Description of Functions 11.03 Edition
sinumerik
& simodrive
SINUMERIK Safety Integrated
SINUMERIK 840D
SIMODRIVE 611 digital
Short description 1
General Information
about Integrated
Safety Systems
2
Safety-Related
Functions 3
Data Description 4
Commissioning 5
Alarms 6
Engineering Examples 7
Application Examples 8
Appendix A
Index I
SINUMERIK 840D/SIMODRIVE 611
digital
SINUMERIK Safety Integrated
Description of Functions
Valid for
Control Software version
SINUMERIK 840D/SIMODRIVE 611 digital 6.4
Edition 11.03
SINUMERIK® Documentation
This manual is also included in the documentation on CD-ROM (DOCONCD)
Edition Order No. Remarks
10.03 6FC5 298-6CA00-0BG4 C
Trademarks
SIMATIC®, SIMATIC HMI®, SIMATIC NET®, SIROTEC®, SINUMERIK® and SIMODRIVE® are registered
trademarks of Siemens AG. Other names in this publication might be trademarks whose use by a third party for
his own purposes may violate the rights of the registered holder.
Printing history
Brief details of this edition and previous editions are listed below.
The status of each edition is indicated by the code in the "Remarks" columns.
Status code in the "Remarks" column:
A .... New documentation.
B .... Unrevised reprint with new Order No.
C .... Revised edition with new status.
If factual changes have been made on the page since the last edition, this is indicated by a new edition
coding in the header on that page.
Edition Order No. Remarks
04.96 6FC5 297-0AB80 – 0BP0 A
08.97 6FC5 297-0AB80 – 0BP1 C
04.99 6FC5 297-5AB80 – 0BP0 C
05.00 6FC5 297-5AB80 – 0BP0 C
07.02 6FC5 297-6AB80 – 0BP1 C
11.03 6FC5297-6AB80 – 0BP2 C
More information is available on the Internet at:
http://www.ad.siemens.com/sinumerik
This publication was produced with WinWord V8.0 and Designer V7.0
and the documentation tool AutWinDoc.
The reproduction, transmission or use of this document or its contents
is not permitted without express written authority. Offenders will be
liable for damages. All rights, including rights created by patent grant or
registration or a utility model or design, are reserved.
© Siemens AG 2003. All rights reserved.
Other functions not described in this documentation might be
executable in the control. This does not, however, represent an
obligation to supply such functions with a new control or when
servicing.
We have checked that the contents of this document correspond to the
hardware and software described. Nevertheless, differences might
exist and therefore we cannot guarantee that they are completely
identical. The information given in this publication is reviewed at
regular intervals and any corrections that might be necessary are
made in subsequent editions. We welcome all recommendations and
suggestions.
Subject to change without prior notice
Order No. 6FC5297-6AB80-0BP2
Printed in the Federal Republic of Germany
Siemens-Aktiengesellschaft.
11.03 Foreword
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 v
Foreword
The SINUMERIK documentation is organized in 3 parts:
• General Documentation
• User Documentation
• Manufacturer/Service documentation
You can obtain more detailed information and documentation about
SINUMERIK 840D/810D as well as documentation for all SINUMERIK controls
from your local SIEMENS office.
This documentation is intended for manufacturers/end users of machine tools
and production machines who use SINUMERIK 840D and SIMODRIVE 611
digital and integrated safety functions (SINUMERIK Safety Integrated).
If you have any questions, please contact our hotline:
A&D Technical Support Phone.: +49 (0) 180 / 5050 - 222
Fax: +49 (0) 180 / 5050 - 223
E-mail: ad.support@siemens.com
Please send any queries about the documentation (suggestions or corrections)
to the following fax number or email address:
Fax: +49 (0) 9131 / 98 -2176
E-mail: motioncontrol.docu@erlf.siemens.de
Fax form: Refer to the reply form at the end of the document.
http://www.ad.siemens.com/sinumerik
From 09/2001
• SINUMERIK 840D powerline and
• SINUMERIK 840DE powerline
will be available with improved performance. The following hardware
description contains a list of the available powerline modules:
References: /PHD/ SINUMERIK 840D Configuration Manual
This Description of Functions provides all of the information about the safety
functions integrated in the SINUMERIK 840D and SIMODRIVE 611 digital that
may be relevant for start-up and configuration.
The main areas covered by this Description of Functions are as follows:
• General information about integrated safety systems
Structure of the
Documentation
Target group
Hotline
SINUMERIK Internet
Address
SINUMERIK 840D
powerline
Objective
Standard scope
Foreword 11.03
© Siemens AG 2003 All Rights Reserved
vi SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
• Description of safety functions
• Lists and description of all signals and data
• Start-up
• Description of alarms
• One example configuration.
User-oriented activities such as the creation of parts programs and control
operating procedures are described in detail in separate documents.
Separate descriptions are likewise provided for the tasks to be performed by
the tool manufacturer such as configuring, installation and PLC programming.
The following reference guides are provided in this Description of Functions:
• Overall table of contents
• Table of contents for each chapter
• Appendix with list of abbreviations and references
• Index
If you need information about a certain term, please look in the Appendix of the
Chapter Index for the particular term. Both the chapter number and the page
number where you will find the information you need are listed in this chapter.
Note
Documentation with Edition date 08.97 describes the scope of functions of the
following products and SW versions:
SINUMERIK 840D/611 digital with software version 4.2
SINUMERIK 840C/611 digital with software version 6.1
The following functions added since 04.96 Edition are described in 08.97
Edition for SINUMERIK 840D/611 digital
Table 0-1 New functions described in 08.97 Edition
Serial no. New functions in SINUMERIK 840D/611 digital, SW 4.2 and higher
1 Override for safely reduced velocity
2 Safe braking ramp
3 Safe speed oriented stop responses
4 Safe speed oriented setpoint limits
5 Safe cams for endlessly turning rotary axes
6 Modulo display of safe actual value for rotary axes
7 Synchronization of cam SGAs
8 SGA "n < nx"
9 SGA "SBH active"
10 SGA "SG active"
11 Deletion of zero speed position for SBH/SG axes 1)
12 Encoder limit frequency 300 kHz 1)
13 Acceptance report (not a function)
Notes:
1) available from SW 3.6
Note
Notes on how to use
this manual
Documentation with
Edition date 08.97
Documentation with
Edition date 04.99
11.03 Foreword
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 vii
Documentation with Edition date 04/99 describes the scope of functions of the
following products and SW versions:
SINUMERIK 840D/611 digital with software version 4.4.18
The following table lists the main functions for SINUMERIK 840D/611 digital
added since 08.97 Edition:
Table 0-2 New functions described in 04/99 Edition
Serial no. New functions in SINUMERIK 840D/611 digital, SW 4.4.18 and higher
1 External STOPs
2 Safe programmable logic (SPL)
Note
The documentation with Edition date 05.00 describes the scope of
functions of the following products and software version:
SINUMERIK 840D with software version 5.3
SIMODRIVE 611 digital with software version 5.1
The following functions added since 04.99 Edition are described in 05.00
Edition for SINUMERIK 840D/611 digital:
Table 0-3 New functions described in 05.00 Edition
Serial No. New functions in SINUMERIK 840D/611 digital
1 SPL expansions (Chapter 3)
2 Drive systems with slip (Chapter 3)
3 Setpoint velocity limiting (Chapter 3)
4 Engineering examples (Chapter 7), extended
5 Application examples (Chapter 8), extended
Note
The documentation with Edition date 03.01 describes the scope of
functions of the following products and software version:
SINUMERIK 840D with software version 6.1
SIMODRIVE 611 digital with software version 5.1.10
The following functions added since the 04.99 Edition are described in the
03.01 Edition for SINUMERIK 840D/611 digital:
Table 0-4 New functions described in 03.01 Edition
Serial No. New functions in SINUMERIK 840D/611 digital
1 SPL start without axial safety enable (Chapter 3)
2 New system variables (Chapter 3)
3 Actual value crosswise data comparison error (Chapter 3)
4 Additional machine data (Chapter 4)
5 Additional alarms (Chapter 6)
Documentation with
Edition date 05.00
Documentation with
Edition date 03.01
Foreword 11.03
© Siemens AG 2003 All Rights Reserved
viii SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
The documentation with Edition date 07.02 describes the scope of
functions of the following products and software version:
SINUMERIK 840D with software version 6.3.21
SIMODRIVE 611 digital with software version 5.1.14
The following functions added since the 03.01Edition are described in the 07.02
Edition for SINUMERIK 840D/611 digital:
Table 0-5 New functions described in 07.02 Edition
Serial No. New functions in SINUMERIK 840D/611 digital
1 NCU onboard I/Os (Chapter 3)
2 NC internal pulse disable (Chapter 3)
3 SPL module brake test, safe brake test (Chapter 8)
4 Disable SPL module (SW relay) (Chapter 3)
5 Improved diagnostics (Chapter 5)
6 PROFIsafe (Chapter 3)
Note
The documentation with Edition date 11.03 describes the scope of
functions of the following products and software version:
SINUMERIK 840D with software version 6.4
The following functions added since the 07.02 Edition are described in the
11.03 Edition for SINUMERIK 840D/611 digital:
Table 0-6 New functions described in 11.03 Edition
Serial No. New functions in SINUMERIK 840D/611 digital
1 ProgEvent (Chapter 3.10.10)
2 STOP E (Chapter 3)
3 Acceptance test support (Chapter 5.4)
4 Drive bus failure (Chapter 3.13)
Ordering data option
In this documentation you will find the symbol shown on the left with a
reference to an ordering data option. The function described will only be able
to be used if the control contains the designated option.
The following danger and warning symbols are used in this document.
Explanation of symbols used:
!
Danger
This symbol indicates that death, severe personal injury or substantial
property damage will result if proper precautions are not taken.
Documentation with
Edition date 04/02
Documentation with
Edition date 11/03
Danger and warning
concept
11.03 Foreword
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 ix
!
Warning
This symbol indicates that death, severe personal injury or substantial
property damage may result if proper precautions are not taken.
!
Caution
This symbol (with a warning triangle) indicates that minor injury or damage to
property may result if proper precautions are not taken.
Caution
This symbol (without a warning triangle) indicates that damage to property
may result if proper precautions are not taken.
Notice
This symbol indicates that an undesirable result or state may result if proper
precautions are not taken.
!
Important
This notice indicates important facts that must be taken into consideration.
Note
Always appears in this document where further, explanatory information is
provided.
IBM is a registered trademark of the International Business Corporation.
MS-DOS and WINDOWSTM are registered trademarks of the Microsoft
Corporation.
A type-examination certificate from the German Institute for Occupational
Safety (BIA) has been granted to the SINUMERIK 840D/DE with Safety
Integrated.
Other Information
Technical Information
Trademarks
Type-examination
certificate sign
Foreword 11.03
© Siemens AG 2003 All Rights Reserved
x SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Fig. 0-1 Type-examination certificate symbol for SINUMERIK 840D/611 digital
11.03 Foreword
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 xi
Fig. 0-2 Type-examination certificate for SINUMERIK 840D and 840DE with
SIMODRIVE 611 digital SINUMERIK® Safety Integrated
The appendices to the type-examination certificate are not included in
this document. If you require any data from this Appendix, please
contact the department named on the Corrections/Suggestions sheet
(last page).
Type-examination
certificate for
SINUMERIK 840D/
611 digital
Foreword 11.03
© Siemens AG 2003 All Rights Reserved
xii SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
11.03 Contents
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition xiii
Contents
1 Short Description.................................................................................................... 1-19
2 General Information about Integrated Safety Systems........................................ 2-23
2.1 Drives and CNC controls with integrated safety.......................................... 2-25
2.1.1 Standards and Directives...................................................................... 2-26
2.1.2 Requirements from the EC Directives................................................... 2-27
2.1.3 Relevant Safety Standards ................................................................... 2-28
2.1.4 Hazard analysis and risk assessment................................................... 2-28
2.1.5 EC-type examination according to the Machinery Directive .................. 2-29
2.1.6 Product liability law ............................................................................... 2-29
2.2 Test, certification......................................................................................... 2-30
2.3 Terminology from EN 292-1........................................................................ 2-30
2.4 Position paper of the working group (WG) 226.03 in the German
Electrotechnical Commission (DKE) ........................................................... 2-31
2.5 Technical Bulletin about vertical axes from the German Trade Association 2-31
2.6 Basics of SINUMERIK Safety Integrated .................................................... 2-32
2.6.1 Control category 3 ................................................................................ 2-32
2.6.2 Basic features of SINUMERIK Safety Integrated .................................. 2-33
2.6.3 Forced checking procedure .................................................................. 2-33
2.6.4 Monitoring clock cycle and crosswise data comparison clock cycle...... 2-35
2.6.5 User agreement .................................................................................... 2-35
2.7 Increasing the availability using integrated safety technology ..................... 2-38
2.8 Overview of the safety-related functions ..................................................... 2-39
2.9 System prerequisites .................................................................................. 2-40
2.9.1 Order numbers .................................................................................... 2-41
2.10 Customer Support..................................................................................... 2-43
2.11 Powering the control up and down............................................................ 2-45
2.12 Error analysis............................................................................................ 2-46
2.13 Others....................................................................................................... 2-51
2.13.1 Applications 2-51
2.13.2 Information for OEM users.................................................................... 2-52
2.13.3 Overtemperature .................................................................................. 2-53
Contents 11.03
© Siemens AG 2003 All Rights Reserved
xiv SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition
3 Safety-Related Functions....................................................................................... 3-55
3.1 Basic mechanisms of SI functions .............................................................. 3-57
3.1.1 Safe standstill – disconnecting the energy feed.................................... 3-57
3.1.2 Shutdown paths .................................................................................... 3-58
3.1.3 Testing the shutdown paths.................................................................. 3-61
3.1.4 Overview of the machine data for the shutdown paths ......................... 3-67
3.1.5 Stop responses .................................................................................... 3-67
3.1.6 Overview of the machine data for stop responses ................................ 3-76
3.2 External STOPs .......................................................................................... 3-77
3.2.1 Test stop for external STOPs................................................................ 3-80
3.2.2 Overview of the machine data for the "external STOPs" function ......... 3-84
3.3 Safe standstill (SH) ..................................................................................... 3-85
3.3.1 Overview of the machine data for the SH function................................ 3-86
3.4 Safe operating stop (SBH) .......................................................................... 3-86
3.4.1 Selecting/de-selecting safe operating stop ........................................... 3-87
3.4.2 Effects when the limit is exceeded for SBH .......................................... 3-90
3.4.3 Overview of the machine data for the SBH function.............................. 3-91
3.5 Safely-reduced speed (SG) ........................................................................ 3-92
3.5.1 Selecting/de-selecting the safely-reduced speed.................................. 3-94
3.5.2 Limiting the setpoint speed ................................................................... 3-96
3.5.3 Safely-reduced speed when using selector gearboxes......................... 3-97
3.5.4 Effects when the limit value is exceeded for SG ................................... 3-98
3.5.5 SG-specific stop responses .................................................................. 3-99
3.5.6 Override for safely-reduced speed........................................................ 3-100
3.5.7 Example: Override for safely-reduced speed........................................ 3-102
3.5.8 Application examples for SG ................................................................ 3-103
3.5.9 Examples for safe input of ratios........................................................... 3-103
3.5.10 Overview of the machine data for the function SG................................ 3-110
3.6 Safe software limit switches (SE)................................................................ 3-111
3.6.1 Effects when an SE responds............................................................... 3-112
3.6.2 Overview of the machine data for the SE function ................................ 3-114
3.7 Safe software cams (SN) ............................................................................ 3-115
3.7.1 Effects when SN reponds ..................................................................... 3-119
3.7.2 Application example for "safe software cams" ...................................... 3-120
3.7.3 Overview of machine data for the SN function...................................... 3-123
3.8 Safe braking ramp (SBR) (840D from SW 4.2) ........................................... 3-124
3.8.1 Overview of the machine data for SBR................................................. 3-126
3.9 Safety-related input/output signals (SGE/SGA) .......................................... 3-127
3.9.1 Signal processing for the NCK monitoring channel............................... 3-132
3.9.2 Signal processing in the drive monitoring channel ................................ 3-134
3.9.3 Overview of the machine data for SGE/SGA ........................................ 3-135
3.10 Safe programable logic (SPL) (840D SW 4.4.18)...................................... 3-136
3.10.1 NCK-SPL program................................................................................ 3-139
3.10.2 Starting the NCK-SPL using the PROG_EVENT mechanism
(from SW 6.4.15) .................................................................................. 3-141
11.03 Contents
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition xv
3.10.3 Starting the NCK-SPL from the PLC user program............................... 3-144
3.10.4 Linking the NCK-SPL to the I/O and monitoring channel ...................... 3-145
3.10.5 Diagnostics/commissioning .................................................................. 3-147
3.10.6 Safe software relay (from SW 6.3.30)................................................... 3-148
3.10.7 System variables for SINUMERIK 840D............................................... 3-153
3.10.8 Behavior after POWER ON/operating mode change/reset ................... 3-155
3.10.9 SPL data on the PLC side .................................................................... 3-156
3.10.10 Direct communications between the NCK and PLC-SPL
(from SW 6.3.30) .................................................................................. 3-158
3.10.11 PLC data block (DB 18)........................................................................ 3-160
3.10.12 Forced checking procedure of SPL signals........................................... 3-164
3.11 Encoder mounting arrangements.............................................................. 3-168
3.11.1 Encoder types 3-168
3.11.2 Adjustment, calibration, axis states and historical data......................... 3-170
3.11.3 Overview of the data for mounting encoders ........................................ 3-174
3.11.4 Actual value synchronization (slip for 2-encoder systems
with SW 5.2 and higher)........................................................................ 3-175
3.11.5 Application: Spindle with two encoders and drive with slip
(SW 5.2 and lower) ................................................................................ 3-176
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP
(840D from SW 6.3.30) ............................................................................. 3-179
3.12.1 Description of functions ........................................................................ 3-179
3.12.2 Available fail-safe modules ................................................................... 3-180
3.12.3 System prerequisites ............................................................................ 3-181
3.12.4 System structure................................................................................... 3-182
3.12.5 Configuring and parameterizing the ET 200S F-I/O .............................. 3-183
3.12.6 Parameterizing SINUMERIK 840D NCK............................................... 3-188
3.12.7 Parameterizing the SINUMERIK 840D PLC ......................................... 3-195
3.12.8 Response times .................................................................................... 3-196
3.12.9 Functional limitations ............................................................................ 3-196
3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) . 3-198
3.13.1 Behavior of the axial NCK monitoring channel...................................... 3-198
3.13.2 Behavior without NCK-SPL................................................................... 3-199
3.13.3 Behavior with NCK-SPL........................................................................ 3-199
3.13.4 Behavior of the drive monitoring channel.............................................. 3-200
3.13.5 SGE/SGA processing in the PLC.......................................................... 3-201
3.13.6 Limitations .................................................................................... 3-201
3.13.7 Examples .................................................................................... 3-201
4 Data Descriptions ................................................................................................... 4-205
4.1 Machine data .............................................................................................. 4-206
4.1.1 Overview of the machine data .............................................................. 4-206
4.1.2 Description of the machine data ........................................................... 4-208
4.2 Machine data for SIMODRIVE 611 digital................................................... 4-240
4.2.1 Overview of the machine data .............................................................. 4-240
4.2.2 Description of the machine data ........................................................... 4-242
4.3 Interface signals.......................................................................................... 4-255
4.3.1 Interface signals for SINUMERIK 840D ................................................ 4-255
4.3.2 Description of the interface signals ....................................................... 4-256
Contents 11.03
© Siemens AG 2003 All Rights Reserved
xvi SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition
4.4 System variable .......................................................................................... 4-263
4.4.1 System variable for SINUMERIK 840D................................................. 4-263
4.4.2 Description of the system variables ...................................................... 4-266
5 Commissioning....................................................................................................... 5-273
5.1 Commissioning SINUMERIK 840D ............................................................. 5-275
5.1.1 Commissioning procedure .................................................................... 5-275
5.1.2 First commissioning.............................................................................. 5-276
5.1.3 Series commissioning........................................................................... 5-279
5.1.4 Upgrading software .............................................................................. 5-280
5.1.5 Changing data .................................................................................... 5-280
5.2 Acceptance report....................................................................................... 5-282
5.3 Conventional acceptance test..................................................................... 5-286
5.4 NCK acceptance test support ..................................................................... 5-288
5.4.1 Scope of the test list ............................................................................. 5-289
5.4.2 Internal mechanisms to support the test procedure .............................. 5-290
5.4.3 Trace techniques .................................................................................. 5-292
5.4.4 Basic operating information and instructions ........................................ 5-293
5.5 Diagnostics ................................................................................................. 5-294
5.5.1 Troubleshooting procedure................................................................... 5-294
5.5.2 Diagnostics support by configuring your own extended alarm text........ 5-298
5.5.3 Servo trace bit graphics for Safety Integrated....................................... 5-301
5.5.4 Bit graphics for SI signals in the servo trace ......................................... 5-304
6 Alarms ..................................................................................................................... 6-309
6.1 Alarms for SINUMERIK 840digital .............................................................. 6-310
6.2 Alarms from SIMODRIVE 611 digital .......................................................... 6-343
6.3 Alarm suppression ...................................................................................... 6-355
7 Configuring example .............................................................................................. 7-359
7.1 General information on engineering............................................................ 7-360
7.2 Circuit examples ......................................................................................... 7-361
7.2.1 Control and drive components.............................................................. 7-362
7.2.2 Engineering .................................................................................... 7-363
7.3 Safety Integrated with SPL ......................................................................... 7-365
7.3.1 Start configuration in the OB100........................................................... 7-367
7.3.2 Starting the NCK-SPL and PLC-SPL .................................................... 7-368
7.3.3 Declaring variables ............................................................................... 7-371
7.3.4 Connecting-up the drives...................................................................... 7-379
7.3.6 Test stop .................................................................................... 7-388
7.3.7 Protective door interlocking .................................................................. 7-397
7.3.8 De-selecting SBH via the key-operated switch ..................................... 7-398
7.3.9 SG changeover .................................................................................... 7-400
11.03 Contents
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition xvii
7.3.10 NCK-SPL .................................................................................... 7-401
7.3.11 PLC blocks .................................................................................... 7-403
7.3.12 Appendix .................................................................................... 7-410
7.4 Safety Integrated without SPL .................................................................... 7-413
7.4.1 Connecting-up the drives...................................................................... 7-413
7.4.2 EMERGENCY STOP and connecting-up the I/R module...................... 7-414
7.4.3 Test stop .................................................................................... 7-416
7.4.4 Protective door interlocking .................................................................. 7-417
7.4.5 De-selecting SBH using the key-operated switch/SG changeover
using the door safety contactor............................................................. 7-418
7.5 External STOPs .......................................................................................... 7-420
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP..................... 7-424
7.6.1 Functional scope of the application....................................................... 7-424
7.6.2 Connecting-up the sensors and actuators ............................................ 7-424
7.6.3 Individual application functions ............................................................. 7-428
7.6.4 Configuring and connecting-up the ET200S I/O.................................... 7-429
7.6.5 Parameterizing the Sinumerik 840D NCK............................................. 7-434
7.6.6 Programming the NCK-SPL.................................................................. 7-435
7.6.7 Programming the PLC-SPL .................................................................. 7-438
7.6.8 Modified limitations with PROFIsafe ..................................................... 7-441
8 Application examples............................................................................................. 8-443
8.1 Conventional brake control (single-channel from the PLC) ......................... 8-444
8.2 Two-channel brake control with SI (SPL).................................................... 8-445
8.3 Testing the function of the brake mechanical system.................................. 8-450
8.3.1 Applications .................................................................................... 8-450
8.3.2 Parameterization .................................................................................. 8-450
8.3.3 Sequence .................................................................................... 8-452
8.3.4 Limitations .................................................................................... 8-455
8.3.5 Activating .................................................................................... 8-455
8.3.6 Examples .................................................................................... 8-456
8.4 Safe cams at the modulo limit..................................................................... 8-457
8.5 SPL functionality without real drives ........................................................... 8-464
8.6 Direction detection when retracting from SE ............................................... 8-466
8.7 Replacing a motor or encoder..................................................................... 8-469
8.8 Example for combining SI with ESR ........................................................... 8-473
Contents 11.03
© Siemens AG 2003 All Rights Reserved
xviii SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - 11.03 Edition
A Appendix................................................................................................................. A-477
A.1 Index of abbreviations ................................................................................ A-477
A.2 List of References. ..................................................................................... A-483
A.2.1 List of references, general .................................................................... A-483
A.2.2 List of references for SINUMERIK 840D............................................... A-484
A.2.3 List of References for SIMODRIVE 611................................................ A-485
I Index ......................................................................................................................... I-487
I.1 Keyword index ............................................................................................. I-487
11.03 1 Short Description
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 1-19
1 Short Description
SINUMERIK Safety Integrated® provides safety functions that have been
certified in an EC type examination. These functions can be used to implement
practical and highly effective protective measures for operating personnel and
machinery. With the exception of the brake test (control Category 2, refer to
Chapter 8.3 "Function test of the mechanical braking system"), all of the safety
functions fulfill the requirements of control Category 3 according to EN 954-1
and are a fixed component of the basic system. No additional sensors or
evaluation units are needed. This means less installation time and costs at the
machine and a more transparent electrical cabinet.
Included in the scope of functions are:
• Functions for safe monitoring of speed, zero speed and position and
• Functions for safe logical combination of signals.
It is now possible to connect sensors and actuators, for example EMERGENCY
STOP buttons, light barriers, valves and brakes, directly to the two-channel
I/Os. Logic operations and responses are performed internally using safety-
related technology.
Fully-digital systems now make it possible to implement safety-relayed
technology in which electronics and software play the major role. Full
integration into the control and drive technology means that the safety functions
are now an inseparable part of the basic system. They provide a previously
unknown, intelligent and direct link right through the system to the electric
drives and measuring system. Reliable operation, fast response and wide
acceptance mean that this certified safety concept is extremely effective.
A two-channel, diverse system structure has been formed on the basis of the
existing multi-processor structure. The safety functions have been configured
redundantly in the NC, drive and internal PLC.
The process variables and safety-relevant system data are subject to crosswise
data monitoring. Safety-relevant software and hardware functions are checked
by an automatic forced checking procedure at defined intervals.
The special feature of this safety concept: Using SINUMERIK Safety
Integrated®, with only one measuring system – the standard motor measuring
system – control Category 3 according to EN 954-1 (SIL2) (IEC 61508) can be
implemented. A second sensor is not necessary but can be added as an
additional, direct measuring system (e.g. linear scale).
1
Direct connection
of two-channel
I/O signals
Highly effective safety
concept
Redundant
configuration of the
safety function
1 Short Description 11.03
© Siemens AG 2003 All Rights Reserved
1-20 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Acquisition Evaluation Reaction
I/O
I/O
Bus
Bus
Cross-check of
data and results
PLC
computer
Type 3
Feedback singals
Feedback singals
Cross-check of
data and results
Signal
encoder Drive
computer
Type 2
Pulse disable
paths
incremental
or absolute
Drive
power
section
NC
computer
Type 1
All safety-relevant errors in the system always cause potentially hazardous
movement to be brought to a standstill or the motor to be disconnected from the
power supply.
The necessary disconnection of the converter from the motor is contactless and
can be initiated on an axis-for-axis basis with a very short response time. The
drive DC link does not have to be discharged.
The drives are brought to a standstill in the optimum way, adapted to the
operating conditions of the machine. For example, each axis can be brought to
a standstill separately in the setting-up mode when the protective door is open.
This means a high degree of protection for the personnel during set-up and
additional protection of the machine, tool and workpiece in the automatic mode.
Activation of external braking mechanisms supplements the integrated
functions and results in the shortest possible braking distance with safe
standstill. External braking mechanisms might be:
• An external mechanical brake
A holding or operational brake
• An external electrical brake
Armature short-circuiting or eddy-current brake.
The safety functions are available in all modes and can communicate with the
process using safety-related input/output signals.
• Safe standstill
A monitoring function or sensor (e.g. light barrier) responds and brings a
moving drive to a standstill.
• Safe operating stop (SBH)
Monitors the drives during standstill within a settable tolerance window.
The drives remain fully functional in closed-loop position control.
• Safe standstill (SH)
Drive pulses are cancelled so that the energy feed is safely and
electronically disconnected.
Mastering extreme
conditions
professionally
Scope of functions
11.03 1 Short Description
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 1-21
• Safely-reduced speed (SG)
Configured speed limits are monitored, e.g. when setting-up without
agreement button
• Safe software limit switch (SE)
Variable traversing range limits, can be configured on an axis-for-axis
basis
• Safe software cam range detection (SN)
• Safety input/output signals, interface to process
• Safe programmable logic (SPL)
All of the safety-relevant signals and internal logic are directly connected
• SG-specific setpoint limitation
• Safe brake management (SBM)
Two-channel brake control and cyclic brake test
• Safety-relevant communication via standard bus connection of distributed
I/Os for process and safety signals via PROFIBUS using the PROFIsafe
protocol
• Safety-relevant software relay (SI relay)
This is designed for requirements of an EMERGENCY STOP with safe
programmable logic and similar requirements.
Note
The function "safe software limit switch" SE is also called "safe limit position"
and the function "safe software cams" (SN) is also called "safe cams".
SINUMERIK Safety Integrated® has already been implemented successfully in
many thousands of machines of many different types - also outside Europe.
National product liability laws and standardized concepts of companies
operating worldwide mean that the requirements of the EC Machinery Directive
can also be fulfilled for the world market.
It has been proven that new practical machine operation concepts can be
implemented with this innovative safety technology.
The result is a new standard for machines which makes them safer and more
flexible to use and which increases the availability of the entire plant.
The new safety concept is the result of close cooperation between the "Iron and
Metal II" Technical Committee of the German Employer's Liability Assurance
Association in Mainz, the German Institute for Occupational Safety in St.
Augustin and Siemens AG in Erlangen, Germany.
Highly effective and practical operator and machine protection with
SINUMERIK Safety Integrated®. This innovative safety technology enables:
• Higher efficiency
• Higher economic efficiency
• Higher flexibility
Innovative safety
technology setting
new standards
Effective cooperation
and competent
partners
The advantages at a
glance
1 Short Description 11.03
© Siemens AG 2003 All Rights Reserved
1-22 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
• Higher plant availability.
11.03 2 General Information about Integrated Safety Systems
2.1 Drives and CNC controls with integrated safety
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-23
2 General Information about Integrated Safety
Systems
2.1 Drives and CNC controls with integrated safety.......................................... 2-25
2.1.1 Standards and Directives...................................................................... 2-26
2.1.2 Requirements from the EC Directives................................................... 2-27
2.1.3 Relevant Safety Standards ................................................................... 2-28
2.1.4 Hazard analysis and risk assessment................................................... 2-28
2.1.5 EC-type examination according to the Machinery Directive .................. 2-29
2.1.6 Product liability law ............................................................................... 2-29
2.2 Test, certification......................................................................................... 2-30
2.3 Terminology from EN 292-1........................................................................ 2-30
2.4 Position paper of the working group (WG) 226.03 in the German
Electrotechnical Commission (DKE) ........................................................... 2-31
2.5 Technical Bulletin about vertical axes from the German Trade Association 2-31
2.6 Basics of SINUMERIK Safety Integrated .................................................... 2-32
2.6.1 Control category 3 ................................................................................ 2-32
2.6.2 Basic features of SINUMERIK Safety Integrated .................................. 2-33
2.6.3 Forced checking procedure .................................................................. 2-33
2.6.4 Monitoring clock cycle and crosswise data comparison clock cycle...... 2-35
2.6.5 User agreement .................................................................................... 2-35
2.6.6 Enabling safety-related functions.......................................................... 2-36
2.7 Increasing the availability using integrated safety technology ..................... 2-38
2.8 Overview of the safety-related functions ..................................................... 2-39
2.9 System prerequisites ......................................................................... 2-40
2.9.1 Order numbers .................................................................................... 2-41
2.10 Customer Support ......................................................................... 2-43
2.11 Powering the control up and down............................................................ 2-45
2.12 Error analysis ......................................................................... 2-46
2.13 Others ......................................................................... 2-51
2.13.1 Applications .................................................................................... 2-51
2.13.2 Information for OEM users.................................................................... 2-52
2
2 General Information about Integrated Safety Systems 11.03
2.1 Drives and CNC controls with integrated safety
© Siemens AG 2003 All Rights Reserved
2-24 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
2.13.3 Overtemperature .................................................................................. 2-53
11.03 2 General Information about Integrated Safety Systems
2.1 Drives and CNC controls with integrated safety
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-25
2.1 Drives and CNC controls with integrated safety
"...For the protection of persons from hazardous motion, safety measures must
be implemented on machines. They are intended to prevent hazardous
machine motion while the protective devices are open. These functions include
monitoring positions, e.g. final positions, monitoring velocities and standstill, or
stopping in hazardous situations.
For the technical implementation of safety measures up until now, mainly
external equipment and devices have been used. These include contactors,
switches, cams, and monitoring devices. If a hazardous situation is detected,
these devices generally initiate a contact switching operation in the power
circuit thus causing the motion to stop (Fig. 2-1).
With the integration of safety functions, drive systems and CNC controls
perform safety functions in addition to their functional tasks. Very short
response times can be achieved because of the short data paths from
acquisition of the safety-relevant information, e.g. speed or position, to
evaluation. The systems with integrated safety technology generally respond
very quickly when the permissible limit values are violated, e.g. position and
velocity limit values. They can be of decisive importance for the required
monitoring result. The integrated safety technology can directly access the
power semiconductors in the drive controller without the use of
electromechanical switching devices in the power circuit. This helps reduce the
susceptibility to faults - and integration also reduces cabling..."
M
Integrated
safety
technology
CNC
Drive
control
External safety
technology
M
External safety
technology
Drive
control
EXT_INT.DSF
Fig. 2-1 External safety technology, integrated switching technology
(taken from /6/)
Extract from /6/
2 General Information about Integrated Safety Systems 11.03
2.1 Drives and CNC controls with integrated safety
© Siemens AG 2003 All Rights Reserved
2-26 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
2.1.1 Standards and Directives
"...The European Machinery Directive applies to all machines /1/. The minimum
requirements are defined in Appendix I of the Directive. These are defined
more precisely by the European harmonized standards. However, Standards
have not been drawn-up for all types of machines. For machine tools for metal
working, robots, and automatic manufacturing systems, some Draft Standards
and final Standards do exist (Table 2-1). In many cases, Category 3 acc. to
EN 954-1 is defined in these Standards for the safety-related controls. /4/
contains a comparison for implementation of various control categories
according to EN 954-1 using different technologies. The basic requirement of
this category is: Single-fault fail-safety with partial fault recognition.
As regards the electronics in general and electric drives in particular, EN 954-1
does not contain any special requirements. A working group of the German
Electrotechnical Commission has therefore drawn-up a position document that
describes the most important safety functions of electric drive systems in
machines and defined the requirements to implement the various Categories
according to EN 954-1 /2/. This position document is to be transformed into a
draft Standard..."
The description of the most important safety functions of electrical drive
systems in machines is contained in Chapter 4, "Function description".
"...The electrical drive system includes hardware and software components that
influence the movement of the machine. Possible components are e.g.:
electronic controls, closed-loop control components, drive motors, power and
data cables and parts. They can also be part of the CNC control..."
Table 2-1 Overview of safety-relevant controls in C Standards
EN 12417
Machining centers
EN 12415
Turning centers
EN 775
Industrial robots
Agreement button Category 3 Category 3 Category 3
Speed reduction incl.
protection against
Category 3 Category 3 Category 3
unexpected start-up
(n=0)
Category B and
agreement button
Interlocking of Category 3 Category 3 Category 3
protective devices
and equipment
Limitation of endstops - - Category 3
Emergency Stop acc. to EN 60204 Category 3 Category 3
Extract from /6/
11.03 2 General Information about Integrated Safety Systems
2.1 Drives and CNC controls with integrated safety
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-27
2.1.2 Requirements from the EC Directives
The "EC Machinery Directive" and the "EC Individual Directive - Use of
equipment" define the basic protective goals. With their demands that are laid
down in national laws they commit the manufacturer and the machine user to
abide by these protective goals. With the CE mark and the declaration of
conformity, machine manufacturers show that they have implemented all
EC Directives relevant for their machines valid at this time.
Standards provide support and provide guidelines for implementation but unlike
EC Directives are not binding. If applied consistently, this provides a degree of
flexibility for innovative safety concepts. Standards generally reflect state-of-
the-art technology. However, on the other hand, innovative technical concepts
reflect the state of science and state-of-the-art technology. The state-of-the-art
and technology is then included in updated standards.
When implementing EC Directives, it is possible to deviate from the standards if
the same degree of safety can be achieved by another method. It is important
to provide proof of the achieved level of quality. This can be provided, for
example, in the form of an EC-type examination certificate.
Article 100 / 100a
EC contract
(internal market)
Article 118 / 118a
EC contract
(social security)
Machinery
directive
(98/37/EEC)
Harmonized
European standards
Manufacturer User
National legal
requirements
Separate directive
Use of
equipement
(89/655/EEC)
Any other
separate
directives
any other
applicable
guidelines
Outline proposal
Safety and health protection of employees
/89/391/EEC)
Machine protection
MASCHUTZ.DSF
Fig. 2-2 Requirements of the EC Directives (extract from /7/)
2 General Information about Integrated Safety Systems 11.03
2.1 Drives and CNC controls with integrated safety
© Siemens AG 2003 All Rights Reserved
2-28 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
2.1.3 Relevant Safety Standards
A selection of safety standards is listed in the table below:
Table 2-2 Important Safety Standards
Standard Description
DIN EN 292-1 Safety of Machinery, Parts 1 and 2
DIN EN 292-2/A1 Basic Terminology, General Principles for Design
EN 775 (ISO 10218) Industrial Robots; Safety
EN 954-1 Safety-related parts of control systems
EN 1050 Risk assessment
EN 60204-1 Electrical equipment of machines
EN 418 Emergency stop equipment, functional aspects - design
guidelines
DIN V VDE 0801 Rules concerning use of computers in systems with safety
tasks
IEC 61508 Functional safety of electrical and electronic systems
IEC 61800-5 Adjustable speed of electrical power drive systems
Note
As far as the EMC and Low-Voltage Directives, there is a list of the relevant
standards in the Declarations of Conformance.
2.1.4 Hazard analysis and risk assessment
According to the Machinery Directive 98/37/EC, the manufacturer of a machine
or a safety component or the person or persons responsible for placing such
equipment on the market is legally obliged to carry out a risk analysis in order
to determine all of the risks that may arise in connection with the machine or
safety component concerned. He must design and construct the machine or
safety component on the basis of this analysis.
A risk assessment must indicate all residual risks that need to be documented.
SINUMERIK Safety Integrated and its error analysis (refer to Chapter 2.12,
"Error analysis") provides the machine manufacturer with information about the
measures integrated in the control and drive for dealing with errors arising as
the result of internal or external disturbances.
He can incorporate this information directly into his risk analysis that is based
on the EC Machinery Directive, Appendix 1.
Safety standards
General
Error analysis on
SINUMERIK Safety
Integrated
11.03 2 General Information about Integrated Safety Systems
2.1 Drives and CNC controls with integrated safety
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-29
2.1.5 EC-type examination according to the Machinery Directive
SINUMERIK Safety Integrated is certified by an accredited test laboratory
according to the EC Machinery Directive.
SINUMERIK Safety Integrated complies with control Category 3 according to
EN 954-1.
SINUMERIK Safety Integrated can therefore be used on all machine tools and
production machines. The machine tool manufacturer can verify his machines
himself with SINUMERIK Safety Integrated regardless of whether harmonized
Standards exist or not.
A machine must, however, pass an acceptance test successfully (refer to
Chapter 5, "Acceptance test" and "Acceptance report"). Verification is greatly
simplified even for machines that are covered by Appendix IV of the
EC Machinery Directive for which no harmonized standards yet exist.
The machine manufacturer should indicate that his machine has a type-
examination certificate for SINUMERIK Safety Integrated in his documentation
or declaration of conformity.
