TM5CSLC100FS/TM5CSLC200FS Safety Logic Controller (SLCv1)

NOTE:

This topic applies to the TM5CSLC100FS and TM5CSLC200FS (generation SLCv1). Which SLC is configured in your project is visible in the short device description above the parameter grid (while the SLC is selected in the tree on the left).

Group: Basic

Parameter: MinRequiredFWRev

Default value	Basic Release
Unit	-/-
Description	This parameter is only relevant in case of implementing other firmware versions than the manufacturer-loaded version. To enter the operational state, the firmware version parameterized here or a newer version must be installed on the module. Basic Release: select this option when running the device with the initially released firmware version. Test Version: select this option when using a device firmware version which is not yet released. A safety-related application cannot get approval if devices with a firmware test version are involved. The firmware version selected here is particularly important with regard to parameters or process data items that have been implemented with a particular firmware version. If the device you are currently working with has new parameters or process data items, the following applies: if MinRequiredFWRev is set to an incorrect value, either the SLC will not enter the operational run status or the new parameters/process data items will not be taken into account by the SLC. Refer to the hazard message below this table. Further Information: Information on newly added parameters or process data items can be found in the Release Notes you received with the firmware package. The Release Notes also describe how to determine the firmware version that is currently installed on the safety-related device.

WARNING
	UNINTENDED EQUIPMENT OPERATION Verify that the selected value for MinRequiredFWRev corresponds to the firmware version installed on the safety-related devices involved. Verify by means of functional tests that each newly implemented parameter or process data item of safety-related modules is taken into the account by the SLC where this is required by your safety-related application. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

UNINTENDED EQUIPMENT OPERATION

Verify that the selected value for MinRequiredFWRev corresponds to the firmware version installed on the safety-related devices involved.
Verify by means of functional tests that each newly implemented parameter or process data item of safety-related modules is taken into the account by the SLC where this is required by your safety-related application.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Parameter: CycleTime

Default value	2,000
Value range Step size	2,000...20,000 1
Unit	µs
Description	Sets the cycle time of the Safety Logic Controller.
Possible values	The parameter value 'CycleTime' must be greater than the processing time for the safety-related application. If the 'CycleTime' parameter is smaller than or too close to the processing time, a cycle time violation may occur. The 'CycleTime' value must be an integer multiple of the Sercos cycle time. Proceed as follows to determine the correct SLC 'CycleTime' parameter value for your application: Set the maximum SLC 'CycleTime' value as a temporary commissioning value (see 'Value range' above). Due to this maximum cycle time, the safety response time of the safety function may be not suitable for your safety function during this commissioning phase. Refer to the hazard message below this table. Build and download the safety-related application to the SLC. Select 'Online > SafePLC' while Machine Expert – Safety is running in online mode. The 'SafePLC' control dialog opens. In the 'SafePLC' control dialog, click the 'Info' button. In the 'SafePLC Info' dialog, the current processing time is displayed. Determine the SLC cycle time by rounding up the displayed processing time value to the next multiple of the Sercos cycle time. Enter this value as 'CycleTime' in the parameter editor. Rebuild the safety-related project and download it again to the SLC. After the restart, the SLC should run in normal operation.

During the commissioning phase described above, the SLC runs with the maximum cycle time. This results in a safety response time of the safety-related application which is possibly higher than required for your safety function.

WARNING
	NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS Verify the impact of the increased safety response time. Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations during the commissioning phase. Do not enter the zone of operation while running the SLC with the maximum cycle time. Ensure that no other persons can access the zone of operation while running the SLC with the maximum cycle time. Use appropriate safety interlocks where personnel and/or equipment hazards exist. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

NON-CONFORMANCE TO SAFETY FUNCTION REQUIREMENTS

Verify the impact of the increased safety response time.
Make certain that appropriate procedures and measures (according to applicable sector standards) have been taken to help avoid hazardous situations during the commissioning phase.
Do not enter the zone of operation while running the SLC with the maximum cycle time.
Ensure that no other persons can access the zone of operation while running the SLC with the maximum cycle time.
Use appropriate safety interlocks where personnel and/or equipment hazards exist.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Parameter: SSDOCreation

