Lenze SO30-8400 User Manual
EDS84DPSO01
.Ez#
L−force Drives
Ä.Ez#ä
8400 protec
Translation
Manual
SO10 / SO20 / SO30
Drive−based safety
l
, Please read these instructions and the documentation of the standard device before you
start working!
Observe the safety instructions given therein!
0Fig. 0Tab. 0
Contents i
1 About this documentation 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1 Document history 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 Conventions used 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3 Terms and abbreviations used 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.4 Notes used 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Safety engineering 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1 Introduction 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2 Important notes 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1 Hazard and risk analysis 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2 Standards 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3 Acceptance 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.1 Description 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.2 Periodic inspections 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.4 Basics for safety sensors 13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 Safety option 10 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.1 Operating mode 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.1.1 Introduction 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.1.2 Disconnecting paths 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.1.3 Safety status 15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.1.4 Fail−safe status 15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.2 Status display 16 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.3 Technical data 17 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.4 Electrical installation 18 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.5 Certification 19 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 Safety option 20 20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1 Operating mode 20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1.1 Introduction 20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1.2 Disconnecting paths 21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1.3 Safety status 21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1.4 Fail−safe status 21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2 Status display 22 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.3 Technical data 23 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.4 Electrical installation 24 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.5 Certification 25 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.6 Safety functions 26 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.7 Safe parameter setting 27 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.7.1 Parameter setting 27 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.7.2 Parameter sets and axes 30 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
EDS84DPSO01 EN 2.1
l 3
Contentsi
4.8 Error management 31 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.8.1 Error states 31 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.8.2 Logbook 31 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.9 Response times 32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.9.1 Response times of the inputs 33 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.9.2 Response times of the safety bus 34 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5 Safety option 30 35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.1 Operating mode 35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.1.1 Introduction 35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.1.2 Disconnecting paths 36 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.1.3 Safety status 36 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.1.4 Fail−safe status 36 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.1.5 Safe inputs 37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2 Status display 39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.3 Technical data 40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.4 Electrical installation 41 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.5 Certification 44 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.6 Safety functions 45 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.6.1 Safe torque off 45 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.6.2 Safe stop 1 47 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.6.3 Emergency stop 49 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.6.4 Safe operation mode selector 50 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.6.5 Safe enable switch 52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.7 Safe parameter setting 54 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.7.1 Parameter setting 54 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.7.2 Parameter sets and axes 57 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.8 Error management 58 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.8.1 Error states 58 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.8.2 Logbook 58 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.8.3 Module error messages 59 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.9 Response times 61 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.9.1 Response times of the inputs 62 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.9.2 Response times of the safety bus 63 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6 Appendix 64 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.1 Total index 64 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
l 4
EDS84DPSO01 EN 2.1
1 About this documentation
Contents
The manual provides full information on the application as directed of the 8400 protec
controllers in the StateLine or HighLine versions including drive−based safety.
Validity
Type Type designation from hardware version from software version
8400 protec StateLine mit SO10 E84DSxxxxxxxxxxJxx PB −
8400 protec StateLine mit SO20 E84DSxxxxxxxxxxKxx PB −
8400 protec StateLine mit SO30 E84DSxxxxxxxxxxLxx PB −
8400 protec HighLine mit SO10 E84DHxxxxxxxxxxJxx PB −
8400 protec HighLine mit SO20 E84DHxxxxxxxxxxKxx PB −
8400 protec HighLine mit SO30 E84DHxxxxxxxxxxLxx PB −
About this documentation
Document history
1
Target group
This manual is intended for all persons who design, install, commission, and adjust
controllers of the 8400 protec series with drive−based safety.
I Tip!
Information and auxiliary devices around the Lenze products can be found in
the download area at
http://www.Lenze.com
1.1 Document history
Material number Version Description
13290952 1.0 03/2009 TD03 First edition
13295461 1.1 05/2009 TD03 Minor corrections to the "Certification" chapter
13297773 2.0 06/2009 TD15 Corrected and amended by further safety options
.Ez# 2.1 04/2011 TD15 General revision
EDS84DPSO01 EN 2.1
l
5
1
About this documentation
Conventions used
1.2 Conventions used
This documentation uses the following conventions to distinguish between different
types of information:
Type of information Identification Examples/notes
Spelling of numbers
Decimal separator Point In general, the decimal point is used.