2.1.6 Product liability law
Damage resulting from defective products and absolute proof of the fault cause
are the prerequisites for product liability. The only effective protection against
such liability are measures that can prevent the occurrence or the effects of
faults or errors that impair or endanger the proper operation of machinery.
Certification of
SINUMERIK Safety
Integrated
Product liability law
2 General Information about Integrated Safety Systems 11.03
2.2 Test, certification
© Siemens AG 2003 All Rights Reserved
2-30 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
2.2 Test, certification
"...There is no general testing requirement for drive systems with integrated
safety. This applies to applications in machine tools, robots, automated
manufacturing systems, foodstuffs machines etc.
On certain machines that are listed under Appendix IV of the Machinery
Directive (e.g. presses, woodworking machines) there may be a test
requirement for the machine from which a test requirement for the drive
systems can be derived.
Whether this is the case or not, tests can be conducted on a voluntary basis.
Generally, users and the machine manufacturers request that these
components be tested by an independent body, even if there is no test
requirement. The reason for that is, above all, the complexity of the drive
systems with integrated safety. The users themselves are unable to judge
whether the systems meet the protection objectives of the Machinery Directive
and the Standards.
Testing such complex systems must always be conducted in parallel with
development, i.e. already starting in the conceptual phase. In that way, it is
possible to avoid mistakes in the development phase and reduce the test effort.
The certificates that are acceptable for tests by the test and certification system
of the German professional association are EC-type examination certificates in
compliance with EC Directives according to ZH1/419 /5/ in conjunction with the
appropriate test symbol..."
2.3 Terminology from EN 292-1
The terms "Reliability" and "Safety" are defined in EN 292-1 as follows:
Table 2-3 Reliability and safety
Term Definition
Reliability The ability of a product, a part or an apparatus to perform a
required function under specific conditions and for a specified
period of time without malfunction.
Safety The ability of a product to perform its function(s) and to be
transported, erected, installed, maintained, disassembled and
removed in compliance with the conditions of its intended use as
defined by the manufacturer in the Operating Manual (and to which
reference is made in some cases for certain periods in the
Operating Instructions) without causing injury or ill-health.
Extract from /6/
Reliability and safety
11.03 2 General Information about Integrated Safety Systems
2.4 Position paper of the working group (WG) 226.03 in the German Electrotechnical Commission (DKE)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-31
2.4 Position paper of the working group (WG) 226.03 in the
German Electrotechnical Commission (DKE)
In the position paper "Safety-relevant functions of electrical drive systems in
machines" the subject of "functional safety" was agreed with German industry
and given a general definition.
Safety Integrated corresponds to the functions described in the position paper.
Table 2-4 Translation of terms used
Terms from position paper
drawn up by WG 226.03 in the
DKE (German)
English Term used in this documentation
(abbreviation)
Refer to
Chapter
Sicherer Halt Safe standstill SH 3.3
Sicherer Betriebshalt Safe operating stop SBH 3.4
Sicher reduzierte
Geschwindigkeit
Safely-reduced speed SG 3.5
Sicheres Stillsetzen Safe stopping process 3.2
Sicher begrenzte Absolutlage Safely limited absolute position SE 3.6
Sichere Software-Nocken Safe Cam SN 3.7
Sichere Ein-/Ausgangssignale Safe input/output signals SGEs/SGAs 3.9
2.5 Technical Bulletin about vertical axes from the German
Trade Association
This Technical Bulletin aims to summarize the knowledge and experience
available with regard to improved safety at work for activities at or close to
vertical axes. This is realized by applying practical control measures to prevent
axes falling due to the force of gravity. The Technical Bulletin is based on the
experience of manufacturers of industrial robots, including linear robots and
handling systems, by drive and control systems manufacturers and by the
users of those systems, particularly in automobile production and the German
Trade Association.
The Technical Bulletin shows typical hazardous situations with regard to
vertical axes and gives suitable solutions for risk reduction by applying
appropriate control measures. Other measures against preventing axes falling,
which are not considered in this bulletin, remain unaffected. Consideration is
given to vertical axes driven by electric motors as well as inclined axes with
motor-integrated brake or external brake which could fall due to gravity in case
of a brake failure.
2 General Information about Integrated Safety Systems 11.03
2.6 Basics of SINUMERIK Safety Integrated
© Siemens AG 2003 All Rights Reserved
2-32 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
2.6 Basics of SINUMERIK Safety Integrated
2.6.1 Control category 3
The safety-relevant components of the SINUMERIK 840D control with
SIMODRIVE 611 digital correspond to Category 3 according to EN 954-1.
Table 2-5 Categories of safety-relevant parts of control systems
Cate-
gory
Summary of requirements System response 1) Main principle
for provision
of safety
B The safety-relevant components of machine controls
and/or their protective equipment and components
must be designed, constructed, selected, assembled
and combined in compliance with all applicable
standards such as to be capable of withstanding all
potentially hazardous influences.
If a fault/error occurs, it can lead to
loss of the safety functions.
Selection of
components
1 The requirements of B must be fulfilled. Use of
components and principles that have proven to be
effective in terms of safety.
As described for category B, but
with a greater safety-relevant
reliability of safety functions.
2 The requirements of B must be fulfilled. Use of
principles that have proven to be effective in terms of
safety.
The safety function(s) must be tested at appropriate
intervals by the machine control.
Note:
The suitability of the measure depends on the
application and type of the machine.
The occurrence of a fault/error can
lead to a loss in safety functions
in-between tests.
The loss of safety function(s) is
detected in the course of testing.
Structure-
based
3 The requirements of B must be fulfilled. Use of
principles that have proven to be effective in terms of
safety.
The controls must be designed such that:
a single fault/error in the control system does not
cause a loss of the safety function, and
if it can be implemented in an appropriate way,
individual faults/errors can be detected.
If the single fault/error occurs, the
safety function always remains
operational.
Some, but not all, faults/errors are
detected.
An accumulation of undetected
faults/errors can lead to a loss of the
safety function(s).
4 The requirements of B must be fulfilled. Use of
principles that have proven to be effective in terms of
safety.
A control system must be designed such that:
a single fault/error in the control system does not
cause a loss of the safety function(s), and
the single fault/error is detected before or as the
safety function is required to take effect. If such a
response cannot be implemented, then the
accumulation of faults/errors must not result in a loss
of the safety function(s).
If faults/errors occur, the safety
function always remains
operational.
Faults/errors are detected promptly
enough to prevent any loss of safety
functions.
Structure-
based
1): The risk assessment states whether the total or partial loss of the safety function(s) as a result of faults/errors
is acceptable.
General
11.03 2 General Information about Integrated Safety Systems
2.6 Basics of SINUMERIK Safety Integrated
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-33
2.6.2 Basic features of SINUMERIK Safety Integrated
A two-channel, diverse structure is characterized by the following features:
• Two-channel structure with at least two independent computers
(i.e. computers with different hardware and software)
• Crosswise result and data comparison with forced checking procedure for
the purpose of detecting internal errors even in functions that are not often
used (dormant errors).
• Computers access data at common interfaces (e.g. actual value input)
reaction-free with decoupling.
The actual values are acquired by the 611 digital closed-loop control module
via the 1st actual value input (with a single-encoder system) or via the 1st and
2nd actual value inputs (with a 2-encoder system) and supplied to the control
system and the drive via 2 separate actual value channels.
The safety-relevant functions are executed by the NCK-CPU and the drive CPU
on a mutually independent basis. Both CPUs carry out a mutual comparison
(crosswise data comparison) of their data and results in a specified cycle. A test
that can be initiated by either of the CPUs can be carried out on the shutdown
paths (forced checking procedure).
When monitoring functions respond, the NCK and/or the drive can send control
commands to the power section via shutdown paths, thus safely shutting down
the axis or spindle.
2.6.3 Forced checking procedure
"… The forced checking procedure must be performed for all static signals and
data. The logic state must change from 1 to 0 or vice versa within the specified
time (8 h). A state that has become static as the result of an error will be
detected at the latest by comparison during this forced checking procedure.
Forced checking procedure is required for components that are required to stop
a process (e.g. contactors and power semiconductors), the shutdown path, and
for the shutdown condition. It is generally not possible to test a shutdown
condition, e.g. violation of a limit value criterion, using other methods, e.g.
crosswise data comparison, when the machine is in an acceptable condition.
This also applies to errors along the entire shutdown path including associated
hardware and software and circuit-breakers. By integrating a test stop in eight-
hourly cycles with comparison and expected status, errors can also be detected
when the machine is in an acceptable condition...."
(Note: "Acceptable condition" means that there are no machine faults that are
apparent to the operator)
Characteristics of
two-channel,
diverse structure
Acquisition
Evaluation
Response
General notes on the
forced checking
procedure
(taken from /6/)
2 General Information about Integrated Safety Systems 11.03
2.6 Basics of SINUMERIK Safety Integrated
© Siemens AG 2003 All Rights Reserved
2-34 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The forced checking procedure is used to detect errors in the software and
hardware of the two monitoring channels. In order to do this, the safety-relevant
parts in both channels must be processed in all safety-relevant branches at
least once during a defined period. Any errors in the monitoring channel will
cause deviations and will be detected by the crosswise data comparison.
The forced checking procedure of the shutdown path (test stop) must be
triggered by the user or integrated in the process as an automatic procedure,
e.g.:
• for stationary axes after the system has been powered-up
• when the protective door is opened
• in defined cycles (e.g. in 8-hour cycles)
• in the automatic mode – dependent on the time and event.
The forced checking procedure also includes testing the safety-relevant
sensors and actuators. In this case, the entire circuit including the "safe
programmable logic" (SPL) is tested for correct functioning.
Note
A defined 8-hour cycle is not mandatory in the automatic mode (when the
protective door is closed). A forced checking procedure after an 8-hour period
has elapsed can be combined with the next opening of the protective door.
Any errors in the monitoring channel result in deviations and are detected by
the crosswise data comparison.
Dormant errors in the safety-relevant data of the two monitoring channels are
discovered in the course of the crosswise data comparison.
In the case of "variable" data, there are tolerance values defined using machine
data by which amount the results of the two channels may deviate from one
another without initiating a response (e.g. tolerance for crosswise data
comparison of actual positions).
Note
Errors that are discovered as a result of the forced checking procedure or
crosswise data comparison lead to a STOP F response (refer to Chapter 3,
"Stop responses") and initiate a further stop response when Safety Integrated
is active.
Forced checking
procedure with Safety
Integrated
Error in the monitoring
channel
Crosswise data
comparison
11.03 2 General Information about Integrated Safety Systems
2.6 Basics of SINUMERIK Safety Integrated
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-35
2.6.4 Monitoring clock cycle and crosswise data comparison clock
cycle
The safety-relevant functions are monitored cyclically in the monitoring cycle
that can be set jointly for all axes/spindles via the following machine data:
Setting the monitoring cycle time
For 840D MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO
The specified clock cycle is checked and rounded to the next
possible value when the control runs-up and every time the
machine data changes.
The resulting monitoring cycle is displayed via MD 10091:
$MN_INFO_SAFETY_CYCLE_TIME
(refer to Chapter 4, "Machine data for SINUMERIK 840D").
For 611 digital MD 1300: $MD_SAFETY_CYCLE_TIME
(refer to Chapter 4, "Machine data for SIMODRIVE 611
digital")
!
Warning
The monitoring cycle determines the response time of the safety-relevant
functions. It must therefore be selected to be ≤ 25 ms. The higher the
monitoring cycle setting, the greater the amount by which the monitored limit
value is violated in the event of an error and the more the drives overshoot. .
MD 10092: $MN_INFO_CROSSCHECK_CYCLE_TIME specifies the maximum
crosswise comparison clock cycle in seconds. If the monitoring clock cycle is
modified, then the crosswise comparison clock cycle is also changed.
To be able to support the various functional configurations of the individual
controls, the crosswise data comparison between the NCK and 611 digital
monitoring channels has been extended on an axis-specific basis.
An axial MD 36992: $MA_SAFE_CROSSCHECK_CYCLE has been introduced
to display the current crosswise data comparison cycle time for each axis.
2.6.5 User agreement
"User agreement" is the confirmation by an appropriately authorized person
that the currently displayed SI actual position of an axis corresponds to the
actual position on the machine.
To check whether this is the case, the axis can be traversed, for example, to a
known position (e.g. a visual mark) or measured and the SI actual position in
the "User agreement" display compared with the measurement result.
An axis/spindle with integrated safety functions can have the following status:
User agreement = yes or
User agreement = no
The "User agreement" window always displays the following data for each
axis/spindle with activated Safety Integrated:
• Machine axis name
Setting the monitoring
cycle time
Displaying the
comparison clock
cycle
Description
2 General Information about Integrated Safety Systems 11.03
2.6 Basics of SINUMERIK Safety Integrated
© Siemens AG 2003 All Rights Reserved
2-36 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
– SI position
– User agreement.
A user agreement is only required when "safe software limit switches" (SE)
and/or " Safe software cams" (SN) are being monitored for an axis/spindle, i.e.
When the axis/spindle is commissioned for the first time.
When the user intends or needs to re-reference the axis/spindle reliably by
hand.
If the check of the standstill position against the current position after power
on was not correct and the user agreement has been cancelled by the
control system.
After an axis/spindle has been parked
(only if the change in position is greater than that defined using MD 36944:
Tolerance actual value comparison (referencing)).
Note
An axis/spindle must have the status "User agreement = yes" before the
functions SN and SE can be used.
For further information about the user agreement function, please refer to
Chapter 2, "Adjustment, measurement, axis states and previous history".
Applicable to 840D with SW 3.6 and higher
In the case of axes and spindles that do not have configured safety functions
"SE" and "SN", the saved zero-speed position is not evaluated if a user
agreement has not been given.
!
Warning
If the drive is not reliably referenced and a user agreement has not been
given, then the following applies:
– The "safe software cams" are active, but not yet safe in the sense of control
Class 3.
– The "safe software limit switches" are not yet active
Before a user agreement can be given, the protective interlock must be
canceled:
• Keyswitch position
in position 3 "User agreement" can be given.
The interlock must be re-activated (e.g. by removing the key) afterwards.
2.6.6 Enabling safety-related functions
SINUMERIK Safety Integrated® (SI) with safety-relevant functions is enabled
via a basic and axis option.
The SH function is operative if at least one safety-relevant function is activated.
The enabling command determines the number of axes/spindles for which SI
can be activated.
When does a user
agreement need to be
given?
User agreement
interlock
Global enable
11.03 2 General Information about Integrated Safety Systems
2.6 Basics of SINUMERIK Safety Integrated
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-37
Ordering data option
SINUMERIK Safety Integrated, with one axis/spindle only, can only operate
with an appropriate extension.
Which safety functions are to be effective can be selected for each axis
individually with the following machine data:
For 840D MD 36901: $MA_SAFE_FUNCTION_ENABLE
(refer to Chapter 4, "Machine data for SINUMERIK 840D")
For 611 digital MD 1301: $MD_SAFE_FUNCTION_ENABLE
(refer to Chapter 4, "Machine data for SIMODRIVE 611 digital")
In addition to other settings, the following functions can be individually enabled:
• SBH/SG
• SE
• SN1+ , SN1 -, SN2 +, SN2 -, SN3 +, SN3 -, SN4 +, SN4-
• SG override
• Slip
• External stop signals
• Cam synchronization
• EMERGENCY STOP (SW 6.4.15 and higher)
Note
• To ensure that SBH can always be selected in the event of an error, the
function SBH/SG must be activated and correctly parameterized when
the function SE and/or SN is enabled.
• The axis-specific enabling data in the NCK must be identical to the data
in the drive or else an error message will be output when data is cross-
checked (crosswise data comparison).
• An axis is treated as an axis in terms of the global option if at least one
safety-relevant function is activated via the axis-specific enabling data.
• The maximum number of axes that may operate using the safety
functions is determined by the number that has been enabled by the
basic and axis option.
Enabling safety-
relevant functions
2 General Information about Integrated Safety Systems 11.03
2.7 Increasing the availability using integrated safety technology
© Siemens AG 2003 All Rights Reserved
2-38 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
2.7 Increasing the availability using integrated safety
technology
By combining the safety functions covered in Chapter 3.1 "Overview of safety-
relevant functions" it is possible to implement completely new concepts for
operation on machines with different requirements. Intervention by the user,
e.g. in the tool magazine or setup location can be performed parallel to
production.
The most important consideration, however, is always the best possible
protection of the user while at the same time being able to use the machine for
the intended purpose.
Machine protection (machine, workpiece, tool, ...) can also profit to a large
extent from the advantages of these new possibilities.
Integrated safety technology now takes the emphasis away from purely
hardware and electro-mechanical-based solutions to those based on software
and electronics, thus gradually replacing technology that is subject to wear.
Integrated safety technology by its very concept provides intelligent system
control right down to the sensors and actuators. This results in a new
diagnostics concept that offers preventive error detection. Even with errors that
occur suddenly during production, the risk of injury to the operator and damage
to the machine can be confined to a minimum by fast error detection and
coordinated, safe shutdown.
Integrated safety technology allows
• Optimized processes
• Sub-processes to be able to operate in parallel
• Simpler machine infrastructures
• Practical machine handling concepts.
The effect on the availability
− Reduced error potential
− Longer production times
− Shorter downtimes
When applied consistently, integrated safety technology offers considerable
potential for increasing the availability.
Integrated safety
technology
Effect
11.03 2 General Information about Integrated Safety Systems
2.8 Overview of the safety-related functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-39
2.8 Overview of the safety-related functions
The safety-related functions are available in all modes and can communicate
with the process using safe input/output signals.
They can be implemented individually for each individual axis:
• Safe standstill
A monitoring function or sensor (e.g. light barrier) responds and brings a
moving drive to a standstill.
• Safe operating stop (SBH)
Monitors the drives during standstill. The drives remain fully functional in
the position controlled mode.
• Safe standstill (SH)
The drive pulses are cancelled. The energy feed is safely and
electronically disconnected.
• Safely-reduced speed (SG)
Configured speed limits are monitored, e.g. when setting-up without using
an agreement button.
• Safe software limit switches (SE)
Variable traversing range limits
• Safe software cam (SN)
Range detection
• Safe input/output signals (SGE/SGA)
Interface to the process
• Safe programmable logic (SPL)
All of the safe signals and internal logic are directly connected.
• Safe brake management (SBM)
Two-channel brake control and cyclic brake test
• Safety-relevant communication via standard bus connection of distributed
I/Os for process and safety signals via PROFIBUS using the PROFIsafe
protocol
• Safe software relay (SI relay)
Designed to implement an EMERGENCY STOP with safe programmable
logic and similar requirements.
• Safe braking ramp (SBR)
Monitors the speed characteristic. The actual speed must be reduced after
stop request has been issued.
2 General Information about Integrated Safety Systems 11.03
2.9 System prerequisites
© Siemens AG 2003 All Rights Reserved
2-40 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
2.9 System prerequisites
• SINUMERIK 840 D; all CPU versions may be used
• Software option "SINUMERIK Safety Integrated"
Basic function for up to 4 axes
Additional function from the 5th axis (if required)
Axis/spindle package for a further 13 axes (if required)
• The measuring circuit cables must meet the specifications of the
SIMODRIVE 611 digital
• SIMODRIVE 611 digital drive converter
Control modules with additional input for direct measuring system
• SIMODRIVE 611 digital
• SIMODRIVE 611 digital with Performance/High Performance or Standard 2
control/High Standard with an additional input for a direct measuring
system
• NCU terminal block with DMP modules for the NCK I/Os.
• SIMODRIVE 611digital High Standard or High Performance with an
additional input for a direct measuring system
• SINUMERIK software release, at least 6.3.30
• NCU terminal block with DMP modules for the NCK I/Os.
• Simple I/O module (instead of SIMATIC I/Os)
• SIMATIC S7 I/O modules for the PLC.
• SINUMERIK 840 D with NCU 561.4 / 571.4 / 5.72.4 / 573.4 (NCU 573.5
being prepared)
• SINUMERIK software release, as a minimum 6.3.30
• Software option "I/O interface via PROFIBUS DP"
• S7 – F configuring package
• ET 200 S PROFIsafe
• The axis may not be an axis with shift gearbox.
• The function is not possible with the default configuration OP 030. User
agreement is given via a PLC application program.
• No drives subject to slip.
• It is not possible to "Copy/Confirm" the safety machine data via the hand-
held unit HT6.
General prerequisites
Pulse cancellation via
terminal 663
NC internal pulse
cancellation
Separate NC and
PLC I/Os
PROFIsafe
Prerequisite for SE
and SN
Limitations when
using the HT6
11.03 2 General Information about Integrated Safety Systems
2.9 System prerequisites
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-41
2.9.1 Order numbers
Table 2-6 SINUMERIK 840D
NCU modules Order No.:
NCU 561.4 6FC5356-0BB12-0AE0
NCU 571.4 6FC5357-0BB12-0AE0
NCU 572.4 6FC5357-0BB23-0AE0
NCU 573.4 6FC5357-0BB34-0AE0
NCU 573.5 6FC5357-0BB35-0AE0
Software option SINUMERIK Safety
Integrated
Basic function up to 4 axes/spindles 6FC5250-0AC10-0AA0
Additional function from the 5th axis/spindle
onwards
6FC5250-0AC11-0AA0
Axis/spindle pack for additional 13 axes/
spindles
6FC5250-0AC12-0AA0
NCK I/Os
NCU terminal block 6FC5211-0AA00-0AA0
DMP Compact 16A, 24V, DC 6FC5111-0CA01-0AA0
DMP Compact 16A, 24V, DC, 0.5A 6FC5111-0CA02-0AA2
DMP Compact 8A, 24V, DC, 2A 6FC5111-0CA03-0AA2
Accessories
Cable distributor 6FX2006-1BA02
Software option
for I/O interface via PROFIBUS DP
6FC5252-0AD00-0AA0
Simple I/O module 6FC5411-0AA00-0AA0
Table 2-7 SIMODRIVE 611 digital
Designation Order No.:
High-standard – 2 axis 6SN1118-0DM33-0AA0
High-performance – 1 axis 6SN1118-0DJ23-0AA0
High-performance – 2 axis 6SN1118-0DK23-0AA0
SINUMERIK 840D
SIMODRIVE 611 digital
2 General Information about Integrated Safety Systems 11.03
2.9 System prerequisites
© Siemens AG 2003 All Rights Reserved
2-42 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
PLC
(SIMATIC S7-300)
Table 2-8 PLC (SIMATIC S7-300
Interfaces Order No.:
Interface IM 360 6ES7360-3AA01-0AA0
Interface IM 361 6ES7361-3CA01-0AA0
Interface IM 365 6ES7365-0BA01-0AA0
Interface IM 365 (extended temperature range) 6ES7365-0BA81-0AA0
Digital input modules SM 321
16 inputs / 24 V DC 6ES7321-1BH02-0AA0
16 inputs / 24 V DC (extended temperature
range)
6ES7321-1BH82-0AA0
16 inputs, 24 V, DC m - reading 6ES7321-1BH50-0AA0
32 inputs / 24 V DC 6ES7321-1BL00-0AA0
32 inputs / 24 V DC (extended temperature
range)
6ES7321-1BL80-0AA0
16 inputs / 24 V DC, diagnostics capable 6ES7321-7BH00-0AA0
16 inputs / 24 V DC, diagnostics capable
(extended temperature range)
6ES7321-7BH80-0AA0
16 inputs, 120 V, AC 6ES7321-1EH01-0AA0
32 inputs, 120 V, AC 6ES7321-1EL00-0AA0
8 inputs, 120/230 V, AC 6ES7321-1FF01-0AA0
Digital output modules SM322
16 outputs, 24 V, DC, 0.5 A 6ES7322-1BH01-0AA0
16 outputs / 24 V DC 0.5 A (extended
temperature range)
6ES7322-1BH81-0AA0
32 outputs, 24 V, DC, 0.5 A 6ES7322-1BL00-0AA0
8 outputs, 24 V, DC, 0.5 A
diagnostics capable
6ES7322-8BF00-0AA0
16 outputs, 120 V, AC, 0.5 A 6ES7322-1EH01-0AA0
32 outputs, 120 V, AC, 1 A 6ES7322-1EL00-0AA0
8 outputs, 24 V, DC, 2 A 6ES7322-1BF01-0AA0
8 outputs, 120/230 V, AC, 1 A 6ES7322-1FF01-0AA0
8 outputs / 120/230 V AC 1 A
(extended temperature range)
6ES7322-1FF81-0AA0
8 outputs, relay contacts 2 A 6ES7322-1HF01-0AA0
8 outputs, relay contacts 5 A 6ES7322-1HF10-0AA0
8 outputs, relay contacts 5 A
(extended temperature range)
6ES7322-1HF80-0AA0
16 outputs, relay contacts 2 A 6ES7322-1HH00-0AA0
Digital input/output modules SN323
8 inputs / 8 outputs 6ES7323-1BH01-0AA0
8 inputs / 8 outputs
(extended temperature range)
6ES7323-1BH81-0AA0
16 inputs / 16 outputs 6ES7323-1BL00-0AA0
Please refer to Catalog ST 70 for further SIMATIC components
11.03 2 General Information about Integrated Safety Systems
2.10 Customer Support
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-43
PROFIsafe ET 200 S
Table 2-9 PROFIsafe ET 200 S
Designation Order No.:
Interface IM 151 HF 6ES7151-1BA00-0AB0
Electronic module 4/8 F - DI 6ES7138-4FA00-0AB0
Electronic module 4/8 F - DO 6ES7138-4FB00-0AB0
Terminal module for F – DI and F – DO
With screw terminal 6ES7193-4CG20-0AA0
With spring-loaded terminal 6ES7193-4CG30-0AA0
With screw terminal 6ES7193-4CF40-0AA0
With spring-loaded terminal 6ES7193-4CF50-0AA0
Power module
Standard 24 V DC 6ES7138-4CA00-0AA0
Standard 24 V DC / 120/230 V AC 6ES7138-4CB10-0AB0
Fail-safe 24 V DC 6ES7138-4CF00-0AB0
Terminal module for fail-safe
power module
With screw terminal 6ES7193-4CK20-0AA0
With spring-loaded terminal 6ES7193-4CK30-0AA0
Terminal module for standard power module
With screw terminal 6ES7193-4CC20-0AA0
With spring-loaded terminal 6ES7193-4CC30-0AA0
With screw terminal 6ES7193-4CD20-0AA0
With spring-loaded terminal 6ES7193-4CD30-0AA0
With screw terminal 6ES7193-4CK20-0AA0
With spring-loaded terminal 6ES7193-4CK30-0AA0
S7 F configuration pack (Distributed Safety) 6ES7833-1FC00-0YX0
Please refer to Catalog ST 70 for further ET 200 S components
2.10 Customer Support
The Centre of Competence Service (CoCS) – Sinumerik Safety Integrated®
provides a range of services for users.
Contact addresses
Hotline: Phone: 0180-5050-222
Fax: 0180-5050-223
E-Mail: ad.support@siemens.com
Inquiry, specifying 840D Safety Integrated
Order per: Phone: +49 (0)9131 98 4386
Fax: +49 (0)9131 98 1359
Table 2-10 Service spectrum (for machine manufacturers and end customers)
Offer Description of services
Concept development The safety functions are adapted to the machine on the basis of the
hazard analysis and the operating philosophy requested by the customer.
This includes e.g.:
• Planned operating modes
• Safety functions when the protective doors are closed
• Safety functions when the protective doors are open
• EMERGENCY STOP concept
• A study of the safety-relevant external signals and elements
Standard configuration Based on the concept development the standard functions
• Safe standstill (SH), safe operating stop (SBH)
2 General Information about Integrated Safety Systems 11.03
2.10 Customer Support
© Siemens AG 2003 All Rights Reserved
2-44 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Offer Description of services
• Safely-reduced speed (SG)
• Safe software limit switch (SE), safe software cam (SN)
are integrated into the circuit diagram of the machine. External safety
elements (e.g. door locking, EMERGENCY STOP button, ...) are either
configured conventionally or logically combined via the "safe
programmable logic" (SPL) function.
SPL configuration Based on the standard configuration the following objects are created for
SPL:
• Function diagram
• Logic program for the PLC area
• Logic program for the NC area
• Required data modules (e.g. DB18)
Linking these objects into the overall system
Commissioning On the basis of the configuration that has been created, the safety
functions are commissioned. The customer provides the machine so that
the drives can be traversed and the control cabinet is wired according to
the configuration.
Acceptance report On the basis of the submitted configuration documentation and
commissioning, an acceptance report for the safety functions is drawn-
up. These include:
• Description of the machine (name, type, ...)
• Description of the safety and operating concepts
• Description of the axis-specific safety functions
• Testing of all safety functions including the SPL logic
• Records of the test results
The customer will receive the acceptance report as hardcopy and on an
electronic data medium.
Approval procedure Support with processing and line of argument for the approval procedure
by certified bodies (e.g. regulatory bodies) or large end customers.
Workshop Workshops on the subject of machine safety are adapted to customer's
specific requirements and can take place on the customer's premises, if
necessary. Possible contents:
• Machinery Directive, Standards in general
• C standards (machine-specific)
• Hazard analysis, risk analysis
• Control categories (to EN 954-1)
• SINUMERIK Safety Integrated - function and system description
• Configuration, machine data
• Start-up
• Acceptance report
Hotline An expert for 'SINUMERIK Safety Integrated' can be reached at the
hotline number should serious errors or problems occur during installation
and commissioning.
On-site service Experts analyze problems encountered on-site. The causes are
eliminated or a remedy is drawn-up and implemented where necessary.
11.03 2 General Information about Integrated Safety Systems
2.11 Powering the control up and down
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-45
2.11 Powering the control up and down
The safety functions are only available and ready to be activated after the
control system has completely run-up.
We recommend that you select the "Safe operating stop" (SBH) function.
!
Warning
The safety functions are not active while the control system is running-up.
The operator must remain outside the danger zone during this period.
We recommend a complete forced checking procedure after powering-up (refer
to Chapter 3, "Testing the shutdown paths").
− The position at which axes with safety functions reach a standstill is
saved in a non-volatile memory when safe operating stop (SBH) is
selected. For axes configured with SE and SN, the position data is used
for an internal position check when the system is powered-up again.
− The following applies when SE/SN is active:
The standstill position is also saved cyclically.
For this reason, the user should only power-down the control when the
axes/spindles with safety functions have stopped moving.
Note
If the axis is moved with the power supply disconnected, then the saved
standstill position no longer matches the current position. For axes with safety
functions SE and SN, when the control is powered-up again, a user
agreement must again be given after the position has been checked.
What to remember
when powering-up the
control
What to remember
when powering-down
the control
2 General Information about Integrated Safety Systems 11.03
2.12 Error analysis
© Siemens AG 2003 All Rights Reserved
2-46 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
2.12 Error analysis
The SINUMERIK 840D control with SIMODRIVE 611 digital is equipped with
various monitoring functions that detect system errors and initiate the
appropriate reactions (refer to the relevant documentation).
These standard functions do not comply with safety Category 3 according to
EN 954-1.
The safety functions of SI that are based on crosswise data comparison and
forced checking procedure are capable of detecting system errors and bringing
the machine into a safe condition (refer to Chapter 3, "Safety Functions").
Based on the appropriate Directives and Standards, a detailed fault analysis is
carried-out using SINUMERIK Safety Integrated. The subsequently listed brief
summary lists the disturbing effects and system faults controlled by
SINUMERIK Safety Integrated with an extremely low residual risk; whereby
the basis was disturbing quantities that are already known.
Table 2-11 Error analysis in the set-up mode
Assumed error Error causes Error control MDIR, Appendix 1) Comments
Spindle speed
too high
Defect in the
drive or control
system,
Encoder fault in
2-encoder
operation,
operator error
etc.
Safe limitation of speed
or axis velocity with SG;
configurable stop
functions according to
Cat. 2
Chapter 1.2.4
Chapter 1.2.7
Chapter 1.3.6
According to currently
applicable standards (TC143),
the SG function is – depending
on the technology – only
permissible in combination with
agreement, jog mode, start
button and Emergency Stop
Axis speed too
high
According to currently
applicable standards (TC143),
the SG function is – depending
on the technology – only
permissible in combination with
jog mode, start button and
Emergency Stop
Axis or spindle
has
inadmissibly
moved away
from standstill
position
Defect in the
drive or control
system,
operator error
etc.
Safe standstill monitoring
for position control with
SBH;
configurable stop
function, Cat. 0/1
Chapter 1.2.6
Chapter 1.2.7
Chapter 1.3.6
Chapter 1.4.2
Chapter 1.4.3
Low-wear safe shutdown of the
energy feed to the drive,
this function does not replace
the main machine breaker
Safe standstill with SH,
Stop function, Cat. 0
for electrical isolation
Axes have
inadmissibly
exited operating
range
Defect in the
drive or control
system,
operator error
etc.
" Safe software limit
switches" SE;
configurable stop
functions according to
Cat. 2
Chapter 1.2.4
Chapter 1.2.7
Chapter 1.3.7
Chapter 1.3.8
Is essentially used for
machinery protection,
can also be used to restrict
working zones in conjunction
with personnel protection
Response of
machine control
to incorrect
position signal
Defect in the
control
operator error
etc.
"Safe software cams" SN;
safe signal and position
output
Chapter 1.2.4
Chapter 1.2.7
Chapter 1.3.8
Chapter 1.4.2
Chapter 1.4.3
Wear-free "safe software cams
(SN)
used to safely detect the
position of axes.
Can be used to isolate physical
areas
Error relating to
the input/output
of process data
Defective
cable,
incorrect
information, or
similar
Two-channel input/output
of safety-relevant signals
(SGE/SGA), crosswise
data comparison;
initiation of stop functions
according to Cat. 1
Chapter 1.2.5
Chapter 1.3.8
Chapter 1.4.2
Chapter 1.4.3
External two-channel inputs or
further processing required if
function is intended to protect
operating personnel
1) refer to: Appendix, References General /1/
Monitoring
Fault analysis
11.03 2 General Information about Integrated Safety Systems
2.12 Error analysis
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-47
Table 2-12 Error analysis in test mode
Assumed error Error causes Error control MDIR, Appendix 1) Comments
Spindle speed
too high
Defect in the drive or
control system,
encoder fault in 2-
encoder operation,
operator error etc.
Safe limitation of speed
or axis velocity with SG;
configurable stop
functions according to
Cat. 2
Chapter 1.2.4
Chapter 1.2.7
Chapter 1.3.6
According to currently
applicable standards
(TC143), the SG function
– depending on the
technology – is only
permissible in combination
with agreement, jog mode,
start button and
Emergency Stop
Axis speed too
high
or similar According to currently
applicable standards
(TC143), the function –
depending on the
technology – is only
permissible in combination
with JOG mode, start
button and Emergency
Stop
Axis or spindle
has inadmissibly
moved away
from standstill
position
Defect in the drive or
control system,
operator error etc.,
part program error
or similar
Safe standstill
monitoring for position
control with SBH;
configurable stop
function acc. To Cat.
0/1
Chapter 1.2.6
Chapter 1.2.7
Chapter 1.3.6
Chapter 1.4.2
Chapter 1.4.3
No wear, safe
disconnection of energy
feed to drive to allow
manual intervention in
danger zone; function
does not replace machine
main switch
Safe standstill with SH,
Stop function, Cat. 0
with respect to electrical
isolation
Axes have
inadmissibly
exited operating
range
Defect in the drive or
control system,
operator error etc.,
part program error
or similar
"Safe software limit
switches" SE;
configurable stop
functions according to
Cat. 2
Chapter 1.2.4
Chapter 1.2.7
Chapter 1.3.7
Chapter 1.3.8
Wear-free safe cams,
are essentially used for
machinery protection,
can also be used to
restrict working zones in
conjunction with personnel
protection
Response of the
machine control
to incorrect
position signal
Defect in the control
operator error,
part program error
or similar
"Safe software cams"
SN;
safe signal and position
data output
Chapter 1.2.4
Chapter 1.2.7
Chapter 1.3.8
Chapter 1.4.2
Chapter 1.4.3
Wear-free "safe software
cams"
used to safely detect the
position of axes.
Can be used to demarcate
physical areas
Error relating to
the input/output
of process data
Defective cable,
incorrect information
or similar
Two-channel
input/output of safety-
relevant signals
(SGE/SGA), crosswise
data comparison;
initiation of stop
functions according to
Cat. 1
Chapter 1.2.5
Chapter 1.3.8
Chapter 1.4.2
Chapter 1.4.3
External two-channel
inputs or further
processing required if
function is intended to
protect operating
personnel
1) refer to: Appendix, References General /1/
2 General Information about Integrated Safety Systems 11.03
2.12 Error analysis
© Siemens AG 2003 All Rights Reserved
2-48 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Table 2-13 Error analysis in automatic mode
Assumed error Error causes Error control MDIR, Appendix 1) Comments
Spindle or axis
speed/velocity too
high
Defect in the drive
or control system,
encoder fault in
2-encoder
operation,
operator error, part
program error or
similar
Safe limitation of speed
or axis velocity with SG;
configurable stop
functions according to
Cat. 2
Chapter 1.2.4
Chapter 1.2.7
Chapter 1.3.6
According to the status
of the various Standards
(TC143), the SG function
is only permissible with
effective
protective devices and
equipment
(e.g. protective doors)
Axis or spindle
has inadmissibly
moved away from
standstill position
Defect in the drive
or control system,
operator error, part
program error, or
similar
Safe standstill
monitoring for position
control with SBH;
configurable stop
function, Cat. 0/1
Chapter 1.2.6
Chapter 1.2.7
Chapter 1.3.6
Chapter 1.4.2
Chapter 1.4.3
Low-wear safe shutdown
of the energy feed to the
motor to allow manual
interventions in the
hazardous zone (safe
location).
Safe standstill with SH
Stop function according
to Category 0
This function does not
replace the main
machine breaker
regarding electrical
isolation
Axes have
inadmissibly
exited operating
range
Defect in the drive
or control system,
operator error, part
program error or
similar
"Safe software limit
switches" SE;
configurable stop
functions according to
Cat. 2
Chapter 1.2.4
Chapter 1.2.7
Chapter 1.3.7
Chapter 1.3.8
Wear-free safe limit
switch,
Is essentially used for
machinery protection,
can also be used to
restrict working zones in
conjunction with
personnel protection
Response of the
machine control to
incorrect position
signal
Defect in the control,
operator error, part
program error or
similar
"Safe software cams"
SN;
safe signal and position
data output
Chapter 1.2.4
Chapter 1.2.7
Chapter 1.3.8
Chapter 1.4.2
Chapter 1.4.3
Wear-free, "safe
software cams" for
reliable detection of axis
positions,
can be used to
demarcate physical
areas
Error relating to
the input/output of
process data
Defective cable,
incorrect
information, or
similar
Two-channel input/
output of safety-relevant
signals (SGE/SGA),
crosswise data
comparison; initiation of
stop functions
according to Cat. 1
Chapter 1.2.5
Chapter 1.3.8
Chapter 1.4.2
Chapter 1.4.3
External two-channel
inputs or further
processing required if
function is intended to
protect operating
personnel
Table 2-14 General error analysis
Assumed error Error causes Error control MDIR, Appendix 1) Comments
Error has not
been detected
because function
is not active
Defect in the drive
or control system or
similar
Time-controlled request
or automatic forced-
checking procedure and
crosswise data
comparison, initiation of
stop functions according
to Cat. 0
Chapter 1.2.7 Forced-checking
procedure must be
supported by the user
depending on the
process
Incorrect safety
machine data
(MD)
Incorrect
information,
operator error or
similar
Visual check with Accept
softkeys, crosswise data
comparison, checksum,
initiation of stop functions
according to Cat. 0/1
Chapter 1.2.7 Must be confirmed using
acceptance test during
start-up
Incorrect absolute
position of axis or
spindle
Incorrect
information, axis
mechanically
influenced or
similar
User agreement
after referencing or after
power-up
Chapter 1.2.7
Chapter 1.3.8
The assignment to
machine zero must be
carried-out during start-
up
1) refer to: Appendix, References General /1/
11.03 2 General Information about Integrated Safety Systems
2.12 Error analysis
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-49
Error control enables easy and cost-effective implementation of the
requirements of Machinery Directive 98/37EC (MDIR column, Appendix 1).
