address _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 26
3.5 Safety functions _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 27
3.5.1 Stop functions _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 27
3.5.1.1 Prioritisation _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 27
3.5.1.2 Restart behaviour _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 28
3.5.1.3 Emergency stop function (SSE) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 29
3.5.1.4 Safe torque off (STO) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 29
3.5.1.5 Safe stop 1 (SS1) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 30
3.5.2 Operation mode selection _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 31
3.5.2.1 Operation mode selector (OMS) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 31
3.5.2.2 Enable switch (ES) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 32
3.6 Safety bus _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 33
3.6.1 PROFIsafe connection _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 34
3.6.1.1 PROFIsafe output data _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 36
3.6.1.2 PROFIsafe input data _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 38
4 Safety option 20 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 41
5 Safety option 30 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 42
5.1 Safe inputs _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 42
6 Safe parameter transfer _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 44
6.1 Send safe data _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 45
6.2 Read safe data from device _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 46
6.3 Write parameter set into file _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 47
6.4 Read parameter set out of file _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 47
6.5 General reset of device _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 48
6.6 Password management _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 49
2 Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05
Contents
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
7 Parameter reference _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 50
7.1 Parameter list _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 50
7.2 Table of attributes _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 65
Index _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 67
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05 3
1 About this documentation
1.1 Document history
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
1 About this documentation
The manual contains the complete information on the application as directed of the decentralised
controllers 8400
protec with drive-based safety (safety option 20 and 30).
Please read the mounting instructions supplied with the controller before you start
working!
The mounting instructions contain safety instructions that must be observed!
Target group
This manual is intended for all persons who want to parameterise, configure, and diagnose the
integrated safety systems in controllers of the 8400
engineering software.
Validity
The information given in this manual applies to 8400 protec controllers with the following
nameplate data:
protec series with the L-force »Engineer«
Product series Type designation From software version
8400 protec StateLine
with safety option 20 E84DSWTxxxxxxN0xxx-xKxxS 01.00
with safety option 30 E84DSWTxxxxxxN0xxx-xLxxS 01.00
8400 protec HighLine
Screenshots/application examples
All screenshots provided in this documentation are application examples. Depending on the
software version of the controller and the version of the installed »Engineer« software, the
screenshots in this documentation may differ from the representation in the »Engineer«.
with safety option 20 E84DHWTxxxxxxN0xxx-xKxxS 01.00
with safety option 30 E84DHWTxxxxxxN0xxx-xLxxS 01.00
Tip!
Information and tools for Lenze products are provided in the download area at
http://www.Lenze.com
1.1 Document history
Download
Version Description
2.4 05/2013 TD05 Corrections
2.3 01/2013 TD05 Converted to new layout
2.2 02/2010 TD14 Corrections
2.1 11/2009 TD14 Corrections
2.0 09/2009 TD14 Corrections and extension by safety option SO20
1.0 05/2009 TD14 First edition
4
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05
1 About this documentation
1.2 Conventions used
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
1.2 Conventions used
This manual uses the following conventions to distinguish between different types of information:
Type of information Writing Examples/notes
Spelling of numbers
Decimal separators Point The decimal point is generally used.
For example: 1234.56
Text
Version information Blue text colour Information that is only valid for or from a certain software
Program name » « The Lenze »Engineer« PC software ...
Window italics The Message window ... / The Options dialog box...
Variable name By setting bEnable to TRUE...
Control element bold The OK button... / The Copy command... / The Properties
Sequence of menu
commands
Shortcut <bold> Press <F1> to open the online help.
Hyperlink Underlined
Icons
Page reference ( 5) Optically highlighted reference to another page. In this
Step-by-step instructions
version of the controller is marked accordingly in this
manual.
Example: This function extension is available from software
version V3.0!
tab... / The Name input field...
If the execution of a function requires several commands,
the individual commands are separated by an arrow: Select
Open to...
File
If a command requires a combination of keys, a "+" is placed
between the key symbols:
Use <Shift>+<ESC> to...