Warnings
UL warnings
UR warnings
Text
Program name » « PC software
Icons
Page reference ^ Reference to another page with additional
J
O
For instance: 1234.56
Are only given in English.
For example: »Engineer«, »Global Drive
Control« (GDC)
information
For instance: ^ 16 = see page 16
6
l
EDS84DPSO01 EN 2.1
About this documentation
Terms and abbreviations used
1
1.3 Terms and abbreviations used
Abbreviation Meaning
24O 24 V voltage supply for non−safe monitoring
Cat. Category according to EN 954−1 (valid until 30 November 2009)
DO Non−safe feedback output
F−PLC Safety PLC
GSDML File containing device−specific data to establish PROFINET communication
GSE File containing device−specific data to establish PROFIBUS communication
OFF state Signal status of the safety sensors when they are activated or respond
ON state Signal status of the safety sensors during normal operation
Opto supply Optocoupler supply for controlling the drivers
OSSD Output Signal Switching Device, tested signal output
PELV Protective Extra Low Voltage
PL Performance Level according to EN ISO 13849−1
PM P/N switching signal paths
PP P/P switching signal paths
PS PROFIsafe
PWM Pulse Width Modulation
S−Bus Safety bus
SD−In Safe input (Safe Digital Input)
SD−Out Safe output (Safe Digital Output)
SELV Safety Extra Low Voltage
SIA, SIB Safe Input, channel A or B, respectively
SIL Safety Integrity Level according to IEC 61508
SO Integrated safety option
Abbreviation Safety function
AIE Error acknowledgement (Acknowledge In Error)
AIS Restart acknowledgement (Acknowledge In Stop)
ES Safe enable switch
OMS Operation Mode Selector
SS1 Safe Stop 1
SSE Safe Stop Emergency
STO Safe Torque Off
Formerly: Safe standstill
EDS84DPSO01 EN 2.1
l
7
1
About this documentation
Notes used
1.4 Notes used
The following pictographs and signal words are used in this documentation to indicate
dangers and important information:
Safety instructions
Structure of safety instructions:
} Danger!
(characterises the type and severity of danger)
Note
(describes the danger and gives information about how to prevent dangerous
situations)
Pictograph and signal word Meaning
{ Danger!
} Danger!
( Stop!
Danger of personal injury through dangerous electrical voltage.
Reference to an imminent danger that may result in death or
serious personal injury if the corresponding measures are not
taken.
Danger of personal injury through a general source of danger.
Reference to an imminent danger that may result in death or
serious personal injury if the corresponding measures are not
taken.
Danger of property damage.
Reference to a possible danger that may result in property
damage if the corresponding measures are not taken.
Application notes
Pictograph and signal word Meaning
) Note!
I Tip!
,
Special safety instructions and application notes for UL and UR
Pictograph and signal word Meaning
J Warnings!
O Warnings!
Important note to ensure troublefree operation
Useful tip for simple handling
Reference to another documentation
Safety or application note for the operation of a UL−approved
device in UL−approved systems.
Possibly the drive system is not operated in compliance with UL
if the corresponding measures are not taken.
Safety or application note for the operation of a UR−approved
device in UL−approved systems.
Possibly the drive system is not operated in compliance with UL
if the corresponding measures are not taken.
8
l
EDS84DPSO01 EN 2.1
2 Safety engineering
2.1 Introduction
With increasing automation, protection of persons against hazardous movements is
becoming more important. Functional safety describes the measures needed by means of
electrical or electronic equipment to reduce or remove danger caused by failures.
During normal operation, safety equipment prevents people accessing hazardous areas. In
certain operating modes, e.g. set−up mode, work needs to be carried out in hazardous
areas. In these situations the machine operator must be protected by integrated drive and
control measures.
Drive−based safety provides the conditions in the controls and drives to optimise the safety
functions. Planning and installation expenditure is reduced. In comparison to the use of
standard safety engineering, drive−based safety increases machine functionality and
availability.
Safety engineering
Introduction
2
Drive−based safety with L−force | 8400 protec
Unlike control cabinet devices, decentralised drives are frequency inverters which are not
locally mounted but directly attached to the application on site. Due to this
product−specific property, they must meet demanding requirements for robustness and
class of protection.
8400 protec controllers are optionally available with drive−based safety.