1.2.41) Stopping, normal stopping and stopping in an emergency
1.2.51) Mode selector switch
1.2.61) Power supply fault
1.2.71) Control circuit fault
1.3.61) Risks relating to variations in tool speeds
1.3.71) Preventing risks relating to moving parts
1.3.81) Selecting protective equipment against risks relating to moving parts
1.4.21) Special requirements placed on isolating protective equipment
1.4.31 ) Special requirements placed on non-isolating protective equipment.
Risk assessment enables the machine manufacturer to determine the residual
risk for his machine with respect to the control. The following residual risks are
defined:
• SI is not active until the control system and drive have completely run-up.
SI cannot be activated if any one of the control or drive components is not
powered-up.
• Faults in the absolute track (C-D track), cyclically interchanged phases of
motor connections (V-W-U instead of U-V-W) and a reversal in the control
direction can cause an increase in the spindle speed or axis motion.
Category 1 and 2 Stop functions according to EN 60204-1 (defined as
Stops B to E in Safety Integrated) that are provided are not effective due to
the fault. Category 0 stop function according to EN 60204-1 (defined as
Stop A in Safety Integrated) is not activated until the transition or delay
time set via machine data has expired. When SBR is active, these errors
are detected (STOP B/C) and the Category 0 stop function according to
EN 60204-1 (STOP A in Safety Integrated system) is activated as early as
possible irrespective of this delay (refer to Chapter 3.8, "Safe braking
ramp").
Electrical faults (defective components etc.) can also result in the response
described above.
• When incremental encoders are used, the functions "safe software limit
switch" (SE) and "safe software cam" (SN) are not guaranteed until
referencing has been successfully completed.
• When no user agreement has been given (refer to Chapter 2 "User
agreement"), the safe software limit switches (SE) are not operative; the
safe software cams (SN) are operative, but not safe as defined by Safety
Integrated.
• The simultaneous failure of two power transistors (one in the upper and the
other offset in the lower inverter bridge) in the inverter may cause the axis
to move briefly.
Example: Synchronous motor:
1) Refer to: Appendix, References General /1/
Topics or Chapter
headings of MDIR,
Appendix 1
Residual risk
2 General Information about Integrated Safety Systems 11.03
2.12 Error analysis
© Siemens AG 2003 All Rights Reserved
2-50 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
For a 6-pole synchronous motor, the axis can move by a maximum of
30 degrees. With a ballscrew that is directly driven by, e.g. 20 mm per
revolution, this corresponds to a maximum linear motion of approximately
1.6 mm.
Example, synchronous linear motor:
For a synchronous linear motor the movement must be no more than one
pole width. This corresponds to the following distances:
1FN1-07 2 7 mm
1FN1-12/-18/-24 36 mm
1FN3 20 mm
• For a 1-encoder system, encoder faults are detected by various HW and
SW monitoring functions. These monitoring functions may not be de-
activated and must be parameterized carefully. Depending on the error
type and which monitor responds, a Category 0 or Category 1 stop function
according to EN 60204-1 (defined as STOP A or B in SINUMERIK Safety
Integrated®) is activated.
• The Category 0 stop function according to EN 60204-1 (defined as
STOP A in Safety Integrated) means that the spindles/axes are not braked
to zero speed, but coast to a stop (this may take a very long time depen-
ding on the level of kinetic energy involved). This must be included in the
protective door locking mechanism logic (e.g. with the logic operation n<nx.
• When a limit value is violated, the speed may exceed the set value briefly
or the axis/spindle may overshoot the setpoint position to a greater or
lesser degree during the period between error detection and system
response. This depends on the dynamic response of the drive and the
parameter settings (refer to Chapter 3, "Safety-relevant functions").
• A position-controlled axis may be forced out of the safe operating stop
state (SBH) by mechanical forces that are greater than the max. axis
torque. In such cases, a safe standstill (SH) is activated.
• SI is not capable of detecting parameterization and programming errors
made by the machine manufacturer. The required level of safety can only
be assured by thorough and careful acceptance testing.
• Drive power modules and motors must always be replaced with the same
equipment type or else the parameters will no longer match the actual
configuration and cause SI to respond incorrectly. The axis involved must
be re-commissioned if an encoder is replaced.
11.03 2 General Information about Integrated Safety Systems
2.13 Others
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-51
2.13 Others
2.13.1 Applications
The pulse enable command must be cancelled via drive terminal 663 before the
park state is activated (via interface signal "Park"). This can be done by means
of the NCK-SGE "Test stop selection" (the message "Test stop active" is then
displayed). The pulse enable signal may not be applied again until the park
state has been deselected. Pulses are cancelled via SGA "Enable pulses". The
pulses can be cancelled by selecting external stop A (corresponds to "Safe
standstill").
When the "parking" function is selected, actual value acquisition and the
position measuring system monitoring are de-activated for an axis/spindle. The
NCK actual value is frozen and mechanical actual value changes are no longer
detected. This also applies to the actual value acquisition of the two safety
monitoring channels NCK and 611 digital.
The absolute reference of an axis can therefore no longer be reliably detected.
The safety monitoring channels respond as follows:
− Alarms 27000/300950 are displayed "Axis no longer safely referenced"
− SGA "Axis safely referenced" cancelled on NCK and drive side.
The user can align the actual value acquisition of the safety monitoring
channels by referencing/synchronizing to the machine position. These alarms
are only displayed for axes for which safety monitoring functions with absolute
reference are activated, i.e. for SE and SN. They are not displayed for axes
without these monitoring functions.
Machine data SAFE_PARK_ALARM_SUPRESS can be used to suppress
Alarms 27000/300950.
The machine manufacturer must take various measures (refer to Chapter 2,
"System prerequisites") to prevent vertical axes from falling when the safe
standstill function is activated (e.g. after STOP B/A). This means that the
mechanical brake must be controlled as quickly as possible.
From SW 6.3.21, a function check of the mechanical braking system is carried-
out for all axes that must be held using a holding brake to prevent movement in
the open-loop controlled mode (refer to Chapter 8.3).
When the measuring systems are changed-over (selected) via interface signals
"Position measuring system 1" (DB 31..., DBX1.5)
"Position measuring system 2" (DB 31..., DBX1.6), the following applies:
The encoder used by the position controller is changed over.
Note
SI continues to work with the configured encoder.
Parking an axis
Parking axes with
absolute reference
Vertical axis:
Measuring system
changeover on 840D
2 General Information about Integrated Safety Systems 11.03
2.13 Others
© Siemens AG 2003 All Rights Reserved
2-52 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Stop responses Stop A, B, C for gantry axes are initiated as fast as possible
for all of the axes in the group. However, if unacceptable offsets result because
of the differing braking behavior of the axes, then stop response Stop D should
be configured.
Note
The user must ensure that terminal 663 is controlled simultaneously for all
drive modules in a single gantry group.
2.13.2 Information for OEM users
If SINUMERIK Safety Integrated (SI) and OEM applications (for MMC) are
used at the same time, the following points must be observed.
!
Important
1. The PLC interface signals (DB31, ...) with safety-relevant drive inputs
and outputs must not be written using the variable service of the NCDDE
server.
2. Writing machine data using the variable service
An acceptance test must be performed if SI machine data has been
changed using the variable service of the NCDDE server.
3. Changing alarm priorities
The alarm priorities selected for SI must be retained.
4. Changing alarm texts
The alarm texts of the SI alarms can be modified: This must be clearly
documented for the user.
5. "Carry-out acceptance test" message box
The "Carry-out acceptance test" may not be modified!
6. User agreement
Functions relating to the user agreement (e. g. call, protective
mechanism) may not be altered.
SINUMERIK Safety Integrated® can also be used for NCK-OEM applications.
Note
System memory change
System memory changes caused by the OEM application result in
Alarm 27003 "Checksum error occurred".
Gantry axes for 840D
SINUMERIK 840D:
Information for
MMC-OEM users
Information for
NCK-OEM users
11.03 2 General Information about Integrated Safety Systems
2.13 Others
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 2-53
2.13.3 Overtemperature
It must be ensured that overtemperatures in the Sinumerik/Simodrive group do
not result in subsequent malfunctions – that in turn can cause safety-critical
situations. Especially if the overtemperature condition simultaneously affects
both monitoring channels (e.g. when the ambient temperature increases), the
temperature alarm signals that are present must be evaluated in order to initiate
a safety-related response in plenty of time.
The following temperature monitoring functions are active and can be evaluated
for the subsequent response.
When the associated temperature monitoring function responds, this is
indicated using the interface signal DB10.DBX109.6 "Air-temperature alarm".
When the interface signal is set, this is in conjunction with NCK Alarm 2110
"NCK temperature alarm" or Alarm 2120 "NCK fan alarm". If the temperature or
fan monitoring responds, then it is sufficient if the PLC initiates the appropriate
measures; it is not absolutely necessary that the measures are initiated using
SPL logic.
Safety-related response required:
• All safety-related outputs (SGAs) should be brought into the safe state
(logical "0")
• The drives should be brought to a standstill and the pulses then cancelled
It may make sense to derive an Emergency Stop request from the interface
signal.
When the associated temperature monitoring responds, this is indicated using
the axial interface signal DB<axis>.DBX94.0 "Motor-temperature pre-alarm".
When the interface signal is set, this is associated with drive Alarm 300614
"Axis %1 Drive %2 time monitoring, motor temperature".
It is not absolutely necessary to evaluate this signal as an appropriate response
can be already activated using the associated machine data.
If required, an evaluation can also be made as part of the SI functionality.
When the associated temperature monitoring responds, this is indicated using
the axial interface signal DB<axis>.DBX94.1 "Heatsink temperature". When the
interface signal is set, this is in conjunction with drive Alarm 300515 "Axis %1
Drive %2 heatsink temperature power module exceeded".
It is not absolutely necessary to evaluate this signal as an appropriate response
can be already activated using the associated machine data.
If required, an evaluation can also be made as part of the SI functionality.
Response to an
overtemperature fault
Temperature
monitoring NCK
Temperature
monitoring, drive,
motor temperature
Temperature
monitoring, drive
heatsink temperature
2 General Information about Integrated Safety Systems 11.03
2.13 Others
© Siemens AG 2003 All Rights Reserved
2-54 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Notes
11.03 3 Safety-Related Functions
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-55
3 Safety-Related Functions
3.1 Basic mechanisms of SI functions .............................................................. 3-57
3.1.1 Safe standstill – disconnecting the energy feed.................................... 3-57
3.1.2 Shutdown paths.................................................................................... 3-58
3.1.3 Testing the shutdown paths.................................................................. 3-61
3.1.4 Overview of the machine data for the shutdown paths ......................... 3-67
3.1.5 Stop responses..................................................................................... 3-67
3.1.6 Overview of the machine data for stop responses ................................ 3-76
3.2 External STOPs.......................................................................................... 3-77
3.2.1 Test stop for external STOPs................................................................ 3-80
3.2.2 Overview of the machine data for the "external STOPs" function ......... 3-84
3.3 Safe standstill (SH) ..................................................................................... 3-85
3.3.1 Overview of the machine data for the SH function................................ 3-86
3.4 Safe operating stop (SBH) .......................................................................... 3-86
3.4.1 Selecting/de-selecting safe operating stop ........................................... 3-87
3.4.2 Effects when the limit is exceeded for SBH .......................................... 3-90
3.4.3 Overview of the machine data for the SBH function.............................. 3-91
3.5 Safely-reduced speed (SG) ........................................................................ 3-92
3.5.1 Selecting/de-selecting the safely-reduced speed.................................. 3-94
3.5.2 Limiting the setpoint speed ................................................................... 3-96
3.5.3 Safely-reduced speed when using selector gearboxes......................... 3-97
3.5.4 Effects when the limit value is exceeded for SG ................................... 3-98
3.5.5 SG-specific stop responses .................................................................. 3-99
3.5.6 Override for safely-reduced speed........................................................ 3-100
3.5.7 Example: Override for safely-reduced speed........................................ 3-102
3.5.8 Application examples for SG ................................................................ 3-103
3.5.9 Examples for safe input of ratios........................................................... 3-103
3.5.10 Overview of the machine data for the function SG................................ 3-110
3.6 Safe software limit switches (SE)................................................................ 3-111
3.6.1 Effects when an SE responds............................................................... 3-112
3.6.2 Overview of the machine data for the SE function ................................ 3-114
3.7 Safe software cams (SN)............................................................................ 3-115
3.7.1 Effects when SN reponds ..................................................................... 3-119
3.7.2 Application example for "safe software cams" ...................................... 3-120
3.7.3 Overview of machine data for the SN function...................................... 3-123
3.8 Safe braking ramp (SBR) (840D from SW 4.2) ........................................... 3-124
3.8.1 Overview of the machine data for SBR................................................. 3-126
3.9 Safety-related input/output signals (SGE/SGA) .......................................... 3-127
3.9.1 Signal processing for the NCK monitoring channel............................... 3-132
3.9.2 Signal processing in the drive monitoring channel................................ 3-134
3.9.3 Overview of the machine data for SGE/SGA ........................................ 3-135
3
3 Safety-Related Functions 11.03
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
3-56 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)...................................... 3-136
3.10.1 NCK-SPL program................................................................................ 3-139
3.10.2 Starting the NCK-SPL using the PROG_EVENT mechanism
(from SW 6.4.15) .................................................................................. 3-141
3.10.3 Starting the NCK-SPL from the PLC user program............................... 3-144
3.10.4 Linking the NCK-SPL to the I/O and monitoring channel ...................... 3-145
3.10.5 Diagnostics/commissioning .................................................................. 3-147
3.10.6 Safe software relay (from SW 6.3.30)................................................... 3-148
3.10.7 System variables for SINUMERIK 840D............................................... 3-153
3.10.8 Behavior after POWER ON/operating mode change/reset ................... 3-155
3.10.9 SPL data on the PLC side .................................................................... 3-156
3.10.10 Direct communications between the NCK and PLC-SPL
(from SW 6.3.30) .................................................................................. 3-158
3.10.11 PLC data block (DB 18) ........................................................................ 3-160
3.10.12 Forced checking procedure of SPL signals........................................... 3-164
3.11 Encoder mounting arrangements.............................................................. 3-168
3.11.1 Encoder types....................................................................................... 3-168
3.11.2 Adjustment, calibration, axis states and historical data......................... 3-170
3.11.3 Overview of the data for mounting encoders ........................................ 3-174
3.11.4 Actual value synchronization (slip for 2-encoder systems
with SW 5.2 and higher) ....................................................................... 3-175
3.11.5 Application: Spindle with two encoders and drive with slip
(SW 5.2 and lower)............................................................................... 3-176
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP
(840D from SW 6.3.30)............................................................................. 3-179
3.12.1 Description of functions ........................................................................ 3-179
3.12.2 Available fail-safe modules ................................................................... 3-180
3.12.3 System prerequisites ............................................................................ 3-181
3.12.4 System structure................................................................................... 3-182
3.12.5 Configuring and parameterizing the ET 200S F-I/O .............................. 3-183
3.12.6 Parameterizing SINUMERIK 840D NCK............................................... 3-188
3.12.7 Parameterizing the SINUMERIK 840D PLC ......................................... 3-195
3.12.8 Response times.................................................................................... 3-196
3.12.9 Functional limitations ............................................................................ 3-196
3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) . 3-198
3.13.1 Behavior of the axial NCK monitoring channel...................................... 3-198
3.13.2 Behavior without NCK-SPL................................................................... 3-199
3.13.3 Behavior with NCK-SPL........................................................................ 3-199
3.13.4 Behavior of the drive monitoring channel.............................................. 3-200
3.13.5 SGE/SGA processing in the PLC.......................................................... 3-201
3.13.6 Limitations ............................................................................................ 3-201
3.13.7 Examples.............................................................................................. 3-201
11.03 3 Safety-Related Functions
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-57
3.1 Basic mechanisms of SI functions
The safety functions are available in all modes and can communicate with the
process using safety-related input/output signals. They fulfill the requirements
of safety category 3 (to EN 954-1) and SIL 2 (acc. to IEC 61508).
3.1.1 Safe standstill – disconnecting the energy feed
Fig. 3-1 Safe standstill – disconnecting the energy feed
Fig. 3-1 illustrates 4 basic possibilities of switching a motor into a no-torque
condition. The mode of operation of these methods differ.
¨ Main breaker: Effect -> central
Each machine must be equipped with at least one breaker. This allows the
machine to be completely electrically isolated from the line supply. This is
usually implemented using the main breaker. This measure provides protection
against electric shock when working with live components. When powered-
down, the breaker must be locked-out to prevent accidental re-closure.
≠ Integrated line contactor: Effect -> central
The entire converter can be electrically isolated using the line contactor. As far
as the converter is concerned, this measure also corresponds to a STOP A. In
the past, for an EMERGENCY STOP, the converter/motor was brought into a
no-torque condition using the integrated line contactor corresponding to a
STOP B/C. However, electrical isolation is not absolutely necessary for an
EMERGENCY STOP.
Æ Pulse cancellation in the gating unit Effect -> axis-specific
The fastest way of switching a drive, axis-by-axis, into a no-torque condition is
by canceling the pulses in the gating unit. However, this measure is still not a
safety-related measure. This means that it is still not possible to electrically
isolate the drive converter DC link (600V) from the motor.
Centrally
1. Main switch
2. Line contactor
Input to network Drive 1 Drive 2
3
M M
4
1
Axis-specifically
3. Control pulses
4. Control voltage
2
3 Safety-Related Functions 11.03
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
3-58 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Ø Optocoupler control Effect -> module-specific
When the optocoupler control voltage is switched-out, this means that when a
fault condition develops, the gating unit pulses are not converted in the power
module of the drive into a torque. Electrical isolation between the drive
converter DC link (600V) and the motor is therefore not possible. This is also
not required for the "functional safety".
Measure Ø can be controlled through two channels, physically de-coupled from
the drive and the NC. This provides an effective and safe possibility of
canceling the drive converter pulses on a module-for-module basis – and is
incorporated in the cyclic tests (forced checking procedure). The requirements
for EMERGENCY STOP are fulfilled. It is not always absolutely necessary to
open the line contactor.
Before working on live components (e.g. maintenance, service …) it is always
necessary to isolate the machine from the line supply.
3.1.2 Shutdown paths
The drive pulses must be cancelled through two channels. The machine
manufacturer needs to configure a shutdown path in the NCK monitoring
channel and another in the drive monitoring channel.. (refer to Fig. 3-2,
"Shutdown path of the drive CPU" and Fig. 3-3, "Shutdown path of the NCK
CPU" via Terminal 663).
For SI the shutdown paths are utilized by stop functions with the highest priority
STOP A and STOP B. These stop functions can be initiated through any
monitoring channel (for example, if an active STOP C, STOP D or STOP E
function has not been able to shut down the drives).
It is therefore absolutely essential to ensure that the shutdown paths operate
properly and this must be checked at the specified intervals (e.g. after power
ON).
The pulse cancellation test is initiated via the PLC-SGE "test stop selection" (it
can also be initiated internally in the case of an error). The SGE can be
supplied from an assigned PLC HW input or a signal (memory bit) from the PLC
user program. The comparator in the drive CPU directly activates a pulse inhibit
via the drive bus in the drive module (internal signal "cancel pulses"). The
checkback signal is also output directly by the drive module via the drive bus
(internal signal "pulses cancelled status"). No additional wiring is required. The
comparator in the drive channel is supplied via a PLC interface data block (refer
to Chapter 4, "Interface signals").
Shutdown paths to
cancel pulses
Shutdown path of
drive CPU
11.03 3 Safety-Related Functions
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-59
ABSCH_03.DS4
Timer
"Pulses
disabled
status"
STOP A
SW
SGE "Test stop-selection" (via NCK/PLC interface)
HW
Terminal 663 AS1
+5V
0V
Safety
relay
AS2
0V
0V
PLC
Inputs/outputs
Drive closed-loop control
"Disable pulses" signal
"Pulses are
disabled status"
signal
Start
Drive_IMP"
relay
SGA "Pulses are disabled status"
Fig. 3-2 Shutdown path of the drive CPU
Two options are available from SW 6.3.30 onwards:
1. Via Terminal 663
2. Via internal pulse cancellation.
Pulse cancellation is initiated via the NCK SGE "test stop selection" (can also
be initiated internally in the case of an error). The comparator uses the SGA
"enable pulses" to cancel the enabling command at module-specific terminal
663 on the 611 digital drive module. The cancelled state is signaled back to the
comparator in the NCK CPU via terminals AS1/AS2 of the drive module and the
SGE "pulses cancelled status". The SGEs/SGAs are assigned to the NCK HW
inputs/outputs via machine data.
Shutdown path of
NCK CPU
Pulse cancellation
via terminal 663
3 Safety-Related Functions 11.03
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
3-60 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Timer
"Pulses
disabled
status"
Outputs
Inputs
STOP A
NCK CPU
SGE Test stop selection
Drive bus
Drive closed-loop control
Terminal 663 AS1
+5V
0V
Safety
relay
AS2
+24V
0V
0V
SGE "Pulses are disabled status"
Enable SGA pulses
ABSCH_02.DS4
Start
"Drive_IMP"
relay
(via NCKI/O devices)
Fig. 3-3 Shutdown path of the NCK CPU via terminal 663
Note
To set up the shutdown path for the NCK CPU, the machine manufacturer
must provide external wiring for the axis-specific drive terminals 663 and
AS1/AS2.
From NCK software version 6.3.30 onwards, the pulse enable signal can be
returned (terminal AS1/AS2) internally for all of the control modules.
Internal pulse cancellation can only be used together with the 611 digital
modules High Performance and High Standard. Terminal 663 must then be
wired to the SGA "externally enable pulses". Whether or not the pulses were
successfully cancelled can be returned internally. This considerably reduces
the number of NCK I/Os required.
Fig. 3-4 shows the sequence when canceling pulses. Internal pulse canceling is
initiated via the NCK SGE "test stop selection" (can also be initiated internally
as STOP A). The comparator internally cancels the pulses via the drive bus.
The status is internally read back via the drive bus. If the pulses were not
successfully cancelled, then the enable from module-specific terminal 663 at
the 611 digital drive module is withdrawn using the SGA "externally enable
pulses". The SGEs/SGAs are assigned to the NCK HW inputs/outputs via
machine data.
The local NCU inputs and outputs can be used to externally cancel the pulses
(NC onboard-IOs, refer to Chapter 3.10.2). Terminals 663 of all of the drives or
a group of drives would be controlled via such an output.
Safe internal pulse
cancellation
(SW 6.3.30 and higher)
11.03 3 Safety-Related Functions
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-61
Timer
"Pulse
disabled
status"
Outputs
Inputs
STOP A
NCK-CPU
SGE Test stop selection
Drive bus
Drive closed-loop control
Terminal 663 AS1
+5V
0V
Safety
relay
AS2
+24V
0V
0V
Start
Relay
drive_IMP
(via NCK I/Os or SPL)
Enable SGA pulses external
>=
SGE Test external pulse disabling (via NCK I/Os or SPL)
&
>=
&
Pulses
disabled
status
External
pulse supression
Internal
pulse
suppression
Fig. 3-4 Shutdown path of NCK CPU via internal pulse cancellation
Activation is carried out by configuring the SGAs "enable pulses" and "enable
pulses externally" and the SGE "test stop external shutdown".
If bit 30 is set in $MA_SAFE_PULSE_ENABLE_OUTPUT, the pulses are
internally cancelled. In this case, MD
$MA_SAFE_EXT_PULSE_ENAB_OUTPUT must also be configured so that
the NCK has a further option for canceling pulses. However, this path is only
used if the internal pulse cancellation fails.
$MA_SAFE_PULSE_ENABLE_OUTPUT can still be configured on a hardware
output or in the SPL (refer to Chapter 3.10).
This can be used, for example, in order to initiate responses in the SPL while
canceling the pulses, and not having to wait until the state "pulses are
cancelled" has been detected.
3.1.3 Testing the shutdown paths
The test stop carries out a test of the entire shutdown path plus external wiring
for each monitoring channel. In the course of the test, the comparators and stop
modules of the two monitoring channels that are responsible for the stop
function are processed in succession. Also refer to Chapter 2.6.3 "Forced
checking procedure".
The shutdown paths must be tested (forced checking procedure) at a suitable
time after the machine has been powered-up and thereafter in set-up mode
once every eight hours. It is advisable to carry out the test before the protective
device is opened or
Activating
Description
When must a test stop
be carried out?
3 Safety-Related Functions 11.03
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
3-62 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
operating personnel enter the dangerous zone (e.g. when the set-up mode is
selected) if the shutdown paths had not been tested within the last eight hours.
Note
The time for the "shutdown path test" must be defined by the machine
manufacturer in a "test block".
• All of the drives on the drive module, on which the drive to be tested is
configured, must be at a standstill.
• The pulses must still be enabled at the start of the test.
• The manufacturer must ensure that hanging (vertical) axes are securely
locked and cannot drop.
• When the test stop is selected, the "status pulses cancelled" signal may
not be present at the PLC SGA or the "status pulses cancelled" signal at
the NCK SGE, otherwise, stop response STOP F will be activated.
The following SGEs/SGAs are needed in each monitoring channel and for each
axis/spindle for the purpose of the test stop:
• For a test stop in the NCK monitoring channel
NCK SGE "test stop selection"
NCK SGE "pulses cancelled status"
NCK SGA "pulses enabled"
• For a test stop in the drive monitoring channel
PLC SGE "test stop selection"
PLC SGA "pulses cancelled status"
• For a test stop in the NCK monitoring channel for internal pulse disabling:
NCK SGE "test external pulse cancellation"
NCK SGE "externally enable pulses"
The message "test stop in progress" is displayed on the screen while a "test
stop" is being executed.
Note
To ensure that the shutdown paths have been tested correctly, the "test stop"
must be executed twice, once for the drive and once for the NC. In this way, it
can be ensured that each channel is operating correctly up to the point that
the pulses are cancelled.
For a 2-axis control module, the shutdown path must be tested for specific
axes, i.e. for each axis on the module.
The test stop can be initiated by the hardware by pressing a button or from the
PLC user program using a function block that has been created (refer to
Chapter 7, "Engineering example").
Pulse cancellation is requested in the drive monitoring channel (refer to
Fig. 3-2, "Shutdown path of drive CPU") via the PLC SGE "test stop selection".
The timer "pulses cancelled status" is started and the message "test stop in
progress" is displayed on the screen. The pulse cancellation signal remains
Requirements for the
test stop
Which SGEs/SGAs
are needed for the
test stop?
Signal
Test stop sequence
11.03 3 Safety-Related Functions
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-63
active until the timer has expired and the user cancels the "test stop selection"
signal at the PLC SGE.
The checkback signal is returned via the PLC SGA "pulses cancelled status".
This checkback signal must have been made before the timer, started at the
beginning, has expired. If this is not the case, then "STOP A" is initiated.
The PLC is able to activate the test stop in the NCK monitoring channel if the
checkback signal at the PLC SGA "pulses cancelled status" is appropriately
programmed to a PLC output.
Requirement:
There is a connection between this PLC output and the NCK SGE "test stop
selection".
The pulses must be enabled again before the test stop in the NCK monitoring
channel is selected.
Pulse cancellation via terminal 663 is requested in the NCK monitoring
channel
(Refer to Fig. 3-3 "Shutdown path of NCK CPU") via the NCK SGE "test stop
selection". The timer "pulses cancelled status" is started, the NCK SGA "enable
pulses" output and the message "test stop in progress" is displayed on the
screen.
The checkback signal is returned via the NCK SGE "pulses cancelled status"
(received via terminal AS1/AS2). This checkback signal must have been made
before the timer, started at the beginning, has expired. If this is not the case,
then "STOP A" is initiated.
The internal pulse cancellation is also requested
via the NCK-SGE "test stop selection" for the NCK monitoring channel, the
NCK-SGA "enable pulses" is not connected to terminal 663 however (refer to
Fig. 3-4 "Shutdown path of NCK-CPU via internal pulse cancellation").
The external pulse cancellation must also be tested via terminal 663.
The external pulse cancellation test is started by setting the SGE "test stop
external shutdown" on a single channel only for the NCK. The SGE must be
assigned to either the NCK periphery or the SPL using machine data 36979:
MA_SAFE_STOP_REQUEST_EXT_INPUT. A possible configuration for this is
shown in Fig. 3.5. When the NCK-SPL is used, the specification for single-
channel SI-specific signals from the PLC described in Chapter 3.10.10 can be
used.
The external pulse cancellation only has to test that the wiring connected to
terminals 663 is still correct for the configured drive modules. Furthermore, the
test stop is required because internal pulse cancellation is now used as shown
as an example in Fig. 3-5 for the first 2-axis module with axes X and Y.
Testing the external
pulse cancellation
3 Safety-Related Functions 11.03
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
3-64 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Outputs
Inputs
NCK-CPU
Drive bus
SGA Enable pulses external
SGE Test stop external disable axis Y
&
C
B
A
YZ
Distribution among axis channels
with same SGA assignment
X
Axial
SI
channels
2-axis
module
X, Y
2-axis
module
Z, A
1-axis
module
B
1-axis
module
C
>=
Internal pulse suppression
e.g. for axis X and Y
Terminal 663 Terminal 663 Terminal 663 Terminal 663
Fig. 3-5 Configuration, "test stop external shutdown"
In order to make it easier for the user to configure a test stop and at the same
time reduce the time required for a test stop, the external pulse cancellation test
is initiated only for one axis per configured output. Axis Y is used in Fig. 3-5 as
an example. Pulse cancellation is monitored, for all axes, whose SGA is
configured at this output ($MA_SAFE_EXT_PULSE_ENAB_OUTPUT), in
Fig. 3-4 this therefore means for all 6 axes X, Y, Z, A, B, C.
Alarm 27006, "Axis %1 Test ext. pulse cancellation running" is displayed for all
of these axes during the external pulse cancellation test.
Note
During "test stop external shutdown", no external stop may be present at the
drive. If an external stop is present and the test stop is present for longer than
$MA_SAFE_MODE_SWITCH_TIME, Alarm 27001 is generated, "fault in a
monitoring channel" with information 58, active external stop request.
Sequence:
The sequence of the "test stop external shutdown" is comparable with the
sequence for test stop of the NCK monitoring channel.
After selecting of the "test stop external shutdown", the SGA "pulse enable
external" is cancelled and a timer started with the value from
MD $MA_SAFE_PULSE_DIS_CHECK_TIME. If the timer expires and a
checkback signal confirming that pulses have been cancelled has not been
received, Alarm 27001 with code number 1010 is issued. By initiating a STOP
A for the drive, the pulses are cancelled via the internal shutdown path. The
only way to exit this status is with a power on.
11.03 3 Safety-Related Functions
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-65
The state of the active monitoring function (SBH, SG, SE, SN) is not changed
by "test stop external shutdown".
Since the SGE "status pulses cancelled" is only used for checking pulse
cancellation for test stop or for "test stop external shutdown", this signal can be
configured according to the 3-terminal principle. In this way, the information for
all 611 digital modules no longer has to be obtained by wiring the AS1/AS2
terminals to NCK I/Os. The 3-terminal principle is used in the form of a two-
channel pulse-cancellation control with single-channel feedback.
The function is activated by configuring the SGE "status pulses cancelled". Up
to now, the assignment to an I/O input or to the NCK-SPL had to be made via
MD $MA_SAFE_PULSE_STATUS_INPUT. If this machine data is set to 0, the
information on whether or not the pulses have been cancelled is retrieved from
the SI interface of the 611 digital.
The test stop is executed internally in the drive monitoring channel (via the
NC/PLC interface). To implement the test stop for the NCK monitoring channel,
the SGEs/SGAs must be appropriately connected-up for each axis.
A large number of inputs and outputs are required in the NCK when there are
several axes. It is possible to group or distribute signals using inputs/outputs
assigned via machine data (refer to Chapter 4, "Data description").
To obtain the "test stop selection" signal of a certain axis, it must be possible to
evaluate the checkback signal "pulses cancelled status" for the same axis in
order to be able to detect if there are any errors.
For a dual-axis module, there is only one terminal 663 and one AS1/AS2 for
both axes. The shutdown path in the NCK and drive monitoring channels must
still be tested in succession for both axes.
The following example (refer to Fig. 3-6, "Testing the shutdown path") shows a
circuit for testing the shutdown path of the NCK with four axes, axes 3 and 4
being provided by a dual-axis module.
Checkback signals,
pulse cancellation
(SW 6.3.21 and higher)
Activation
Testing the shutdown
paths for several axes
without SPL
Testing the shutdown
paths for a dual-axis
module
3 Safety-Related Functions 11.03
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
3-66 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
E (NCK) SGE
A (PLC)
(Initiation via
PLC user program)
A (PLC)
Test stop selection
Axis 1
Test stop selection
Axis 2
Test stop selection
Axis 3
Test stop selection
Axis 4
Enable pulses
Axis 1
Enable pulses
Axis 2
Enable pulses
Axis 3
Enable pulses
Axis 4
SGA
A (NCK)
Assignment
and linking of
machine data
Comparator
internal interface
Terminal 663
Axis 1, module 1
Terminal 663
Axis 2, module 2
Terminal 663
Axis 3, axis 4
module 3
E (NCK) SGE
Pulses disabled status
Axis 1
Pulses disabled status
Axis 2
Pulses disabled status
Axis 3
Pulses disabled status
Axis 4
+24 V
AS1
AS1
AS1
AS2
AS2
AS2
External
circuitry
External
circuitry
External
circuitry
&
Terminals of
SIMODRIVE 611
drive modules ZWDYN_05.DSF
Test stop
selection
Pulse
disabling via
terminal 663
Checkback
signals
AND-linking
via MDs
SGE assignment without SPL logic
DPR
variable SGE
Test stop selection
Axis 1
Test stop selection
Axis 2
Test stop selection
Axis 3
Test stop selection
Axis 4
(Initiation via
PLC user program)
Assignment
and linking of
machine data
Comparator
SGE assignment with SPL logic
(reduced wiring effort)
Internal interface
M bzw. Bit (PLC)
SGE assigned via
OUTSI(P) variable
Dual Port RAM
or DB10
Test stop
selection
Fig. 3-6 Testing the shutdown paths (NCK monitoring channel) for several axes
11.03 3 Safety-Related Functions
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-67
To test the shutdown path in the drive monitoring channel, it is possible to
access the input and output signals of all axes from the PLC program via the
PLC interface.
3.1.4 Overview of the machine data for the shutdown paths
Table 3-1 Overview of machine data for 840D
Number Name
36950 $MA_SAFE_MODE_SWITCH_TIME
36957 $MA_SAFE_PULSE_DIS_CHECK_TIME
36975 $MA_SAFE_STOP_REQUEST_INPUT
36976 $MA_SAFE_PULSE_STATUS_INPUT
36979 $MA_SAFE_STOP_REQUEST_EXT_INPUT
36984 $MA_SAFE_EXT_PULSE_ENAB_OUTPUT
36986 $MA_SAFE_PULSE_ENABLE_OUTPUT
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Table 3-2 Overview of machine data for 611 digital
Number Name
1357 $MD_SAFE_PULSE_DIS_CHECK_TIME
Note:
Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital"
Note
The inputs and outputs of the SGEs/SGAs are assigned to the drive channel
using data blocks in the PLC user program (refer to Chapter 4, "Interface
signals").
3.1.5 Stop responses
A high degree of protection against faults/errors is afforded by the two-channel
monitoring structure with its continuous crosswise data comparison. Alarms and
stop responses are initiated when differences are detected between the two
channels. The purpose of the stop responses is to shut down the drives in a
controlled manner according to the actual conditions on the machine. There are
stop responses STOP A, B, C, D, E, F as well as the test stop. The type of stop
response that occurs in the event of a fault/error can either be predetermined
by the system or configured by the machine manufacturer.
Note
Protection of operating personnel must be given top priority when stop
responses are configured. The objective must be to stop the drives in a way
that best suits the situation.
Overview of MD
for 840D
Overview of MD
for 611 digital
3 Safety-Related Functions 11.03
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
3-68 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Table 3-3 Overview of stop responses
STOP Action Effect Initiated in
response to
Changes
to
Alarm
A Pulses are immediately cancelled Drive coasts to standstill SBR/SG SH POWER ON
B 0 speed setpoint is immediately
entered
+ start timer tB
tB =0 or nact < nshutdown: STOP A
Drive is braked along
current limit
transition to STOP A
SBH/SG SH POWER ON
C 0 speed setpoint is immediately
entered
+ start timer tC
tC =0: Activation of SBH
Drive is braked along
current limit
SBH active
SG/SE SBH RESET
D Brake motor along acceleration
limit
+ start timer tD
tD =0: Activation of SBH
Drive is braked as part of a
group along set traversing
path
SBH active
SG/SE SBH RESET
E Causes stop and retract
+ start timer tD
tD =0: Activation of SBH
Drive is decelerated via the
programmed retraction and
stop motion (ESR).
SBH active
SG/SE SBH RESET
F Depending on situation:
a) Safety function inactive:
Saved message to operator
a) NC start and traversing
interlock
a) RESET
b) Safety function active:
Initiation of STOP B/A
(configurable)
b) Transition to STOP B/A Crosswise
data
comparison
SH b) POWER
ON
c) Safety function active and
initiation of STOP C, D or E:
Saved message to operator
c) NC start and traversing
interlock
c) RESET
Note:
The timers can be set using the machine data.
The following diagram shows the relationship between the stop responses and
the safe operating stop (SBH) or the safe standstill (SH).
Stop
Input
setpoint "0"
STOP A STOP B STOP C STOP D STOP E STOP F
Stop
Path-relating
in grouping
Stop
Input
setpoint "0"
Stop
SBH
(Safe standstill under position control)
SH
(Safe pulse disable) STOPR_02.DSF
(if a further error occurs)
Retraction
conditions
Fig. 3-7 Stop responses, safe operating stop (SBH), safe standstill (SH)
Stop responses SBH
and SH
11.03 3 Safety-Related Functions
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-69
The stop responses that occur when the limit values are violated can be
selected by the machine manufacturer using the appropriate machine data.
These limit values are defined using the corresponding machine data.
Table 3-4 Configurable stop responses
Safety-related functions Configurable stop responses
SBH STOP B* (not configurable)
SG STOP A, B, C, D, E
SE STOP C, D, E
SN No internal stop response.
The user must appropriately configure safe responses via
the SGAs SN1 - SN4.
SBR STOP A (not configurable)
Note:
Stop response STOP F is the predefined system response to discrepancies detected by
the crosswise data comparison.
• Transition from STOP B to A immediately, if tB = 0
Table 3-5 Stop responses provided by SI acc. to EN 60204-1
Stop response provided by
SINUMERIK Safety Integrated ®
Stop function acc. to EN 60204-1
STOP A Category 0
STOP B, STOP F 1) Category 1
STOP C, STOP D, STOP E Category 2
Note:
1): STOP F triggers STOP B if at least one safety-relevant function is active.
Table 3-6 Stop response priorities
Priority level Stop response
Highest priority STOP A
. . . . . . . . STOP B
. . . . . . . SGE test stop selection
. . . . . STOP C
. . . STOP D
. STOP E
Lowest priority STOP F
Note
A stop response listed in Table 3-6 "Stop response priorities" can only be
initiated if at least one safety-relevant function is active (except for STOP F).
Once a stop response has occurred, the sequence of operations it involves
will be completed, even if the cause of the stop no longer exists.
It is possible to progress to stop responses that have a higher priority. It is not
possible to progress to stop responses that have a lower priority.
Please refer to Chapter 3.1.2, "Shutdown paths" for an explanation of how to
use the SGE test stop selection.
If a stop response is initiated in the drive, a signal is sent to the NC that
responds by initiating the same stop response (two-channel safety). Likewise, if
a stop response is initiated in the NC, the drive is automatically signaled and
responds by requesting the same stop response (exception: Test stop).
