Configuring the Safety Logic Controller
As you have created your project based on the SLC Remote Controller (M262) example, the communication path between your PC and the SLC is already configured to SLC connected through LMC. With this setting, data transmission operations (such as downloading the project, handling of debug data, uploading online values, and so on) are performed via the Logic/Motion Controller which communicates with the SLC.
Modify this setting, if a direct connection to the SLC is required, for instance for testing purposes. To edit the communication path in Machine Expert - Safety, select Online > TCPIP Communication parameters and activate the SLC100 or SLC200 directly connected option in the dialog.
For details and further information, refer to the chapter <Font uline="N" o="N" fa="Oblique" fw="Regular">Communication Settings</Font> in the EcoStruxure Machine Expert - Safety - User Guide.
Editing Safety-Related Device Parameters - General Steps
|
Step |
Action |
|---|---|
|
1 |
In the tree on the left of the Devices window, double-click the module to be configured. NOTE: When selecting a module with a left click, the module type and a short description are displayed on the upper border of the window. Result: The module parameters can be edited in the grids on the right. |
|
2 |
Locate and edit the parameter to be set. If desired, use the tabs on the bottom of the grid to display only a particular parameter category. |
Defining the SLC Cycle Time in the SLC
The CycleTime parameter sets the cycle time of the SLC. The value must be greater than the processing time for the safety-related application. If the CycleTime parameter is smaller than or too close to the processing time, a cycle time error (watchdog timeout) may be detected.
The CycleTime value must be an integer multiple of the Sercos cycle time.
|
Step |
Action |
|---|---|
|
1 |
Set the maximum CycleTime value (20000) as a temporary commissioning value. Result: Due to this maximum cycle time, the safety response time of the safety function may be not suitable for your safety function during this commissioning phase. Refer to the hazard message below this table. |
|
2 |
Build and download the safety-related application to the SLC. |
|
3 |
Select Online > SafePLC while EcoStruxure Machine Expert - Safety is running in online mode. Result: The SafePLC control dialog opens. |
|
4 |
In the SafePLC control dialog, click the Info button. Result: The SafePLC Info dialog opens, displaying the current processing time. |
|
5 |
Determine the SLC cycle time by rounding up the displayed processing time value to the next multiple of the Sercos cycle time. Enter this value as CycleTime in the parameter editor. |
|
6 |
Rebuild the safety-related project and download it again to the SLC. Result: After the restart, the SLC should run in normal operation. |
|
|
|
NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS |
|
oVerify the impact of the increased safety response time. oMake certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations during the commissioning phase. oDo not enter the zone of operation while running the SLC with the maximum cycle time. oEnsure that no other persons can access the zone of operation while running the SLC with the maximum cycle time. oUse appropriate safety interlocks where personnel and/or equipment hazards exist. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
Defining the SSDOCreation Parameter
The parameter SSDOCreation (SSDO = Safety protocol Service Data Object) defines the number of acyclic processing steps per SLC cycle.
The SLC sends SSDO telegrams mainly during the start-up of the system in order to assign and verify the SADR (Safety protocol Address) of the SNs, to verify the uniqueness of the UDIDs within the safety network, and for downloading parameters and DVI (Device Vendor Information) to the SNs.
The SSDOCreation parameter can be used to optimize the restart behavior of the system provided that the Sercos bus has enough bandwidth on its asynchronous channel. (Chapter Defining the Sercos Bus Cycle Time describes possibilities to increase the bandwidth of the asynchronous Sercos channel.)
The higher the number of asynchronous processing steps per SLC cycle the faster the restart of the safety system is.
Details on the possible values can be found in the chapter <Font uline="N" o="N" fa="Oblique" fw="Regular">TM5CSLCx00FS Safety Logic Controller</Font> (section Basic) of the Safety Modules - Reference Guide.
Best practice: The boot-up time of the system can be reduced when setting SSDOCreation to 5 per cycle. With this setting, the SLC transmits five SSDO telegrams per cycle. This allows the SLC to find the safety nodes in a short time.
Defining the NodeGuardingTimeout Parameter
The NodeGuardingTimeout parameter sets the period (timeout value) to put the safety-related modules in pre-operational state when the SLC is incommunicative or in case of communication interruptions detected between the safety-related module and the SLC. It also defines the delay for the SLC to detect an unavailable module.
The NodeGuardingTimeout value is not critical to functional safety. The time for turning off actuators is determined independently using the safety response time relevant parameters.
Details on the possible values can be found in the chapter <Font uline="N" o="N" fa="Oblique" fw="Regular">TM5CSLCx00FS Safety Logic Controller</Font> (section Basic) of the Safety Modules - Reference Guide.