"Drive−based safety" stands for applied safety functions, which can be used for the
protection of persons working on machines.
The motion functions are continued to be executed by the controller. The drive−based
safety monitors the safe compliance with the limit values and provides the safe inputs and
outputs. When the limit values are exceeded, the drive−based safety starts the control
functions according to EN 60204−1 directly in the controller.
The safety functions are suitable for applications according to IEC 61508 to SIL 3 and
achieve a performance level (PL) e and the control category 3 or 4 depending on the safety
option according to EN ISO 13849−1.
EDS84DPSO01 EN 2.1
l
9
2
2.2 Important notes
Safety engineering
Important notes
Application as directed
The controllers that are equipped with safety engineering must not be modified by the
user. This concerns the unauthorised exchange or removal of the safety engineering.
} Danger!
Danger to life through improper installation
Improper installation of safety engineering systems can cause an uncontrolled
starting action of the drives.
Possible consequences:
ƒ Death or severe injuries
Protective measures:
ƒ Safety engineering systems may only be installed and commissioned by
qualified and skilled personnel.
ƒ All control components (switches, relays, PLC, ...) and the control cabinet
must comply with the requirements of ISO 138491 and ISO 13849−2. This
includes i.a.:
– Switches, relays with at least IP54 enclosure.
– Control cabinet with at least IP54 enclosure.
– Please refer to ISO 138491 and ISO 13849−2 for all further requirements.
ƒ Wiring must be shielded.
ƒ All safety relevant cables outside the control cabinet must be protected, e.g.
by means of a cable duct:
– Ensure that no short circuits can occur.
– For further measures see EN ISO 13849−2.
ƒ If an external force acts upon the drive axes, additional brakes are required.
Please observe that hanging loads are subject to the force of gravity!
10
} Danger!
When the "safe torque off" (STO) function is used, an "emergency
switching−off" according to EN 60204 is not possible without additional
measures. There is no electrical isolation, no service switch or repair switch
between motor and controller!
Emergency switching−off" requires an electrical isolation, e.g. by a central
mains contactor!
l
EDS84DPSO01 EN 2.1
During operation
After the installation is completed, the operator must check the wiring of the safety
function.
The functional test must be repeated at regular intervals. The time intervals to be selected
depend on the application, the entire system and the corresponding risk analysis. The
inspection interval should not exceed one year.
Residual hazards
In case of a short−circuit of two power transistors a residual movement of the motor of up
to 180 °/number of pole pairs may occur! (Example: 4−pole motor Þ residual movement
max. 180 °/2 = 90 °)
This residual movement must be considered in the risk analysis, e.g. safe torque off for
main spindle drives.
2.2.1 Hazard and risk analysis
Safety engineering
Important notes
Hazard and risk analysis
2
This documentation can only accentuate the need for hazard analysis. The user of the
integrated safety system must read up on standards and the legal situation:
Before the launch of a machine, the manufacturer of the machine must conduct a hazard
analysis according to Machinery Directive 2006/42/EC to determine the hazards
associated with the application of the machine. The Machinery Directive refers to three
basic principles for the highest possible level of safety:
ƒ Hazard elimination / minimisation by the construction itself.
ƒ Required protective measures must be taken against hazards which cannot be
eliminated.
ƒ Existing residual hazards must be documented and the user must be informed of
them.
Detailed information on the hazard analysis procedure is provided in the EN 1050, risk
assessment principles. The results of the hazard analysis determine the category for
safety−related control systems according to EN ISO 13849−1. Safety−oriented parts of the
machine control must be compliant.
2.2.2 Standards
Safety regulations are confirmed by laws and other governmental guidelines and
measures and the prevailing opinion among experts, e.g. by technical regulations.
The regulations and rules to be applied must be observed in accordance with the
application.
EDS84DPSO01 EN 2.1
l
11
2
2.3 Acceptance
2.3.1 Description
Safety engineering
Acceptance
Description
The machine manufacturer must check and prove the operability of the safety functions
used.
Inspector
The machine manufacturer must authorise a person with expertise and knowledge of the
safety functions to carry out the test.
Test report
The test result of every safety function must be documented and signed by the inspector.
) Note!
If parameters of the safety functions are changed, the inspector must repeat
the test and record the results in the test report.