This mechanism ensures that stop responses are managed with a high degree
of safety.
Configurable stop
responses
Assignment table for
stop responses
Priority of stop
responses
Stop response
sequence
3 Safety-Related Functions 11.03
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
3-70 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Action in the drive monitoring channel:
Pulses are immediately cancelled using the internal signal "cancel pulses". In
addition, the pulses in the gating unit are cancelled by a software function.
Action in the drive monitoring channel:
Pulses are cancelled via the SGA "enable pulses".
• Effect:
The drive coasts to a standstill if no external braking mechanism such as
an armature short-circuit and/or holding brake is used. The axis-specific
alarm results in a mode group stop, i.e. as the result of the error in one
axis, all axes and spindles in a mode group are stopped. "Safe standstill"
becomes operative at the end of STOP A.
• Alarm message:
The alarm message "STOP A triggered" is displayed.
• Acknowledgement:
An unintentional restart is prevented for STOP A. The error can only be
acknowledged from the drive and control with power on.
SGA STOP A/B is active
This signal is used to indicate that STOP A/B is active.
0 signal: STOP A/B is not active
1 signal: STOP A/B is active
Action in the drive and NCK monitoring channels:
The drive is braked along the current limit as the result of a 0 speed setpoint
that is input instantaneously either directly or from the NCK via the drive bus.
Action in the drive monitoring channel:
If the speed actual value drops below the value set in
$MD_SAFE_STANDSTILL_VELO_TOL or if the timer set in
$MD_SAFE_PULSE_DISABLE_DELAY has expired, the stop mode changes
automatically to STOP A.
Action in the drive monitoring channel:
Essentially the same as in the drive channel, the stop mode changes
automatically to STOP A when the actual speed drops below the value in
$MA_SAFE_STANDSTILL_VELO_TOL or after the timer set in
$MA_SAFE_PULSE_DISABLE_DELAY has expired.
• Effect:
The drive is braked along the current limit under speed control and finally
brought to a safe standstill.
• Alarm message:
The alarm message "STOP B triggered" is displayed.
• Acknowledgement:
An unintentional restart is prevented for STOP B. The error can only be
acknowledged from the drive and control with power on.
SGA STOP A/B is active
This signal is used to indicate that STOP A/B is active.
0 signal: STOP A/B is not active
1 signal: STOP A/B is active
Description of STOP A
Description of STOP B
11.03 3 Safety-Related Functions
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-71
Note
If the timer in machine data $MA_SAFE_PULSE_DISABLE_DELAY is set to
zero, then there is an immediate transition from STOP B to STOP A.
rev/min
a)
b)
Delay time
STOP B STOP A
STOP A
STOP B
t
STOPB_01.DS4
Creep speed
pulse disabling
STOP B STOP A
nist a) Creep speed pulse disabling
Delay time pulse disabling
b) Creep speed is reached before
delay time for pulse disabling expires
a)
b)
pulse disabling
Fig. 3-8 Transition from STOP B to STOP A
Action in the drive monitoring channel:
The drive is braked along the current limit in response to a zero speed setpoint
while the timer set in $MD_SAFE_STOP_SWITCH_TIME_C is started in
parallel. The SBH function is automatically activated after the timer expires.
Action in the drive monitoring channel:
Essentially the same as in the drive channel, the control specifies a zero speed
setpoint and interface signal "position controller active" (DB 0, ... DBX 61.5) of
the drive involved is set to zero.
At the same time, the timer set in $MA_SAFE_STOP_SWITCH_TIME_C is
started. The SBH function is automatically activated after the timer expires.
• Effect:
The drive is braked along the current limit under speed control and brought
into SBH.
• Alarm message:
The alarm message "STOP C triggered" is displayed (refer to Chapter 6,
"Alarms").
• Acknowledgement:
An unintentional restart is prevented for STOP C. The error can be
acknowledged using the NC-RESET key.
SGA STOP C is active
This signal indicates that STOP C is active.
0 signal: STOP C is not active
1 signal: STOP C is active
Description of STOP C
3 Safety-Related Functions 11.03
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
3-72 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Action in the drive monitoring channel:
The drive monitoring channel requests "path stop" or "brake along acceleration
characteristic (NC-MD)". At the same time, the timer set in
$MD_SAFE_STOP_SWITCH_TIME_D is started. The SBH function is
automatically activated after the timer expires.
Action in the NCK monitoring channel:
Essentially the same as the drive channel, the control system monitoring
channel requests "path stop" or "brake along acceleration characteristic
(NC_MD)". At the same time, the timer set in
$MA_SAFE_STOP_SWITCH_TIME_D is started. The SBH function is
automatically activated after the timer expires.
• Effect:
The drive is braked in a group - including simultaneous axes - along the set
traversing path. Endlessly rotating axes are braked at the acceleration
limit. The SBH function is automatically activated after the timer expires.
• Alarm message:
The alarm message "STOP D triggered" is displayed.
• Acknowledgement:
An unintentional restart is prevented for STOP D. The error can be
acknowledged using the NC-RESET key.
SGA STOP D is active
This signal indicates that STOP D is active.
0 signal: STOP D is not active
1 signal: STOP D is active
Action in the drive monitoring channel:
The drive monitoring channel requests an extended stop and retract (ESR). At
the same time, the timer set in $MD_SAFE_STOP_SWITCH_TIME_E is
started. The SBH function is automatically activated after the timer expires.
Action in the NCK monitoring channel:
Essentially the same as the drive, ESR is requested by the control monitoring
channel ESR . At the same time, the timer set in
$MA_SAFE_STOP_SWITCH_TIME_E is started. The SBH function is
automatically activated after the timer expires.
• Effect:
The extended stop and reset that have been configured are started.
• Alarm message:
The alarm message "STOP E triggered" is displayed.
• Acknowledgement:
An unintentional restart is prevented for STOP E. The error can be
acknowledged using the NC-RESET key.
SGA STOP E is active
This signal indicates that STOP E is active.
0 signal: STOP E is not active
1 signal: STOP E is active
The NC-controlled ESR is triggered by writing to the system variable
$AC_ESR_TRIGGER=1 (also refer to /FB3/, M3 "Axis coupling and ESR").
Description of STOP D
Description of STOP E
(SW 6.4.15 and higher)
11.03 3 Safety-Related Functions
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-73
To obtain the criterion for triggering, the following SI system variables have
been introduced:
$VA_STOPSI: axial system variable that contains the current stop. In the
case of value 4, a Stop E is active for this drive.
$A_STOPESI: global system variable that displays a value not equal to 0 to
indicate that a Stop E is active on one of the axes. This
variable saves the user having to search through all of the
axes.
Note
STOP E only produces a different response than STOP D if the user has
configured the ESR function extended stop and retract and initiation of the
ESR is programmed depending on $VA_STOPSI or $A_STOPESI.
Kowever, if ESR is not active, STOP E behaves like a STOP D. If the ESR
configuration is incorrect, there is a delay up to 2 IPO cycles compared to
STOP D until the braking operation is initiated. Possible causes:
• The initiation of the ESR as static synchronous action does not take into
account the system variables $VA_STOPSI or $A_STOPESI.
• ESR is neither parameterized nor enabled.
For other incorrect ESR programming, a delay by the time
$MC_ESR_DELAY_TIME1 and $MC_ESR_DELAY_TIME2 is possible. After
these times have elapsed, braking is initiated at the current limit. The cause
could be:
• The retraction position cannot be reached within the specified time.
The STOP F response is permanently assigned to the crosswise data
comparison function. Dormant errors in the drive and control systems are
detected.
• Effect:
When a discrepancy is detected between the drive and NCK monitoring
channels the responses are as follows:
Dormant errors are detected even if there is no safety function active. The
saved message "defect in a monitoring channel" is output on both the drive and
control sides and can only be acknowledged by means of the NC-RESET key.
The message does not cause machinery to be interrupted. A system restart is
prevented by an internal NC start/traversing inhibit.
Dormant errors are detected. A STOP B/A response is initiated in the drive and
control system (refer to description of STOP B).
Exception: If a STOP C/D/E is already active. (refer to Table 3-4, "Configurable
stop responses").
Using MD 36955 $MA_SAFE_STOP_SWITCH_TIME_F, a delay time can be
parameterized to initiate a STOP B. Within this time, an NC controlled response
can be initiated by the machinery construction OEM – e.g. ESR. After this time
has expired, the axis involved is braked with STOP B, even if, in the meantime,
a stop with a higher priority than STOP F (STOP E,D,C) is present. Using the
system variables $VA_XFAULTSI and $A_XFAULTSI, bit 1, it can be identified
whether a STOP F was initiated that then is followed by a STOP B. In the delay
time up to a STOP B, an ESR or braking along the machined path can be
initiated (e.g. by writing to $AC_ESR_TRIGGER or by initiating an external
STOP D).
Description of STOP F
Response if no safety
functions are active:
Response if one safety
function is active:
3 Safety-Related Functions 11.03
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
3-74 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
• Alarm message:
The alarm "Defect in a monitoring channel" is displayed. An entry is made
in the following machine data to decode errors in detail.
Table 3-7 Machine data for detailed error coding, STOP F
MD number Control Meaning
- 840D For the 840D system, the error code is displayed when
the alarm is output.
1395 611 digital $MD_SAFE_STOP_F_DIAGNOSIS
Note:
The significance of the error codes can be found in
Chapter 6, "Alarms for SINUMERIK 840D under Alarm 27001 "Defect in a monitoring
channel".
• Acknowledgement:
The saved alarm can be reset with the NC-RESET key. An unintentional
restart is prevented for STOP B/A. The fault can only be acknowledged
with a power on for the drive and control.
Example 1, delaying the transition from STOP F to STOP B:
The speed characteristic of an axis for parameterized stopping is shown in the
following diagram. In this case, the axis should continue 500 ms and then brake
along the parameterized ramp. A delay time of 2.5 s is selected until STOP B is
initiated ($MA_SAFE_STOP_SWITCH_TIME_F).
Weiterfahren (ESR)
Bremsen an Rampe
= Stillsetzen (ESR)
t1 t2 t3
v
t
Fig. 3-9 Speed characteristic of an SI axis when stopping with STOP F
The following actions take place at the individual instants in time:
t1: STOP F occurs, ESR is started
t2: 500 ms after t1, braking starts along the parameterized
ramp
t3: STOP B is initiated 2.5 s after t1. The axis is already stationary
at this time. This means that pulses can be immediately cancelled.
11.03 3 Safety-Related Functions
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-75
Example 2, delaying the transition from STOP F to STOP B
The same parameterization as in example 1 is shown in the following diagram.
However, when a STOP F occurs, no monitoring function is active. At instant in
time t2, a monitoring function is activated. ESR is only started if there is a
STOP F with active monitoring function.
Weiterfahren (ESR)
Bremsen an Rampe
= Stillsetzen (ESR)
t1 t2 t3
v
t4
Fig. 3-10 Speed characteristic of an SI axis when stopping with STOP F
The following actions take place at the individual instants in time:
t1: STOP F occurs, no response
t2: Any time after t1, a monitoring function is activated. At this instant in
time, the transition time to a STOP B is started and bits 1 in
$A_XFAULTSI and $VA_XFAULTSI of this axis are set.
t3: 500 ms after t2, braking starts along the parameterized ramp.
t4: STOP B is initiated 2.5 s after t2. The axis is already stationary
at this time. This means that pulses can be immediately cancelled.
3 Safety-Related Functions 11.03
3.1 Basic mechanisms of SI functions
© Siemens AG 2003 All Rights Reserved
3-76 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.1.6 Overview of the machine data for stop responses
Table 3-8 Overview of machine data for 840D
Number Name
36952 $MA_SAFE_STOP_SWITCH_TIME_C
36953 $MA_SAFE_STOP_SWITCH_TIME_D
36954 $MA_SAFE_STOP_SWITCH_TIME_E
36955 $MA_SAFE_STOP_SWITCH_TIME_F
36956 $MA_SAFE_PULSE_DISABLE_DELAY
36957 $MA_SAFE_PULSE_DIS_CHECK_TIME
36960 $MA_SAFE_STANDSTILL_VELO_TOL
36961 $MA_SAFE_VELO_STOP_MODE
36962 $MA_SAFE_POS_STOP_MODE
36963 $MA_SAFE_VELO_STOP_REACTION
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Table 3-9 Overview of machine data for 611 digital
Number Name
1352 $MD_SAFE_STOP_SWITCH_TIME_C
1353 $MD_SAFE_STOP_SWITCH_TIME_D
1354 $MD_SAFE_STOP_SWITCH_TIME_E
1355 $MD_SAFE_STOP_SWITCH_TIME_F
1356 $MD_SAFE_PULSE_DISABLE_DELAY
1357 $MD_SAFE_PULSE_DIS_CHECK_TIME
1360 $MD_SAFE_STANDSTILL_VELO_TOL
1361 $MD_SAFE_VELO_STOP_MODE
1362 $MD_SAFE_POS_STOP_MODE
1363 $MD_SAFE_VELO_STOP_REACTION
1395 $MD_SAFE_STOP_F_DIAGNOSIS
Note:
Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital"
Overview of MD
for 840D
Overview of MD
for 611 digital
11.03 3 Safety-Related Functions
3.2 External STOPs
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-77
3.2 External STOPs
With this function it is possible to bring the drive to a standstill via the SGEs.
Sensors (e.g. protection mats, light barriers, …) can be connected to the SGEs.
Stopping the drives is then initiated depending on these connected sensors.
The drives can be brought to a standstill in the following ways:
• By canceling pulses SGE "de-select ext. STOP A"
• Braking with nset = 0 SGE "de-select ext. STOP C"
• Braking along the path SGE "de-select ext. STOP D"
• Initiate ESR SGE "de-select ext. STOP E"
(from SW 6.4.15)
Note
External STOPS only function in combination with "safe programmable logic"
(SPL) because an external STOP A remains selected, for safety reasons,
until SPL crosswise data comparison of the PLC and NCK is started.
The function "external STOPs" is enabled and activated via the following
machine data:
• Enabling the function
MD 36901/1301: $MA_/$MD_SAFE_FUNCTION_ENABLE
(enables safety-relevant functions)
Bit 0: Enable SBH/SG (see note)
Bit 6: Enable external STOPs
Bit 4: Enable external STOP E
Note
• In addition to enabling of the function "external STOPs", function
SBH/SG must also be enabled as a minimum requirement.
• The external STOP E must be enabled with bit 4 = 1 in addition to bit 6
"enable external STOPs".
Assigning to an input terminal and/or system variable
In order to trigger a stop via the NCK monitoring channel an input terminal or a
system variable must be assigned to the stop request.
This assignment is configured using the following machine data:
MD 36977: $MA_SAFE_EXT_STOP_INPUT[n]:
(input assignment, external stop request) with n = 0, 1, 2, 3.
Description
Enabling and
activating the function
Assigning to the input
terminals
3 Safety-Related Functions 11.03
3.2 External STOPs
© Siemens AG 2003 All Rights Reserved
3-78 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
• For stopping types that are not used, the assignment must be inverted
by parameterizing MD 36977[n] accordingly.
They are set to signal "1" and are permanently "inactive".
Exception:
• STOP E is interlocked by its own enable signal.
A Stop E can also be initiated as an error response to a crosswise data
comparison of NCK and PLC-SPL or for PROFIsafe errors, instead of a Stop D.
Parameterization on the NCK side is carried-out via MD10097:
$MN_SAFE_SPL_STOP_MODE=4, of the PLC side via DB18, DBX36.1=1.
This parameterization is checked in the crosswise comparison between PLC-
SPL and NCK-SPL (refer to Chapter 3.10 "Safe programmable logic").
If the value 4 is parameterized in MD10097, without enabling the external Stop
E in all axes with SI function enable, Alarm 27033 is output for all of these axes.
The following SGEs are available to stop the drive:
Table 3-10 SGEs to stop the drive
SGE Stop type Priority
De-selection ext. STOP A (= SH de-selection) Pulse cancellation High
De-selection ext. STOP C Braking with nset = 0 ...
De-selection ext. STOP D Braking along the path ...
De-selection ext. STOP E ESR is initiated Low
Notes:
SGE "..." " = 1 Stopping is not triggered (de-selected)
SGE "..." " = 0 Stopping is triggered (selected)
If a stop request is selected via several SGEs simultaneously, the request with the
highest priority is executed.
If one of these SGEs is changed, the "tolerance time" for SGE switchover is activated
(MD 36950/1350).
Checkback signals:
for SGE "de-select ext. STOP A": via SGA "status pulses cancelled"
and SGA "STOP A active"
for SGE "de-select ext. STOP C": via SGA "STOP C active"
and SGE "de-select ext. STOP D": via SGA "STOP D active"
and SGE "de-select ext. STOP E": via SGA "STOP E active"
SGEs to stop the drive
11.03 3 Safety-Related Functions
3.2 External STOPs
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-79
The internal stop responses STOPS A (pulse cancellation), STOP C (braking
with nset = 0) and STOP D (braking along a path) triggered by safe monitoring
functions brake the drive accordingly and also trigger an alarm that must be
acknowledged with power on or reset.
When an external STOP is triggered, only STOP A or braking of the drive
(STOP C or STOP D) is triggered and monitored through two channels. Other
responses are only triggered if monitoring thresholds, that are still active, are
violated.
Note
• Alarms are not displayed for an external STOP, i.e., the user must
configure his own message.
• An external STOP E in contrast to the other external stops, results in
Alarm 27020, which can only be acknowledged with a reset. The
program cannot be directly continued, since the axis was retracted from
the desired contour by the configured ESR. The reset required must also
be considered during the test stop sequence.
When a stop type has been requested it can be canceled by one of the
following events via SGE:
• De-selection of the stop request
• Selection of a stop request via SGE with a higher priority
• Receipt of a higher priority stop request (STOP A, B, C, or D) from the
internal monitoring
When a stop response is triggered, it has the following effect on all of the other
axes in the same channel:
STOP E: extended stop and retraction is initiated
STOP D: braking along a path
STOP C: IPO rapid stop (braking at the current limit)
STOP A: IPO rapid stop (braking at the current limit)
The effect on other axes in the channel can be influenced via the
MD $MA_SAFE_IPO_STOP_GROUP. In this way the pulses of a spindle, for
example, can be safely canceled (via external STOP A) so that the spindle can
be manually turned and the axes moved while still being safely monitored.
STOP $MA_SAFE_IPO_STOP_GROUP = 0 $MA_SAFE_IPO_STOP_GROUP = 1
C before SW 6.3.21 All axes of the channel decelerate at the
current limit.
Axes that interpolate with the affected axis
brake at the current limit. All other axes do not
brake.
C from SW 6.3.21 Axes that interpolate with the affected axis
brake at the current limit. All other axes brake
along the parameterized braking ramp.
Axes that interpolate with the affected axis
brake at the current limit. All other axes do not
brake.
D Axes/spindles brake along the path or along
the parameterized braking ramp.
Axes that interpolate with the affected axis
brake along the parameterized braking ramp.
All other axes do not brake.
Differences between
stopping via internal
STOP A, C, D and
external STOP A, C, D
via SGEs
Acknowledging a stop
request
Effects of the stop
responses on other
axes/spindles
3 Safety-Related Functions 11.03
3.2 External STOPs
© Siemens AG 2003 All Rights Reserved
3-80 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
STOP $MA_SAFE_IPO_STOP_GROUP = 0 $MA_SAFE_IPO_STOP_GROUP = 1
E ESR enabled and active ESR is initiated
ESR neither active nor enabled After a maximum delay time of 2 interpolation cycles,
the behavior as described for STOP D is initiated.
3.2.1 Test stop for external STOPs
The introduction of another method for activating STOP A, C, D and E via
SGEs means that it is also necessary that this branch is subject to a forced
checking procedure.
The test stop of external STOPs is divided into the following phases:
• Phase 1
The shutdown path is tested as usual (refer to Chapter 3.1.3, "Testing
shutdown paths"). Correct functioning of safe pulse cancellation is tested.
Successful completion of this phase is signaled as follows:
– For the NCK monitoring channel:
A positive checkback signal is returned in the form of a 0/1 edge from
SGE "status pulses cancelled"
– For the drive monitoring channel:
Positive checkback is indicated by the SGA "status pulses
cancelled"
• Phase 2
Once the safe pulse cancellation has been checked for both channels in
phase 1, in phase 2 it is sufficient to test the reliability of the SGE stop
requests.
The procedure is as follows:
All externally wired/used stop SGEs are switched one after the other in
each channel and the positive response evaluated via the associated SGA
"STOP x is active".
Note
Phase 2 only has to be performed if the function "external STOPs" (via
MD 36901/1301) is enabled.
Only the enabled and activated external stop functions have to be tested.
Test stop for external
STOPs
11.03 3 Safety-Related Functions
3.2 External STOPs
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-81
EXT_01.DSF
SGA "STOP A/B is active"
SGE "Deselect ext. STOP A"
SGA "STOP C is active"
SGE "Deselect ext. STOP C"
SGE "Deselect ext. STOP D"
SGA "STOP A/B is active"
Phase 1 Phase 2
Fig. 3-11 Sequence, test stop for external STOPs
Example: The external STOPs D, C and A are used
The following SGEs/SGAs can be used to perform the test stop for external
STOPs:
Table 3-11 SGEs/SGAs for test stop, external STOPs
Phase 1 Phase 2
NCK
monitoring
channel
NCK-SGE "test stop selection"
NCK-SGE "status pulses cancelled"
NCK-SGA "pulses enabled"
NCK-SGE "de-select ext. STOP A"
NCK-SGA "STOP A/B is active"
NCK-SGE "de-select ext. STOP C"
NCK-SGA "STOP C is active"
NCK-SGE "de-select ext. STOP D"
NCK-SGA "STOP D is active"
NCK-SGE "de-select ext. STOP E"
NCK-SGA "STOP E is active"
Drive
monitoring
channel
PLC-SGE "test stop selection"
PLC-SGA "status pulses cancelled"
PLC-SGE "de-select ext. STOP A"
PLC-SGA "STOP A/B is active"
PLC-SGE "de-select ext. STOP C"
PLC-SGA "STOP C is active"
PLC-SGE "de-select ext. STOP D"
PLC-SGA "STOP D is active"
PLC-SGE "de-select ext. STOP E"
PLC-SGA "STOP E is active"
"Pulse cancellation" can be requested and executed via this SGE from both
monitoring channels.
The safe functions currently active (SG/SBH/SN/SE) are not influenced by this
SGE.
If one of the limits currently active is violated an alarm is triggered. The
associated switch-off response cannot be activated because the pulses have
already been cancelled. As soon as the stop request is canceled via SGE "de-
select ext. STOP A" any queued stop responses become active.
Which SGEs/SGAs are
required for the test
stop of external
STOPs?
SGE
De-select ext. STOP A
3 Safety-Related Functions 11.03
3.2 External STOPs
© Siemens AG 2003 All Rights Reserved
3-82 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
If a stop request is active, SGA "STOP A/B is active" is set in the same way as
it would be for an internally triggered STOP A.
0 signal: "Pulse cancellation" requested
1 signal: "Pulse cancellation" not requested
This SGE requests "braking with nset = 0" (braking at the current limit).
When this stopping type is triggered the safe braking ramp (SBR) is activated.
In addition, the time set in MD36952/1352:
$MA_/$MD_SAFE_STOP_SWITCH_TIME_C (transition time STOP C to safe
operating stop) is started.
When this time has elapsed the system automatically switches over to SBH.
If a stop request is active, SGA "STOP C is active" is set in the same way as it
would be for an internally triggered STOP C.
0 signal: "Braking with nset = 0" requested
1 signal: No request for "braking with nset = 0"
Note
Stopping with external STOP A (pulse cancellation) has a higher priority and
can interrupt an external STOP C (braking at the current limit).
"Braking along a path" can be requested via this SGE.
When ext. STOP D is triggered, the time set via MD 36953/1353 $MA_/
$MD_SAFE_STOP_SWITCH_TIME_D (transition time STOP D to safe
operating stop) is started.
When this time has elapsed the system automatically switches over to SBH.
If a stop request is active, SGA "STOP D is active" is set in the same way as it
would be for an internally triggered STOP D.
0 signal: "Braking along a path" is requested
1 signal: "Braking along a path" not requested
Note
Stopping with an ext. STOP A (pulse cancellation) and ext. STOP C (braking
at the current limit) has a higher priority and can interrupt an ext. STOP D
(braking along a path).
STOP E only produces a different response than STOP D if the user has
configured the ESR function (extended stop and retract) and initiation of the
ESR is programmed depending on $VA_STOPSI or $A_STOPESI. If no ESR is
active, the STOP E behaves like a STOP D. If the ESR configuration is
incorrect however, there is a delay of up to 2 IPO cycles compared to STOP D
until the braking operation is initiated.
After these times have expired, braking is initiated at the current limit.
SGE
De-select ext. STOP C
SGE
De-select ext. STOP D
SGE
De-select ext. STOP E
(SW 6.4.15 and higher)
11.03 3 Safety-Related Functions
3.2 External STOPs
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-83
An external STOP E in contrast to the other external stops, results in Alarm
27020, which can only be acknowledged with a reset. The program cannot be
directly continued, since retraction from the desired contour was executed by
the configured ESR. The reset required must also be considered during the test
stop sequence.
This signal indicates that STOP A/B is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP A/B is not active
1 signal: STOP A/B is active
This signal indicates that STOP C is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP C is not active
1 signal: STOP C is active
This signal indicates that STOP D is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP D is not active
1 signal: STOP D is active
This signal indicates that STOP E is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP E is not active
otherwise: STOP E is active
For SGEs "de-select ext. STOP A", "de-select ext. STOP C", "de-select ext.
STOP D" and "de-select ext. STOP E" the following input bit combinations are
possible:
Table 3-12 Input bit combinations
SGE
De-
selection
ext.
STOP E
De-
selection
ext.
STOP D
De-
selection
ext.
STOP C
De-
selection
ext.
STOP A
Description
x x x 0 "Pulse cancellation" is triggered
x x 0 1 "Brake with nset=0" is triggered
x 0 1 1 "Braking along a path" is triggered
1 1 1 1 External STOPS are not selected
0 1 1 1 "ESR" is initiated
SGA
STOP A/B active
SGA
STOP C active
SGA
STOP D active
SGA
STOP E active
Combinations for
external STOPs
3 Safety-Related Functions 11.03
3.2 External STOPs
© Siemens AG 2003 All Rights Reserved
3-84 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.2.2 Overview of the machine data for the "external STOPs" function
Table 3-13 Overview of machine data for 840D
Number Name
36977 $MA_SAFE_EXT_STOP_INPUT[n]; n = 0 ... 3
n = Associated stop
0 = "De-select ext. STOP A" (pulse cancellation)
1 = "De-select ext. STOP C" (braking along a current limit)
2 = "De-select ext. STOP D" (braking along a path)
3 = "De-select ext. STOP E" (ESR)
36901 $MA_SAFE_FUNCTION_ENABLE (enable safety-relevant functions)
Bit 0: Enable SBH/SG
Bit 3: Enable actual value synchronization
Bit 4: Enable external ESR activation
Bit 6: Enable external STOPs
36990 $MA_SAFE_ACT_STOP_OUTPUT[n]; n = 0 ... 3
n = Associated status (on level 1):
0 = "STOP A/B is active"
1 = "STOP C is active"
2 = "STOP D is active"
3 = "STOP E is active"
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Table 3-14 Overview of machine data for 611 digital
Number Name
1301 $MD_SAFE_FUNCTION_ENABLE (enable safety-relevant functions)
Bit 0: Enable SBH/SG
Bit 3: Enable actual value synchronization
Bit 4: Enable external ESR activation
Bit 6: Enable external STOPs
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 611digital"
Overview of MD
for 840D
Overview of MD
for 611 digital
11.03 3 Safety-Related Functions
3.3 Safe standstill (SH)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-85
3.3 Safe standstill (SH)
The "safe standstill" function is based on the pulse cancellation function
integrated in the drive modules of the SIMODRIVE 611A/D (start inhibit).
References: /PJ1/, Planning Guide SIMODRIVE 611
A second pulse shutdown path has been added to the existing pulse
cancellation function on the SIMODRIVE 611 digital Performance and
Standard 2 closed-loop control.
The safe standstill function safely disconnects the energy feed to the motor in
the event of a fault or in connection with a machine function.
A safe standstill is executed in two channels, i.e. by de-energizing an internal
relay via a signal path of the drive bus on the one hand and by de-energizing
terminal 663 on the drive module on the other. The two-channel checkback
signal is also realized on one hand via the drive bus and on the other hand via
the drive terminals AS1/AS2. From NCU software release 06.03.30, the pulse
enable can also be read-back internally for all control modules. This means that
it is not necessary to read back signals from terminal AS1/AS2.
!
Caution
The machine manufacturer must take all of the appropriate measures to
prevent any motion after the energy feed to the motor has been disconnected
(e.g. to prevent suspended/vertical axes from dropping).
The main features of the safe standstill function are as follows:
• The motor cannot be started unintentionally or by accident
• The energy feed to the motor is safely disconnected
• The motor is not electrically isolated from the drive module
The safe standstill function requires the following SW and HW
(refer to Chapter 2.9, "System prerequisites"):
• 611 digital Performance control module
• 611 digital Standard 2 control module
• High Standard
• High Performance
• Software version with SI
The "safe standstill" function corresponds to an external STOP A. This makes it
possible to explicitly select SH not only via internal events (STOP A with limit
value violation etc.), but also via SGE.
• Safe standstill is activated after STOP A.
• Safe standstill is automatically activated from each monitoring channel (via
single channel) when testing the shutdown paths.
Description
Function features
Prerequisites
Selecting/
de-selecting SH
3 Safety-Related Functions 11.03
3.4 Safe operating stop (SBH)
© Siemens AG 2003 All Rights Reserved
3-86 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
!
Important
After the machine has been powered-up, the "safe standstill" function must
always be tested with Safety Integrated for all axes/spindles by testing the
shutdown path.
3.3.1 Overview of the machine data for the SH function
Table 3-15 Overview of machine data for 840D
Number Name
36956 $MA_SAFE_PULSE_DISABLE_DELAY
36957 $MA_SAFE_PULSE_DIS_CHECK_TIME
36960 $MA_SAFE_STANDSTILL_VELO_TOL
36976 $MA_SAFE_PULSE_STATUS_INPUT
36986 $MA_SAFE_PULSE_ENABLE_OUTPUT
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Table 3-16 Overview of machine data for 611 digital
Number Name
1356 $MD_SAFE_PULSE_DISABLE_DELAY
1357 $MD_SAFE_PULSE_DIS_CHECK_TIME
1360 $MD_SAFE_STANDSTILL_VELO_TOL
Note:
Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital"
3.4 Safe operating stop (SBH)
The purpose of the SBH function is to safely monitor the standstill position of an
axis/spindle operating in the closed-loop position or speed controlled mode.
When SBH is active (SGA "SBH active" = 1), operating personnel can, for
example, enter protected machine areas in the set-up mode without first having
to power-down the machine.
An incremental encoder is sufficient to implement the function. The axis/spindle
is monitored for a change in the actual position value...
The features of the SBH function are as follows:
• The axis remains in closed-loop control
• Parameterizable standstill tolerance window
• Stop response after SBH has responded is STOP B.
The standstill of the axis/spindle is monitored via a standstill tolerance window
that is parameterized using the following machine data:
For 840D MD 36930: $MA_SAFE_STANDSTILL_TOL
For 611 digital MD 1330: $MD_SAFE_STANDSTILL_TOL
Overview of MD
for 840D
Overview of MD
for 611 digital
Description
Function features
Standstill tolerance
11.03 3 Safety-Related Functions
3.4 Safe operating stop (SBH)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-87
Note
The size of the standstill tolerance window should be based on the standard
standstill (zero speed) monitoring limit and should exceed it slightly in either
direction. The standard monitoring functions in the control system are
otherwise rendered ineffective.
Standstill tolerance
Still_01.DS4
==
|v|
s
(Actual value)
Fig. 3-12 Standstill tolerance
The following prerequisites must be fulfilled (refer to Chapter 2.8, "System
requirements"):
• The option and the function enable in the axis-specific machine data must
be present
• The SGEs "SBH/SG de-selection" and "SBH de-selection" must be
supplied in the NCK and drive monitoring channels.
3.4.1 Selecting/de-selecting safe operating stop
The safe operating stop function is selected via the following SGEs:
Table 3-17 Selecting/de-selecting SBH
SGE SGA
SBH/SG
de-selection
SBH
de-selection
SBH
active 1)
Meaning
= 1 x 0 SBH and SG are de-selected
= 0 = 0 1 SBH is selected
= 0 = 1 0 SG is selected (refer to Chapter 3, "Safely-
reduced speed (SG)"),
Note:
840D from SW4.2
x Æ The signal state is as required
1) For SINUMERIK 840D, from SW4.2 onwards, the SG limit value SG2 and SG4 can
be finely graduated using the SG override (refer to Chapter 3.5.6, "Override for safely-
reduced speed". The active SG stage is displayed via SGA "SGA active bit 0" and
"SGA active bit 1".
Prerequisites
Selecting SBH
3 Safety-Related Functions 11.03
3.4 Safe operating stop (SBH)
© Siemens AG 2003 All Rights Reserved
3-88 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
If a "safely-reduced speed" was not active prior to the selection of SBH, any
moving axis/spindle is stopped with STOP B/A.
The actual status of the function is displayed via the SGA "SBH active".
The SGEs and SGAs are described in Chapter 3.9, "Safety-relevant
input/output signals (SGE/SGA)".
When the SG or SE responds (STOP C or D), the drive is switched to the safe
operating stop state internally in the control. In such cases, the external circuit
state of the SGEs (SBH/SG de-selection and SBH de-selection) is ignored and
both are internally set to "0".
The changeover from safely-reduced speed to the safe operating stop is
initiated via the SGE "SBH de-selection". A delay time that is parameterized in
the following machine data is simultaneously started with the changeover to
SBH (signal "SBH de-selection"=0):
For 840D MD 36951: $MA_SAFE_VELO_SWITCH_DELAY
For 611 digital MD 1351: $MD_ SAFE_VELO_SWITCH_DELAY
SBH is activated as soon as the delay time expires.
Note
If the SBH function is selected while an axis/spindle is moving, the machine
manufacturer must initiate the braking process such that the axis/spindle is in
position, i.e. stationary, after the delay time has expired. This can be
performed automatically via the function "setpoint velocity limiting". If the axis
moves out of the standstill tolerance window after the delay has expired, an
alarm is generated (for 840D: 27010, for 611 digital: 300907) and STOP B/A
initiated!
Internal control
request for SBH
Selecting SBH
from SG
11.03 3 Safety-Related Functions
3.4 Safe operating stop (SBH)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-89
SGn
Vact
SGn is active
SBH is active
Braking time
Timer running
SGE "SBH desel."
Delay time
speed switchover
v
t
SG_SBH.DS4
a)
a) Initiation of braking
Fig. 3-13 Timing when selecting SBH from SG
The safe operating stop state can be de-selected with SGE "SBH/SG de-
selection" (="1" signal), resulting in general de-activation of SBH and SG. The
SBH function is also de-selected when the SG function is selected via the SGE
"SBH de-selection".
Note
The delay time must be selected as a function of the distance to the
hazardous location. The speeds to be taken into account in this respect are
stipulated in Standard DIN EN999.
If this SGA is set, then safe operating stop (SBH) is active, i.e. the axis is safely
monitored for zero speed. This signal can be used, for example, to implement
protective door interlocks.
NCK SGA "SBH active" is configured using the following machine data:
For 840D MD 36981: $MA_SAFE_SS_STATUS_OUTPUT
De-selecting SBH
SGA "SBH active"
Configuring
NCK SGAs
3 Safety-Related Functions 11.03
3.4 Safe operating stop (SBH)
© Siemens AG 2003 All Rights Reserved
3-90 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.4.2 Effects when the limit is exceeded for SBH
If the axis/spindle is being monitored (SGA "SBH active" = 1) and leaves, for
example, the standstill tolerance window as the result of an external influence
or an undefined setpoint input, the effects are as follows:
• The axis switches to STOP A/B configured using the following MDs:
For 840D 36956: $MA_SAFE_PULSE_DISABLE_DELAY
for 611 digital 1356: $MD_SAFE_PULSE_DISABLE_DELAY
and
for 840D 36960: $MA_SAFE_STANDSTILL_VELO_TOL
for 611 digital 1360: $MD_SAFE_STANDSTILL_VELO_TOL
• An alarm is generated (for 840D: 27010, for 611 digital: 300907)
The time response of the system is as follows if the limit value is violated when
the safe operating stop function is active:
nc)
t1
t2
STILL_02.DS4
t
t6
t3
t4
t5
Error a)
Tolerance
exceeded b)
Start of stop reaction sequence
t7
==s
Standstill
tolerance
Creep
speed
d)
t8
t9
STOP B STOP A
d) Transition from STOP B
to STOP A (pulse disabling)
not to scale
Fig. 3-14 Timing when the limit value is exceeded with active SBH
Effects
Time response when a
limit value is violated
11.03 3 Safety-Related Functions
3.4 Safe operating stop (SBH)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-91
Table 3-18 Explanations of Fig. 3-14
Time Explanation
t1 Position controller clock cycle defined by the following MDs:
For 840D: MD 10050: $MN_SYSCLOCK_CYCLE_TIME
MD 10060: $MN_POSCTRL_SYSCLOCK_TIME_RATIO
t2 Monitoring clock cycle defined by the following MDs:
For 840D: MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO
For 611 digital: MD1300: $MD_SAFETY_CYCLE_TIME
t3 Time until standstill tolerance value is violated
t4 Time until standstill tolerance value is detected (maximum 1 one monitoring clock cycle)
t5 Response time required to initiate the configured stop response (maximum 2 monitoring clock cycles)
t6 Time until the stop response sequence starts (time = 0, depends on configured stop response, refer to
Chapter 2, "Stop responses")
t7 Time required to reach the shutdown speed with STOP B.
t8 Time required to stop the axis with STOP B.
t9 Time required to stop the axis with STOP A.
Note:
Each axis must be measured during start-up to determine the distance it travels between violation of the limit value
and coming to a standstill.
3.4.3 Overview of the machine data for the SBH function
Table 3-19 Overview of machine data for 840D
Number Name
36901 $MA_SAFE_FUNCTION_ENABLE
36930 $MA_SAFE_STANDSTILL_TOL
36951 $MA_SAFE_VELO_SWITCH_DELAY
36956 $MA_SAFE_PULSE_DISABLE_DELAY
36960 $MA_SAFE_STANDSTILL_VELO_TOL
36970 $MA_SAFE_SVSS_DISABLE_INPUT
36971 $MA_SAFE_SS_DISABLE_INPUT
36980 $MA_SAFE_SVSS_STATUS_OUTPUT
36981 $MA_SAFE_SS_STATUS_OUTPUT (ab SW4.2)
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Table 3-20 Overview of machine data for 611 digital
Number Name
1301 $MD_SAFE_FUNCTION_ENABLE
1330 $MD_SAFE_STANDSTILL_TOL
1351 $MD_SAFE_VELO_SWITCH_DELAY
1356 $MD_SAFE_PULSE_DISABLE_DELAY
1360 $MD_SAFE_STANDSTILL_VELO_TOL
Note:
Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital"
Overview for 840D
Overview of MD
for 611 digital
3 Safety-Related Functions 11.03
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
3-92 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.5 Safely-reduced speed (SG)
The purpose of the SG function is to safely monitor the load-side speed of an
axis or spindle.
The actual speed of the axis/spindle is compared with the speed limit value
selected via SGEs. The speed limit values are defined in the following machine
data.
For 840D MD 36931: $MA_SAFE_VELO_LIMIT[n]
For 611 digital MD 1331: $MD_SAFE_VELO_LIMIT[n]
The speed limit values for SG1, SG2, SG3 or SG4 allow various
applications/operating states on the machine to be monitored. The safely-
reduced speed function can therefore be used to implement protection for the
operating personnel and machine in the setting-up mode or in automatic
operation.
!
Important
The user must be careful to select the correct gear ratio for axes with selector
gearbox.
