TM5CSLCx00FS Safety Logic Controller

Group: Basic

Parameter: CycleTime

Default value	2,000
Value range Step size	2,000...20,000 1
Unit	µs
Description	Sets the cycle time of the Safety Logic Controller.
Possible values	The parameter value 'CycleTime' must be greater than the processing time for the safety-related application. If the 'CycleTime' parameter is smaller than or too close to the processing time, a cycle time violation may occur. The 'CycleTime' value must be an integer multiple of the Sercos cycle time. Proceed as follows to determine the correct SLC 'CycleTime' parameter value for your application: Set the maximum SLC 'CycleTime' value as a temporary commissioning value (see 'Value range' above). Due to this maximum cycle time, the safety response time of the safety function may be not suitable for your safety function during this commissioning phase. Refer to the hazard message below this table. Build and download the safety-related application to the SLC. Select 'Online > SafePLC' while EcoStruxure Machine Expert - Safety is running in online mode. The 'SafePLC' control dialog opens. In the 'SafePLC' control dialog, click the 'Info' button. In the 'SafePLC Info' dialog, the current processing time is displayed. Determine the SLC cycle time by rounding up the displayed processing time value to the next multiple of the Sercos cycle time. Enter this value as 'CycleTime' in the parameter editor. Rebuild the safety-related project and download it again to the SLC. After the restart, the SLC should run in normal operation.

During the commissioning phase described above, the SLC runs with the maximum cycle time. This results in a safety response time of the safety-related application which is possibly higher than required for your safety function.

WARNING

NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS

Verify the impact of the increased safety response time.

Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations during the commissioning phase.

Do not enter the zone of operation while running the SLC with the maximum cycle time.

Ensure that no other persons can access the zone of operation while running the SLC with the maximum cycle time.

Use appropriate safety interlocks where personnel and/or equipment hazards exist.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Parameter: SSDOCreation

Default value	5 per cycle
Unit	-/-
Description	Defines the number of acyclic processing steps per Safety Logic Controller cycle. It can be used to optimize the boot behavior of the system.
Possible values	Time dependent: the value is calculated according to the set Safety Logic Controller cycle time: With cycle times < = 3,000 µs = 1 per 5 cycles With cycle times > 3,000 µs = 1 per cycle 1 per 5 cycles: One acyclic processing step is distributed over 5 Safety Logic Controller cycles. Possibly long boot times. Minimized communication overhead in each cycle. 1 per cycle: One acyclic processing step is performed per Safety Logic Controller cycle. Average boot times. Average communication overhead in each cycle. 5 per cycle: 5 acyclic processing steps are performed per Safety Logic Controller cycle. Minimum boot times. Maximum communication overhead in each cycle.

Parameter: NodeGuardingTimeout

Default value	60
Value range Step size	30...3,000 1
Unit	s
Description	Sets the period (timeout value) to put the safety-related modules in pre-operational state when the Safety Logic Controller is incommunicative or in case of communication errors detected between the safety-related module and the Safety Logic Controller. It also defines the delay for the Safety Logic Controller to detect an unavailable module. To be observed: The shorter the time, the more data becomes asynchronous. This setting is not critical with respect to safety-related functionality. The time for safely turning off actuators is determined independently by the resulting safety response time (which in turn depends on the safety response time-relevant parameters CommunicationWatchdog, MinDataTransportTime, and MaxDataTransportTime).

Parameter: NumberOfScans:

Default value	5
Value range Step size	1...10 1
Unit	-/-
Description	Specifies the number of module scans the Safety Logic Controller performs if it cannot correctly detect the configured safety-related modules before it indicates that one or more modules are unavailable (MXCHG flashing rapidly). Scanning is continued even after the SLC has triggered the LED for unavailable modules.

Parameter: RemoteControlAllowed

Default value	No
Unit	-/-
Description	Enables or disables the remote control of the Safety Logic Controller. NOTE: Remote controlling the Safety Logic Controller can be done using the function blocks provided in the 'SLCRemoteController' library in EcoStruxure Machine Expert.
Parameter value	Yes-ATTENTION: Remote control of Safety Logic Controller enabled. No: Remote control of Safety Logic Controller disabled.

The manufacturer or the operating company of the machine must take into consideration the inherent hazards involved in a remote control operation to avoid unintentional equipment operation.

WARNING

UNINTENDED EQUIPMENT OPERATION

Place operator devices of the control system near the machine or in a place where you have full view of the machine.

Protect operator commands against unauthorized access.

If remote control is a necessary design aspect of the application, ensure that there is a local, competent, and qualified observer present when operating from a remote location.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Group: SafetyResponseTimeDefaults

The safety response time is the time between the arrival of the sensor signal on the input channel of a safety-related input module and the shut-off signal at the output channel of a safety-related module. The parameters in this group influence the safety response time of the Safety Logic Controller system. For further and detailed background information, refer to the topic "Safety Response Time".