Default value	5 per cycle
Unit	-/-
Description	Defines the number of acyclic processing steps per Safety Logic Controller cycle. It can be used to optimize the boot behavior of the system.
Possible values	Time dependent: the value is calculated according to the set Safety Logic Controller cycle time: With cycle times < = 3,000 µs = 1 per 5 cycles With cycle times > 3,000 µs = 1 per cycle 1 per 5 cycles: One acyclic processing step is distributed over 5 Safety Logic Controller cycles. Possibly long boot times. Minimized communication overhead in each cycle. 1 per cycle: One acyclic processing step is performed per Safety Logic Controller cycle. Average boot times. Average communication overhead in each cycle. 5 per cycle: 5 acyclic processing steps are performed per Safety Logic Controller cycle. Minimum boot times. Maximum communication overhead in each cycle.

Parameter: NodeGuardingTimeout

Default value	60
Value range Step size	30...3,000 1
Unit	s
Description	Sets the period (timeout value) to put the safety-related modules in pre-operational state when the Safety Logic Controller is incommunicative or in case of communication errors detected between the safety-related module and the Safety Logic Controller. It also defines the delay for the Safety Logic Controller to detect an unavailable module. To be observed: The shorter the time, the more data becomes asynchronous. This setting is not critical with respect to safety-related functionality. The time for safely turning off actuators is determined independently by the resulting safety response time (which in turn depends on the safety response time-relevant parameters CommunicationWatchdog, MinDataTransportTime, and MaxDataTransportTime).

Parameter: NumberOfScans:

Default value	5
Value range Step size	1...10 1
Unit	-/-
Description	Specifies the number of module scans the Safety Logic Controller performs if it cannot correctly detect the configured safety-related modules before it indicates that one or more modules are unavailable (MXCHG flashing rapidly). Scanning is continued even after the SLC has triggered the LED for unavailable modules.

Parameter: RemoteControlAllowed

Default value	No
Unit	-/-
Description	Enables or disables the remote control of the Safety Logic Controller. NOTE: Remote controlling the Safety Logic Controller can be done using the function blocks provided in the 'SLCRemoteController' library in Machine Expert.
Parameter value	Yes-ATTENTION: Remote control of Safety Logic Controller enabled. No: Remote control of Safety Logic Controller disabled.

The manufacturer or the operating company of the machine must take into consideration the inherent hazards involved in a remote control operation to avoid unintentional equipment operation.

WARNING
	UNINTENDED EQUIPMENT OPERATION Place operator devices of the control system near the machine or in a place where you have full view of the machine. Protect operator commands against unauthorized access. If remote control is a necessary design aspect of the application, ensure that there is a local, competent, and qualified observer present when operating from a remote location. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

UNINTENDED EQUIPMENT OPERATION

Place operator devices of the control system near the machine or in a place where you have full view of the machine.
Protect operator commands against unauthorized access.
If remote control is a necessary design aspect of the application, ensure that there is a local, competent, and qualified observer present when operating from a remote location.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Group: SafetyResponseTimeDefaults

The safety response time is the time between the arrival of the sensor signal on the input channel of a safety-related input module and the shut-off signal at the output channel of a safety-related module. The parameters in this group influence the safety response time of the Safety Logic Controller system. For further and detailed background information, refer to the topic "Safety Response Time for SLCv1 " in the "Machine Expert – Safety - User Guide".

Beside this 'SafetyResponseTimeDefaults' group, each module has its own 'SafetyResponseTime' group. The parameters in the Safety Logic Controller 'SafetyResponseTimeDefaults' group are applied to the safety-related modules for which the ManualConfiguration parameter is set to 'No'. This way, the parameters relevant for the safety response time can be configured identically for the modules involved in the application. Each safety-related input or output module for which ManualConfiguration is set to 'Yes' uses the parameter values specifically set for itself.