The features of the SG function are as follows:
• Safe monitoring of load-side speed limit values
• Monitoring limit values are adapted to various operating states (e.g. test,
setting-up, automatic modes)
• Configurable stop response after the SG responds.
The following prerequisites must be fulfilled (refer to Chapter 2.8, "System
requirements"):
• Option and functions must be enabled in the axis-specific machine data
• The SGEs "SBH/SG de-selection" and "SBH de-selection" must be
configured.
The requirements regarding speeds and velocities that are stipulated for
individual processes (e.g. milling, turning, grinding, etc.) vary depending on
standards (e.g. ISO 11161) or activities relating to standards (e.g. CEN
TC 143). As an example, standards could be stipulated for the setting-up mode
as follows:
"Safely-reduced speed" at 2 m/min for feed drives or
50 rev/min for spindle drives or standstill within 2 revolutions.
The machine manufacturer must parameterize SI in such a way as to ensure
full compliance with the EC Machinery Directive. The relevant standards
provide the necessary guidelines.
Quantities that influence the parameterization include, e.g. the drive dynamic
response, the set parameter with its delay times, electrical and mechanical
ratios and all of the mechanical properties and characteristics. The
interrelationships between the drive dynamic response and internal delay times
of SI are shown in Fig. 3-7 "Timing when exceeding the limit value for SG".
Description
Features of the
function
Prerequisites
Specifying velocities
and speeds
11.03 3 Safety-Related Functions
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-93
When SBH/SG is active in a configuration with 1 encoder, the speed is
monitored to ensure that it does not exceeded a maximum encoder limit
frequency. An appropriate alarm is output when the limit is exceeded.
Depending on the number of encoder pulses, the limit values are as follows for
a ratio of e.g. motor : load = 1 : 1:
Table 3-21 Encoder limit frequency and speed
Encoder pulses/rev. Speed at maximum encoder limit frequency
200 kHz 300 kHz 420 kHz
2 048 5.800 rpm 8.700 rpm 12.300 rpm
1 024 11.600 rpm 17.400 rpm 24.600 rpm
512 22.200 rpm 34.800 rpm 49.200 rpm
Note:
1) 840D SW 3.6 and higher
Machine data 36926: $MA_SAFE_ENC_FREQ_LIMIT can be used to set a
limit frequency. The maximum value is 420 kHz, the lower limit and default
value is 300 kHz.
This MD is set-up for each monitoring channel. MD 1326 is effective in the
drive: $MD_SAFE_ENC_FREQ_LIMIT.
The values in this MD are incorporated in the crosswise data comparison of the
monitoring channels.
Note
Changes to this MD may only be made, carefully taking into account the
prevailing conditions.
This functionality is only supported by 611digital Performance 2 control
modules, High Standard and High Performance.
Changing the MD values for an axis with a Standard 2 or Performance 1 control
module results in Alarm 27033 "Axis %1 Defect in a monitoring channel, Code
%2, Values: NCK %3, Drive %4". The 300 kHz limit still applies for these axes.
Limitations
The following secondary conditions/limitations are specified:
1. Cables to be used:
Siemens cable, Order No. [MLFB]: 6FX8002-2CA31-1CA0
2. Maximum permissible encoder cable length: 20 m
3. Encoder characteristics: "-3dB cutoff frequency" greater than or equal to
500 kHz
Examples for encoder used:
ERA 180 with 9000 pulses/rev and ERA 180 with 3600 pulses/rev from
Heidenhain
4. The amplitude monitoring is active up to 420 kHz.
Speed monitoring,
encoder limit
frequency
Parameterizable
encoder limit
frequency
(SW 6.3.30 and higher)
3 Safety-Related Functions 11.03
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
3-94 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.5.1 Selecting/de-selecting the safely-reduced speed
The following SGEs are used to select SG:
Table 3-22 Selecting/de-selecting SG
SGE
SBH/SG
de-selection
SBH
de-selection
Meaning
= 1 x SBH and SG are de-selected
= 0 = 0 SBH is selected
(refer to Chapter 3, "Safe operating stop (SBH)")
= 0 = 1 SG is selected
Note: x Æ Any signal state
Note
The current status of the function is displayed using the SGA "SBH/SG
active" and SGA "SBH active".
Before the SG function is activated, it must be ensured that the speed of the
axis/spindle is lower than the selected speed limit value. If it is higher, an
alarm is generated that causes the drive to be shut down.
The SGEs and SGAs are described in Chapter 3.9, "Safety-relevant
input/output signals (SGE/SGA)".
The maximum permissible speed of an axis/spindle in the setting-up mode is
defined for individual machine types in the C Standards (product standards).
The machine manufacturer is responsible for ensuring that the correct speed
limit value is selected as a function of operating mode and application.
The required speed limit value is selected as follows by combining the following
SGEs:
Table 3-23 Selecting speed limit values for the SGs
SGE
SG selection
Bit 1
SG selection
Bit 0
Meaning
= 0 = 0 Speed limit value for SG1 active
= 0 = 1 Speed limit value for SG2 active1)
= 1 = 0 Speed limit value for SG3 active
= 1 = 1 Speed limit value for SG4 active1)
Note:
1) For SINUMERIK 840D system with SW 4.2 and higher, the SG limit value SG2 and
SG4 can be set in finer steps using the SG override (refer to Chapter 3.5.6, "Override
for safely-reduced speed").
The active SG stage is displayed via SGA "SGA active bit 0" and "SGA active bit 1".
The changeover from a lower to a higher speed limit value takes effect without
delay.
When changing-over from a higher to a lower limit value, then a delay time is
started that is parameterized using the machine data (refer to Fig. 3-6, "Timing
when changing over from a higher to a lower speed limit value).
Selecting SG
Selecting speed limit
values
Changing the speed
limit values
11.03 3 Safety-Related Functions
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-95
For 840D MD 36951: $MA_SAFE_VELO_SWITCH_DELAY
For 611 digital MD 1351: $MD_SAFE_VELO_SWITCH_DELAY
The axis/spindle must be braked sufficiently during the delay time so that it has
reached the reduced speed that is below the new limit value when the delay
time expires. However, if the actual speed is higher than the new limit value
when the time has expired, an appropriate alarm is output with the configurable
stop response.
SG1
V1
SG2
V2
SGEs for SG1
SGEs for SG2
SG1 is active SG2 is active
Braking time
Timer running SGH_SGN.DS4
v
t
Delay time
speed switchover
a) Initiation of braking
Fig. 3-15 Timing when changing-over from a higher to a lower speed limit value
The SG function can be de-selected at any speed by activating the SGE
"SBH/SG de-selection".
!
Warning
The delay time must be selected as a function of the distance to the
hazardous location. The speeds to be taken into account (speeds at which
hands/arms are moved for arranging protective equipment) are stipulated in
Safety Standard DIN EN999.
De-selecting SG
3 Safety-Related Functions 11.03
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
3-96 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.5.2 Limiting the setpoint speed
In order to limit the setpoint speed as a function of the active safety monitoring,
MD 36933: $MA_SAFE_DES_VELO_LIMIT is specified. This machine data is
not included in the axial checksum MD 36998: $MA_SAFE_ACT_CHECKSUM,
so that changes can be made to the MD for the acceptance test without having
to change the checksum again.
MD = 0%: Setpoint limiting not active
MD > 0%: Setpoint limiting = active SG limit multiplied by MD value
For SBH setpoint limit = 0
MD = 100%: Setpoint limiting = active SG limit
For SBH setpoint limit = 0
• The function is effective in one channel in the NCK interpolator. The safety
monitoring channel provides a limit value which corresponds to the
selected safety monitoring type.
• The function influences both axes and spindles.
• The active setpoint limit can be viewed in the safety service display:
Display value = -1. corresponds to "setpoint limiting not active"
Display value >= 0. corresponds to "setpoint limiting active"
• The setpoint limit is changed over when the SGEs are changed over:
SGE "SBH/SG de-selection"
SGE "SBH de-selection"
SGEs "Active SG stage, bit 0, 1"
SGEs "SG override, bit 0, 1, 2, 3"
Beyond that, internal changeover operations in SBH take effect as the
result of a stop response (stop D, C, E)
• When a changeover is made via SGEs, the states of both monitoring
channels are viewed to take into account differences in the times. This
results in the following rules:
1. Changing-over from non-safe operation in SG/SBH
There is no delay (VELO_SWITCH_DELAY), so that this changeover
must always be performed at zero speed or below the defined SG
limit.
2. Changing-over from SGx to SGy
a) SGx > SGy (braking): A lower setpoint is entered as soon as
changeover is detected in one of the two channels.
B) SGx < Sgy (acceleration): A higher setpoint is only entered if both
channels have changed over.
3. Changing-over from SG to SBH (braking)
A lower setpoint (= 0) is entered as soon as the changeover has been
detected in one of the two channels.
4. Changing-over from SBH to SG (acceleration)
A higher setpoint is only entered if both channels have changed over.
5. Changing over from SBH/SG into non-safe operation (acceleration)
A higher setpoint is only entered if both channels have changed over.
11.03 3 Safety-Related Functions
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-97
• Effect of the function in the NCK interpolator:
- Setpoint limiting is active in both AUTO and JOG modes.
- When changing over when traversing/moving to higher safely-reduced
speeds, the position control loop should be set so that it does not
overshoot, so that a sudden setpoint limit change does not cause
the monitoring to respond on the actual value side.
- When transformation is active, safety setpoint limits, axially effective in
the interpolator are reduced by the transformation itself depending
on the actual position.
Note
There are no restrictions for motion from synchronous actions.
3.5.3 Safely-reduced speed when using selector gearboxes
The following points must be noted for spindles with selector gearboxes.
• When a 1-encoder system is used, gear ratios (gear stage selection) must
be selected via two channels (refer to Chapter 3, "Example of application
for safe sensing of gear ratios").
• The user agreement (if set) is canceled during a gear change and the SGA
"axis safely referenced" set to "0". When the gearbox stage is selected via
PLC and/or by selecting a new ratio, a gear shift is detected using SGEs.
• The spindle must be re-synchronized after a gear change.
• The user must bring the spindle into the "axis safely referenced" state if the
"safe cams" function is used.
• The value for the actual value comparison tolerance (crosswise) must be
set higher than the oscillation actual value when in the oscillation mode.
For 840D MD 36942: $MA_SAFE_POS_TOL
For 611 digital MD 1342: $MD_SAFE_POS_TOL
• When changing over from a high to a lower speed limit value, a delay timer
is started. While this timer is running, the speed is monitored for violation of
the last valid speed limit value. When changing-over from a low to a high
speed limit value, the higher limit becomes effective immediately.
Using selector
gearboxes
3 Safety-Related Functions 11.03
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
3-98 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
Changing the gear ratio, parking an axis or making changes to the mounted
equipment (e.g. replacing an encoder or motor) means decoupling the load
and encoder. This cannot be detected by the NC and drive. The "axis safely
referenced" state is then lost.
The user is responsible for ensuring that the axis is returned to the "axis
safely referenced" state if the functions "safe software limit switch" or "safe
cams" are used.
3.5.4 Effects when the limit value is exceeded for SG
When the selected speed limit is violated, a stop response configured in the
following machine data is generated:
MD 36961: $MA_SAFE_VELO_STOP_MODE
MD 36963: $MA_SAFE_VELO_STOP_REACTION[n]
For 611 digital MD 1361: $MD_SAFE_VELO_STOP_MODE
MD 1363: $MD_SAFE_VELO_STOP_REACTION[n]
Note
• An alarm is displayed (for 840D: 27011, for 611 digital: 300914). After the
cause of the error has been eliminated, the alarm can be acknowledged
with RESET. The monitoring function is then active again.
• Depending on the selected monitoring clock cycle, the dynamic drives
may cause a brief increase in speed on the monitored axis/spindle before
the stop response sequence commences.
• In traversing modes which use a transformation with singularity points
(e.g. 5-axis transformation and TRANSMIT), relatively high axial speeds
occur at these points. These speeds can initiate stop responses even
though the Cartesian motion of the tool center point (TCP) is below the
selected speed limit value.
The monitoring functions provided by SI are basically axis-specific. This
means that it is not possible to monitor the TCP directly.
When the safely-reduced speed function is active, then the timing is as follows
when the limit value is violated:
Configurable stop
response
Timing when the limit
value is violated
11.03 3 Safety-Related Functions
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-99
n
nact a)
b)
c)
t1
t2
SG_03.DS4
SG
t
t6
t3
t4
t5
Error
Limit value
exceeded
Commencement
of stop reaction
t7
not to scale
Fig. 3-16 Timing when the limit value is exceeded with active SG
Table 3-24 Explanations of the Fig.
Time Explanation
t1 Position control clock cycle defined by the following MDs:
MD 10050: $MN_SYSCLOCK_CYCLE_TIME
MD 10060: $MN_POSCTRL_SYSCLOCK_TIME_RATIO
t2 Monitoring clock cycle defined by the following MDs:
MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO
For 611 digital: MD1300: $MD_SAFETY_CYCLE_TIME
t3 Time between an error occurring and a limit value being violated
t4 Time until the violation of a limit value is detected (maximum 1.5 monitoring clock cycles)
t5 Response time required to initiate the configured stop response (maximum 2.5 monitoring clock cycles)
t6 Time until the stop response sequence starts (time = 0, depends on configured stop response, refer to
Chapter 2, "Stop responses")
t7 Time required to bring the axis to standstill.
This time period and thus the residual distance traveled by the axis is determined by the axis design (motor,
mass, friction, ...) and the configured stop response (STOP C is faster than STOP D).
Note:
Each axis must be measured during start-up to determine the distance it travels between violation of the limit value
and coming to a standstill.
3.5.5 SG-specific stop responses
Using the configurable SG-specific stop response, a suitable braking behavior
can be set for every SG stage in-line with the application when the particular
speed limit value is exceeded.
Example of possible setting:
Level SG2 is active with configured stop response STOP C in the setting-up
mode and level SG4 is active with configured stop response STOP D in the
automatic mode.
The function is active whenever MD 36961/1361:
$MA_/$MD_SAFE_VELO_STOP_MODE = 5.
Configurable
SG-specific stop
responses
Activating
3 Safety-Related Functions 11.03
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
3-100 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
SG-specific stop responses can be set using the following machine data:
For 840D MD 36963: $MA_SAFE_VELO_STOP_REACTION[n]
(SG-specific stop response)
For 611 digital MD 1363: $MD_SAFE_VELO_STOP_REACTION[n]
3.5.6 Override for safely-reduced speed
Using SGEs it is possible to specify 16 SG override stages for the limit values
of safely-reduced speeds 2 and 4. This allows the limit values for SG2 and SG4
to be monitored in finer steps.
An override stage can be assigned factors of between 1 and 100% using the
following machine data:
For 840D MD 36932: $MA_SAFE_VELO_OVR_FACTOR[n]
(override factor safely-reduced speed)
For 611 digital MD 1332: $MD_SAFE_VELO_OVR_FACTOR[n]
For grinding applications, the limit value for the safely-reduced speed can be
adjusted to the variations in the grinding wheel peripheral speed by means of
the SG override.
The following prerequisites must be fulfilled before the function can be used:
• Function is enabled via MD 36901(MD 1301):
$MA($MD)_SAFE_FUNCTION_ENABLE, bit 5
• The "SBH/SG" monitoring function is enabled
• The required SGEs "SG override selection, bits 3, 2, 1, 0" are fully or
partially configured
• SG override factors have been set in the corresponding machine data
• Safely-reduced speed 2 or 4 is activated.
SG override values are changed over subject to the same conditions as those
applied to speed limit values.
Table 3-25 Changing over SG override values
Changeover Description
from lower to higher Instantaneous
from higher to lower A delay timer parameterized in MD 36951/MD 1351 is
started. The axis/spindle must be braked within this delay
time.
Note: Refer to Chapter 3.5.1, "Selection/de-selection of safely-reduced speed"
Note
Changing between SGEs "SG override selection, bits 3, 2, 1, 0" continuously
and quickly may initiate STOP F.
Setting the
configurable
SG-specific stop
responses
General
Application
Activating
Changing-over
between SG overrides
11.03 3 Safety-Related Functions
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-101
The active speed limit value (SG 1, 2, 3 or 4) is selected via SGEs "SG
selection bits 1 and 0". The desired override is selected by combining SGEs
"Override selection bits 3, 2, 1 and 0". The override is only valid for the speed
limit value for SG2 and SG4.
Table 3-26 Selecting SG override values for safely-reduced speeds
SGE
SG
Selection
Bit 1
SG
Selection
Bit0
SG
Override
Selection
Bit 3
SG
Override
Selection
Bit 2
SG
Override
Selection
Bit 1
SG
Override
Selection
Bit 0
Meaning
= 0 = 0 x x x x Speed limit value for SG1 active
= 0 = 1 = 0 = 0 = 0 = 0 Speed limit value for SG2 active
with override 0
- " - = 0 = 0 = 0 = 1 ... with override 1
- " - = 0 = 0 = 1 = 0 ... with override 2
- " - = 0 = 0 = 1 = 1 ... with override 3
- " - = 0 = 1 = 0 = 0 ... with override 4
- " - = 0 = 1 = 0 = 1 ... with override 5
- " - = 0 = 1 = 1 = 0 ... with override 6
- " - = 0 = 1 = 1 = 1 ... with override 7
- " - = 1 = 0 = 0 = 0 ... with override 8
- " - = 1 = 0 = 0 = 1 ... with override 9
- " - = 1 = 0 = 1 = 0 ... with override 10
- " - = 1 = 0 = 1 = 1 ... with override 11
- " - = 1 = 1 = 0 = 0 ... with override 12
- " - = 1 = 1 = 0 = 1 ... with override 13
- " - = 1 = 1 = 1 = 0 ... with override 14
- " - = 1 = 1 = 1 = 1 ... with override 15
= 1 = 0 x x x x Speed limit value for SG3 active
= 1 = 1 = 0 = 0 = 0 = 0 Speed limit value for SG4 active
with override 0
- " - = 0 = 0 = 0 = 1 ... with override 1
- " - = 0 = 0 = 1 = 0 ... with override 2
- " - = 0 = 0 = 1 = 1 ... with override 3
- " - = 0 = 1 = 0 = 0 ... with override 4
- " - = 0 = 1 = 0 = 1 ... with override 5
- " - = 0 = 1 = 1 = 0 ... with override 6
- " - = 0 = 1 = 1 = 1 ... with override 7
- " - = 1 = 0 = 0 = 0 ... with override 8
- " - = 1 = 0 = 0 = 1 ... with override 9
- " - = 1 = 0 = 1 = 0 ... with override 10
- " - = 1 = 0 = 1 = 1 ... with override 11
- " - = 1 = 1 = 0 = 0 ... with override 12
- " - = 1 = 1 = 0 = 1 ... with override 13
- " - = 1 = 1 = 1 = 0 ... with override 14
- " - = 1 = 1 = 1 = 1 ... with override 15
x: Signal status is optional since override values are not effective for SG1 and SG3
NCK SGEs (override selection bits 3, 2, 1, 0) are configured using the following
machine data:
Selecting SG
overrides
Configuring
NCK SGEs
3 Safety-Related Functions 11.03
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
3-102 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
For 840D MD 36978: $MA_SAFE_OVR_INPUT[n]
(input assignment for override selection)
The SG override factors themselves (percentage values) are defined via the
following machine data:
For 840D MD 36932: $MA_SAFE_VELO_OVR_FACTOR[n]
(override factor safely-reduced speed)
For 611 digital MD 1332: $MD_SAFE_VELO_OVR_FACTOR[n]
3.5.7 Example: Override for safely-reduced speed
When safely-reduced speeds are selected, the speed limit values must be set
as follows.
Table 3-27 Example of how override values are used for safely-reduced speed
SGE SG selection SGE override selection Effective speed limit value
Bit 1 Bit 0 Bit 3 Bit 2 Bit 1 Bit 0 Assumptions for the
example
0 0 x x x x Limit value 1 1000 mm/min
0 1 0 0 0 0 Limit value 2 with override 0 100 % = 2000 mm/min
- " - 0 0 0 1 Limit value 2 with override 1 80 % = 1600 mm/min
- " - 0 0 1 0 Limit value 2 with override 2 50 % = 1000 mm/min
- " - 0 0 1 1 Limit value 2 with override 3 30 % = 600 mm/min
1 0 x x x x Limit value 3 4000 mm/min
1 1 0 0 0 0 Limit value 4 with override 0 100 % = 5000 mm/min
- " - 0 0 0 1 Limit value 4 with override 1 80 % = 4000 mm/min
- " - 0 0 1 0 Limit value 4 with override 2 50 % = 2500 mm/min
- " - 0 0 1 1 Limit value 4 with override 3 30 % = 1500 mm/min
Notes:
x: Signal status is optional since override values are not effective for SG1 and SG3
SGEs "SG override selection bits 3 and 2" are not needed to select an SG override, i.e. they do not need to be
configured (they are set to "0" internally).
• The example applies to the 1st axis on a SINUMERIK 840D/
SIMODRIVE 611 digital.
• Definition of SGEs in the NCK monitoring channel
Logical slot for the terminal block: 6
Slot number of sub-module for SGEs: 4
I/O number for signal "SG selection bit 1": 2
I/O number for signal "SG selection bit 0": 1
I/O number for signal "override selection bit 1": 4
I/O number for signal "override selection bit 0": 3
Defining SG
override factors
Task assignment
Assumptions for the
example
11.03 3 Safety-Related Functions
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-103
Table 3-28 Supplying MDs for SGEs
For 840D For 611 digital
Limit value MD number Value MD number Value
SG1 36931[0] 1000 1331[0] 1000
SG2 36931[1] 2000 1331[1] 2000
SG3 36931[2] 4000 1331[2] 4000
SG4 36931[3] 5000 1331[3] 5000
Table 3-29 Supplying MDs for SGEs
Signal Assignment
SGE MD number Value Remarks
SG select, bit 1 36972[1] 01 06 04 02
SG select, bit 0 36972[0] 01 06 04 01
SG override selection bit 3 36978[3] 00 00 00 00 Not configured
SG override selection bit 2 36978[2] 00 00 00 00 Not configured
SG override selection bit 1 36978[1] 01 06 04 04
SG override selection bit 0 36978[0] 01 06 04 03
Table 3-30 Supplying MDs for override values
Override For 840D For 611 digital
MD number Value MD number Value
0 36932[0] 100 1332[0] 100
1 36932[1] 80 1332[1] 80
2 36932[2] 50 1332[2] 50
3 36932[3] 30 1332[3] 30
3.5.8 Application examples for SG
Please refer to Chapter 7, "Configuring example" for an example of safely-
reduced speed.
3.5.9 Examples for safe input of ratios
The gear ratio (encoder/load) must be safely sensed on a spindle with a four-
stage gearbox.
Two examples are given, one with a
2-encoder system (ex. 1, refer to Fig. 3-13 Spindle with a 2-encoder system)
and one with a
1-encoder system (ex. 2, refer to Fig 3-14 Spindle with a 1-encoder system).
Example 1: Spindle with a 2-encoder system
The two channels are monitored by comparing the speed sensed by the second
encoder with the speed of the motor encoder, taking the gear ratio into account.
The ratio selection does not have to be safely monitored and only has to
involve one channel.
• The gear stage is selected from an NC program with an H function via the
PLC user program.
Defining machine data
Task assignment
Assumptions for
example 1
3 Safety-Related Functions 11.03
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
3-104 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
• The second encoder system is connected to the "direct measuring system"
input on the 611 digital closed-loop control module.
• Enabled SI function SBH/SG.
• If the safety functions SE and SN are used for the spindles, gear stage
changeover must also be activated on the NCK channel (request signals
E1/E2, refer to Fig. 3-13). This is done to ensure that both channels
receive the status "axis not safely referenced" as a result of the gear
change.
The machine data assignment for the input assignment gear ratio selection
(bits 0, 1, 2) for the NCK are described in Chapter 4, "Machine data for
SINUMERIK 840D".
• The PLC SGEs for selecting gear ratios are described in
Chapter 4.3, "Interface signals".
• The example should be applicable for the 1st drive.
• The motor encoder system is parameterized in the drive machine data.
The second encoder system is parameterized in the NCK machine data of
the control system.
Table 3-31 Overview of encoder data for 840D
Number Name
36910 $MA_SAFE_ENC_SEGMENT_NR
36911 $MA_SAFE_ENC_MODULE_NR
36912 $MA_SAFE_ENC_INPUT_NR
36915 $MA_SAFE_ENC_TYPE
36916 $MA_SAFE_ENC_IS_LINEAR
36917 $MA_SAFE_ENC_GRID_POINT_DIST
36918 $MA_SAFE_ENC_RESOL
36920 $MA_SAFE_ENC_GEAR_PITCH
36921 $MA_SAFE_ENC_GEAR_DENOM[n]
36922 $MA_SAFE_ENC_GEAR_NUMERA[n]
36925 $MA_SAFE_ENC_POLARITY
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Table 3-32 Overview of encoder data for 611 digital
Number Name
1316 $MD_SAFE_ENC_CONFIG
1317 $MI_SAFE_ENC_GRID_POINT_DIST
1318 $MI_SAFE_ENC_RESOL
1320 $MI_SAFE_ENC_GEAR_PITCH
1321 $MI_SAFE_ENC_GEAR_DENOM[n]
1322 $MI_SAFE_ENC_GEAR_NUMERA[n]
Note:
Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital"
• The tolerance for the actual value comparison of the two encoders is
defined in the following machine data:
For 840D MD 36942: $MA_SAFE_POS_TOL
For 611 digital MD 1342: $MD_SAFE_POS_TOL
11.03 3 Safety-Related Functions
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-105
Note
The SGEs/SGAs used in the NCK monitoring channel only have to be
assigned by the machine manufacturer in the drive monitoring channel as the
NCK monitoring system is directly mounted. This means that SGEs can be
supplied through one channel when changing the gear ratio (no safety risk).
An exception is the use of SN/SE (see above).
Gear stage selection for Safety Integrated is not part of the crosswise data
comparison between the two channels.
NCK
HW
I/O
NCK
monitoring channel
SBH/SG
SE
SN
per axis/spindle
...
...
SBH/SG
SE
SN
per axis/spindle
PLC
HW
I/O
Drive
monitoring channel
Monitoring
comparators
Monitoring
comparators
O
I
...
...
...
...
...
I
...
...
...
...
O
I/O
images
I/O
images
SG_02.DSF
Pro-
cessing
...
SGE
SGA
Bit 0
Bit 1
Bit 2
Bit 0
Bit 1
Bit 2
PLC
user
program
Result and data
cross-check
1PH6 motor ...
Encoder 1 Gearbox
I1 I2 O1 O2
Spindle
IMS
SGE
SGA
NC
H function
Fig. 3-17 Spindle with 2-encoder system
Table 3-33 Assignment between active gear stage/gear ratio selection
Selection and checkback of
active gear stage
Assignment between ratio
selection for NCK and
PLC/drive
Spindle motor/
load
SGE gear ratio selection
Gear
stage
E1 E2 A1 A2 Bit 2 Bit 1 Bit 0
1 0 0 0 0 0 0 0 4 : 1
2 0 1 0 1 0 0 1 2,5 : 1
3 1 0 1 0 0 1 0 1,6 : 1
4 1 1 1 1 0 1 1 1 : 1
3 Safety-Related Functions 11.03
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
3-106 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Table3-34 Entering gear ratios into machine data
Stage 840D 611 digital
MD No. Value MD No. Value
Denominator 1 36921[0] 1 1321.0 250
of 2
36921[1] 1 1321.1 400
gearbox 3 36921[2] 1 1321.2 625
encoder/load 4 36921[3] 1 1321.3 1000
Numerator 1 36922[0] 1 1322.0 1000
of 2
36922[1] 1 1322.1 1000
gearbox 3 36922[2] 1 1322.2 1000
encoder/load 4 36922[3] 1 1322.3 1000
Note
For SE/SN, the gear stage must also be changed-over on the NCK side. In
this case, the gear must be changed-over at zero speed or the actual value
synchronization function used.
Note
In the circuit above (Fig. 3-13), the request signals E1/E2 for gear change for
the PLC and drive are supplied from the gear signal.
For SE/SN, the gear stage must also be changed-over on the NCK side.
Because only the pulses of the motor measuring system - and not those of
the direct measuring system - are counted during motion of a motor while
decoupled, this may result in an offset of the SI actual values. As this cannot
be avoided, gear stage changeover without errors is only possible under the
following conditions:
1. The gear stage is selected at zero speed, the time delay does not cause
an offset of the two SI values.
The gear stage is selected when the motor is moving (e.g. oscillating), i.e. the
motor is moving although this cannot be detected at the direct measuring
system. In this case, the following measures can be performed to avoid
errors.
a) MD 36942/or MD 1342 SAFE_POS_TOL must be parameterized as
necessary and re-synchronization of the spindle (<axis DB>.DBX 16.6 or DBX
16.7: active measuring system) must be triggered after gear changeover (if
this has not already been done) to re-align the SI actual values
b) The actual value synchronization function must be used
Example 2: Spindle with a 1-encoder system
• The gear stage is selected from an NC program with an H function via the
PLC user program.
• Gear ratios are selected through 2 channels.
• The encoder system is connected to the "direct measuring system" input
on the 611 digital closed-loop control module.
• The machine data for the "input assignment gear ratio selection (bits 0,
1, 2)" for the NCK are described in
Chapter 4, "Machine data for SINUMERIK 840D".
Assumptions for
example 2
11.03 3 Safety-Related Functions
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-107
• The PLC SGEs for selecting gear ratios are described in
Chapter 4.3, "Interface signals".
• The motor encoder system is parameterized the same in the drive machine
data and in the NCK machine data.
• The example should be applicable for the 1st drive.
• Enabled SI function SBH/SG.
Table 3-35 Encoder data overview for 840D
Number Name
36910 $MA_SAFE_ENC_SEGMENT_NR
36911 $MA_SAFE_ENC_MODULE_NR
36912 $MA_SAFE_ENC_INPUT_NR
36915 $MA_SAFE_ENC_TYPE
36916 $MA_SAFE_ENC_IS_LINEAR
36917 $MA_SAFE_ENC_GRID_POINT_DIST
36918 $MA_SAFE_ENC_RESOL
36920 $MA_SAFE_ENC_GEAR_PITCH
36921 $MA_SAFE_ENC_GEAR_DENOM[n]
36922 $MA_SAFE_ENC_GEAR_NUMERA[n]
36925 $MA_SAFE_ENC_POLARITY
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Table3-36 Encoder data overview for 611 digital
Number Name
1316 $MD_SAFE_ENC_CONFIG
1317 $MI_SAFE_ENC_GRID_POINT_DIST
1318 $MI_SAFE_ENC_RESOL
1320 $MI_SAFE_ENC_GEAR_PITCH
1321 $MI_SAFE_ENC_GEAR_DENOM[n]
1322 $MI_SAFE_ENC_GEAR_NUMERA[n]
Note:
Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital"
• Definition of SGEs/SGAs in the NCK monitoring channel
– for 840D
Logical slot for the terminal block: 5
Slot number of the sub-module for SGEs: 3
I/O number for the signal "gear ratio selection bit 0": 1
I/O number for the signal "gear ratio selection bit 1": 2
Note
The SGEs/SGAs used in the NCK monitoring channel must also be supplied
by the machine manufacturer in the drive monitoring channel.
Parameter set changes via SGEs must be coupled to a parameter set change
in the NC.
3 Safety-Related Functions 11.03
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
3-108 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
NCK
HW
I/O
NCK
monitoring channel
SBH/SG
SE
SN
per axis/spindle
...
...
SBH/SG
SE
SN
per axis/spindle
PLC
HW
I/O
Drive
monitoring channel
Monitoring
comparators
Monitoring
comparators
O
I
...
...
...
...
...
I
...
...
...
...
O
I7O
images
I/O
images
Pro-
cessing
...
SGE
SGA
Bit 0
Bit 1
Bit 2
Bit 0
Bit 1
Bit 2
PLC
user
program
Result and data
cross-check
1PHxx...
Gearbox
I1 I2 O1 O2
Spindle
SGE
SGA
NC
H function
SG_02.DSF
Fig. 3-18 Spindle with 1-encoder system
Note
The above circuit (Fig. 3-16) triggers the request signals E1/E2 for gear stage
switchover for the NCK/PLC and drive simultaneously. There is usually a
delay in the internal gear stage selection because of the different processing
speeds of the two channels (due to the PLC cycle time, the NCK usually
detects the signal change earlier than the PLC). As this cannot be avoided,
gear stage changeover without errors is only possible under the following
conditions:
1. The gear stage is selected at zero speed, the time delay does not cause
an offset of the two SI values.
The gear stage is selected when the motor is moving (e.g. oscillating), i.e. the
time delay also cause an offset of the SI values. In this case, the following
measures are possible:
MD 36942 / or MD 1342 SAFE_POS_TOL must be parameterized as
necessary and resynchronization of the spindle (<axis DB>.DBX 16.6: active
measuring system) must be triggered after gear changeover (if this has not
already been done) to re-align the SI actual values.
11.03 3 Safety-Related Functions
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-109
Table 3-37 Assignment between active gear stage/gear ratio selection
Selection and checkback of
active gear stage
Assignment between ratio
selection for NCK and
PLC/drive
Spindle
motor/
load
SGE gear ratio selection
Gear
stage
E1 E2 A1 A2 Bit 2 Bit 1 Bit 0
1 0 0 0 0 0 0 0 4 : 1
2 0 1 0 1 0 0 1 2,5 : 1
3 1 0 1 0 0 1 0 1,6 : 1
4 1 1 1 1 0 1 1 1 : 1
• Input assignment of gear ratio selection
Table 3-38 Supplying the machine data for the SGEs for 840D
Signal Assignment
SGE/SGA Name MD No. Value
SGE Gear ratio selection, bit 0 36974[0] 01 05 03 01
SGE Gear ratio selection, bit 1 36974[1] 01 05 03 02
Table 3-39 Entering gear ratios into machine data
Setting 840D 611 digital
MD No. Value MD No. Value
Denominator 1 36921[0] 10 1321.0 10
of 2
36921[1] 10 1321.1 10
gearbox 3 36921[2] 10 1321.2 10
encoder/load 4 36921[3] 10 1321.3 10
Numerator 1 36922[0] 40 1322.0 40
of 2
36922[1] 25 1322.1 25
gearbox 3 36922[2] 16 1322.2 16
encoder/load 4 36922[3] 10 1322.3 10
3 Safety-Related Functions 11.03
3.5 Safely-reduced speed (SG)
© Siemens AG 2003 All Rights Reserved
3-110 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.5.10 Overview of the machine data for the function SG
Table 3-40 Overview of machine data for 840D
Number Name
36901 $MA_SAFE_FUNCTION_ENABLE
36921 $MA_SAFE_ENC_GEAR_DENOM[n]
36910 $MA_SAFE_ENC_SEGMENT_NR
36911 $MA_SAFE_ENC_MODULE_NR
36912 $MA_SAFE_ENC_INPUT_NR
36915 $MA_SAFE_ENC_TYPE
36916 $MA_SAFE_ENC_IS_LINEAR
36917 $MA_SAFE_ENC_GRID_POINT_DIST
36918 $MA_SAFE_ENC_RESOL
36920 $MA_SAFE_ENC_GEAR_PITCH
36921 $MA_SAFE_ENC_GEAR_DENOM[n]
36922 $MA_SAFE_GEAR_NUMERA[n]
36925 $MA_SAFE_ENC_POLARITY
36931 $MA_SAFE_VELO_LIMIT[n]
36932 $MA_SAFE_VELO_OVR_FACTOR[n]
36933 $MA_SAFE_DES_VELO_LIMIT
36951 $MA_SAFE_VELO_SWITCH_DELAY
36961 $MA_SAFE_VELO_STOP_MODE
36963 $MA_SAFE_VELO_STOP_REACTION[n] (SW4.2 and higher)
36970 $MA_SAFE_SVSS_DISABLE_INPUT
36972 $MA_SAFE VELO_SELECT_INPUT[n]
36974 $MA_SAFE_GEAR_SELECT_INPUT[n]
36980 $MA_SAFE_SVSS_STATUS_OUTPUT
36982 $MA_SAFE_VELO_STATUS_OUTPUT [n] (SW 4.2 and higher)
Table 3-41 Overview of machine data for 611 digital
Number Name
1301 $MD_SAFE_FUNCTION_ENABLE
1316 $MD_SAFE_ENC_CONFIG
1317 $MD_SAFE_ENC_GRID_POINT_DIST
1318 $MD_SAFE_ENC_RESOL
1320 $MD_SAFE_ENC_GEAR_PITCH
1321 $MD_SAFE_ENC_GEAR_DENOM[n]
1322 $MD_SAFE_ENC_GEAR_NUMERA[n]
1331 $MD_SAFE_VELO_LIMIT[n]
1332 $MD_SAFE_VELO_OVR_FACTOR[n]
1351 $MD_SAFE_VELO_SWITCH_DELAY
1361 $MD_SAFE_VELO_STOP_MODE
1363 $MD_SAFE_VELO_STOP_REACTION[n] (840D ab SW4.2)
Note:
Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital"
Overview of MD
for 840D
Overview of MD
for 611 digital
11.03 3 Safety-Related Functions
3.6 Safe software limit switches (SE)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-111
3.6 Safe software limit switches (SE)
The "safe software limit switch" (SE) can be used to implement protective
functions for operating personnel and machinery or limiting the working
zone/protective zone for specific axes. For example, this function can replace
hardware limit switches.
Two safe software limit switches (SE1 and SE2) are available for each axis.
If the "SE" function is active, limit switch position pair SE1 or SE2 can be
selected as a function of SGE "SE selection".
The position limit values for limit switch position pairs 1 and 2 are defined in the
following machine data:
For 840D MD 36934: $MA_SAFE_POS_LIMIT_PLUS[n]
MD 36935: $MA_SAFE_POS_LIMIT_MINUS[n]
For 611 digital MD 1334: $MD_SAFE_POS_LIMIT_PLU[n]
MD 1335: $MD_SAFE_POS_LIMIT_MINUS[n]
Note
The upper and lower position limit values must be selected so that when the
axis is traversing in this direction the software limit switches that are used as
standard are first reached.
The most important features include:
Safe definition and evaluation of software limit switches as a software function
Configurable stop response when software limit switches are actuated
The stop response is implemented internally in the software (and is therefore
faster than a hardware limit switch response) when software limit switches are
passed (actuated).
The "safe software limit switch" function is dependent on the following
prerequisites being fulfilled (refer to Chapter 2.8, "System prerequisites"):
• The "safe software limit switch" function must be enabled
• The axis/axes must have been safely referenced (user agreement)
• SGE "SE selection" must be provided (configured) in both channels.
!
Warning
The "safe software limit switches" are only effective if the user agreement has
been given.
Description
Defining upper and
lower limit values
Function features
Prerequisites
3 Safety-Related Functions 11.03
3.6 Safe software limit switches (SE)
© Siemens AG 2003 All Rights Reserved
3-112 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.6.1 Effects when an SE responds
!
Warning
The SE function does not predictively monitor the SW limit switches, i.e. the
axis stops after passing the limit position. The distance traveled after the SE
is dependent on
how the function is parameterized (monitoring clock cycle, stop response...),
the current traversing speed and
the design of the axis.
When an axis passes a "safe software limit switch", a stop response configured
in the following machine data is generated:
For 840D MD 36962: $MA_SAFE_POS_STOP_MODE
For 611 digital MD 1362: $MD_SAFE_POS_STOP_MODE
The user can select either STOP C, D or STOP E.
• The configured stop response is initiated.
• The relevant alarm is displayed.
• Traverse the axis to a position in which the monitoring does not respond
(refer to Description of Alarm "safe software limit switch passed" in
Chapter 6, "Alarms"). The "user agreement" must be canceled (SE is then
de-activated)
or
change over to the other "safe software limit switches".