Beside this 'SafetyResponseTimeDefaults' group, each module has its own 'SafetyResponseTime' group. The parameters in the Safety Logic Controller 'SafetyResponseTimeDefaults' group are applied to the safety-related modules for which the ManualConfiguration parameter is set to 'No'. This way, the parameters relevant for the safety response time can be configured identically for the modules involved in the application. Each safety-related input or output module for which ManualConfiguration is set to 'Yes' uses the parameter values specifically set for itself.

Parameter: MinDataTransportTime

Default value	12
Value range Step size	12...500 1
Unit	100 µs
Description	Defines the minimum time that is required to transmit a data telegram from a producer to a consumer. If a telegram is received earlier (by the consumer) than specified by this parameter value, communication is considered as invalid. EcoStruxure Machine Expert - Safety provides a calculator dialog to determine this parameter value. Term definition and background information According to the openSAFETY specification, devices (safety-related I/O modules as well as the Safety Logic Controller) communicate by sending and receiving cyclic data, referred to as openSAFETY telegrams. A telegram generating (sending) device is designated as producer, a receiving device is a consumer. Each telegram includes a time stamp for time validation of the communication. On receipt of a telegram, the consumer compares this time stamp with the present time. If the schedule is kept, the communication is considered as valid. If a telegram is received earlier than defined by this parameter, communication is considered as invalid and is not further processed. The 'SafeModuleOK' process data item also becomes SAFEFALSE indicating that the safety-related communication of the module is no longer valid.
Value calculation	How to calculate the MinDataTransportTime value Select 'Project > Response Time Relevant Parameters'. In the appearing dialog box, open the 'Default' tab. Section 'Variable Parameters': If a differing Sercos III cycle time than set in EcoStruxure Machine Expert is used to calculate the MinDataTransportTime (e.g., to take cycle time modifications by the application program into account), check 'Make Selectable' and select or enter the desired 'Sercos III Cycle Time'. The 'Ring/Double Line' checkbox only influences the MaxDataTransportTime value. The 'Ring/Double Line' checkbox does not influence the MinDataTransportTime value. An entered 'Network Package Loss' does not influence the MinDataTransportTime but only the CommunicationWatchdog value. The 'System Parameters' section is read-only and displays system/module properties set in EcoStruxure Machine Expert. When modifying these parameters while the dialog is open, the values are updated automatically without closing the calculator dialog. The calculated MinDataTransportTime value is displayed in the 'Result' section. Note the resulting value and enter the value for the MinDataTransportTime parameter in the Safety Logic Controller parameter grid.
Practical values	Entering the MinDataTransportTime value calculated in EcoStruxure Machine Expert - Safety results in a stable running system.

Parameter: MaxDataTransportTime

Default value	200
Value range Step size	12...65,000 1
Unit	100 µs
Description	Defines the maximum time that is allowed to transmit a data telegram from a producer to a consumer. If a telegram is received later (by the consumer) than specified by this parameter value, communication is considered as invalid. EcoStruxure Machine Expert - Safety provides a calculator dialog to determine this parameter value. NOTE: The parameter value influences the safety response time calculated by EcoStruxure Machine Expert - Safety. Term definition and background information According to the openSAFETY specification, devices (safety-related I/O modules as well as the Safety Logic Controller) communicate by sending and receiving cyclic data, referred to as openSAFETY telegrams. A telegram generating (sending) device is designated as producer, a receiving device is a consumer. Each telegram includes a time stamp for time validation of the communication. On receipt of a telegram, the consumer compares this time stamp with the present time. If the schedule is kept, the communication is considered as valid. If a telegram is delayed, communication is considered as invalid and is not further processed. The implications for the rest of the safety-related systems depend on the defined safety-related function.
Value calculation	How to calculate the MaxDataTransportTime value Select 'Project > Response Time Relevant Parameters'. In the appearing dialog box, open the 'Default' tab. Section 'Variable Parameters': If a differing Sercos III cycle time than set in EcoStruxure Machine Expert is to be used to calculate the MaxDataTransportTime (e.g., to take cycle time modifications by the application program into account), check 'Make Selectable' and select or enter the desired 'Sercos III Cycle Time'. 'Ring/Double Line' checkbox: Ring and double line bus structures require greater parameter values in order to implement a stable running system. Check 'Ring/Double Line' to take into account the bus structure. It is activated by default which is suitable for a ring bus structure and a double line bus structure. If you are implementing a line structure, the checkbox can be deactivated to decrease the resulting parameter value. Values calculated for a ring/double line structure can be used for a line structure but not vice versa. An entered 'Network Package Loss' does not influence the MaxDataTransportTime but only the CommunicationWatchdog value. The 'System Parameters' section is read-only and displays system/module properties set in EcoStruxure Machine Expert. When modifying these parameters while the dialog is open, the values are updated automatically without closing the calculator dialog. The calculated MaxDataTransportTime value is displayed in the 'Result' section. Note the resulting value and enter the value for the MaxDataTransportTime parameter in the Safety Logic Controller parameter grid.
Practical values	Entering the MaxDataTransportTime value calculated in EcoStruxure Machine Expert - Safety results in a stable running system.