Parameter: MinDataTransportTime

Default value	12
Value range Step size	12...500 1
Unit	100 µs
Description	Defines the minimum time that is required to transmit a data telegram from a producer to a consumer. If a telegram is received earlier (by the consumer) than specified by this parameter value, communication is considered as invalid. Machine Expert – Safety provides a calculator dialog to determine this parameter value. Term definition and background information According to the openSAFETY specification, devices (safety-related I/O modules as well as the Safety Logic Controller) communicate by sending and receiving cyclic data, referred to as openSAFETY telegrams. A telegram generating (sending) device is designated as producer, a receiving device is a consumer. Each telegram includes a time stamp for time validation of the communication. On receipt of a telegram, the consumer compares this time stamp with the present time. If the schedule is kept, the communication is considered as valid. If a telegram is received earlier than defined by this parameter, communication is considered as invalid and is not further processed. The 'SafeModuleOK' process data item also becomes SAFEFALSE indicating that the safety-related communication of the module is no longer valid.
Value calculation	How to calculate the MinDataTransportTime value Select 'Project > Response Time Relevant Parameters'. In the appearing dialog box, open the 'Default' tab. Section 'Variable Parameters': If a differing Sercos III cycle time than set in Machine Expert is used to calculate the MinDataTransportTime (e.g., to take cycle time modifications by the application program into account), check 'Make Selectable' and select or enter the desired 'Sercos III Cycle Time'. The 'Ring/Double Line' checkbox only influences the MaxDataTransportTime value. The 'Ring/Double Line' checkbox does not influence the MinDataTransportTime value. An entered 'Network Package Loss' does not influence the MinDataTransportTime but only the CommunicationWatchdog value. The 'System Parameters' section is read-only and displays system/module properties set in Machine Expert. When modifying these parameters while the dialog is open, the values are updated automatically without closing the calculator dialog. The calculated MinDataTransportTime value is displayed in the 'Result' section. Note the resulting value and enter the value for the MinDataTransportTime parameter in the Safety Logic Controller parameter grid.
Practical values	Entering the MinDataTransportTime value calculated in Machine Expert – Safety results in a stable running system.

Parameter: MaxDataTransportTime

Default value	200
Value range Step size	12...65,000 1
Unit	100 µs
Description	Defines the maximum time that is allowed to transmit a data telegram from a producer to a consumer. If a telegram is received later (by the consumer) than specified by this parameter value, communication is considered as invalid. Machine Expert – Safety provides a calculator dialog to determine this parameter value. NOTE: The parameter value influences the safety response time calculated by Machine Expert – Safety. Term definition and background information According to the openSAFETY specification, devices (safety-related I/O modules as well as the Safety Logic Controller) communicate by sending and receiving cyclic data, referred to as openSAFETY telegrams. A telegram generating (sending) device is designated as producer, a receiving device is a consumer. Each telegram includes a time stamp for time validation of the communication. On receipt of a telegram, the consumer compares this time stamp with the present time. If the schedule is kept, the communication is considered as valid. If a telegram is delayed, communication is considered as invalid and is not further processed. The implications for the rest of the safety-related systems depend on the defined safety-related function.
Value calculation	How to calculate the MaxDataTransportTime value Select 'Project > Response Time Relevant Parameters'. In the appearing dialog box, open the 'Default' tab. Section 'Variable Parameters': If a differing Sercos III cycle time than set in Machine Expert is to be used to calculate the MaxDataTransportTime (e.g., to take cycle time modifications by the application program into account), check 'Make Selectable' and select or enter the desired 'Sercos III Cycle Time'. 'Ring/Double Line' checkbox: Ring and double line bus structures require greater parameter values in order to implement a stable running system. Check 'Ring/Double Line' to take into account the bus structure. It is activated by default which is suitable for a ring bus structure and a double line bus structure. If you are implementing a line structure, the checkbox can be deactivated to decrease the resulting parameter value. Values calculated for a ring/double line structure can be used for a line structure but not vice versa. An entered 'Network Package Loss' does not influence the MaxDataTransportTime but only the CommunicationWatchdog value. The 'System Parameters' section is read-only and displays system/module properties set in Machine Expert. When modifying these parameters while the dialog is open, the values are updated automatically without closing the calculator dialog. The calculated MaxDataTransportTime value is displayed in the 'Result' section. Note the resulting value and enter the value for the MaxDataTransportTime parameter in the Safety Logic Controller parameter grid.
Practical values	Entering the MaxDataTransportTime value calculated in Machine Expert – Safety results in a stable running system.