Optically highlighted reference to another topic. In this
documentation activated by mouse-click.
documentation activated by mouse-click.
Step-by-step instructions are indicated by a pictograph.
Information that is only valid for or as from a certain software version of the controller are marked
accordingly in this manual.
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05 5
1 About this documentation
1.3 Terminology used
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
1.3 Terminology used
Term Meaning
»Engineer« Lenze PC software which supports you in "engineering" (parameterisation,
Application block Block for a technology application (e.g. actuating drive - speed)
Code Parameter used for controller parameterisation or monitoring.
Display codes Parameter that displays the current status or value of a system block input/
FB Editor Function block editor
Function block General designation of a function block for free interconnection (only
Lenze setting This setting is the default factory setting of the device.
Port block Block for implementing the process data transfer via a fieldbus
Subcode If a code contains several parameters, these are stored in the "subcodes".
System block System blocks provide interfaces to basic functions and to the hardware of
diagnostics and configuration) throughout the whole life cycle, i.e. from
planning to maintenance of the commissioned machine.
A technology application is a drive solution based on the experience and
know-how of Lenze in which function blocks interconnected to a signal flow
form the basis for implementing typical drive tasks.
The term is usually called "index".
output.
Graphical interconnection tool which is provided for FB interconnections in
the »Engineer« on the FB editor tab and by means of which the applications
integrated in the drive can also be reconfigured and extended by individual
functions.
HighLine).
A function block can be compared with an integrated circuit that contains a
certain control logic and delivers one or several values when being executed.
• Each function block has a unique identifier (the instance name) and a
processing number which defines the position at which the function
block is calculated during the task cycle.
This Manual uses a slash "/" as a separator between code and subcode
(e.g. "C00118/3").
The term is usually called "subindex".
the controller in the FB editor of the »Engineer« (e.g. to the digital inputs).
6
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05
1 About this documentation
1.4 Terms and abbreviations used in drive-based safety
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
1.4 Terms and abbreviations used in drive-based safety
Abbreviation Meaning
24O 24-V voltage supply for non-safe feedback
OFF state Signal state of the sensors when they are activated or respond
DO Non-safe feedback output
ON state Signal state of the sensors in normal operation
F-PLC Safety PLC
GSE File with device-specific data for establishing the PROFIBUS communication
GSDML File with device-specific data for establishing the PROFINET communication
Cat. Category according to EN 954-1 (valid until 30 November 2009)
Optocoupler supply Supply of optocouplers to control the driver
OSSD Output Signal Switching Device, tested signal output
PELV Protective extra low voltage
PL Performance Level according to EN ISO 13849-1
PM P/N switching signal paths
PP P/P switching signal paths
PS PROFIsafe
PWM Pulse width modulation
S bus Safety bus
SD-In Safe input (Safe Digital Input)
SD-Out Safe output (Safe Digital Output)
SELV Safety extra low voltage
SIA, SIB Safe input, channel A or channel B
SIL Safety Integrity Level according to IEC 61508
SO integrated safety option
Abbreviation Safety function
AIE Error acknowledgement (Acknowledge in Error)
AIS Restart acknowledgement (Acknowledge in Stop)
ES Safe enable switch (Enable Switch)
OMS Operation mode selector
SS1 Safe stop 1
SSE Emergency stop (Safe Stop Emergency)
STO Safe torque off
Formerly: Safe standstill
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05 7
1 About this documentation
1.5 Notes used
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
1.5 Notes used
The following signal words and symbols are used in this documentation to indicate dangers and
important information:
Safety instructions
Layout of the safety instructions:
Danger!
(characterises the type and severity of danger)
Note
(describes the danger and gives information about how to prevent dangerous
situations)
Pictograph Signal word Meaning
Danger! Danger of personal injury through dangerous electrical voltage
Danger! Danger of personal injury through a general source of danger
Stop! Danger of property damage
Application notes
Pictograph Signal word Meaning
Note! Important note to ensure trouble-free operation
Reference to an imminent danger that may result in death or serious personal
injury if the corresponding measures are not taken.