NOTE: After a Sercos phase-down, the next Sercos phase-up should not be executed before the duration specified via the NodeGuardingTimeout parameter has expired. Otherwise, the SNs in a large system are possibly not scanned and configured by the SLC within the set time limit which then results in a timeout.
Defining the NumberOfScans Parameter
The NumberOfScans parameter specifies the number of module scans the SLC performs before it indicates if modules are unavailable (MXCHG flashing rapidly). Scanning is continued even after the SLC has triggered the LED for unavailable modules.
Defining the RemoteControlAllowed Parameter
The RemoteControlAllowed parameter enables or disables the remote control of the Safety Logic Controller.
Set this parameter to Yes-ATTENTION as the example project is based on the SlcRemoteController example.
Take into consideration the inherent hazards involved in a remote control operation to avoid unintentional equipment operation.
|
|
|
UNINTENDED EQUIPMENT OPERATION |
|
Ensure that there is a local, competent, and qualified observer present when operating from a remote location. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
Configuring the Safety Response Time Relevant Parameters
The safety response time is the time between the arrival of the sensor signal on the input channel of a safety-related input module and the shut-off signal at the output channel of a safety-related module.
The SLC as well as each safety-related TM5/TM7 module provide three parameters which influence the safety response time of the safety-related application.
The safety response time relevant parameters are used for timing validation purposes:
oMinDataTransportTime defines the minimum time that is required to transmit a data telegram from a safety-related producer to a consumer. If a telegram is received earlier (by the consumer) than specified by this parameter value, communication is considered as invalid.
oMaxDataTransportTime defines the maximum time that is allowed to transmit a data telegram from a producer to a consumer. If a telegram is received later (by the consumer) than specified by this parameter value, communication is considered as invalid.
oCommunicationWatchdog defines the maximum time period within which a consumer must receive a valid data telegram from a producer in order to consider the safety-related communication as valid and continue the application.
For the SLC, these parameters are combined in the group SafetyResponseTimeDefaults.
Select Project > Response Time Relevant Parameters to open the parameter calculation dialog. In the calculation dialog, open the Default tab. Proceed as described in the chapter <Font uline="N" o="N" fa="Oblique" fw="Regular">TM5CSLCx00FS Safety Logic Controller</Font> (section Group: SafetyResponseTimeDefaults) of the Safety Modules - Reference Guide to determine the correct parameter values for your application.
oSet the Network Package Loss parameter in the Response Time Relevant Parameters dialog to 1 (default value). This is identical to the configuration of Sercos (one data loss is allowed).
oIf the SNs do not reach the operational state with the calculated values (for example, in a large system, or if optional devices are configured), slightly increase the MaxDataTransportTime parameter. Maximum value: 1.5 times the amount of the calculated value.
For further and detailed background information, also refer to the chapter <Font uline="N" o="N" fa="Oblique" fw="Regular">Safety Response Time</Font> of the EcoStruxure Machine Expert - Safety - User Guide.
The response time relevant parameters are influenced by the value of the TM5 bus cycle time. After modifying the TM5 bus cycle time in the TM5NS31 bus coupler parameters, you must build the standard project to transfer the modified time value to the safety-related project. Based on the modified value, you must recalculate (and adapt) the response time relevant parameters and the safety response time in EcoStruxure Machine Expert - Safety.
The TM5 bus cycle time can also be modified via the IEC code of the standard application. The calculation of the response time relevant parameters, however, is based on the CycleTime value defined in the TM5NS31 bus coupler parameter editor.
If the actual TM5 bus cycle time differs from the value set in the TM5NS31 bus coupler parameters, you must observe the following:
|
|
|
NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS |
|
oIf the TM5 bus cycle time is set from within the IEC application program, make sure that the CycleTime parameter is set to the correct value in the TM5NS31 parameter editor. oRecalculate the response time relevant parameters each time after editing the CycleTime value in the TM5NS31 parameter editor. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
Current Status of your Safety Project
The safety-related device parameters of the SLC are now configured and, due to the Sercos partial phase-up (to phase 2) you have already performed (see section Sercos Phase-Up), an IP address has been assigned by the Sercos Master. You can now connect to the SLC.
If you compile the empty safety-related project at this stage for test purposes, the compiler reports errors. This is because your safety-related project contains unused safety-related TM5/TM7 modules. Unused means that none of the signals, which are listed under the device nodes in the Machine Expert - Safety Devices window, are used in the safety-related project. At least one signal of each module must be assigned to a global safety-related variable in Machine Expert - Safety. The same applies to the SLC exchange signals you have defined in Logic Builder (refer to section Exchange Data Configuration for the Safety PLC).