• Acknowledge the error message according to the configured stop response
(refer to Chapter 2, "Safe response via shutdown paths and STOPs")
If the "safe software limit switch" function is active, the system timing is as
follows when the limit position is passed:
Configurable stop
responses
Effect
Acknowledging and
moving away
Timing when "safe
software limit switch"
is actuated
11.03 3 Safety-Related Functions
3.6 Safe software limit switches (SE)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-113
n
nact
a) Axis crosses limit position
SE_01.DSF
t
t6
t3
t4
t2
t1
t5not to scale
Fig. 3-19 Timing when the software limit switch is passed
Table 3-42 Explanations of the diagram
Time Explanation
t1 Position control clock cycle defined by the following MDs:
For 840D: MD 10050: $MN_SYSCLOCK_CYCLE_TIME
MD 10060: $MN_POSCTRL_SYSCLOCK_TIME_RATIO
t2 Monitoring clock cycle defined by the following MDs:
For 840D: MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO
For 611 digital: MD1300: $MD_SAFETY_CYCLE_TIME
t3 Time until passing limit position is detected (maximum 1 monitoring clock cycle)
t4 Delay until the configured stop response is output (maximum 2 monitoring clock cycles)
t5 Delay until the configured stop response takes effect (time = 0, depends on the configured stop response,
refer to Chapter 2, "Stop responses")
t6 Time required to bring the axis to standstill.
This time period and thus the residual distance traveled by the axis is determined by the axis design
(motor, mass, friction, ...) and the configured stop response (STOP C is faster than STOP D).
Note:
Each axis must be measured during commissioning to determine the distance it travels between the limit value being
violated and it coming to a standstill.
3 Safety-Related Functions 11.03
3.6 Safe software limit switches (SE)
© Siemens AG 2003 All Rights Reserved
3-114 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.6.2 Overview of the machine data for the SE function
Table 3-43 Overview of machine data for 840D
Number Name
36901 $MA_SAFE_FUNCTION_ENABLE
36934 $MA_SAFE_POS_LIMIT_PLUS[n]
36935 $MA_SAFE_POS_LIMIT_MINUS[n]
36962 $MA_SAFE_POS_STOP_MODE
36973 $MA_SAFE_POS_SELECT_INPUT
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Table 3-44 Overview of machine data for 611 digital
Number Name
1301 $MD_SAFE_FUNCTION_ENABLE
1334 $MD_SAFE_POS_LIMIT_PLUS[n]
1335 $MD_SAFE_POS_LIMIT_MINUS[n]
1362 $MD_SAFE_POS_STOP_MODE
Note:
Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital"
Overview of MD
for 840D
Overview of MD
for 611 digital
11.03 3 Safety-Related Functions
3.7 Safe software cams (SN)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-115
3.7 Safe software cams (SN)
The "safe software cams" function (SN) can be used to implement safe
electronic cams, a safe range detection or limiting the working zone/protective
zone for specific axes, thereby replacing the hardware solution.
There are four pairs of cams (SN1, SN2, SN3, SN4) available for each axis.
Each cam pair consists of a plus cam (SN1+, SN2+, SN3+, SN4+) and a minus
cam (SN1-, SN2-, SN3-, SN4-). Each cam signal can be individually enabled
and configured via machine data. The cam signals are output via SGAs.
!
Important
The enabled cam signals are immediately output when the control system is
pwered-up, but are only safe after safe referencing (signaled via the SGA
"axis safely referenced").
For safe evaluation of the cam signals, the SGA "axis safely referenced" must
be taken into account.
The most important features include:
• Safe definition and evaluation of cam positions as a software function
• Definition of working ranges/zones
The following prerequisites must be fulfilled for the "safe cams" function:
The axis/axes must have been safely referenced (user agreement)
• The safe cams must be configured:
The required cams are enabled using MD
$MA_SAFE_FUNCTION_ENABLE, bit 8...15
The cam positions are defined using MD
$MA_SAFE_CAM_POS_PLUS[n] and
$MA_SAFE_CAM_POS_MINUS[n]
SGA assignment is defined using MD
$MA_SAFE_CAM_PLUS_OUTPUT[n] and
$MA_SAFE_CAM_MINUS_OUTPUT[n]
Description
Function features
Prerequisites
3 Safety-Related Functions 11.03
3.7 Safe software cams (SN)
© Siemens AG 2003 All Rights Reserved
3-116 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The cam positions for SN1+, SN2+, SN3+, SN4+ and
SN1-, SN2-, SN3-, SN4- are specified in the following machine data:
For 840D MD 36936: $MA_SAFE_CAM_POS_PLUS[n]
MD 36937: $MA_SAFE_CAM_POS_MINUS[n]
For 611 digital MD 1336: $MD_SAFE_CAM_POS_PLUS[n]
MD 1337: $MD_SAFE_CAM_POS_MINUS[n]
Owing to variations in clock cycle and signal run times, the cam signals of the
two monitoring channels do not switch simultaneously or not exactly at the
same position. A tolerance bandwidth can therefore be specified for all cams
using the following machine data. Within this bandwidth, the signal states for
the same cam may be different in the two monitoring channels:
For 840D MD 36940: $MA_SAFE_CAM_TOL
For 611 digital MD 1340: $MD_SAFE_CAM_TOL
Note
The lowest possible tolerance bandwidth (less than 5-10 mm) must be
selected for the safe cams.
If the axis is being positioned exactly at the parameterized cam position, the
cam signals may have different states owing to system-related variations in the
actual values between the two monitoring channels.
This must be taken into account in the further processing of the cam signals,
e.g. by filtering the different signal states by means of a logic circuit (refer to
"synchronization of cam signals").
When cam signal synchronization is activated, the cam results calculated by
one monitoring channel are ANDed with the cam results of the other monitoring
channel before they are output.
The cam signals in both channels therefore have the same signal status at
standstill (after a transition period resulting from different run times)
Cam signal synchronization is enabled by means of the following machine data:
For 840D MD 36901: $MA_SAFE_FUNCTION_ENABLE, bit 7
For 611 digital MD 1301: $MD_SAFE_FUNCTION_ENABLE, bit 7
When cam synchronization is activated, cam signals are output with a
hysteresis that takes into account the direction of travel (refer to Fig. 3-20
"hysteresis of cam SGAs"). This helps to prevent the SGAs from "flickering" if
the axis is positioned exactly on the cam.
The magnitude of the hysteresis is determined by the following data:
For 840D MD 36940: $MA_SAFE_CAM_TOL (tolerance for safe
software cams)
For 611 digital MD 1340: $MA_SAFE_CAM_TOL (tolerance for safe
software cams)
Specifying cam
positions
Tolerance for SN
Special case of SN
Synchronization of
cam signals (840D,
SW 4.2 and higher)
Hysteresis of cam
SGAs
11.03 3 Safety-Related Functions
3.7 Safe software cams (SN)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-117
SN_05.DSF
s
SGA = 1
Cam position
SGA = 0
Tolerance
for safe
cams
Fig. 3-20 Hysteresis of cam SGAs
Note
Dynamic deviations in the cam signals at I/O devices themselves still occur as
a result of the different signal run times between the NCK and PLC I/O
devices. These deviations must be taken into account.
The status of the individual cams is indicated via SGAs SN1+, SN2+, SN3+,
SN4+ and SN1-, SN2-, SN3-, SN4-.
In the NCK monitoring channel, the NCK SGAs are assigned to output
terminals via the following machine data:
For 840D MD 36988: $MA_SAFE_CAM_PLUS_OUTPUT[n]
MD 36989: $MA_SAFE_CAM_MINUS_OUTPUT[n]
In the drive monitoring channel, the PLC SGAs are mapped in the NC/PLC
interface (refer to Chapter 4, "Interface signals") and output via the PLC I/O by
the PLC user program.
The modulo display of the safe actual value is selected and parameterized for
rotary axes using the following machine data:
MD 30300: $MA_IS_ROT_AX
MD 30320: $MA_DISPLAY_IS_MODULO
MD 30330: $MA_MODULO_RANGE
The modulo range (cam actual value range) for rotary axes with cam can be set
using the following machine data:
MD 36902/1302: $MA_/$MD_SAFE_IS_ROT_AX
MD 36905/1305: $MA_/$MD_SAFE_MODULO_RANGE
The size of the cam actual value range should be selected to match the modulo
display of the safe actual value.
Output assignment
for SN
Modulo display of safe
actual value
(840D, SW4.2 and
higher)
Safe cams for
endlessly turning
rotary axes (840D,
SW4.2 and higher)
3 Safety-Related Functions 11.03
3.7 Safe software cams (SN)
© Siemens AG 2003 All Rights Reserved
3-118 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
Restriction relating to cam positions
When cam positions are parameterized, the following conditions must be
observed in the vicinity of modulo limits:
• When cam synchronization is not active:
lower modulo value +POS_TOL ≤ cam position
upper modulo value –POS_TOL > cam position
• When cam synchronization is active:
lower modulo value +POS_TOL ≤ cam position
upper modulo value –POS_TOL–CAM_TOL >cam position
Meanings:
POS_TOL:
Actual value tolerance (for 840D: MD 36942: $MA_/$MD_SAFE_POS_TOL
for 611digital: MD 1342: $MA_/$MD_SAFE_POS_TOL)
CAM_TOL:
Cam tolerance (for 840D: MD 36940: $MA_/$MD_SAFE_CAM_TOL
for 611digital: MD 1340: $MA_/$MD_SAFE_CAM_TOL)
Lower/upper modulo value:
MD 36905/1305: $MA_/$MD_SAFE_MODULO_RANGE
Cam position:
MD 36936/1336: $MA_/$MD_SAFE_CAM_POS_PLUS[n]
MD 36937/1337: $MA_/$MD_SAFE_CAM_POS_MINUS[n]
The parameter settings are checked in each monitoring channel at run-up. In
the case of parameterization errors (condition is not fulfilled), a corresponding
alarm is output after the control has run-up.
11.03 3 Safety-Related Functions
3.7 Safe software cams (SN)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-119
3.7.1 Effects when SN reponds
!
Important
The machine manufacturer must safely logically combine the SGAs SN1-,
SN1+ to SN4-, SN4+ that are output via the NCK and PLC I/O devices in
accordance with the Safety Integrated principle, i.e. in two channels.
If a response to the cam signals is required, then the machine manufacturer
must implement this function on the basis of SGA processing. The SGAs
must be processed redundantly, i.e. in the NCK monitoring channel and drive
monitoring channel (PLC).
When defining cam positions, please note that the function only monitors the
actual position, making "predictlve" sensing of cam signals impossible.
If the "safe cams" function is active, the system timing is as follows when the
cam position is passed:
nt2
SN_03.DSF
t
t3
t4
t5
NCK SGA
(I/Os)
611digital SGA
(axis interface)
a) Axis crosses cam
a) t1
Fig. 3-21 Timing when the cam position is passed
Table 3-45 Explanation of the diagram
Time Explanation
t1 Position control clock cycle defined by the following MDs:
For 840D: MD 10050: $MN_SYSCLOCK_CYCLE_TIME
MD 10060: $MN_POSCTRL_SYSCLOCK_TIME_RATIO
t2 Monitoring clock cycle defined by the following MDs:
For 840D: MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO
For 611 digital: MD1300: $MD_SAFETY_CYCLE_TIME
t3 Time until it has been detected that the cam position has been passed (maximum 1 monitoring clock
cycle)
t4 Conditioning time NCK monitoring channel (1 monitoring clock cycle plus a few microseconds)
t5 Processing time, 611 digital monitoring channel
max. 1 monitoring clock cycle plus 3 IPO clock cycles plus 1 OB1 cycle; minimum 1 monitoring plus 3 IPO
clock cycles
Note:
Each axis must be measured during commissioning to determine how long it takes for cam signals to be output to the
I/O after the cam position has been passed.
Timing when cam
position is passed
3 Safety-Related Functions 11.03
3.7 Safe software cams (SN)
© Siemens AG 2003 All Rights Reserved
3-120 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.7.2 Application example for "safe software cams"
The axis speed must be monitored for violation of various speed limit values
based on position ranges 1, 2 and 3 of the axis, i.e. if the axis is in range 1, 2,
3, then its speed must be monitored for violation of speed limit value 1, 3, 4.
The position ranges are defined using cam signals SN1- and SN1+.
Machine
zero
2nd axis
1st axis
Position value
of SN1- of SN1+
SN_01.DSF
1
0
1
0
Signal chart of SN1-
Signal chart of SN1+
SN1-
SN1+
Area
0
0
1 (SG1)
1
0
2 (SG3)
1
1
3 (SG4)
Fig. 3-22 Signal characteristics, positioning and ranges
Note
In this example, cam synchronization must be enabled using the following
machine data:
For 840D MD 36901, bit 7: $MA_SAFE_FUNCTION_ENABLE
For 611 digital MD 1301, bit 7: $MD_SAFE_FUNCTION_ENABLE
Applicable from: SW 4.2 for 840D/611 digital
Task
11.03 3 Safety-Related Functions
3.7 Safe software cams (SN)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-121
NCK
HW
I/O
SGE
SGA
NCK
monitoring channel
PLC
User
program
...
...
PLC
HW
I/O
SGE
SGA Drive
monitoring channel
Monitoring
comparators
Result and data
cross-check
O
I
...
...
...
...
...
I
...
...
...
...
O
SBH/SG active
SBH/SG deselection
SBH/SG active
SBH deselection
SBH/SG deselection
SG selection bit 0
SG selection bit 0
SG selection bit 1
SG selection bit 1
SN1+
SN1-
SN1-
SN1+
I/O
images
Axis safely referenced
I/O
images
SN_04.DSF
1
2
Pro-
cessing
...
per axis/spindle
Axis safely referenced
SBH deselection
SBH/SG
SE
SN
SBH/SG
SE
SN
1
2
I
I
PLC
User
program
Monitoring
comparators
per axis/spindle
Fig. 3-23 Interconnecting the required SGEs/SGAs (without SPL)
The example is applicable for the 1st axis.
Position values: SN1- = 300 mm, SN1+ = 600 mm
Speed limit values:
Area 1 = 1000 mm/min
Area 2 = 2000 mm/min
Area 3 = 4000 mm/min
Definition of SGEs/SGAs in the NCK monitoring channel
For 840D
Logical slot for the terminal block: 9
Slot number of the submodule with SGEs: 1
Slot number of the submodule with SGAs: 2
I/O number for the signal SN1+: 7
I/O number for the signal SN1-: 6
I/O number for the signal "axis safely referenced": 5
I/O number for the signal "SBH/SG active": 4
I/O number for the signal "SBH/SG de-selection": 2
I/O number for the signal "SBH de-selection": 3
Assumptions for the
example
3 Safety-Related Functions 11.03
3.7 Safe software cams (SN)
© Siemens AG 2003 All Rights Reserved
3-122 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
I/O number for the signal "SG selection bit 1": 6
I/O number for the signal "SG selection bit 0": 7
If the axis is positioned exactly at the parameterized cam position, the cam
signals may have different states owing to variations in the actual values
between the two monitoring channels. If the SGAs "SNx" were directly
connected to the SGEs "SG selection", a crosswise data comparison would
signal an error. When cam synchronization is activated, the cam signals are
output with the same signal states in both channels when in the steady-state
condition.
Note
Machine data for the safely-reduced speed function are described in
Chapter 4.
Table 3-46 Supplying MD for cam positions
For 840D For 611 digital
MD No. Value MD No. Value
SN1- 36937 300 1337[0] 300 000
SN1+ 36936 600 1336[0] 600 000
Table 3-47 Supplying MD for speed limit values
For 840D For 611 digital
Limit value MD No. Value MD No. Value
1 36931[0] 1000 1331[0] 1000
2 36931[1] 0 1331[1] 0
3 36931[2] 2000 1331[2] 2000
4 36931[3] 4000 1331[3] 4000
Table 3-48 Assigning speed limit values to the zones
Speed limit value Area Remarks
SG selection
Bit 1 Bit 0
1 0 0 1 SG1 active
2 0 1 - Not used
3 1 0 2 SG3 active
4 1 1 3 SG4 active
Table 3-49 Supplying MD for SGEs/SGAs for 840D
Signal Assignment
SGE/SGA Name MD No. Value
SGA SN1+ 36988[0] 01 09 02 07
SGA SN1- 36989[0] 01 09 02 06
SGA Axis safely referenced 36987 01 09 02 05
SGA SBH/ SG active 36980 01 09 02 04
SGE SBH/SG de-selection 36970 01 09 01 02
SGE SBH de-selection 36971 01 09 01 03
SGE SG selection, bit 1 36972[1] 01 09 01 06
SGE SG selection, bit 0 36972[0] 01 09 01 07
Defining machine data
11.03 3 Safety-Related Functions
3.7 Safe software cams (SN)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-123
Note
The appropriate signals should be accordingly processed by the PLC in the
drive monitoring channel (refer to Chapter 3.9.2, "Signal processing for the
drive monitoring channel").
For safe evaluation of the cam signals, the SGA "axis safely referenced" must
be taken into account.
The SGA "axis safely referenced" can be logically combined using the SGA
"SBH/SG active" if the signal is used to enable a protective zone (refer to
Chapter 7, "Circuit examples for Safety Integrated")
Advantage:
An AND logic operation in the NCK monitoring channel can then be
implemented by means of machine data (refer to Chapter 4, "Machine data
for SINUMERIK 840D").
3.7.3 Overview of machine data for the SN function
Table 3-50 Overview of machine data for 840D
Number Name
36901 $MA_SAFE_FUNCTION_ENABLE
36905 $MA_SAFE_MODULO_RANGE (from SW4.2)
36936 $MA_SAFE_CAM_POS_PLUS[n]
36937 $MA_SAFE_CAM_POS_MINUS[n]
36940 $MA_SAFE_CAM_TOL
36988 $MA_SAFE_CAM_PLUS_OUTPUT[n]
36989 $MA_SAFE_CAM_MINUS_OUTPUT[n]
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Table 3-51 Overview of machine data for 611 digital
Number Name
1301 $MD_SAFE_FUNCTION_ENABLE
1305 $MD_SAFE_MODULO_RANGE (840D from SW4.2)
1336 $MD_SAFE_CAM_POS_PLUS[n]
1337 $MD_SAFE_CAM_POS_MINUS[n]
1340 $MD_SAFE_CAM_TOL
Note:
Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital"
Overview of MD
for 840D
Overview of MD
for 611 digital
3 Safety-Related Functions 11.03
3.8 Safe braking ramp (SBR) (840D from SW 4.2)
© Siemens AG 2003 All Rights Reserved
3-124 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.8 Safe braking ramp (SBR) (840D from SW 4.2)
This function is based on the assumption that after a stop request the actual
speed must decrease (monitors the speed characteristic).
Note
Regarding 840D/611 digital:
The function exists in both monitoring channels and must also be
parameterized in both channels.
The most important features include:
Fastest possible detection if the axis starts to re-accelerate during the braking
process
SBR is automatically activated when
a STOP B or C has been triggered
STOP A is triggered when SBR responds
When a stop request is triggered, the actual speed plus the speed tolerance
defined in the machine data is activated as the speed limit. This limit is
compared with the actual speed (must decrease or remain the same) and is
cyclically corrected. If the axis starts to re-accelerate while braking, this is
detected as quickly as possible.
Machine data for SBR speed tolerance:
For 840D MD 36948: $MA_SAFE_STOP_VELO_TOL
For 611digital MD 1348: $MD_SAFE_STOP_VELO_TOL
The speed limit value is corrected until the speed defined in the next machine
data is undershot. After that, the speed limit value nx is frozen to the value in
MD 36946/1346 plus the value in MD 36948/1348.
For 840D MD 36946: $MA_SAFE_VELO_X (speed limit nx)
For 611 digital MD 1346: $MD_SAFE_VELO_X
Description
Function features
Activating SBR
11.03 3 Safety-Related Functions
3.8 Safe braking ramp (SBR) (840D from SW 4.2)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-125
n
nx
t
STOP B/C triggered
SBR_01.DSF
Speed
tolerance
nist
Stopping limit value
Fig. 3-24 Characteristics of the stopping limit value for SBR
The following applies when parameterizing the SBR tolerance:
The possible speed increase after triggering STOP B/C is made up of the active
acceleration a and the duration of the acceleration phase. The duration of the
acceleration phase is one monitoring clock cycle ÜT (delay in detecting a
STOP B/C until nset = 0):
SBR tolerance
Actual speed for SBR = acceleration * acceleration duration
The following setting rules apply:
For a linear axis:
SBR tolerance [mm/min] = a [m/s2] * ÜT [s] * 1000 [mm/m] * 60 [s/min]
For a rotary axis/spindle:
SBR tolerance [rev./min] = a [rev./s2] * ÜT [s] * 60 [s/min]
To determine the value, the maximum value of the acceleration values should
be taken account from the following list that is also effective for the particular
axis:
MD 32300: MAX_AX_ACCEL
MD 35200: GEAR_STEP_SPEEDCTRL_ACCEL
MD 35210: GEAR_STEP_POSCTRL_ACCEL
MD 35410: SPIND_OSCILL_ACCEL
Recommendation:
The value entered for the SBR tolerance should be approx. 20 % greater than
the calculated value.
!
Caution
During "normal" operation, speed overshoot should not unintentionally trigger
the SBR. Speed overshoot should therefore be checked by making the
appropriate measurements.
Calculating the SBR
tolerance of the actual
speed
3 Safety-Related Functions 11.03
3.8 Safe braking ramp (SBR) (840D from SW 4.2)
© Siemens AG 2003 All Rights Reserved
3-126 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.8.1 Overview of the machine data for SBR
Table 3-52 Overview of machine data for 840D
Number Name
36948 $MA_SAFE_STOP_VELO_TOL
32300 $MA_MA_AX_ACCEL
35200 $MA_GEAR_STEP_SPEEDCTRL_ACCEL
35210 $MA_STEP_POSCTRL_ACCEL
35410 $MA_SPIND_OSCILL_ACCEL
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Table 3-53 Overview of machine data for 611 digital
Number Name
1348 $MD_SAFE_STOP_ VELO_TOL
Note:
Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital"
Overview of MD
for 840D
Overview of MD
for 611 digital
11.03 3 Safety-Related Functions
3.9 Safety-related input/output signals (SGE/SGA)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-127
3.9 Safety-related input/output signals (SGE/SGA)
The safety-relevant input and output signals (SGEs and SGAs) are signals that
are sent to or received by the system via two channels using:
• Separate NCK and PLC I/Os
Fig. 3-25 SGE/SGA via separate PLC and NCK I/Os
• or via PROFIBUS with PROFIsafe protocol and S7 fail-safe modules
Fig. 3-26 SGE/SGA via PROFIBUS with PROFIsafe protocol
Using these signals, the following can be requested or signaled in each
monitoring channel and for each axis/spindle with safety technology:
Safety functions can be selected and de-selected
Speed limit values can be selected and changed-over
Position limit values can be selected and changed-over
Feedback of status signals relating to safe operation
Cam signals can be output
Processing in two channels for SGEs and SGAs
Processing in the NCK monitoring channel
Description
Function features
3 Safety-Related Functions 11.03
3.9 Safety-related input/output signals (SGE/SGA)
© Siemens AG 2003 All Rights Reserved
3-128 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Processing in the drive monitoring channel
Safety functions can be selected/de-selected independently of the NC
operating mode
Differences between the active SGEs in the monitoring channels are detected
by the crosswise data comparison.
A two-channel structure (see Fig. 3-21 "NCK and drive monitoring channels") is
provided for the input/output and processing of safety-relevant input/output
signals. All requests and checkback signals relating to safety-relevant functions
must be entered or retrieved through 2-channels via both monitoring channels.
Process
Machine
HW
inputs/
out-
puts
HW-
Inputs/
out-
puts
NCK
signal
proces-
sing
NCK
SGE/SGAs
Comparator
Data
PLC
signal
proces-
sing
NC/PLC
interface
Axis/spindle
DB
Comparator
Data
SGESGA03.DSF
NCK monitoring channel
Drive monitoring channel
System
Interface
Interface
NCK signal-
processing
PLC signal
processing
NCK
I/O devices
PLC
I/O devices
Result and data
cross-check
Fig. 3-27 NCK and drive monitoring channels
For the NCK monitoring channel, the signals are input and output via the
NCK I/O devices, processed by the NCK logic operations block and mapped in
the SGE/SGA interface.
The signals from the drive monitoring channel are input/output via the PLC I/O
devices, processed by the PLC user program and transferred to the drive or the
PLC via the NC/PLC interface.
Two-channel
processing of I/O
signals for NC and
drive
11.03 3 Safety-Related Functions
3.9 Safety-related input/output signals (SGE/SGA)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-129
Process User System
Machine
NCK
HW
I/O
I/O images Processing SGE
SGA
NCK
monitoring channel
SBH/SG
SE
SN
per axis/spindle
I1 I_Fig1 SGE ...
Multiple
distribution
...
I2 I_Fig2 SGE ...
In
...
I_Fign
...
SGE ...
O1 O_Fig1 SGA ...
Multiple
assignment
...
O2 O_Fig2 SGA ...
On
...
O_Fign
...
SGA...
I1 I_Fig1 SGE ...
PLC
user
program
...
I2 I_Fig2 SGE ...
In
...
I_Fign
...
SGE ...
O1 O_Fig1 SGA ...
...
O2 O_Fig2 SGA ...
On
...
O_Fign SGA...
SBH/SG
SE
SN
per axis/spindle
PLC
HW
I/O I/O images Processing SGE
SGA Drive monitoring channel
PLC
user
program
Monitoring
comparators
Result and data
cross-check
SGESGA01.DS4
Monitoring
comparators
Fig. 3-28 Two-channel processing of I/O signals
The data and results in the two mutually independent monitoring channels are
subject to a crosswise data comparison. If any discrepancy is found, STOP F is
activated.
Note
Owing to the two-channel structure of Safety Integrated, the machine
manufacturer must supply the SGEs and SGAs in both the NCK monitoring
channel and the drive monitoring channel.
The actual signal status of the SGEs/SGAs is selected via the menu "Service
display". The "Service SI" window displays information about Safety
Integrated data together with the associated axis name and axis number.
For a two-channel control structure, only a single-channel signal feedback via
the PLC is needed.
In contrast, when a single-channel control structure is used, a redundant, i.e. a
two-channel feedback structure is required.
The following SGEs and SGAs are provided for each axis/spindle in each of the
two monitoring channels:
Basic principle of safe
signal processing
What SGEs/SGAs are
there?
3 Safety-Related Functions 11.03
3.9 Safety-related input/output signals (SGE/SGA)
© Siemens AG 2003 All Rights Reserved
3-130 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
SBH/SG
SE
SN
SGEs
SGAs
SBH/SG deselection
SBH deselection
SG selection, bit 1
SG selection, bit 0
SE selection
Gear ratio selection, bit 2
Gear ratio selection, bit 1
Gear ratio selection, bit 0
Test stop selection
Pulses disabled status (NCK)
SG correction selection bit 3 1)
SG correction selection bit 2 1)
SG correction selection bit 1 1)
SG correction selection bit 0 1)
ext. STOP A deselection 2)
ext. STOP C deselection 2)
ext. STOP D deselection 2)
SBH/SG active
Axis safely referenced
SN1 -
SN2 -
SN3 -
SN4 -
SN1 +
SN3 +
SN2 +
SN4 +
n < nx 1)
SG active bit 1 1)
SG active bit 0 1)
SBH active 1)
Enable pulses (NCK) or
Pulses are disabled status (drive)
1) 840D from SW4.2
2) 840D from SW 4.4.18
Fig. 3-29 SGEs and SGAs in each monitoring channel for each axis/spindle
Note
The SGE/SGA signals are described in Chapter 4, "Description of Interface
Signals".
Only a subset of the maximum number of available SGEs/SGAs is required
depending on the application.
Note
SGEs that are not needed must be set to a defined signal status.
In the NCK monitoring channel:
By presetting the assigned machine data to appropriate values
(e.g. input is permanently set to 0 (default) or 1)
In the drive monitoring channel:
By appropriately programming the interface signals in the PLC user program.
What is the minimum
number of SGEs/SGAs
that are needed?
11.03 3 Safety-Related Functions
3.9 Safety-related input/output signals (SGE/SGA)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-131
Table 3-54 Minimum SGE/SGA requirements
Function Minimum SGE requirements Minimum SGA requirements
Safe operating stop
(SBH)
SBH/SG de-selection
Test stop selection
Pulses cancelled status (NCK)
SBH/ SG active
Enable pulses (NCK)
Pulses cancelled status (drive)
Safely-reduced speed
(SG)
SBH/SG de-selection
SBH de-selection
SG selection, bit 1 (for SG changeover only)
SG selection, bit 0 (for SG changeover only)
Gear ratio selection, bit 2 (for ratio selection only)
Gear ratio selection, bit 1 (for ratio selection only)
Gear ratio selection, bit 0 (for ratio selection only)
Test stop selection
Pulses cancelled status (NCK)
SBH/ SG active
Enable pulses (NCK)
Pulses cancelled status (drive)
Safe software limit
switches (SE)
SE selection (for SE changeover only)
Test stop selection
Pulses cancelled status (NCK)
SBH/SG de-selection
(at least for test during start-up)
Axis safely referenced
Enable pulses (NCK)
Pulses cancelled status (drive)
Safe software cams
(SN)
Test stop selection
Pulses cancelled status (NCK)
SBH/SG de-selection
(at least for test when commissioning)
Axis safely referenced
SN1 -, SN2 -, SN3 -, SN4 -
(only if required)
SN1 +, SN2 +, SN3 +, SN4 +
(only if required)
Enable pulses (NCK)
Pulses cancelled status (drive)
The signal timing characteristics in the two monitoring channels varies (the PLC
cycle time takes up most of the available time in the drive monitoring channel).
To prevent the crosswise data comparison function from being activated
immediately after a signal change, a tolerance time is defined using the
following machine data:
For 840D MD 36950: $MA_SAFE_MODE_SWITCH_TIME
For 611 digital MD 1350: $MD_SAFE_MODE_SWITCH_TIME
This data specifies the time period for which different signals states may be
tolerated after the SGEs have been changed over before an error message is
output.
Note
System-dependent minimum tolerance time:
2 x PLC cycle times (maximum cycle) + 1 x IPO cycle time
The variations in run times in the external circuitry (e.g. relay operating times)
must also be taken into account.
There are SGEs and SGAs for each axis/spindle (refer to Fig. 3-23 "SGEs and
SGAs in each monitoring channel for each axis/spindle").
The signals are assigned to the NCK inputs and outputs via machine data.
Only the NCK-SGEs are assigned to an NCK input that are also required for the
particular application.
For axes, where for example, the gear ratio does not change, the NCK SGEs
"ratio selection bit 2 to 0" do not have to be assigned HW inputs. A value of 0
should be entered into the associated MD (i.e. the NCK-SGE does not have a
hardware assignment and is set to 0).
Different signal run
times in channels
NCK SGEs/SGAs
3 Safety-Related Functions 11.03
3.9 Safety-related input/output signals (SGE/SGA)
© Siemens AG 2003 All Rights Reserved
3-132 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The NC/PLC interface (axis/spindle DB) acts as the SGE/SGA interface
between the PLC and drive for the drive monitoring channel. The PLC user
program must supply this interface with data. The standard PLC I/O devices
must be used to input/output signals to/from the machine.
The machine manufacturer defines, in the PLC user program, whether the
SGEs/SGAs are processed via the PLC I/O devices or whether they are
generated and evaluated internally in the software. His choice depends on the
particular application.
Note
PLC-SGEs must only be processed if they are required for a specific
application in the PLC user program. SGEs that are not used must be set to a
value of 0. This does not apply for external STOPs that are not used (refer to
Chapter 3.2).
Refer to Chapter 3.2.2 for information about SGEs/SGAs for the test stop for
external stops.
3.9.1 Signal processing for the NCK monitoring channel
Note
The SGEs/SGAs must be supplied by the machine manufacturer, both in the
NCK monitoring channel and in the drive monitoring channel
The number of inputs and outputs that can be connected increases when the SI
safety function is used
• up to 64 digital inputs and outputs for the function "Safe programmable
logic" SPL
• by additional digital inputs and outputs for safety axes. Further information:
References: /FB/, A4, Digital and Analog NCK I/Os
References: /HDB/, NCU Manual, SINUMERIK 840D
Please note the following with regard to NCK I/O devices:
• Two NCU terminal blocks and DMP compact modules are used for the
NCK I/O devices.
• In comparison to "normal" NCK inputs/outputs (refer to References: /FB/,
A4, Digital and Analog NCK I/Os), other additional NCK inputs/outputs are
used for Safety Integrated.
• The "normal" NCK inputs and those for Safety Integrated may also be used
for both purposes. An appropriate alarm is generated for NCK outputs that
are assigned twice.
Note
The digital inputs/outputs are reserved byte-serially for SGEs/SGAs. If at least
1 input/output is used for SGEs/SGAs, then the remaining inputs/outputs of
the byte concerned cannot be used for other functions.
PLC SGEs/SGAs
Digital NCK inputs/
outputs for 840D
11.03 3 Safety-Related Functions
3.9 Safety-related input/output signals (SGE/SGA)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-133
The machine manufacturer is responsible for ensuring that digital NCK
outputs are not assigned twice (resulting in conflict) by configuring them
correctly.
For SINUMERIK 840D, the number of NCK SGEs/SGAs is only limited by the
maximum available number of NCK I/O hardware devices that can be
inserted.
Axis-specific/spindle-specific machine data is used to define which input is to
be used for which function and which axis/spindle. Under the condition that
certain axes/spindles belong to the same safety group, it is possible to
implement multiple distribution (1 input is assigned, for example, to 3 axes with
the same function). In addition, when an NCK input is selected via MD, it is also
possible to define whether the inverted signal is to be processed.
Multiple
distribution
Monitoring
comparators
for axis 1
for axis 2
for axis 3
...
... ...
... ...
...
...
...
...
...
I1
I2
Ix
In
...
...
...
...
...
NCK
HW
...
...
...
...
SGE ...
SGE ...
SGE ...
NCK
SGE/SGA
interface Inversion
yes/no
yes/no
yes/no
SGESGA05.DSF
Fig. 3-30 Multiple distribution of NCK inputs
It must be possible to change over between the "safe software limit switches"
1 and 2 for axes 1, 2 and 3 as a group via an NCK input "x".
The machine data must be parameterized as follows:
Axis 1: MD 36973: $MA_SAFE_POS_SELECT_INPUT = input x
Axis 2: MD 36973: $MA_SAFE_POS_SELECT_INPUT = input x
Axis 3: MD 36973: $MA_SAFE_POS_SELECT_INPUT = input x
(input x = ss mm xx nn, refer to Chapter 4, "Machine data for SINUMERIK
840D")
Axis-specific/spindle-specific machine data is used to define which SGA from
which axis/spindle must be assigned to which NCK output. It is possible to
implement a multiple assignment (SGAs from several axes, for example, are
assigned to 1 output) provided that certain axes/spindles belong to the same
safety group. The SGAs are then ANDed and the result output at the NCK
output. In addition, when an NCK output is selected via an MD, it is also
possible to define whether the signal is to be output in an inverted form before it
is ANDed.
Processing NCK-SGEs
for 840D (multiple
distribution)
Example
Processing NCK SGAs
for 840D (multiple
assignment
3 Safety-Related Functions 11.03
3.9 Safety-related input/output signals (SGE/SGA)
© Siemens AG 2003 All Rights Reserved
3-134 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Monitoring
comparators
SGESGA06.DSF
for axis 1
for axis 2
for axis 3
Inversion
......
...
yes / no
...
...
...
NCK
HW
...
...
...
...
...
Ox
On
Multiple
assignment
SGA
SGA
SGA
...
...
...
...
...
...
...
...
...
&
O2
O1
yes / no
yes / no
...
NCK
SGE/SGA
interface
Fig. 3-31 Multiple assignment for NCK outputs
Axes 1, 2 and 3 belong to one safety zone. For these axes, the message "axes
safely referenced" must be output at one NCK output (i.e. the message is
output if the message is active for all 3 axes).
The machine data must be parameterized as follows:
Axis 1: MD 36987: $MA_SAFE_REFP_STATUS_OUTPUT = output x
Axis 2: MD 36987: $MA_SAFE_REFP_STATUS_OUTPUT = output x
Axis 3: MD 36987: $MA_SAFE_REFP_STATUS_OUTPUT = output x
(output x = ss mm xx nn, refer to Chapter 4, "Machine data for SINUMERIK
840D")
3.9.2 Signal processing in the drive monitoring channel
The safety-relevant input and output signals (SGEs and SGAs) are signals that
are sent to and received from the system via two channels:
Via the NCK monitoring channel
<--> NCK I/O devices <--> signal processing <-->
NCK SGE/SGA interface <-> NCK-CPU
Via the drive monitoring channel
<--> PLC I/O devices <--> signal processing via PLC <-->
NC/PLC interface <-->drive CPU
Note
The SGEs/SGAs must be supplied by the machine manufacturer in both the
drive monitoring channel and the NCK monitoring channel.
Digital PLC inputs and outputs are implemented on the SINUMERIK 840D
using SIMATIC S7-300 I/O devices.
References: /S7H/, SIMATIC S7-300
Example
General
Digital PLC inputs/
outputs for 840D
11.03 3 Safety-Related Functions
3.9 Safety-related input/output signals (SGE/SGA)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-135
A PLC module that is compatible with the SIMATIC S7 315-2DP is used as the
PLC in the SINUMERIK 840D. Signals are processed according to what has
been programmed in the PLC user program (refer to Chapter 4, "Interface
signals for SINUMERIK 840D").
References: /FB/, P3, "Basic PLC Program"
The machine status is transferred to the monitoring comparators for specific
axes/spindles via the PLC inputs and the PLC user program.
The PLC SGE/SGA interface is mapped using the following axis/spindle-
specific data blocks:
DB 31... (assignment of data block,
refer to Chapter 4 "Interface signals for SINUMERIK 840D")
3.9.3 Overview of the machine data for SGE/SGA
Table 3-55 Overview of machine data for 840D
Number Name
36950 $MA_SAFE_MODE_SWITCH_TIME
36970 $MA_SAFE_SVSS_DISABLE_INPUT
36971 $MA_SAFE_SS_DISABLE_INPUT
36972 $MA_SAFE_VELO_SELECT_INPUT[n]
36973 $MA_SAFE_POS_SELECT_INPUT
36974 $MA_SAFE_GEAR_SELECT_INPUT[n]
36975 $MA_SAFE_STOP_REQUEST_INPUT
36976 $MA_SAFE_PULSE_STATUS_INPUT
36977 $MA_SAFE_EXT_STOP_INPUT[n]
36978 $MA_SAFE_OVR_INPUT[n]
36979 $MA_SAFE_STOP_REQUEST_EXT_INPUT
36980 $MA_SAFE_SVSS_STATUS_OUTPUT
36981 $MA_SAFE_SS_STATUS_OUTPUT
36982 $MA_SAFE_VELO_STATUS_OUTPUT[n]
36984 $MA_SAFE_EXT_PULSE_ENAB_OUTPUT
36985 $MA_SAFE_VELO_X_STATUS_OUTPUT
36986 $MA_SAFE_PULSE_ENABLE_OUTPUT
36987 $MA_SAFE_REFP_STATUS_OUTPUT
36988 $MA_SAFE_CAM_PLUS_OUTPUT[n]
36989 $MA_SAFE_CAM_MINUS_OUTPUT[n]
36990 $MA_SAFE_ACT_STOP_OUTPUT[n]
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Processing signals for
840D
PLC SGE/SGA
interface for 840D
Overview of MD
for 840D
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-136 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
Until now, safety-relevant signals were processed in external logic.
SPL, which comprises NCK-SPL and PLC-SPL greatly reduces the amount of
external wiring required. The logic used up until now has been replaced by a
written program (SPL).
Features:
• Logic operations implemented by the user are cyclically processed
• Instructions are effective in all operating modes
• The instructions immediately start after the control system runs-up
In order to check that the two SPLs (PLC and NCK) are functioning, a cyclic
data comparison between the PLC and NCK is organized by the system
program. Monitoring is performed both by the NCK-CPU and the PLC-CPU
independently. This involves a crosswise data comparison of the signals that
are input into the SPL and the safety-relevant signals generated by the SPL as
well as internal states (markers).