Reference to an imminent danger that may result in death or serious personal
injury if the corresponding measures are not taken.
Reference to a possible danger that may result in property damage if the
corresponding measures are not taken.
Tip! Useful tip for easy handling
Reference to another documentation
8
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05
2Introduction
2.1 Functional range of the functional safety (short overview)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
2 Introduction
The safety concept of the decentralised frequency inverters 8400 protec provide three safety
options depending on the device version.
Safety option 10 (SO10):
• The drive-based safety implemented in the inverter permits to connect external safety
components, e.g. passive sensors. Active sensors with self-testing signals can be directly
connected without using further components.
Safety option 20 (SO20):
• The drive is switched off safely by a higher-level safety PLC via PROFIsafe/PROFINET.
Safety option 30 (SO30):
• The safe disconnection can both be carried out by a higher-level safety PLC via PROFIsafe/
PROFINET and through the connection of active or passive sensors.
Note!
Safety options 20 and 30 can be parameterised via the »Engineer«.
The motion functions are continued to be executed by the controller. The drive-based
safety monitors the safe compliance with the limit values. When the limit values are
exceeded, the drive-based safety starts the control functions according to EN 60204-1
directly in the controller.
The safety functions are suitable for applications according to IEC 61508 to SIL 3 and
achieve the performance level (PL) e according to EN ISO 13849-1.
The requirements of the EN 954-1 standard which was valid until 30 November 2009 are
fulfilled for safety option 10 to control category 4 and for safety option 20 and 30 to
control category 3.
Detailed information on technical data and electrical installation can be found in the
mounting instructions for the 8400 protec.
2.1 Functional range of the functional safety (short overview)
Safety option Safety function Safety bus
STO SS1 SSE OMS ES
Safety option 10
Safety option 20
Safety option 30
PROFINET
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05 9
2Introduction
M
SO
PWM
µC
PC
3x
3x
Xx
2.2 Function mode of safety engineering
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
2.2 Function mode of safety engineering
Disconnecting paths
The transmission of the pulse width modulation is safely (dis-)connected by the drive-based safety.
Hence the drivers do not create a rotating field. The motor is safely switched to torqueless operation
(STO).
Disconnecting paths of the drive-based safety
SO Safety option
xx Control terminals of the safety option 10 and 30 (M12 circular connector)
C Control section
μC Microcontroller
PWM Pulse width modulation
PPower section
M Motor
Safety status
When the controller is switched off by the safety system, it is changed to the "Safe torque off active"
status
• "Drive is torque-free" is entered in the logbook.
• C00155 (Bit 10 = 1) displays "Safe torque off active".
Fail-safe status
Note!
If internal errors of the safety system are detected, the motor is safely switched to
torqueless operation (fail-safe state).
10
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05
2Introduction
2.3 Connection to the application
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
2.3 Connection to the application
When a safety function is requested, the safety technology activates the corresponding safe
monitoring function. The only standstill function executed directly is the "safe torque off" (STO)
function. All other safety functions require a controller action which is safely monitored.
Note!
The execution of the corresponding action (e.g. braking, braking to standstill, holding
the standstill position) requires an appropriate application interconnection which must
be provided by the operator!
"LS_SMInterface" system block
The LS_SMInterface system block in the function block editor of the »Engineer« serves to transmit
the control and status information from the safety system to the application. ( 12)
Basic procedure
1. Activation of the safety function (e.g. SS1 - safe stop 1).
• Monitoring starts.
2. Via a control word, the safety system transmits the information to the controller that the safety
function has been activated.
3. The application evaluates the control word and starts the required motion sequence (e.g.
braking).
Internal communication
The drive-based safety system and the standard device communicate via an internal interface.
Note!
If the communication to the controller is interrupted, e.g. by switching off the controller,
the safety system responds with the following actions:
• Error stop with STO is activated.
• Error message "Warning" is transmitted.
• The LED "S-Error" on the front of the controller is on.