Parameter: CommunicationWatchdog

Default value	200
Value range Step size	1...65,535 1
Unit	100 µs
Description	Defines the maximum time period within which a consumer must receive a valid data telegram from a producer in order to consider the safety-related communication as valid and continue the application. The parameter sets a watchdog timer which then monitors whether a consumer receives telegrams from a producer in time. If the watchdog expires, communication is considered as invalid. EcoStruxure Machine Expert - Safety provides a calculator dialog to determine this parameter value. NOTE: The parameter value influences the safety response time calculated by EcoStruxure Machine Expert - Safety. Term definition and background information According to the openSAFETY specification, devices (safety-related I/O modules as well as the Safety Logic Controller) communicate by sending and receiving cyclic data, referred to as openSAFETY telegrams. A telegram generating (sending) device is designated as producer, a receiving device is a consumer. The CommunicationWatchdog value physically depends on the transport time needed for the telegram to be transmitted from a producer to a consumer and influences the worst case response time of the system. The calculated parameter value therefore depends on the MaxDataTransportTime parameter value. If the consumer receives the telegram in time (communication watchdog is not yet expired and the transmission time is within the period specified by the parameters MinDataTransportTime and MaxDataTransportTime), the watchdog timer is restarted and communication is considered as valid. The time stamp contained in the received telegram is not evaluated, only the receipt of a valid telegram is relevant. If no telegram is received (due to delay or loss) and the communication watchdog expires in the consumer, the module is set to the defined safe state. The 'SafeModuleOK' process data item also becomes SAFEFALSE indicating that the safety-related communication of the module is no longer valid.
Value calculation	How to calculate the CommunicationWatchdog value Select 'Project > Response Time Relevant Parameters'. In the appearing dialog box, open the 'Default' tab. Section 'Variable Parameters': If a differing Sercos III cycle time than set in EcoStruxure Machine Expert is to be used to calculate the CommunicationWatchdog value (e.g., to take cycle time modifications by the application program into account), check 'Make Selectable' and select or enter the desired 'Sercos III Cycle Time'. 'Ring/Double Line' checkbox: Ring and double line bus structures require greater parameter values in order to implement a stable running system. Check 'Ring/Double Line' to take into account the bus structure. It is activated by default which is suitable for a ring or double line bus structure. If you are implementing a line structure, the checkbox can be deactivated to decrease the resulting parameter value. Values calculated for a ring/double line structure can be used for a line structure but not vice versa. Section 'Desired Fault Tolerance': By increasing the number of allowed package losses, the system can be more tolerant. This increases the calculated minimum watchdog interval. Enter an integer value (range 0..99) for the number of telegrams that are allowed to be lost. The 'System Parameters' section is read-only and displays system/module properties set in EcoStruxure Machine Expert. When modifying these parameters while the dialog is open, the values are updated automatically without closing the calculator dialog. The calculated CommunicationWatchdog value is displayed in the 'Result' section. Note the resulting value and enter the value for the CommunicationWatchdog parameter in the Safety Logic Controller parameter grid.
Values	For the CommunicationWatchdog value which you must enter in the parameter grid ('Devices' window), the following applies: For commissioning a system, the CommunicationWatchdog value should be equal to or greater than the largest cycle time of the system (for example, the SercosIII cycle time). A value greater than the calculated CommunicationWatchdog value increases the system availability but also increases the overall worst case response time (thus increasing the required physical distances for mounting safety-related barrier and perimeter equipment at the machine).

Group: Commissioning

Parameter: SafeMachineOptionxx

This parameter is only available for the SLC200 controller type.
Default value	OFF
Unit	-/-
Description	Allows to activate (enable) or deactivate (disable) a particular safety-related module (machine option) during start-up. This way, modular systems can be controlled partially or entirely. These are commissioning parameters, i.e., they can be set by users of the 'Commissioning' user group. Background information For each machine option, a process data item is available under the SLC\SafeMachineOptions node in the devices tree ('Devices' window). By dragging such an item into the FBD/LD code editor, they can be used in the application as SAFEBOOL variables. When connecting such a variable, for example, to the ACTIVATE input of a safety-related PLCopen function block, its value enables/disables the safety-related function covered by this safety-related function block. Setting the parameter value of a particular machine option to OFF/ON, directly sets/resets the assigned safety-related variable and can therefore be used to activate/deactivate, for example, all input and/or output on a safety-related module.
Parameter value	ON: Machine option xx is activated. The channel SafeMachineOptionxx is set to SAFETRUE. OFF: Machine option xx is deactivated. The channel SafeMachineOptionxx is set to SAFEFALSE.

Process data items of the Safety Logic Controller

DataType xxx

Description	SLC standard signals of various data types, transferred to or received from the standard (non-safety-related) controller. xxx is the signal ID.
Data types	Signals of various data types are provided: BOOL, INT, UINT, UDINT.
Access type	standard input signal, can be read by the safety-related application standard output signal, can be written by the safety-related application
Possible values	If the communication between the Safety Logic Controller and the standard (non-safety-related) controller is working correctly and SafeModuleOK = SAFETRUE, the possible values depend on the data type of the variable (only standard data types).