Direct connection of max. 64
safety-related sensors
(e.g.: mode switch, light barrier,
EMERGENCY OFF, ...)
Connection of max. 64
safety-related actuators
(e.g.: protective door locking,
motor brakes, ...)
PLC
combinational
logic
Event and data
cross-checking
SGAs
SGAs
SGEs
NCK
combinational
logic
SGEs
SPL_12.dsf
Fig. 3-32 Safe programmable logic
Drive monitoring channel:
The SGEs/SGAs can be logically combined in different ways as defined in the
PLC user program and the result output at the interface or PLC I/Os.
NCK monitoring channel:
The SGEs/SGAs are assigned via input and output assignments that can be
parameterized via machine data.
The input signals can be processed by multiple distribution (1 input is assigned
to several axes) and the output signals by multiple assignment (signals of
several axes are assigned to 1 output).
Multiple distribution/assignment can also be parameterized via machine data.
Signals in this channel cannot be subject to other logic operations.
Function
Logic operations up to
and including
SW 4.4.12
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-137
Drive monitoring channel:
As before, the PLC user program defines how signals are logically combined.
NCK monitoring channel:
Input and output assignments as well as multiple distribution and assignment
apply as before.
In addition, the signals can also be processed in an NCK-SPL program that
must be written. This program is written as an asynchronous sub-routine using
the CNC function "synchronous actions". The input/output signals can be
combined with other signals and the result output at the internal interface or
NCK I/Os. An SGA can also be converted back internally to an SGE (without
using an external connection).
The NCK-SPL is active after the control has run-up if at least
1. the functions SBH/SG and "external STOPs" have been selected via
$MA_/$MD_SAFE_FUNCTION_ENABLE for at least one axis,
2. one of the NCK-SPL interfaces is used,
i.e. an axial SGE/SGA has been parameterized at one of the SPL
interfaces via its assignment MD or the external SPL interfaces
$A_OUTSE/$A_INSE have been parameterized via
MD $MN_SAFE_OUT_HW_ASSIGN/$MN_SAFE_IN_HW_ASSIGN. When
PROFIsafe I/Os are used (refer to Chapter 3.12) the MD
$MN_PROFISAFE_IN/OUT_ADDRESS apply.
In this case, the "external STOP A" must be parameterized at the SPL interface
for all of the axes that use Safety Integrated.
In addition, the following machine data must be set for an error-free
asynchronous sub-routine start after the NCK and the PLC have run-up:
3. $MN_ASUP_START_MASK=7:
Asynchronous sub-routine can be started in all operating states of the NC
(RESET/JOG/not all axes referenced/read-in inhibit active).
4. $MN_ASUP_START_PRIO_LEVEL=1:
Interrupt priority, from which
MD $MN_ASUP_START_MASK becomes active.
Other actions to be executed:
5. A PLC-SPL has to be created and integrated into the PLC user program
6. An NCK-SPL has to be created that is then loaded into directory
/_N_CST_DIR into file /_N_SAFE_SPF (= MMC view standard cycles
/SAFE.SPF)
Note
No alarms may be present for an asynchronous sub-routine start, e.g. alarm
3000 EMERGENCY STOP.
To improve the procedure when commissioning a machine, an SPL can be
started without the axial safety function first being enabled.
Logic operations from
SW 4.4.18 and higher
Activating
SPL start without axial
safety enable
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-138 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
It is, therefore, possible to handle general machine functions in the SPL
(hydraulics, EMERGENCY STOP) before the axis is commissioned.
This is only possible in the commissioning state of the SPL
($MN_PREVENT_SYNACT_LOCK[0,1]==0 and DB18.DBX36.0==0.
The state is displayed when the SPL starts using Alarm 27095 "%1 SPL
protection not activated".
If an attempt is made to start the SPL in the protective state (after
commissioning has been completed) without the axial safety function having
been activated, then Alarm 27096 is output. The SPL is started if the SPL
crosswise data comparison is not activated.
Data is cyclically exchanged between the PLC and NCK to check the operation
of the two SPLs (PLC and NCK). Just the same as the comparison between the
NCK and the drive, it cross-checks the signals that arrive at the SPL, the
safety-relevant signals generated by the SPL as well as internal markers.
The monitoring clock cycle for the crosswise data comparison of SPL variables
is permanently set to 1 s (or 10 s $A_CMDSI).
The following signals are included in the crosswise data comparison between
the NCK and the PLC:
$A_INSE[1 ... 64]
$A_OUTSE[1 ... 64]
$A_INSI[1 ... 64]
$A_OUTSI[1 ... 64]
$A_MARKERSI[1 ... 64]
To ensure that this crosswise data comparison functions correctly, the user
must observe the following points:
Both channels (NCK/PLC) must execute the same logic.
• Cleared SPL-SGAs are the safe state of SPL.
• Do not implement any response sequences or sequence controllers that
are controlled externally using short input pulses. This is because short
pulses of this type may only be acquired and processed in one channel
because of sampling effects.
• Unused inputs/outputs/markers of the SPL must be given the default
value = 0, single-channel use of individual bits for non-safety-relevant
purposes is not permissible.
An exception is the block $A_INSI(P) (only up to SW 4.4.29, 5.3.1). Such
signals are assigned the value "1" by the software in order to make it
easier to combine the signals of several axes. This function must be
emulated by the user on the PLC side (default of the system variables
$A_INSIPD[1,2] in DB 18 during run-up with "FFFFFFFF"(H). For SW 5.3.1
and higher, the system behavior with respect to $A_INSI is exactly the
same as for other system variables (can be set using MD 10095:
$MN_SAFE_MODE_MASK).
• External STOPs must be enabled (are also used internally) and can be
extracted from the SPL if required. The "external STOP A" must be
parameterized at the SPL interface for all safety axes via
MD $MA_SAFE_EXT_STOP_INPUT[0]. If this condition is not fulfilled,
then Alarm 27033 is output.
Crosswise data
comparison
Limitations
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-139
• Crosswise data comparison checks whether the "commissioning phase"
has been completed. If errors are detected in the crosswise data
comparison, a "STOP D/E" is triggered on the NCK/611 digital depending
on this criterion. If the commissioning phase has not been completed,
Alarm 27095 "SPL protection not activated" is displayed once after run-up
and the commissioning status between NCK and PLC cross checked.
• As far as the SPL-SGAs are concerned, if an error occurs for a crosswise
data comparison, then a system response is not issued. In this case, the
user must program his own response in the SPL.
Process
Machine
HW
in-
puts/
ouputs
HW
inputs/
out-
puts
NCK
signal
pro-
cessing
NCK
SGE/SGA
signals
Comparator
Data
PLC
signal
pro-
cessing
NC/PLC
interface:
Axis/
spindle DB
Comparator
Data
SPL033.DSF
System
Interface
Interface
NCK signal
processing
PLC signal
processing
NCK
I/Os
PLC
I/Os
Result and data
cross-check
Result and data
cross-check
Drive monitoring channel
NCK monitoring channel
Fig. 3-33 Communications between the NCK-611 digital PLC components
3.10.1 NCK-SPL program
The NCK-SPL program is written as an NC program (synchronous sub-routine)
with synchronized actions.
References: /FBSY/ Description of Functions, Synchronized Actions
The NCK-SPL program has the following features:
• The program can be started manually with NC START during
commissioning.
• The following applies once the program has been started:
− The synchronous actions assigned an ID No. are cyclically executed in
the IPO clock cycles (modal)
− The synchronous actions assigned the keyword IDS remain active even
after an operating mode change or NC-STOP/NC RESET
Description
Features
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-140 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
− In order to check the program the status of the active synchronous
actions (operating area "Machine", soft key "Synchronous actions") can
be displayed.
− The program can be modified during commissioning. It must then be re-
started.
− The NCK-SPL program is stored in the NCK path _N_CST_DIR as
subroutine "_N_SAFE_SPF" (MMC view: standard cycles/SAFE.SPF).
Other sub-routine names are not permitted.
− The NCK-SPL program must be started after commissioning.
− The images of the PLC safety variables ($A_INSIP(D), $A_OUTSIP(D),
$A_INSEP(D), $A_OUTSEP(D), $A_MARKERSIP(D) ) are required for
the simulation (NC side) of an SPL. These can be used to develop the
SPL step-by-step. They can only be read by the NCK.
• The synchronous action IDs used for the NCK-SPL are protected from
being influenced by the PLC or other programs using
MD $MN_PREVENT_SYNACT_LOCK. It is then no longer possible to
change these synchronous actions (CANCEL, LOCK have no effect) once
_N_SAFE_SPF has been started.
• The system variables $A_OUTSI, $A_OUTSID, $A_OUTSE, $A_OUTSED,
$A_MARKERSI, $A_TIMERSI and $A_CMDSI are protected from being
written to by programs other than the (/_N_CST_DIR/_N_SAFE_SPF). If
an error occurs Alarm 17070 "Channel %1 block %2 data item write-
protected" is output.
• A reference checksum is calculated at run-up by the NCK-SPL
(/_N_CST_DIR/_N_SAFE_SPF) that is entered into the program as a
comment:
Example: ; SAFE_CHECKSUM = 000476bbH
The checksum is then cyclically re-calculated and compared with the
reference checksum. If a deviation is detected, Alarm 27093 "Checksum
error NCK-SPL, %1, %2, %3" is output.
• The system variables $A_INSIP(D), $A_OUTSIP(D), $A_INSEP(D),
$A_OUTSEP(D) and $A_MARKERSIP(D) are only accessible during the
commissioning phase.
If NCK-SPL execution is interrupted for any reason or the SI system variables
are changed by another program, then this is detected by the cyclic crosswise
data comparison with the PLC.
Protective
mechanisms
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-141
Table 3-56 Responses to SPL errors
Event MD 11500 $MN_PREVENT_SYNACT_
LOCK[m,n] = 0
MD 11500 $MN_PREVENT_SYNACT_
LOCK[m,n] not equal to 0
Crosswise data comparison
NCK-PLC identifies an error
Alarm 27090 is triggered Alarm 27090 is triggered and STOP D/E
is also triggered
SPL program file to be changed
(written, deleted, renamed,
edited)
No response Alarm 27093 is triggered
!
Caution
The protective mechanisms that prevent changes to the NCK-SPL file and the
NCK-SPL statements only take effect if
MD $MN_PREVENT_SYNACT_LOCK[0,1] is not equal to 0
The machine manufacturer must ensure that
the protective mechanisms are activated no later than after completion of the
acceptance test and
the values set in MD $MN_PREVENT_SYNACT_LOCK[0,1] have been
documented in the acceptance report.
After commissioning has been completed, the access rights to the SAFE.SPF
file must be set to the correct access level for writing/reading/deleting access
operations (manufacturer or service).
As long as the protective mechanisms for the NCK-SPL have not been
activated (MN_PREVENT_SYNACT_LOCK[0.1] equal to 0), Alarm 27095 is
displayed when crosswise data comparison between the NCK and the PLC
starts. This alarm can be acknowledged with NCK key so that the SPL can be
commissioned.
3.10.2 Starting the NCK-SPL using the PROG_EVENT mechanism
(from SW 6.4.15)
From software release 6.4.15, the NCK-SPL can be started using the
PROG_EVENT mechanism.
The cycle PROG_EVENT.SPF (saved under manufacturer cycles
..\DH\CMA.DIR) is started when a specific event occurs (event-controlled
program call).
Using the machine MD 20108 $MC_PROG_EVENT_MASK for this
PROG_EVENT mechanism, certain events are enabled on a specific channel
basis which then initiate that the cycle is started.
The following events can be activated as start condition:
• Start of program Bit0 == 1
• End of program Bit1 == 1
• Operator panel reset Bit2 == 1
• Power-up Bit3 == 1
The start condition at run-up (bit 3 ==1) must be active in order to start the NCK
SPL (SAFE.SPF) via PROG_EVENT.SPF. The ability to start the NCK SPL via
this mechanism as replacement for the PLC controlled call via FB4/FC9 is
available from NCU system software 6.4.15 onwards.
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-142 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
When starting the NCK-SPL (SAFE.SPF) it is important that the
PROG_EVENT mechanism was started via channel 1. This must be taken
into account when parameterizing the channel-specific machine data MD
20108 $MC_PROG_EVENT_MASK.
Using the system variable $P_PROG_EVENT, in PROG_EVENT.SPF it can be
interrogated as to which event activated the call:
• Start of program $P_PROG_EVENT == 1
• End of program $P_PROG_EVENT == 2
• Operator panel reset $P_PROG_EVENT == 3
• Power-up $P_PROG_EVENT == 4
The call using FB4/FC9 in the PLC program is replaced by calling SAFE.SPF in
PROG_EVENT.SPF. For the PROG_EVENT.SPF cycle, MD 11602
$MN_ASUP_START_MASK (recommended setting = 7H) is taken into
account; this can be used to ignore reasons for initiating a stop for the
sequence. The setting in MD 11604 $MN_ASUP_START_PRIO_LEVEL is not
relevant for PROG_EVENT.SPF.
In conjunction with the call of SAFE.SPF via PROG_EVENT.SPF, there are
additional bits in the SPL status that can be used for synchroniziing the NCK-
SPL execution and the start of the PLC-SPL.
DB18.DBX137.0 (status bit 8)
This bit is set if the NCK-SPL was started using the PROG_EVENT
mechanism.
Only the start is displayed and not that SAFE.SPF was successfully executed.
DB18.DBX137.5 (status bit 13)
This bit is set if the end of the SAFE.SPF program is identified. In conjunction
with this, the end IDs M02, M17 or M30 are permissible for SAFE.SPF as end
of program.
If an error occurs while executing SAFE.SPF, and the end of the program is not
reached (e.g. M17), then bit 13 is not set in the SPL status.
This bit can be used in the PLC user program to start the PLC-SPL. This
means that the PLC-SPL only starts if the NCK-SPL was completely executed.
; ------------------------------------------- --- ----------
; Event-controlled program call
; PROG_EVENT.SPF under ..\DH\CMA.DIR
; ------------------------------------------- --- ----------
; In machine data MD 20108: PROG_EVENT_MASK, for each
specific channel it can be set as to which of the
following events will enable the user program:
; ( ) start of program --> bit0 == 1
; ( ) end of program --> bit1 == 1
; ( ) operator panel reset --> bit2 == 1
; (x) run-up --> bit3 == 1
SPL status signals
from SW 6.4.15
Example for
PROG_EVENT.SPF
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-143
; ------------------------------------------- --- ---------
; System variable $P_PROG_EVENT can be used to
; interrogate as to which event activated the call:
; ( ) start of program --> $P_PROG_EVENT == 1
; ( ) end of program --> $P_PROG_EVENT == 2
; ( ) operator panel reset --> $P_PROG_EVENT == 3
; (x) run-up --> $P_PROG_EVENT == 4
;
;-------------------- Cycle definition ------------------
; Suppress single block, display
;--------------------------------------------------------
N100 PROC PROG_EVENT SBLOF DISPLOF
;
; NCK-SPL start
; ------------------------------------------- --- ---------
N200 IF ($P_PROG_EVENT == 4); interrogate run-up
N300 CALL "/_N_CST_DIR/_N_SAFE_SPF"
N400 ENDIF
N500 ...
N600 ...
N700 M17 ; end of cycle
The part program SAFE.SPF is called if the system variable check
$P_PROG_EVENT indicated that the part program PROG_EVENT.SPF was
called when the control system ran-up.
A simple example for SAFE.SPF will now be shown that is started via
PROG_EVENT when the system runs-up and includes status synchronous
actions.
; File: SAFE.SPF
=============
; Definitions
DEFINE STOP_A_DISABLE AS $A_OUTSI[1]
DEFINE STOP_C_DISABLE AS $A_OUTSI[2]
DEFINE STOP_D_DISABLE AS $A_OUTSI[3]
;
DEFINE STOP_A_EXT AS $A_INSE[6]
DEFINE STOP_C_EXT AS $A_INSE[7]
DEFINE STOP_D_EXT AS $A_INSE[8]
DEFINE STOP_A_XT AS $A_INSE[9]
;
; Program section
N10 IDS=01 DO STOP_A_DISABLE=STOP_A_EXT
N20 IDS=02 DO $A_OUTSE[1]=NOT $A_OUTSE[1]
N30 M17
Example for SAFE.SPF
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-144 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.10.3 Starting the NCK-SPL from the PLC user program
The NCK-SPL can also be started by the PLC user program. As soon as the
NCK-SPL is started, crosswise data comparison is activated in the system
program (NCK and PLC basic program).
The NCK-SPL program must be started as an asynchronous sub-routine. For
this, the interrupt number and channel must first be assigned via FB4 using
function ASUP (asynchronous subroutine), via parameter
PIService="PI.ASUP".
As soon as FB4 has been successfully completed (output parameter
"Done"=TRUE) the program is executed via FC9 "ASUP".
The PLC-SPL has started in the PLC user program in conjunction with the start
of the NCK-SPL via FB4/FC9 if the FC9 has signaled successful execution and
identified that the end of SAFE.SPF has been reached via a signal in
SAFE.SPF (e.g. $A_PLCSIOUT variable, M function or, from SW 6.4.15
onwards, SPL status bit 13 (DB18.DBX137.5)).
There is an additional bit in the SPL status that can be used to synchronize
NCK-SPL execution and the start of the PLC-SPL.
DB18.DBX137.5 (status bit 13) (from SW 6.4.15)
This bit is set if the end of the SAFE.SPF program is identified. In conjunction
with this, the end IDs M02, M17 or M30 are permissible for SAFE.SPF as end
of program.
If an error occurs while executing SAFE.SPF, and the end of the program is not
reached (e.g. M17), then bit 13 is not set in the SPL status.
This bit can be used in the PLC user program to start the PLC-SPL. This
means that the PLC-SPL only starts if the NCK-SPL was completely execution.
FB 4 may only be started in the cyclic mode (OB 1)
Table 3-62 Parameterizing FB 4
Signal Type Value range Meaning
Reg
PIService ANY PI.ASUP Assign interrupt
Unit INT 1 to 10 [1] Channel
WVar1 INT [1] Interrupt number
WVar2 INT [1] Priority
WVar3 INT 0/1 [0] LIFTFAST
WVar4 INT 0/1 [0] BLSYNC
Addr1 STRING '/_N_CST_DIR/' NCK-SPL path name
Addr2 STRING '_N_SAFE_SPF' NCK-SPL program name
[values in brackets are default values for the call]
Table 3-63 Parameterizing FC 9
Signal Type Value range Remarks
Start I Bool
ChanNo I Int 1 to 10 [1] No. of NC channel
IntNo I Int 1 – 8 [1] Interrupt no.
Active O Bool 1 = active
Program start
Starting the PLC-SPL
SPL status signals
Parameterizing FB 4
Parameterizing FC 9
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-145
Done O Bool 1 = ASUB terminated
Error O Bool
[values in brackets are default values for the call]
3.10.4 Linking the NCK-SPL to the I/O and monitoring channel
Access to the I/O and the link to the NCK monitoring channel are illustrated in
the diagram below.
NCK
monitoring channel
SBH/SG
SE
SN
per axis/spindle
internal
SGE
SGA
Monitoring
comparators
SPL_01. DSF
$A_INSE[1]
...
$A_INSE[64]
$A_OUTSE[1]
...
$A_OUTSE[32]
$A_OUTSE[33]
...
$A_OUTSE[64]
HW I/Os
external
I/Os
NCK-SPL
internal
I/Os
SGE...
SGE...
SGE...
SGE...
SGA...
SGA...
SGA...
SGA...
MD 10090: $MN_SAFE_IN_HW_ASSIGN[n], n = 0 ... 3
MD 10092: $MN_SAFE_OUT_HW_ASSIGN[n], n = 0 ... 7
$A_OUTSI[1]
...
$A_OUTSI[64]
$A_INSI[1]
$A_INSI[64]
...
I1
I2
...
In
O1
O2
...
On
Fig. 3-34 Input/output variables for the NCK-SPL
The following system variables are available for binary and double-word-
oriented access (32 bits) to the NCK-SPL interfaces:
Table 3-57 System variables for the NCK-SPL
System variables Description
Binary Word-oriented
$A_INSE[1 ... 64] $A_INSED[1..2] System variable for external inputs
$A_OUTSE[1 ... 64] $A_OUTSED[1..2] System variable for external outputs
$A_INSI[1 ... 64] $A_INSID[1..2] System variable for internal inputs
$A_OUTSI[1 ... 64] $A_OUTSID[1..2] System variable for internal outputs
Note:
Reading/writing of wordwise (word-serial) variables is the same as access to the binary
variables.
The variables shown here and other variables are described later on in this section.
The following machine data is available for linking to the I/Os (external
inputs/outputs) (cf. diagram above):
Description
System variables
Linking to the I/Os
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-146 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
MD 10390: $MN_SAFE_IN_HW_ASSIGN[n] (assigning an input module to the
external SPL inputs $A_INSE[1 ... 64])
MD 10392: $MN_SAFE_OUT_HW_ASSIGN[n] (assigning an output module to
the external SPL outputs $A_OUTSE[1 ... 64])
Table 3-58 Overview of machine data for 840D
Number Name
10390 $MN_SAFE_ IN_HW_ASSIGN[n]
10392 $MN_SAFE_OUT_HW_ASSIGN[n]
11500 $MN_PREVENT_SYNACT_LOCK[m,n]
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
The NCU-local binary I/O signals connected at the cable distributor of the NCU
box (X121 interface) have only been available via the system variables
$A_OUT[1...4] and $A_IN[1...4].
Now, both the SPL SGEs/SGAs and the axial SGEs/SGAs have been extended
in the parameterization to allow local NCU connections to be used.
Parameterization of the connections is carried out via the MD
$MN_SAFE_IN/OUT_HW_ASSIGN for SPL SGEs/SGAs and the axial MD
$MA_SAFE_<signal>_INPUT/OUTPUT. Here, a "0" must be entered as
segment data for I/O modules on the 611 digital bus instead of a "1".
In MD $MN_SAFE_IN_HW_ASSIGN = i s mm xx nn, the distinction is made in
the value s (segment number) between parameterization of a system variable
and a hardware terminal.
Overview of MD
for 840D
NCU-local binary
inputs/outputs
(SW 6.3.21 and higher)
Changing machine
data
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-147
3.10.5 Diagnostics/commissioning
The system variables $A_INSIP(D), $A_OUTSIP(D), $A_INSEP(D) and
$A_OUTSEP(D), as well as $A_MARKERSIP(D) are used for diagnostics and
to commission the NCK-SPL. These system variables represent the PLC-side
input data for crosswise data comparison. They are updated every IPO cycle.
They can also be used to access the crosswise data comparison on the PLC
side from the NC. This helps when commissioning the SPL:
• Temporarily bypass the crosswise data comparison function
• Simulate NCK-SPL to the process and to the NCK monitoring channel. To
do this, the relevant PLC images are written to the variables $A_OUTSED
and $A_OUTSID while no NCK-SPL exists. This means that the NCK-SPL
can be commissioned step-by-step.
This data can only be accessed during the commissioning phase.
In order to allow the SPL to be commissioned without the crosswise data
comparison constantly responding, the following minimum NCK-SPL can be
installed in this phase:
; Simulate external SPL interface
IDS = 03 DO $A_OUTSED[1] = $A_OUTSEPD[1]
IDS = 04 DO $A_OUTSED[2] = $A_OUTSEPD[2]
; Simulate internal SPL interface
IDS = 07 DO $A_OUTSID[1] = $A_OUTSIPD[1]
IDS = 08 DO $A_OUTSID[2] = $A_OUTSIPD[2]
; Emulate PLC markers (for all markers used in the PLC)
IDS = 09 DO $A_MARKERSID[1] = $A_MARKERSIPD[1]
IDS = 10 DO $A_MARKERSID[2] = $A_MARKERSIPD[2]
; End of program
M17
These instructions simulate the output interfaces of the NCK-SPL and therefore
"bypass" the crosswise data comparison.
!
Warning
The logic used in this phase has a single channel structure and is therefore
not safe as defined in control Category 3!
The described minimum NCK-SPL must be replaced by a full NCK-SPL
without any access to $A_INSIP(D), ..., $A_MARKERSIP(D) when the PLC
side is completed.
Other diagnostic aids:
• $A_STATSID: A value not equal to 0 means that an error has occurred in
the crosswise data comparison. The error numbers are selected in the
same way as on the PLC side (refer to Chapter 3, "PLC-SPL program").
• $A_CMDSI[n]: n=1: 10-fold change timer value for long forced checking
procedure pulses and/or single-channel test stop logic.
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-148 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
• $A_LEVELSID: indicates for how many signals different levels can
currently be detected on the NCK and PLC side.
• In addition, other NC variables or free R parameters can be written to
monitor internal states of the SPL.
The following applies to all system variables of the NCK-SPL outputs:
They can be written from and read back to the SPL program.
3.10.6 Safe software relay (from SW 6.3.30)
The standard SPL module "safe software relay" is designed to meet the
requirements of an emergency stop function with safe programmable logic.
However, it can also be used to implement other similar safety functions, e.g.
control of a protective door. Parameter FirstRun must be switched to the value
TRUE via a retentive data (memory bit, bit in data block) at the first run-through
after the control has run-up. The data can be preset, e.g. in OB 100. The
parameter is reset to FALSE when FB 10 is executed for the first time.
Separate data must be used for parameter FirstRun for each call with separate
instance.
OR
AND
AND
Timer1
Timer2
Timer3
A0
A1
A2
A3
E1
E2
E3
t4
Zeitmessung fallende
bis steigende Flanke
AND
CMP
>=
t4i
TM1
Q1
Q2
TI1
TI2
TI3
E_AND
Fig. 3-35 Function chart of the "safety relay"
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-149
The following circuit applies:
Three disable inputs E1 to E3 If one of these inputs is set to 0, the direct output
A0 is set to 0. Outputs A1 to A3 switch with the
delay of timer 1.3. If one of these inputs is not
used, then it is internally set to "1" as static signal.
One of these inputs must also be used to initiate
the test operation for the safety relay (forced
checking procedure).
Two acknowledgement inputs Q1
and Q2
Q1 must be supplied with the signal from the real
acknowledgement.
Q2 is only used to automatically acknowledge the
safe software relay as part of the forced checking
procedure. The software relay itself does not have
to be subject to a forced checking procedure.
However, if the Emergency Stop function is
executed and if external actuators must be
subject to a forced checking procedure, then if the
relay drops-out during the Emergency Stop test
then it can be acknowledged using Q2 (in a
defined time window, refer to TM1).
Also this input must be connected with a safety
system variable (also if the signal is not used) –
preferably with a $A_MARKERSI – in order to
detect that this acknowledge signal is available as
steady-state signal in the crosswise data
comparison with the PLC. The associated
comparison data in the PLC must have a steady-
state 0 signal level (error detection using different
states of the particular SPL marker for the PLC
and NCK.
Three timer initialization values
TI1 to TI3
The times after which outputs A1 to A3 are
switched to 0 given a negative edge in output
signal A0 are defined here.
One timer value TM1 This limit value is used to define the maximum
time that the shutdown inputs E1 to E3 (and their
AND logic operation) may have been to a 0 signal
level so that they can still be acknowledged using
Q2. This therefore guarantees that Q2 can only
be effective as automatic acknowledgement for
the forced checking procedure within a defined
time window after the relay has dropped-out
(been de-energized). It is not permissible that Q2
is used to acknowledge a "real" shutdown.
Four output values A0 to A3 A0 supplies the result of ANDing E1 to E3 without
delay. Outputs A1 to A3 supply the same result
for positive edges of A0; for negative edges, the
results are delayed by the timer initialization TI1 to
TI3.
A0 to A3 do not produce a result after startup until
an acknowledgement has been received via Q1.
On initialization, the connection is defined for the function block. The input-
output variables of the function block are assigned to the required system
variables ($A_MARKERSI, $A_INSE, $A_OUTSE,...). The following functions
must be called:
SIRELIN: This language command assigns the input variables Q1, Q2, E1, E2
and E3 to the safety relay x (x = 1..4). The return value contains the number of
the first incorrect parameter; the value 0 indicates that the parameter
assignment is correct.
Syntax: SIRELIN(x,status,"Q1","Q2","E1","E2","E3")
Initialization in the part
program
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-150 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The transfer parameters Q1 to E3 are strings and must therefore be placed in
quotation marks (" "). The following system variables are permissible as input
variables:
$A_MARKERSI[ ]
$A_INSE[ ]
$A_INSI[ ]
$A_OUTSE[ ]
$A_OUTSI[ ]
E2 and E3 are optional. If these parameters are not entered, the relevant inputs
are set statically to "1".
SIRELOUT: This language command assigns the output variables A0, A1, A2
and A3 to safety relay x (x = 1..4). The return value contains the number of the
first incorrect parameter; the value 0 indicates that the parameter assignment is
correct.
Syntax: SIRELOUT(x,status,"A0","A1","A2","A3")
The transfer parameters must be placed in quotation marks (" "). The following
system variables are permissible as output quantities:
$A_MARKERSI[ ]
$A_OUTSE[ ]
$A_OUTSI[ ]
$A_PLCSIOUT[ ]
A1 to A3 are optional. If these parameters are not specified, the corresponding
outputs are not supplied. However, if A1 is specified, the initialization value for
timer 1 (TI1) must also be parameterized via SIRELTIME. The same applies for
A2 and timer 2 (TI2) and A3 and timer 3 (T!3).
SIRELTIME: This language command assigns the times for the required timers
to safety relay x (x = 1..4). These are the timer limit TM1 and the timer
initialization values TI1, TI2 and TI3. The return value contains the number of
the first incorrect parameter; the value 0 indicates that the parameter
assignment is correct.
Syntax: SIRELTIME(x,status,TM1,TI1,TI2,TI3)
The transfer parameters TM1 to TI3 are REAL numbers (times in seconds). TI1
to TI3 are optional. If these parameters are not specified, the corresponding
outputs A1 to A3 are not supplied. However, if TI1 is specified, output A1 must
also be parameterized via SIRELOUT. The same applies for TI2 and A2, as
well as TI3 and A3.
Notes
• The initialization language commands must be included directly in the
part program (e.g. SAFE.SPF); they may not be used in synchronized
actions! If this condition is not adhered to, Alarm 12571, "Channel 1
Block %2 %3 not permitted in synchronized motion" is triggered.
• As described above, there is an interdependency between the number of
optional parameters for the language commands SIRELTIME and
SIRELOUT. This interdependency is checked in the language command
that comes later in the part program sequence. If, for example, A2 is no
longer parameterized in SIRELOUT, but TI2 is specified in SIRELTIME,
then this parameter is identified as being incorrect!
The correctly timed call in the SPL is made using the language command
SIRELAY. No calling parameter is required in the cyclic section except for the
selection of the desired relay x (x = 1..4). Initialization must be carried out
beforehand. If this is not done correctly, then this is indicated in the return value
Cyclic sequence
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-151
of the language command SIRELAY. The cyclic section must be integrated in
the synchronized actions of the SPL.
Syntax: status = SIRELAY(x )
The following values are possible for status:
Return value status Meaning
1 The input quantity of the safety relay is not parameterized or
not correctly parameterized.
Remedy: Call SIRELIN with correct parameterization
2 The output quantities of the safety relay are not
parameterized or not correctly parameterized.
Remedy: Call SIRELOUT with correct parameterization
3 The input and output quantities of the safety relay are not
parameterized or not correctly parameterized.
Remedy: Call SIRELIN and SIRELOUT with correct
parameterization
4 The timers of the safety relay are not parameterized or not
correctly parameterized.
Remedy: Call SIRELTIME with correct parameterization
5 The input quantities and timers of the safety relay are not
parameterized or not correctly parameterized
Remedy: Call SIRELIN and SIRELTIME with correct
parameterization
6 The output quantities of the safety relay are not
parameterized or not correctly parameterized
Remedy: Call SIRELOUT and SIRELTIME with correct
parameterization
7 The initialization of the safety relay was not carried-out or
not correctly carried-out.
Remedy: Call SIRELIN, SIRELOUT and SIRELTIME with
correct parameterization
Notes on possible alarms
1. The SIRELAY call must be made in the NCK-SPL (program SAFE.SPF),
since the allocation of the output variables corresponds to the write
access operations to safety system variables. If the call comes from a
different program, Alarm 17070 "Channel %1 Block %2 Data write-
protected" is triggered.
2. The SIRELAY call must be included in a synchronized action. If this
condition is not satisfied, Alarm 12080 "Channel %1 Block %2 Syntax
error for text SIRELAY" is triggered.
3. If Parameter x contains a value that lies outside the range 1 to 4, Alarm
20149 "Channel %1 Block %2 Motion synchronous action: Invalid index"
is triggered.
When the safety relay is tested, acknowledgement input Q2 and one of the
three disable inputs (E1, E2 or E3) must be used. Q2 must be connected to a
safety marker ($A_MARKERSI[ ]) and may only be set briefly (< 1s) to 1.
One of the three inputs E1 to E3 can be used (e.g. from the PLC) with a short
falling edge to check that the safety relay has dropped-out. The 0 signal level
may not be present for longer that the time parameterized in TM1. The
maximum value for TM1 is 1s, as otherwise the crosswise data comparison
between NCK and PLC-SPL would detect an error.
Forced checking
procedure
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-152 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The acknowledgement input Q2 can only be used if the measured time t4 is
shorter than TM1. This prevents a queued shutdown operation being
acknowledged externally via the test acknowledgement input. If A0 is 1 at the
time of the falling edge of E_AND (= ANDing of E1, E2 and E3), the time t4i is
allocated the measured time t4. For further measurements, while A0 remains at
0, a t4i is only re-saved if the measured time t4 is greater than the old value of
t4i.
The language commands SIRELIN, SIRELOUT and SIRELTIME may not be
used in synchronized actions.
The language command SIRELAY may only be used in synchronized actions of
the SPL (SAFE.SPF). The connection must be specified beforehand using the
language commands SIRELIN, SIRELOUT and SIRELTIME.
Example of an Emergency Stop implemented using NCK-SPL in SAFE.SPF:
DEF INT RESULT_IN, RESULT_OUT, RESULT_TIME
N10 DEFINE IE_NH_E AS $A_INSE[1]
N20 DEFINE IE_NH_Q AS $A_INSE[2]
N30 DEFINE MI_NH_Q AS $A_MARKERSI[1]
N40 DEFINE MI_C_ABW AS $A_MARKERSI[2]
N50 DEFINE MI_A_ABW_A AS $A_MARKERSI[3]
N60 DEFINE MI_A_ABW_S AS $A_MARKERSI[4]
N70 DEFINE M_STATUS_1 AS $AC_MARKER[1]
;-------------------------------------------------------------------------------------------
N200 SIRELIN(1,RESULT_IN,"IE_NH_Q","MI_NH_Q","IE_NH_E")
N210
SIRELOUT(1,RESULT_OUT,"MI_C_ABW","MI_A_ABW_A","MI_A_ABW_S")
N220 SIRELTIME(1,RESULT_TIME,0.4, 2.2, 3.5)
;---------------------------------------------------------------------------------------------
N300 IDS=10 DO M_STATUS_! = SIRELAY(1)
;--------------Error handling-------------------------------------------------------
N310 IDS=11 EVERY M_STATUS_1 < > DO . . . . . .
Declaration of the function
VAR_INPUT
In1 : BOOL := True ; //Input 1
In2 : BOOL := True ; //Input 2
In3 : BOOL := True ; //Input 3
Quit1 : BOOL ; //Quit1 Signal
Quit2 : BOOL ; //Quit2 Signal
TimeValue1 : TIME := T#0ms ; //TimeValue for Output 1
TimeValue2 : TIME := T#0ms ; //TimeValue for Output 2
TimeValue3 : TIME := T#0ms ; //TimeValue for Output 3
END_VAR
VAR_OUTPUT
Out0 : BOOL ; //Output without Delay
Out1 : BOOL ; //Delayed Output to False by Timer 1
Out2 : BOOL ; //Delayed Output to False by Timer 2
Out3 : BOOL ; //Delayed Output to False by Timer 3
END_VAR
VAR_INOUT
FirstRun: BOOL ; //True by User after 1. Start of SPL
END_VAR
Limitations
Example
FUNCTION_BLOCK
FB 10
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-153
The following table shows all formal parameters of the SI relay function.
Signal Type Remarks
In1 I BOOL Input 1
In2 I BOOL Input 2
In3 I BOOL Input 3
Quit1 I BOOL AcknowledgeInput 1
Quit2 I BOOL AcknowledgeInput 2
TimeValue1 I TIME Time value 1 for switch-off delay
TimeValue2 I TIME Time value 2 for switch-off delay
TimeValue3 I TIME Time value 3 for switch-off delay
Out0 O BOOL Output undelayed
Out1 O BOOL Output delayed by TimeValue1
Out2 O BOOL Output delayed by TimeValue2
Out3 O BOOL Output delayed by TimeValue3
FirstRun I/O BOOL Activation of initial setting
Note
The block must be called cyclically by the user program when the PLC
program is started. The user must provide an instance DB with any number
for this purpose. The call is multi-instance-capable.
3.10.7 System variables for SINUMERIK 840D
The following system variables can only be used in combination with
SINUMERIK® Safety Integrated. They are used when programming the safe
programmable logic (SPL). A detailed description of the system variables is
provided in Chapter 4.4.2. .
Table 3-59 Overview of system variables
System variables Meaning Value range Data type Possible access
with
Part
program
Synchr.
action
l s l s
Actual position
$VA_IS[Axis] Safe actual position for Safety
Integrated
DOUBLE x x
$AA_IM[Axis] Actual position for closed-loop control DOUBLE x x
$VA_IM[Axis] Encoder actual value in the machine
coordinate system
DOUBLE x x
Error status
$A_XFAULTSI The crosswise data comparison
between NCK and 611D of any axis
has detected an actual value error
INT x x
$VA_XFAULTSI[Axis
name]
The crosswise data comparison for
this axis between NCK and 611D has
detected an actual value error
INT x x
$VA_STOPSI Actual Safety Integrated Stop for the
particular axis
INT x x
$A_STOPESI Actual Safety Integrated Stop E of any
axis
INT x x
Internal SPL inputs/outputs
$A_INSI[n] NCK input n = 1, 2, ... 64
stands for
No. of input
BOOL x x
$A_INSID[n] NCK inputs n = 1, 2 INT x x
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-154 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
System variables Meaning Value range Data type Possible access
with
Part
program
Synchr.
action
l s l s
$A_INSIP[n] Image of the PLC input n = 1,2, ...64 BOOL x x
$A_INSIPD[n] Image of the PLC inputs n = 1, 2 INT x x
$A_OUTSI[n] NCK output n = 1, 2, ... 64
stands for
No. of output
BOOL x x x x
$A_OUTSID[n] NCK outputs n = 1, 2 INT x x x x
$A_OUTSIP[n] Image of the PLC output n = 1, 2, ... 64 BOOL x x
$A_OUTSIPD[n] Image of the PLC outputs n = 1, 2 INT x x
External SPL inputs/outputs
$A_INSE[n] NCK input n = 1, 2, ... 64
stands for
No. of input
BOOL x x
$A_INSED[n] NCK inputs n = 1, 2 INT x x
$A_INSEP[n] Image of PLC input n = 1, 2, ... 64
stands for
No. of input
BOOL x x
$A_INSEPD[n] Image of PLC inputs n = 1, 2 INT x x
$A_OUTSE[n] NCK output n = 1, 2, ... 64
stands for
No. of output
BOOL x x x x
$A_OUTSED[n] NCK outputs n = 1, 2 INT x x x x
$A_OUTSEP[n] Image of a PLC output n = 1, 2, ... 64
stands for
No. of output
BOOL x x
$A_OUTSEPD[n] Image of the PLC outputs n = 1, 2 INT x x
SPL markers and timers
$A_MARKERSI[n] Markers n = 1, 2, ... 64
stands for
No. of marker
BOOL x x x x
$A_MARKERSID[n] Markers
(SW 4.4.18 and higher)
n = 1, 2 INT x x x x
$A_MARKERSIP[n] Image of the PLC markers n = 1,2, ...64 BOOL x x
$A_MARKERSIPD[n] Image of PLC the markers)
(SW 4.4.18 and higher)
n = 1, 2 INT x x
$A_TIMERSI[n] Timers n = 1, 2...16
stands for
No. of timer
REAL x x x x
$A_STATSID Crosswise data comparison error
triggered when value is not equal to 0
n = 0 Error not
triggered
n = 1 Error
triggered
INT x x
$A_CMDSI 10-fold change timer value for long
forced checking procedure pulses
and/or single-channel test stop logic.