Scope of test
A complete test comprises the following:
ƒ Documenting the plant including the safety functions:
– Creating an overview screen of the plant
– Describing the plant
– Describing the safety equipment
– Documenting the safety functions used
ƒ Checking the function of the safety functions used:
– "Safe torque off" function, STO
– "Safe stop 1" function, SS1
– "Safe emergency stop" function, SSE
ƒ Preparing the test report:
– Documenting the functional test
– Checking the parameters
– Signing the test report
ƒ Preparing the appendix with test records:
– Protocols from the plant
– External recording
2.3.2 Periodic inspections
The correct sequence of the safety−oriented functions must be checked in periodic
inspections. The risk analysis or applicable regulations determine the time distances
between the tests. The inspection interval should not exceed one year.
12
l
EDS84DPSO01 EN 2.1
2.4 Basics for safety sensors
Passive sensors
Passive sensors are two−channel switching elements with contacts. The connecting cables
and the sensor function must be monitored.
The contacts must switch simultaneously (equivalently). Nevertheless, safety functions
will be activated as soon as at least one channel is switched.
The switches must be wired according to the closed−circuit principle.
Examples of passive sensors:
ƒ Door contact switch
ƒ Emergency−off control units
Active sensors
Active sensors are units with 2−channel semiconductor outputs (OSSD outputs). With the
integrated safety system of this device series, test pulses < 1 ms for monitoring the
outputs and cables are permissible. The maximally permissible connection capacity of the
outputs is to be observed.
Safety engineering
Basics for safety sensors
2
P/M−switching sensors switch the positive and negative cable or the signal and ground
wire of a sensor signal.
The outputs have to switch simultaneously. Nevertheless, safety functions are triggered
as soon as at least one channel is switched.
Examples of active sensors:
ƒ Lightgrid
ƒ Laser scanner
ƒ Control systems
Use of the safety option 30 (SO30):
Sensor inputs
For unused sensor inputs, "Input deactivated" must be parameterised.
Connected deactivated sensors can create the false impression of safety technology being
provided. For this reason, a deactivation of sensors by parameter setting only is not
permissible and not possible. It is monitored that no sensor signal is pending.
EDS84DPSO01 EN 2.1
l
13
3
M
SO
PWM
µC
PC
3x
3x
Xxx
Safety option 10
Operating mode
Introduction
3 Safety option 10
3.1 Operating mode
3.1.1 Introduction
Due to safety option 10, the following safety functions can be used:
ƒ Safe torque off (STO),
formerly: safe standstill
If requested, the safe disconnection of the drive is achieved through:
ƒ Directly connected active sensors
ƒ Passive sensors connected to a safety switching device
The safety functions are suitable for applications according to IEC 61508 to SIL 3 and
achieve a performance level (PL) e and the control category 4 according to EN ISO 13849−1.
} Danger!
If the request for the safety function is cancelled, the drive will restart
automatically.
You must provide external measures which ensure that the drive only restarts
after a confirmation (EN 60204).
3.1.2 Disconnecting paths
The transmission of the pulse width modulation is safely switched (off) by the safety unit.
After this, the power drivers do not generate a rotating field. The motor is safely switched
to torqueless operation (STO).
14
E84DPSO02
Fig. 3−1 Operating principle of safety unit
SO Safety option 10, 20, or 30
xxx Control terminals used in safety engineering systems or safety bus
C Control section
mC Microcontroller
PWM Pulse width modulation
P Power section
M Motor
l
EDS84DPSO01 EN 2.1
3.1.3 Safety status
When the controller is disconnected from the safety unit, the "Safe torque off" (STO) status
is set (C00155 bit 10 = 1).
3.1.4 Fail−safe status
When internal errors of the safety unit are detected, the motor is safely switched to
torqueless operation (fail−safe status).
Safety option 10
Operating mode
Safety status
3
EDS84DPSO01 EN 2.1
l
15
3
Safety option 10
Status display
3.2 Status display
The operating status of the "STO" safety function is displayed using an LED on the front of
the controller.
Fig. 3−2 Position of the LED for the drive−based safety on the device
Pos. Colour State Description
S−Enable yellow
The status of safety option 10 is solely shown via the "S−Enable" display. All other displays have no function.
on Controller is enabled
blinking Safety function is active (non−safe display)
E84DPSO06 SO10
16
l
EDS84DPSO01 EN 2.1
3.3 Technical data
Supply
The safe input and the output are isolated and designed for a low−voltage supply through
a safely separated power supply unit (SELV/PELV) of 24 V DC. P/N switching input signals
and test pulses £ 1 ms are permissible.