The required error acknowledgement (AIE) is possible via the safety bus and with SO30
via the error acknowledgement input (plug X62).
Further information can be found in chapter "Diagnostics & error management
" ( 20).
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05 11
2Introduction
Z6WDWH
Z,26WDWH
Z&RQWURO
E3RZHU6WDJH(QDEOH
Z0RGXOH,'
/6B60,QWHUIDFH
6DIHW\
RSWLRQ
2.3 Connection to the application
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
2.3.1 "LS_SMInterface" system block
The system block LS_SMInterface is the interface to the integrated safety system in the function
block editor of the »Engineer«.
Output
wState
wIOState
wControl
bPowerStageEnable
wModuleID
2.3.1.1 Status information
The drive-based safety system transmits information about the status of the requested or active
safety functions with the bit coded status signal wState.
Data type
WORD
WORD
WORD
BOOL
WORD
Value/meaning
Bit coded status information of the drive-based safety
Status information
Bit coded I/O information of the drive-based safety
I/O-Status information
Bit coded control information of the drive-based safety
Control information
Transferring the control information to the application
Status signal "Inverter enable"
TRUE Inverter is enabled by the safety system.
ID of the safety system in the controller
0 No safety system available
1 Safety option 10 (SO10):
2 Reserved
3 Safety option 20 (SO20):
4 Safety option 30 (SO30):
( 12)
( 13)
( 13)
( 14)
12
Bit Name Meaning
0STO Function Safe torque off (STO)
3 EC_STO Error stop category 0: Function Safe torque off (STO)
4 EC_SS1 Error stop category 1: Function Safe stop 1 (SS1)
14 Error active Drive-based safety system in error status (trouble or warning).
Unlisted bits are reserved for future extensions!
[2-1] Bit coding of the status signal wState
is active.
• The drive is safely switched to torqueless operation.
is active.
is active.
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05
2Introduction
2.3 Connection to the application
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
2.3.1.2 I/O-Status information
The bit-coded wIOState status signal serves to transfer the status the safe inputs and the safe
output:
Bit Name Meaning
0 SD-In1 Sensor input 1 in ON state.
1 SD-In2 Sensor input 1 in ON state.
5 AIS Restart is acknowledged via terminal (negative edge: 10).
6 AIE Error is acknowledged via terminal (negative edge: 10).
8 PS_AIS Restart is acknowledged via safety bus (positive edge: 01).
9 PS_AIE Error is acknowledged via safety bus (positive edge: 01).
Unlisted bits are reserved for future extensions!
[2-2] Bit coding of the wIOState status signal
2.3.1.3 Control information
The bit coded wControl control signal serves to transfer information about requested or active
safety functions. The application in the controller must evaluate the control signal and carry out the
corresponding action.
• It is possible to request/activate several safety functions at the same time.
Bit Name Meaning
0SS1 active Safe stop 1 (SS1)
2ES active Enable switch (ES)
3OMS Operation mode selector (OMS)
4SSE active Emergency stop function (SSE)
• Depending on the parameterisation of the emergency stop function, bit 1 (SS1
active) or bit 0 of the status signal SMI_wState (STO active) is set after the
function has ended.
5 OMS active Special operation is active.
Unlisted bits are reserved for future extensions!
[2-3] Bit coding of the wControl control signal
is active.
function for motion functions in special operations is active.
function for special operations is requested.
is active.
Note!
The application in the controller must evaluate the control signal wControl and carry out
the corresponding action. The execution of the corresponding action (e.g. braking to
standstill) requires an appropriate application interconnection which must be provided
by the operator!
See the following subchapter "Transferring the control information to the application".
( 14)
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05 13
2Introduction
2.3 Connection to the application
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
2.3.1.4 Transferring the control information to the application
In the simplest case, you only have to go to the I/O level in the FB editor and connect the wControl
output of the LS_SMInterface system block with the wSMControl input of the application block:
On the application level, the wSMControl input is connected with the motion control kernel. The
motion control kernel evaluates the transmitted control information and activates the required
motion sequence (e.g. braking).