Parameter: CommunicationWatchdog

Default value	200
Value range Step size	1...65,535 1
Unit	100 µs
Description	Defines the maximum time period within which a consumer must receive a valid data telegram from a producer in order to consider the safety-related communication as valid and continue the application. The parameter sets a watchdog timer which then monitors whether a consumer receives telegrams from a producer in time. If the watchdog expires, communication is considered as invalid. Machine Expert – Safety provides a calculator dialog to determine this parameter value. NOTE: The parameter value influences the safety response time calculated by Machine Expert – Safety. Term definition and background information According to the openSAFETY specification, devices (safety-related I/O modules as well as the Safety Logic Controller) communicate by sending and receiving cyclic data, referred to as openSAFETY telegrams. A telegram generating (sending) device is designated as producer, a receiving device is a consumer. The CommunicationWatchdog value physically depends on the transport time needed for the telegram to be transmitted from a producer to a consumer and influences the worst case response time of the system. The calculated parameter value therefore depends on the MaxDataTransportTime parameter value. If the consumer receives the telegram in time (communication watchdog is not yet expired and the transmission time is within the period specified by the parameters MinDataTransportTime and MaxDataTransportTime), the watchdog timer is restarted and communication is considered as valid. The time stamp contained in the received telegram is not evaluated, only the receipt of a valid telegram is relevant. If no telegram is received (due to delay or loss) and the communication watchdog expires in the consumer, the module is set to the defined safe-state. The 'SafeModuleOK' process data item also becomes SAFEFALSE indicating that the safety-related communication of the module is no longer valid.
Value calculation	How to calculate the CommunicationWatchdog value Select 'Project > Response Time Relevant Parameters'. In the appearing dialog box, open the 'Default' tab. Section 'Variable Parameters': If a differing Sercos III cycle time than set in Machine Expert is to be used to calculate the CommunicationWatchdog value (e.g., to take cycle time modifications by the application program into account), check 'Make Selectable' and select or enter the desired 'Sercos III Cycle Time'. 'Ring/Double Line' checkbox: Ring and double line bus structures require greater parameter values in order to implement a stable running system. Check 'Ring/Double Line' to take into account the bus structure. It is activated by default which is suitable for a ring or double line bus structure. If you are implementing a line structure, the checkbox can be deactivated to decrease the resulting parameter value. Values calculated for a ring/double line structure can be used for a line structure but not vice versa. Section 'Desired Fault Tolerance': By increasing the number of allowed package losses, the system can be more tolerant. This increases the calculated minimum watchdog interval. Enter an integer value (range 0..99) for the number of telegrams that are allowed to be lost. The 'System Parameters' section is read-only and displays system/module properties set in Machine Expert. When modifying these parameters while the dialog is open, the values are updated automatically without closing the calculator dialog. The calculated CommunicationWatchdog value is displayed in the 'Result' section. Note the resulting value and enter the value for the CommunicationWatchdog parameter in the Safety Logic Controller parameter grid.
Values	For the CommunicationWatchdog value which you must enter in the parameter grid ('Devices' window), the following applies: For commissioning a system, the CommunicationWatchdog value should be equal to or greater than the largest cycle time of the system (for example, the SercosIII cycle time). A value greater than the calculated CommunicationWatchdog value increases the system availability but also increases the overall worst case response time (thus increasing the required physical distances for mounting safety-related barrier and perimeter equipment at the machine).

Process data items of the Safety Logic Controller

DataType xxx

Description	SLC non-safety-related signals of various data types, transferred to or received from the standard (non-safety-related) controller. xxx is the signal ID.
Data types	Signals of various data types are provided: BOOL, INT, UINT, UDINT.
Access type	non-safety-related input signal, can be read by the safety-related application non-safety-related output signal, can be written by the safety-related application
Possible values	If the communication between the Safety Logic Controller and the standard (non-safety-related) controller is working correctly and SafeModuleOK = SAFETRUE, the possible values depend on the data type of the variable (only standard data types).