Active sensors are directly connected to the X61 circular connector.
Passive sensors are connected to the X61 circular connector via a switching device. The
switching device must comply with the required performance level of the application.
There is no monitoring for short circuits.
Detailed features of the inputs and outputs of the safety unit
Terminal Specification [Unit] min. typ. max.
SIA, SIB
GI GND potential for SIA / SIB and for the non−safe
24O Supply voltage through safely separated power supply
DO
24O, DO Output current A 0.2
Safety option 10
Technical data
Low signal
High signal
Input capacitance at switch−off
Input delay (tolerated test pulse)
Switch−off time (depending on the controller)
Running time
Input current mA 45 50
Input capacitance at switch−on, reduced
signalling output
unit (SELV/PELV)
Low signal
High signal
V −3 0 5
V 18 24 30
nF 3
ms 1
ms 2.5 4
ms 3
mF 22
V 18 24 30
V 0 0.8
V 18 24 30
3
Truth table
EDS84DPSO01 EN 2.1
Safe input / channel Signalling
SIA SIB DO1/DO Description of device status Enable
001
0 1 0 0
1 0 0 0
1 1 0 Drive active 1
output
"Safe torque off" activated
Controller
) Note!
Safe inputs have two channels (...A/...B). The channels must be triggered
separately and simultaneously (equivalent).
Active triggering of only one channel indicates faulty sensors or impermissible
wiring.
Despite this, the integrated safety system is activated as soon as at least one
channel has been triggered.
l
0
17
3
Safety option 10
Electrical installation
3.4 Electrical installation
SO
SIA
-
SIB
GI
DO1
24O
E84DPSO005 E84DPSO03
Fig. 3−3 Block diagram − safe torque off (STO)
SO Safety option 10
X61 M12 circular connector for safety engineering systems
SIA, SIB, GI Connections for shutdown paths
24O, DO1 Feedback connections
mC Microcontroller
PWM Pulse width modulation
X61 − connection of safety system "Safety Option 10"
Pin Connection Description Data
M12, 5−pole pins, A−coded
84DPSO05_5
1 SIA Safe input, channel A
I
typ
LOW: −3 ... 5 V
2 SIB Safe input, channel, B
HIGH: 18 ... 30 V
Supply through safely
separated power supply unit
5 GI 1. GND potential for SIA/SIB
(SELV/PELV).
2. GND potential for the non−safe signalling
output
4 24O 24−V voltage supply for the non−safe signalling
output
3 DO1 Non−safe signalling output: "SafeTorqueOff"
with 2−channel request by SIA and SIB
24 V, max. 0.2 A
short−circuit−proof
Supply through safely
separated power supply unit
(SELV/PELV).
High active
~
-
PWM
µC
= 45 mA
18
l
EDS84DPSO01 EN 2.1
3.5 Certification
I Tip!
The "TÜV Rheinland Group" certificate is available on the Internet under:
http://www. Lenze.com
Safety option 10
Certification
3
EDS84DPSO01 EN 2.1
l
19
4
Safety option 20
Operating mode
Introduction
4 Safety option 20
4.1 Operating mode
4.1.1 Introduction
Due to safety option 20, the following safety functions can be used:
ƒ Safe torque off (STO),
formerly: safe standstill
ƒ Safe stop 1 (SS1)
ƒ Safe stop emergency (SSE)
ƒ Safe operation mode selector (OMS)
ƒ Safe enable switch (ES)
The safe disconnection of the drive is achieved through:
ƒ a higher−level safety PLC via PROFIsafe/PROFINET
ƒ a higher−level safety PLC via PROFIsafe/PROFIBUS
The functions of the safety option must be parameterised via the »Engineer«.
The motion functions are continued to be executed by the controller. The drive−based
safety monitors the safe compliance with the limit values. When the limit values are
exceeded, the drive−based safety starts the control functions according to EN 60204−1
directly in the controller.
The safety functions are suitable for applications according to IEC 61508 to SIL 3 and
achieve a performance level (PL) e and the control category 3 according to EN ISO 13849−1.
20
l
EDS84DPSO01 EN 2.1
Loading...