Note!
At present, the motion control kernel only evaluates bit 0 (SS1). When this safety
function is requested, the drive will be decelerated to standstill along the stop ramp set
in C02610/3.
Additional functions are in preparation.
14
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05
2Introduction
2.3 Connection to the application
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
2.3.1.5 Interconnection examples
... for decoding the status and control information of the drive-based safety system into single
boolean signals.
How to decode the status information into single boolean status signals:
1. Go to the I/O level
system block with one of the free inputs wFreeIn1 ... wFreeIn4 of the application block.
• In the following example, the wState output is connected with the free wFreeIn1 input
of the LA_NCtrl application block on the I/O level.
• For a better overview, all other connections of the LA_NCtrl application block are not
shown here.
in the FB editor and connect the wState output of the LS_SMInterface
2. Go to the application level
input of the L_SMStateDecoder_1 function block.
•The free inputs wFreeIn1 ... wFreeIn4 are outputs on the application level.
The L_SMStateDecoder_1 function block decodes the status signal assigned to the wState
input into single boolean status signals for further use in the FB interconnection.
and connect the selected free input wFreeIn with the wState
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05 15
2Introduction
2.3 Connection to the application
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
How to decode the I/O status information into single boolean status signals:
1. Go to the I/O level
system block with one of the free inputs wFreeIn1 ... wFreeIn4 of the application block.
• In the following example, the wIOState output is connected with the free wFreeIn2 input
of the LA_NCtrl application block on the I/O level.
• For a better overview, all other connections of the LA_NCtrl application block are not
shown here.
2. Go to the application level
input of the L_SMStateDecoderIO_1 function block.
•The free inputs wFreeIn1 ... wFreeIn4 are outputs on the application level.
in the FB editor and connect the wIOState output of the LS_SMInterface
and connect the selected free input wFreeIn with the wIOState
The L_SMStateDecoderIO_1 function block decodes the status signal assigned to the
wIOState input into single boolean status signals for further use in the FB interconnection.
16
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05
2Introduction
2.3 Connection to the application
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
How to decode the control information into single boolean control signals:
1. Go to the I/O level
system block with one of the free inputs wFreeIn1 ... wFreeIn4 of the application block.
• In the following example, the wControl output is connected with the free wFreeIn3 input
of the LA_NCtrl application block on the I/O level.
• For a better overview, all other connections of the LA_NCtrl application block are not
shown here.
2. Go to the application level
on this level, with the wControl input of the L_SMControlDecoder_1 function block.
•The free inputs wFreeIn1 ... wFreeIn4 are outputs on the application level.
in the FB editor and connect the wControl output of the LS_SMInterface
and connect the selected free input wFreeIn, which is an output
The L_SMControlDecoder_1 function block decodes the control signal assigned to the
wControl input into single boolean control signals for further use in the FB interconnection.
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05 17
2Introduction
2.4 Parameter setting and configuration
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
2.4 Parameter setting and configuration
Note!
Safety-relevant parameters can only be transmitted to the drive-based safety system via
safe parameter setting with the »Engineer«.
The parameter set is stored in the memory module and in the drive-based safety system
with a unique module ID, which must correspond to the effective safety address in the
drive-based safety system.
If you select the safety option in the project view of the »Engineer«, different tabs for the safety
system are available in the workspace. The following illustration shows the tabs for safety
option
30:
[2-1] Tabs of the integrated safety system (here as an example for safety option 30)
Tab Information available for
Safe configuration This tab serves to make the safe configuration of the drive-
Features This tab displays general information on the safety system,
Documentation This tab serves to add notes and electronic documents to the
Safe parameter transfer
By clicking Safe Transfer on the Safe configuration tab, the Safe Transfer dialog box opens which
provides the function for a safe parameter transfer.
Safe parameter transfer ( 44)
based safety.
Safe configuration
e.g. product name, version, etc.
drive-based safety system.
• Detailed information on adding documentations can be
found in the »Engineer« documentation in chapter
"Project structure".
( 22)
safety soption
10 20 30
18
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05
2Introduction
2.4 Parameter setting and configuration
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Service status
If you request the "Send safe data to device" function in the Safe Transfer dialog box via the Send
button, the drive-based safety system changes to the "Service status" which is required for a safe
parameter setting.
Send safe data ( 45)
The service status means:
• The standard stop is active and the drive is safely switched to torqueless operation (STO).
• With safety option 30, the safe inputs are evaluated as OFF state.
• The communication via safety bus is - if possible - active, but passivated.
Note!
• The service status is also active if the parameter set in the memory module does not
correspond to the parameter set in the drive-based safety system during the
initialisation.
• The service status can be exited by reinitialising the drive-based safety system, i.e. the
communication via the safety bus is interrupted.
Supported interfaces for a safe parameter setting
A safe parameter setting with the »Engineer« is supported via the following interfaces:
• Diagnostic interface X70
• CANopen system bus interface
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05 19
2Introduction
',
',
','2
','2
',
',
5'<
(55
96
%UDNH
%865'<
%86(55
/LQN
/LQN
66WDWH
6(UURU
6$FNQZ
6(QDEOH
'59
6WDWXV &RP 6DIHW\ ,2 ,2
2.5 Diagnostics & error management
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
2.5 Diagnostics & error management
LED display
In the "Safety" field in the middle of the LED display on the front of the controller you will get
information on the status of the drive-based safety system:
[2-2] LED display on the front of the controller
Labelling Colour Status Description
LED status displays for the integrated safety system
S-State green off Communication between standard device and safety system
blinking Integrated safety system is in the service status
on Communication between standard device and safety system
S-Error red off Error-free operation
blinking Integrated safety system is not accepted by standard device
S-Acknw yellow on Parameter set acceptance must be acknowledged
S-Enable yellow blinking Safety function active (non-safe display)
on Warning/fault/error
on Controller enabled
is not possible
has been established
Note!
The status of safety option 10 is only indicated via the "S-Enable" LED display.
20
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05
2Introduction
2.5 Diagnostics & error management
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Error states
Detected errors or maloperation of the drive are assigned to error states with definite responses.
The response can be co-ordinated with the complete drive via the error states.
Features Error status
System error Fault Warning
Event Fatal internal error Error Monitoring function
LED "S_Error" On On On
State of the drive-based
safety system
The control category
according to EN 954-1...
Response The motor is immediately
Acknowledgement after
event has been
eliminated
Lockout (CPU stopped) Error status Normal operation
... has been abandoned ... has not been abandoned
safely switched to torqueless
operation via
•STO
• Switching off and then on
again of the 24-V supply at
the safety module
The motor is immediately safely switched to torqueless
operation via
•STO
or shutdown via
• SS1 (parameterisable)
• Error acknowledgement (AIE) plug X62 (positive
signal pulse with a signal duration of 0.3 ... 10 s)
• Error acknowledgement (AIE) via safety bus (bit
"PS_AIE")
• Switching off and then on again of the 24-V supply
at the safety module
Note!
If the system error still occurs after switching the supply voltage, please contact the
Lenze service!
Error in PROFIsafe communication
When PROFIsafe is used as safety bus:
• If errors occur in the PROFIsafe communication, the data are passivated by the PROFIsafe driver.
• After the PROFIsafe communication is reinitialised, the drive reenabled if no standstill function
has been selected.
• Events which cause an error status are sent as a diagnostic telegram via the safety bus.
Logbook
The logbook function integrated in the controller records important events in the system in
chronological order, including error states of the drive-based safety system.
Tip!
When an online connection has been established, the logbook can be displayed in the
»Engineer« via the Logbook button on the Diagnostic tab for the controller.
Detailed information on the logbook can be found in the Online Help for the controller.
Lenze · 8400 protec · Drive-based safety · Software Manual · DMS 2.4 EN · 05/2013 · TD05 21
Loading...