Bit 0 = 1
10-fold time
active
BOOL x x x x
$A_LEVELSID Crosswise data comparison stack level
display: Number of signals for which
NCK and PLC detect different signals
0...320 INT x x
$A_PLCSIIN Single-channel communication
between NCK and PLC-SPL
BOOL x x
$A_PLCSIOUT Single-channel communication
between NCK and PLC-SPL
BOOL x x
Note:
l -> read, s -> write
An implicit pre-run stop is generated
Only permitted in the commissioning phase
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-155
3.10.8 Behavior after POWER ON/operating mode change/reset
1. After the system has run-up the following Safety Integrated system
variables are assigned the value zero:
$A_INSE(D), $A_OUTSE(D), $A_OUTSI(D), $A_MARKERSI(D),
$A_INSEP(D), $A_OUTSEP(D), $A_OUTSIP(D),
$A_MARKERSIP(D).
2. If logic combinations from the SGAs to the SPL interface $A_INSI(D) are
parameterized using axial MDs, these system variables are pre-assigned
the value "1" at run-up (up to SW 4.4.29, 5.31). The double-word values
are:
$A_INSI[1...32] uses $A_INSID[1] pre-assigned FFFF FFFF (H).
$A_INSI[33…64] uses $A_INSID[2] pre-assigned FFFF FFFF (H).
This behavior must be emulated in the PLC-SPL.
With SW 4.4.29, 5.3.1 and higher, the system behavior with respect to
$A_INSI is exactly the same as for other system variables.
3. Pre-assignments of other variables before cyclic processing of the NCK-
SPL starts can be programmed in the same part program as the NCK-SPL
itself.
To ensure that the pre-assignment instructions are only performed once,
they must use the following syntax:
IDS=<no> WHEN TRUE DO <run-up instructions>
The events "operating mode change" and "reset" have no effect on the
processing of the NCK-SPL with identifier IDS.
4. Several run-up instructions can be programmed in one block.
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-156 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.10.9 SPL data on the PLC side
The safe programmable logic of the PLC (PLC-SPL) is a sub-function of the
safety functions integrated in the SINUMERIK.
The signals of the PLC-SPL are located in DB18 and are sub-divided into
1. Parameterization part and
2. Data area/status.
The link to the I/Os (external inputs/outputs) is implemented by
parameterization data INSEP_ADDR[1...8] and OUTSEP_ADDr[1...8] in
combination with the activation bits INSEP_VALID[1...8] and
OUTSEP_VALID[1...8].
The data area INSEP[1...64]/OUTSEP[1...64] is assigned to the input/output
image using this parameterization data.
The data areas are assigned byte-by-byte (byte-serial) and in any order.
INSEP_VALID / OUTSEP_VALID = TRUE:
When activation bits INSEP_VALID[1...8] and OUTSEP_VALID[1...8] are set to
TRUE the parameterized inputs/outputs are transferred to the relevant data
area INSEP / OUTSEP by the basic program.
INSEP_VALID / OUTSEP_VALID = FALSE:
If an activation signal is FALSE, there is no transfer in the associated
INSEP/OUTSEP data byte. In this case, the supply of this data byte can be
organized by the user program.
SPL_READY:
The SPL_READY = TRUE signal indicates that the commissioning phase has
been completed, i.e. if a crosswise data comparison error has occurred, the
basic program sends a "STOP D/E" to all the axes.
SPL_DATA
The useful (net) data for the PLC-SPL is contained in the SPL_DATA structure.
The useful data area is sub-divided into internal inputs/outputs and marker
areas and external inputs/outputs that correspond to the hardware I/Os.
With appropriate parameterization and external inputs/outputs, the basic
program transfers the input image of the I/Os to the external inputs in DB 18
and from the external outputs in DB 18 to the peripheral output.
SPL_DELTA:
The SPL_DELTA area is used for diagnostics. A signal with the status TRUE in
this area means that the signal is different in the NCK and PLC at this bit
position.
CMDSI:
Signal CMDSI can be used to extend the timeout value in the crosswise SPL
data comparison by a factor of 10. This extension is used for long forced
checking procedure pulses or single-channel test stop logic functions.
STATSI:
A crosswise data comparison error is indicated in STATSI. STATSI contains the
number of the signal whose difference caused this error. The error number (1–
320) refers to SPL_DATA as an array with 5x64=320 signals.
Signals
Parameterization part
Data area/status
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-157
LEVELSI:
LEVELSI is used for diagnostics and indicates how many signals with different
signal levels are present.
INSEP_Valid
OUTSEP_Valid
INSEP_ADDR
OUTSEP_ADDR
SPL_DATA.INSEP
SPL_DATA.OUTSEP
SPL_DATA.INSIP
SPL_DATA.OUTSIP
SPL_DATA.MARKERSIP
IB
PIBQB
PQB
PLC-SPL
DB18 parameterization part
DB18 data area
Transfer
via
basic
program
Data
cross
check
PLC_SPL3.DSF
Fig. 3-36 Mode of operation of the PLC-SPL program with DB 18
Sensors with exclusive OR'ed output signals must be configured in such a way
that in the safe state the 0 level is present on the NCK side and the 1 level on
the PLC side. The PLC-SPL program must invert the sensor signal so that the
same level appears in DB18 as is active on the NCK side. Otherwise the
crosswise data comparison function would indicate an error. Transfer into the
DB18 must be performed by the user program for such signals because the
basic program can only copy but it cannot invert.
The crosswise data comparison between the PLC and NCK is performed
cyclically. If a difference is detected, Alarm "error for crosswise data
comparison NCK-PLC" is output. A STOP D/E is also triggered internally.
The crosswise data comparison between the PLC and the NCK includes all
signals that are received at the SPL, signals generated by the SPL and internal
states of the SPL:
SPL_DATA.INSEP[1...64]
SPL_DATA.OUTSEP[1...64]
SPL_DATA.INSIP[1...64]
SPL_DATA.OUTSIP[1...64]
SPL_DATA.MARKERSIP[1...64]
Criterion "commissioning phase must have been completed"
Configuring sensors
Crosswise data
comparison
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-158 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The criterion "commissioning phase must have been completed", is derived
from the NCK MD $MN_PREVENT_SYNACT_LOCK[0,1] in the NCK. If one of
the two field entries is not equal to 0, "commissioning phase completed" is set
internally by the crosswise data comparison. On the PLC side, this criterion is
entered using DB18.DBX36.0. If this bit is set to "1", then the commissioning
phase is considered to have been completed.
Any changes to data on the NCK and PLC side do not take effect until after
power on.
3.10.10 Direct communications between the NCK and PLC-SPL
(from SW 6.3.30)
In SPL applications, a certain degree of single-channel communications
between the two SPLs (NCK and PLC) is always required in addition to the
two-channel connection of safety-relevant switching elements. The test stop
and emergency stop acknowledgement are typical applications. There are
various ways to do this today:
1. The NCK and PLC are connected via external wiring
2. Communications via simulated NCK I/Os ($A_OUT/$A_IN; DB10)
3. Communications via FC21 and NCK system variables $A_DBB etc.
The availability of these communication paths depends on the functional scope
of the machine.
NCK
DMP-Peripherie PLC-Peripherie
$A_PLCSIIN
$A_PLCSIOUT DB18.DBD128
DB18.DBD132
$A_IN
$A_OUT DB10.DBDxxx
DB10.DBDxxx
$A_DBB FC21
PLC
SPL SPL
$A_DBW
$A_DBD
VDI-Nahtstelle
Fig. 3-37 Communication paths NCK-PLC
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-159
In order to be able to exchange SI-specific signals between the NCK and PLC
in a dedicated data area, a corresponding communication interface has been
introduced for these components. This allows SI applications running on the
NCK and PLC (SPL) to be able to communicate in separate data areas that
cannot be occupied by other system functions. On the PLC side, this interface
represents an extension of DB18; on the NCK side, new system variables have
been introduced for this interface and these are available to the user. The
meanings of the individual bits in this interface are defined by the user.
NCK PLC
$A_PLCSIOUT[1...32] DB18.DBD128 32 bits from NCK to PLC
$A_PLCSIIN[1...32] DB18.DBD132 32 bits from PLC to NCK
For status queries on the PLC side, DB18 is supplemented by the SPL run-up
status already displayed on the NCK in the SI service display
NCK PLC
- DB18.DBW136 Bit 16 run-up status
System variables $A_PLCSIOUT[1...32] and $A_PLCSIIN[1...32] are protected
against access from other programs, except the NCK-SPL program
(SAFE.SPF). A corresponding programming command is rejected with the
Alarm 17070 "Channel %1 Block %2 Data write-protected".
Limitations
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-160 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.10.11 PLC data block (DB 18)
DB18 Signals for Safety SPL
Data block Interface PLC -----> PLC
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
INSEP Valid (GültigBit)
DBB 0 8th input 7th input 6th input 5th input 4th input 3rd input 2nd input 1st input
byte byte byte byte byte byte byte byte
DBB 1
OUTSEP Valid (valid bit)
DBB 2 8th output 7th output 6th output 5th output 4th output 3rd output 2nd output 1st output
byte byte byte byte byte byte byte byte
DBB 3
INSEP_ADDR (Address 1st input byte)
DBW 4
INSEP_ADDR (Address 2nd input byte)
DBW 6
INSEP_ADDR (Address 3rd input byte)
DBW 8
INSEP_ADDR (Address 4th input byte)
DBW 10
INSEP_ADDR (Address 5th input byte)
DBW 12
INSEP_ADDR (Address 6th input byte)
DBW 14
INSEP_ADDR (Address 7th input byte)
DBW 16
INSEP_ADDR (Address 8th input byte)
DBW 18
OUTSEP_ADDR (Address 1st output byte)
DBW 20
OUTSEP_ADDR (Address 2nd output byte)
DBW 22
OUTSEP_ADDR (Address 3rd output byte)
DBW 24
OUTSEP_ADDR (Address 4th output byte)
DBW 26
OUTSEP_ADDR (Address 5th output byte)
DBW 28
OUTSEP_ADDR (Address 6th output byte)
DBW 30
OUTSEP_ADDR (Address 7th output byte)
DBW 32
OUTSEP_ADDR (Address 8th output byte)
DBW 34
Stop E SPL_READY
DBB 36
DBB 37
Parameterization part
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-161
Data area/errors
DB18 Signals for Safety SPL
Data block Interface PLC <---> NCK
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
Data area of SPL inputs/outputs
SPL_DATA.INSEP [1 .. 32]
DBD 38
SPL_DATA.INSEP [33 .. 64]
DBD 42
SPL_DATA.OUTSEP [1 .. 32]
DBD 46
SPL_DATA.OUTSEP [33 .. 64]
DBD 50
Data area for user SPL
SPL_DATA.INSIP [1 .. 32]
DBD 54
SPL_DATA.INSIP [33 .. 64]
DBD 58
SPL_DATA.OUTSIP [1 .. 32]
DBD 62
SPL_DATA.OUTSIP [33 .. 64]
DBD 66
SPL_DATA.MARKERSIP [1 .. 32]
DBD 70
SPL_DATA.MARKERSIP [33 .. 64]
DBD 74
Difference in level NCK - PLC for diagnostics
SPL_DELTA.INSEP [1 .. 32]
DBD 78
SPL_DELTA.INSEP [33 .. 64]
DBD 82
SPL_DELTA.OUTSEP [1 .. 32]
DBD 86
SPL_DELTA.OUTSEP [33 .. 64]
DBD 90
SPL_DELTA.INSIP [1 .. 32]
DBD 94
SPL_DELTA.INSIP [33 .. 64]
DBD 98
SPL_DELTA.OUTSIP [1 .. 32]
DBD 102
SPL_DELTA.OUTSIP [33 .. 64]
DBD 106
SPL_DELTA.MARKERSIP [1 .. 32]
DBD 110
SPL_DELTA.MARKERSIP [33 .. 64]
DBD 114
CMDSI
DBB 118
DBB 119
Error number
DBD 120 0 = no error
1 - 320 = signal number starting from SPL_DATA.INSEP[1]
Crosswise data comparison stack level display
DBD 124 (Diagnostics capability: How many SPL signals currently have different levels)
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-162 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Additional data areas
DB18 Signals for Safety SPL
Data block Interface PLC <---> NCK
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
Data area of single-channel inputs/outputs
$A_PLCSIOUT [1 .. 8]
DBB 128
$A_PLCSIOUT [9 .. 16]
DBB 129
$A_PLCSIOUT [17 .. 24]
DBB 130
$A_PLCSIOUT [25 .. 32]
DBB 131
$A_PLCSIIN [1 .. 8]
DBB 132
$A_PLCSIIN [9 .. 16]
DBB 133
$A_PLCSIIN [17 .. 24]
DBB 134
$A_PLCSIIN [25 .. 32]
DBB 135
SPL status
DBW 136
PROFIsafe module(s) for
DBB 138 8th input 7th input 6th input 5th input 4th input 3rd input 2nd input 1st input
byte byte byte byte byte byte byte byte
DBB 139
PROFIsafe module(s) for
DBB 140 8th output 7th output 6th output 5th output 4th output 3rd output 2nd output 1st output
byte byte byte byte byte byte byte byte
DBB 141
Test stop data (being prepared)
DBB 142 Number of axes per test stop block 1 (NoOfAxisPerBlock[1])
to
DBB 149 Number of axes per test stop block 8 (NoOfAxisPerBlock[8])
DBB 150 Pointer to axis table 1 (BlockPointer[1])
DBB 157 Pointer to axis table 8 (BlockPointer[8])
DBB 158 Safety axis table (AxisTable[1]) 1st axis
to
DBB 188 Safety axis table (AxisTable[31]) 31st axis
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-163
SPL status signals
for DB18.DBW136
DB18.DBX136.0 SPL_STATUS[1] NCK-PLC interface parameterized
DB18.DBX136.1 SPL_STATUS[2] NCK-PLC program file exists
DB18.DBX136.2 SPL_STATUS[3] NCK waits until the PLC has run-up
DB18.DBX136.3 SPL_STATUS[4] NCK-PLC in cyclic mode
DB18.DBX136.4 SPL_STATUS[5] Call FB4 processing for SPL
DB18.DBX136.5 SPL_STATUS[6] End FB4 processing on NCK
DB18.DBX136.6 SPL_STATUS[7] Call FC9 processing for SPL
DB18.DBX136.7 SPL_STATUS[8] End FC9 processing on NCK
DB18.DBX137.0 SPL_STATUS[9] SPL started via PROG_EVENT mechanism (from SW 6.4.15)
DB18.DBX137.1 SPL_STATUS[10] Crosswise data comparison NCK started
DB18.DBX137.2 SPL_STATUS[11] Crosswise data comparison PLC started
DB18.DBX137.3 SPL_STATUS[12] NCK-SPL checksum checking active
DB18.DBX137.4 SPL_STATUS[13] All SPL protective mechanisms active (from SW 6.4.15)
DB18.DBX137.5 SPL_STATUS[14] End of SPL program reached
DB18.DBX137.6 SPL_STATUS[15] Not assigned
DB18.DBX137.7 SPL_STATUS[16] Not assigned
Table 3-61 Overview of DB 18 signals
DB18
Signal r Read
w-Write
Type Value range Remarks
Parameterization part
INSEP_VALID[1..8] r/w Bool 0 = INSEP[1..8] No automatic transfer, can be
supplied by the user program
1 = Transfer of input byte defined in
INSEP_ADDR[1..8] to INSEP[1..8] by basic
program
OUTSEP_VALID[1..8] r/w Bool 0 = OUTSEP[1..8] No automatic transfer, can
be retrieved by the user program
1 = Transfer to output byte defined in
OUTSEP[1..8] from OUTSET_ADDR[1..8] by
the basic program
INSEP_ADDR[1..8] r/w Int 1..EB Max Address input byte
OUTSEP_ADDR[1..8] r/w Int 1..AB Max Address output byte
SPL_READY r/w Bool 0 = Commissioning phase
(no STOP D is triggered for crosswise data
comparison error)
1 = Commissioning completed
(STOP D/E is triggered for crosswise data
comparison error)
STOP E If DB18, DBX36.1 = 1 was set, and if a
crosswise data comparison error is
determined, then an external STOP E instead
of an external STOP D is transferred to the
drive
Data area/status
SPL_DATA Useful data:
INSEP[1..64] r Bool External PLC input for SPL
OUTSEP[1..64] r/w Bool External PLC output for SPL
INSIP[1..64] r Bool Internal PLC input for SPL
OUTSIP[1..64] r/w Bool Internal PLC output for SPL
MARKERSIP[1..64] r/w Bool Marker for SPL
SPL_DELTA Signal differences for diagnostics:
INSEP[1..64] r Bool External PLC input for SPL
OUTSEP[1..64] r Bool External PLC output for SPL
INSIP[1..64] r Bool Internal PLC input for SPL
OUTSIP[1..64] r Bool Internal PLC output for SPL
MARKERSIP[1..64] r Bool Marker for SPL
CMDSI r/w Bool Timeout value in crosswise data comparison
is extended by a factor of 10
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-164 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
STATSI r Dint 1 - 320 Status: 0 – no error
1 – 320 errors
No. corresponds to signal from SPL_DATA
whose change in level caused the crosswise
data comparison error
LEVELSI r Dint Crosswise data comparison stack level
display
(Diagnostics capability: How many SPL
signals currently have different levels)
PLCSIIN r Bool 1 - 32 Signals can be written by the PLC and read by
the NCK
PLCSIOUT r/w Bool 1 - 32 Signals can be written by the NCK and read
by the NCK
3.10.12 Forced checking procedure of SPL signals
The forced checking procedure of SPL signals is part of the SPL functionality.
Once the external safety circuit has been wired, a two-channel SPL has been
created and the relevant safety functions configured and checked with an
acceptance test, the long-term reliability of this function, verified using an
acceptance test, can be ensured:
• External inputs/outputs
The external inputs/outputs of the SPL ($A_INSE or $A_OUTSE) must be
subject to a forced checking procedure to ensure that faults (e.g. wire
breakage) do not accumulate over a period of time so that both monitoring
channels could fail.
• Internal inputs/outputs
Internal inputs/outputs ($A_INSI, $A_OUTSI), markers ($A_MARKERSI)
etc. ($A_TIMERSI) do not have to be subject to a forced checking
procedure. It will always be possible to detect an error at these locations
due to the differing two-channel responses of the external inputs/outputs or
the NCK/611 digital monitoring channels; crosswise data comparison
exists at both ends of the response chain for detecting errors.
"3-terminal concept":
• If an input signal ($A_INSE), for example, is evaluated through two
channels, the associated test output signal can be implemented in one
channel. It is decisive that the input signal can be forced/changed and
checked in both channels.
• In the same way, the assigned test input signal for two-channel output
signals ($A_OUTSE) can be implemented in one channel if it is
interconnected according to the following rules:
The test input signal may only return an "OK" status ("1" level) if both
output signals function (i.e. both monitoring channels have output a "0"). A
simultaneous test in both channels allows the function to be tested in
both channels using one checkback signal.
SPL signals
Test signals
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-165
Triggering
PLC-SPL
NCK-SPL
A
A
Test A
E
E
Test E
Test Load
3KLEMMEN.DSF
Fig. 3-38 3-terminal concept
• The forced checking procedure for the switch evaluated in two channels is
triggered by setting the test output to "0", i.e. actuation of the switch is
simulated.
The NCK-SPL and PLC-SPL must respond to this signal change by setting
their outputs to signal level "0".
• If at least one of the two channels responds in this way, then the load is
disconnected from the power supply.
• Only if both channels respond in this way, will the test input indicate correct
functioning of both channels with level "1". It this is not the case, there is a
system fault and the test analysis ("test" block) must prevent the power
supply being reconnected to the load.
The timer or event controlled triggering of the test stop is activated in one
channel by the PLC. The function itself is separately executed in both channels.
Triggering and checking test signals for SPL input/output signals can also be
completely executed in one channel in the PLC:
1. The PLC is optimized for these types of bit/logic operations and
sequencing logic.
2. The machine adaptation is saved in the PLC user program when
configuring and installing the machine.
If errors are detected, the PLC user program should respond by triggering an
external "STOP D/E".
1. A "2 terminal concept" in which a single-channel useful signal is to be
subjected to a forced checking procedure using a single-channel test
signal is not permitted. In this case, the two-channel SPL structure would
be worthless and the crosswise data comparison would have no effect.
Explanation of the
diagram
Triggering/test
Notes avoiding errors
3 Safety-Related Functions 11.03
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
3-166 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The following is permissible:
• A "full 4-terminal concept" (two-channel test signal for two-channel useful
[net] signal), or
• the "3-terminal concept" suggested above, or
• a "2 terminal concept without test signals" if the two-channel useful (net)
signal to be tested automatically changes its level dynamically as a result
of the process and this can be verified using other useful signals. In this
case, the useful signals assume the function of test signals. For example, a
typical application could be a protective door evaluation function.
2. The signals "external STOPs" and "test stop" are handled differently
internally:
• In order to increase the probability that a requested "external STOP" takes
effect, the STOPs between the two channels are exchanged internally.
Failure of the stop control in one channel does not cause an error for
these signals (in contrast to the operating mode switchover signals, e.g.
"SG/SBH active") in the crosswise data comparison.
Whereas other channels can be subjected to a forced checking procedure
in both channels in parallel (and should be - in order to avoid errors being
triggered by the data cross-check), the "external STOPs" and the "test
stop" must be subjected to a checking procedure one after the other in
both channels. As an alternative, simultaneous checking procedure of the
external STOPs is also possible, but in this case, two-channel checkback
signals must be used.
• The test stop itself may not be subject to a forced checking procedure in
both channels in parallel because there is only one common hardware
response and checkback signal "pulse cancellation" for both channels (as
before).
11.03 3 Safety-Related Functions
3.10 Safe programable logic (SPL) (840D SW 4.4.18)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-167
Note
An application example for an "integrated EMERGENCY STOP" is given in
Chapter 7 "Configuring Example".
Note
An application example for a "door interlocking" is given in
Chapter 7 "Configuring Example".
Note
An application example for a test stop for SI Level 2 is given in
Chapter 7 "Configuring Example".
3 Safety-Related Functions 11.03
3.11 Encoder mounting arrangements
© Siemens AG 2003 All Rights Reserved
3-168 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.11 Encoder mounting arrangements
3.11.1 Encoder types
The following basic types of encoder can be used on a drive module for the
purpose of safe operation:
• Incremental encoder
with sinusoidal voltage signals A and B (signal A is in quadrature with
signal B) and a reference signal R
e.g.: ERN 1387, LS 186, SIZAG2
• Absolute encoder
with EnDat interface and incremental, sinusoidal voltage signals A and B
(signal A is in quadrature with signal B)
e.g.: EQN 1325, LC 181
Various combinations can be derived from the basic types.
Table 3-64 Combinations of encoder types
Incremental encoder Absolute encoder
at the motor at the load at the motor at the load Comments
x 1-encoder system
x 1-encoder system
x x 2-encoder system
x x 2-encoder system
x x 2-encoder system
Note: x Encoder connection
For a 1-encoder system, the incremental or absolute encoder at the motor is
used for the actual values of the NC and drive.
The 611 digital control module supplies one actual value to the NCK and drive
via 2 separate actual value channels..
Special feature for linear motors:
For linear motors, the motor encoder (linear scale) is also the measuring
system at the load. IMS and DMS are one measuring system. The connection
is made at the IMS input of the 611 digital control module.
Geber Getriebe
Lose
GEBER_02.DSF
Anschluß
des
Motorgebers
(IMS)
Motor
(VSA)
Maschinentisch
VSA
Anschluß
des direkten
Lagegebers
(D M S)
Fig. 3-39 1-encoder system for a feed drive
Basic types
Combinations of
encoder types
1-encoder system
11.03 3 Safety-Related Functions
3.11 Encoder mounting arrangements
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-169
Note
For a 1-encoder system a direct position encoder (DMS) cannot be used for
the measuring system of another axis.
With this type of system, two separate encoders are used to supply the actual
values for one axis. In standard applications, the drive evaluates the motor
encoder and the NC, for example, the measuring system connected to the 2nd
actual value input. The 611digital control module transfers the two actual values
to the NCK and drive via two separate actual value channels.
Encoder Gearbox
Back-
lash
Linear scale
GEBER_03.DSF
Connection
of direct
position
encoder
(DMS)
Connection
of motor
encoder
(IMS)
Motor
(FDD)
Machine table
FDD
Fig. 3-40 2-encoder system for a feed drive
Shift gearbox
GEBER_01.DSF
Incremental
encoder
Spindle
Connection
of direct
position
encoder
(DMS)
Connection
of motor
encoder
(IMS)
Motor
(MSD)
Incremental
encoder
MSD
Fig. 3-41 2-encoder system for a main spindle drive
2-encoder system
3 Safety-Related Functions 11.03
3.11 Encoder mounting arrangements
© Siemens AG 2003 All Rights Reserved
3-170 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
SW 5.1 and higher
If the ratio of the gear between the motor and load is not slip-free, the
1-encoder system must be selected. The 2nd spindle encoder is connected to
another drive module via an actual-value input. SE and SN cannot be
configured in such cases (refer to Chapter 3.11.5, "Application: Spindle with
2 encoders and drive with slip").
For SW 5.2 and higher, systems with slip are also possible (refer to
Chapter 3.11.4).
3.11.2 Adjustment, calibration, axis states and historical data
For 2-encoder systems, the built-in encoder is generally an integral component
of the motor (the encoder is adjusted to match the motor). The information
about distance, speed and rotor position (on synchronous drives) is obtained
from one encoder. It is no longer possible to adjust the encoders in motor
measuring systems in the conventional sense.
The machine zero and encoder zero are calibrated purely on the basis of the
offset value (the machine must be calibrated). This process must be carried out
for both incremental and absolute encoders.
Absoluter Geberistwert
Verschiebe-
wert
Lageistwert
Geber-
nullpunkt
Maschinen-
nullpunkt
Einschaltposition/
Stillstandsposition ABSOL_01.DSF
Fig. 3-42 Positions and actual values
When calibrating the machine, a known or measured position is approached by
means of a dial gauge, fixed stop, etc. and the offset value determined. This
offset is then entered in the appropriate machine data. Calibration is always
required for a position-controlled axis/spindle.
References: /IAD/, SINUMERIK 840D Installation and Start-Up Guide
/FBD/, SINUMERIK 840D, Descriptions of Functions
R1, "Reference Point Approach"
The axis state "axis not referenced" is reached after the power supply has been
connected and the drive and control system have completely run-up. This state
is indicated using the axis-specific interface signal "reference point reached" as
follows:
Motor encoder
adjustment
Machine calibration
"Axis not referenced"
state
11.03 3 Safety-Related Functions
3.11 Encoder mounting arrangements
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-171
Interface signal
"Reference point reached" = "1" Axis state "axis referenced"
"Reference point reached" = "0" Axis state "axis not referenced"
For 840D DB31-48, DBX60.4 / DBX60.5
The function SBH/SG can only be used when this state has been reached (after
run-up has been completed) (refer to Fig. 3-36, "Axis states during
referencing").
For incremental encoders, the position actual value is lost when the NC is
powered-down. When the NC is powered-up, a reference point approach must
be carried out. If it is done correctly, then the axis is referenced and goes into
the "axis referenced" state (refer to Fig. 3-36 "Axis states during referencing").
Unlike incremental encoders, absolute encoders do not require a reference
point approach after the NC is powered-up. These encoders save the absolute
position, e.g. using a mechanical gear, both when powered-up and powered-
down. The absolute position is transmitted implicitly via a serial interface when
the NC is powered-up. After the position data has been transmitted and the
offset value has been taken into account, the axis is also in the "axis
referenced" state (refer to Fig. 3-35, "Axis states during referencing").
The "axis referenced" state is displayed using the axis-specific interface signal
"referenced point reached" as follows:
Interface signal
"Reference point reached" = "1" Axis state "axis referenced"
"Reference point reached" = "0" Axis state "axis not referenced"
For 840D DB31-48, DBX60.4 / DBX60.5
References: /IAD/, SINUMERIK 840D Installation & Start-Up Guide
To reach the axis state "axis safely referenced", the axis state "axis referenced"
must have been reached and either
• the user confirms the current position per user agreement
or
• a pre-history (saved and set user agreement and a saved stop position
when the system is powered-down) must exist. The position of the pre-
history must match the current position within a tolerance window. This is
checked both in the drive and in the NC.
The axis state "axis safely referenced" is displayed via the SGA "axis safely
referenced". Only when this state is reached can a safe position evaluation be
made for the functions SE and SN (refer to Fig. 3-36, "axis states during
referencing").
The user agreement function (protected using a key-operated switch) allows
the user to confirm that the current position at the machine corresponds to the
position displayed in the NC.
User agreement is confirmed using a soft key. Before this can be done, the axis
state "axis referenced" must have been reached. If the axis is in this state and
the user has confirmed the position by means of the agreement function, then
the "axis safely referenced" state is also reached.
"Axis referenced"
state
"Axis safely
referenced" state
User agreement
3 Safety-Related Functions 11.03
3.11 Encoder mounting arrangements
© Siemens AG 2003 All Rights Reserved
3-172 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
If the user agreement has been set without the axis being in the "axis
referenced" state, then Alarm "Defect in a monitoring channel" is output with
error code 1004.
The user agreement can only be set by an authorized user.
The user agreement can be cancelled by the user or as the result of a function
selection (e.g. new gear stage) or an erroneous status (e.g. an inconsistency in
user agreement between NC and drive). When the user agreement is
cancelled, the axis state "axis safely referenced" is always reset (refer to
Fig. 3-36, "Axis states during referencing").
The status of the user agreement function is saved in non-volatile memories.
This agreement data constitutes the previous history in combination with the
standstill position data that is also saved in a non-volatile fashion.
The saved standstill position data is combined with the permanently saved user
agreement to form the previous history.
The following must be noted when the standstill position is saved:
• The standstill position is saved when a safe operating stop (SBH) is
selected via the SGE "SBH/SG de-selection".
• The following applies when SE/SN is active:
The standstill position is also cyclically saved.
• If the axis is moved with the system powered-down, then the saved
standstill position no longer matches the current position.
Saved user agreement
Saved standstill
position
11.03 3 Safety-Related Functions
3.11 Encoder mounting arrangements
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-173
The previous history consists of the saved user agreement and the saved
standstill position (refer to "Saved user agreement" and "Saved standstill
position").
As described under "Axis safely referenced", a previous history can be used to
obtain the axis state "axis safely referenced".
The following conditions must be fulfilled:
• The saved user agreement must be available.
• The difference between the "reference position" (power on position with
absolute measuring systems or reference position with incremental
measuring systems) and the saved standstill position (including traversing
distance to reference point with ERN) must be within a tolerance window
specified via machine data.
Axis safely
referenced
EQN: Read absolute value from encoder
ERN: Approach reference point
Axis status
not OK
Check
Previous
history
no
Check OK
Axis
referenced
yes
User agreement
(softkey)
Internal
check of
previous
history
Axis not
referenced
JUST_01.DSF
Axis status
Axis status
Interface signal
"Reference point reaced" = "0"
SGA
"Axis safely referenced"
SBH/SG
is reliable
from this
axis status
Check of position
Interface signal
"Reference point signal" = "1"
Axis status is displayed via:
SE/SN
is reliable
from this
axis status
Fig. 3-43 Axis states during referencing
Previous history
3 Safety-Related Functions 11.03
3.11 Encoder mounting arrangements
© Siemens AG 2003 All Rights Reserved
3-174 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
For 1-encoder systems, it is advisable to replace the entire motor in the case of
a defect in the motor measuring system (indirect measuring system).
!
Warning
After the measuring system has been replaced - regardless of whether it is a
direct or indirect system - the relevant axis must be re-calibrated.
The user can suppress the automatic, internal actual value check by resetting
the "User agreement" and thus request re-calibration of the axis with user
agreement.
3.11.3 Overview of the data for mounting encoders
Table 3-65 Overview of machine data for 840D
Number Name
36910 $MA_SAFE_ENC_SEGMENT_NR
36911 $MA_SAFE_ENC_MODULE_NR
36912 $MA_SAFE_ENC_INPUT_NR
36915 $MA_SAFE_ENC_TYPE
36916 $MA_SAFE_ENC_IS_LINEAR
36917 $MA_SAFE_ENC_GRID_POINT_DIST
36918 $MA_SAFE_ENC_RESOL
36920 $MA_SAFE_ENC_GEAR_PITCH
36921 $MA_SAFE_ENC_GEAR_DENOM[n]
36922 $MA_SAFE_ENC_GEAR_NUMERA[n]
36925 $MA_SAFE_ENC_POLARITY
Note:
Data is described in Chapter 4, "Machine data for SINUMERIK 840D"
Table 3-66 Overview of machine data for 611 digital
Number Name
1316 $MD_SAFE_ENC_CONFIG
1317 $MD_SAFE_ENC_GRID_POINT_DIST
1318 $MD_SAFE_ENC_RESOL
1320 $MD_SAFE_ENC_GEAR_PITCH
1321 $MD_SAFE_ENC_GEAR_DENOM[n]
1322 $MD_SAFE_ENC_GEAR_NUMERA[n]
Note:
Data is described in Chapter 4, "Machine data for SIMODRIVE 611digital"
Replacing encoders
Overview of MD
for 840D
Overview of MD
for 611 digital
11.03 3 Safety-Related Functions
3.11 Encoder mounting arrangements
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-175
3.11.4 Actual value synchronization (slip for 2-encoder systems with
SW 5.2 and higher)
If a 2-encoder system is used, SI actual values from the NC and the drive drift
apart for systems subject to slip because the drive evaluates the motor
measuring system and the NC evaluates the direct measuring system after the
gearbox.
This offset is detected by the crosswise data comparison and a stop response
is triggered. In the case of axis drives with variable coupling factors (slip or belt
drive) until now it was necessary to use a 1-encoder system to prevent the SI
actual values of the NC and drive from drifting apart.
If a direct measuring system was required for position control up until now it
was necessary to use an additional 611digital module for actual value sensing.
To avoid this, a solution using a 2-encoder system with slip has now been
implemented in the software.
In order to define the slip tolerance, the maximum input value is set in
MD 36949 $MA_SAFE_SLIP_VELO_TOL. As a result of an action, such as
e.g. maximum acceleration, gear stage change with oscillation, a situation is
created where the actual values drift apart. This value can be taken as nominal
value from the diagnostics display (maximum speed difference), multiplied by a
factor of 1.5 and then entered into MD 36949.
Actual value synchronization is performed in two channels. Machine data
$MA_/$MD_SAFE_SLIP_VELO_TOL is introduced to both channels and the
maximum offset between the NCK and drive actual value entered in it as a
speed. This machine data is converted to an internal format and is used as the
actual value tolerance for the crosswise data comparison. The tolerance value
entered in MD 36949: $MA_SAFE_SLIP_VELO_TOL is not relevant as only the
"new" tolerance value is taken into account in the crosswise data comparison.
For the actual value synchronization, both channels correct their SI actual
position to half the derived actual value difference. Please note that the two SI
actual positions no longer display the correct absolute position. The NC actual
position and the two SI actual positions are different.
Both the load-side actual value and the motor-side actual position are
corrected. This ensures that the corrected actual value remains active in
subsequent monitoring cycles until the next synchronization.
Actual value synchronization is performed in the crosswise data comparison
cycle. Actual value synchronization is also performed when a crosswise data
comparison of the SI actual position outputs an error. The advantage here is
that Alarms 27001/300911 can be acknowledged and do not re-appear
immediately.
Actual value synchronization is also performed after "referencing" and with
"parking axis".
The latest calculated and maximum SI speed difference since the last reset is
displayed in the axis-specific service display for diagnostics purposes.
Note
Actual value synchronization is not performed until an actual value difference
between the two channels of 2 µm or 2 millidegrees is detected per SI
monitoring cycle.
Description of function
Slip tolerance
3 Safety-Related Functions 11.03
3.11 Encoder mounting arrangements
© Siemens AG 2003 All Rights Reserved
3-176 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The two SI actual positions no longer display the correct absolute machine
position. The correct position can now only be read out via the NC actual
position.
Safety monitoring functions SG, SBH, SBR, and "n<nx" still only respond to
actual value changes from the particular actual value acquisition channel, not to
changes in the actual value resulting from the actual value synchronization. A
single-channel SG violation only triggers an alarm in the channel in which this
speed violation was detected. The related stop response is still triggered in two
channels, as information is exchanged between the two monitoring channels.
SGA "n<nx" can also assume statically different states in the two monitoring
channels.
Actual value synchronization is selected by setting bit 3 in MD $MA_/
$MD_SAFE_FUNCTION_ENABLE. In addition, SI function "SBH/SG
monitoring" must also be enabled.
Actual value synchronization is only permissible if no monitoring function with
absolute reference is enabled at the same time. If SE and/or SN are also
selected, power ON Alarms 27033 and 301708 are also output during power
up.
Actual value synchronization is therefore only permitted with SBH/SG axes, as
in this case, the absolute position is not necessarily needed. Further, actual
value synchronization is only permitted for two-encoder systems. If this function
is enabled for a single-encoder system, Alarm 27033 is output.
3.11.5 Application: Spindle with two encoders and drive with slip
(SW 5.2 and lower)
When subject to crosswise data comparison the actual values between the
NCK and drive must lie within an actual value tolerance specified in the MD.
If the tolerance value is violated, STOP F is output.
Note
It is not possible to activate the safe functions SE and SN for an axis/spindle
where slip can occur between the motor and the load.
For the configuration shown in Fig. 3-45 "Motor with a drive subject to slip" the
following behavior is manifested:
The SI actual values for the drive and the NCK are each provided from a
separate encoder. Due to the slip produced by the belt drive, the actual value
between the two encoders drifts apart so that the actual value tolerance is
violated with the relevant stop response.
Limitations
Activating
General
System behavior
11.03 3 Safety-Related Functions
3.11 Encoder mounting arrangements
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-177
Indexing
mechanism
GEBER_04.DSF
Incremental
encoder
Spindle
Motor
(MSD)
Incremental
encoder
MSD
Belt drive slip
Connection
of motor
encoder
(IMS)
Connection
of direct
position
encoder
(DMS)
Fig. 3-44 Motor for a drive subject to slip
In the configuration shown in Fig. 3-46 "Configuration of spindle with a drive
subject to slip and two encoders", the SI actual values for the NCK and drive
are derived from one encoder (the motor encoder).
As the actual value of the motor encoder is used for both monitoring channels,
the slip is ignored in this configuration (the same behavior as for 1-encoder
system).
If there is no free actual value input, an additional module must be used.
An actual value input on another drive module must be used for spindle
positioning. This drive may not be an SI axis.
Shift gearbox
GEBER_05.DSF
Incremental encoder
Spindle
Motor
(MSD)
Incremental
encoder
Belt drive slip
Drive
1 2 3 4
1)
1)
2)
2)
Fig. 3-45 Configuration of spindle with a drive subject to slip and 2 encoders
The MD values refer to two cases (refer to Fig. 3-46 "Configuration of spindle
with a drive subject to slip and 2 encoders"):
Configuring options
Machine data for
840D/611 digital
3 Safety-Related Functions 11.03
3.11 Encoder mounting arrangements
© Siemens AG 2003 All Rights Reserved
3-178 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Slip between load and motor can exist (V belt) and is ignored
Slip between load and motor may not exist (toothed belt))
Table 3-67 Machine data for SINUMERIK 840D
MD No. MD name MD value
for 1) for 2)
30110 CTRLOUT_MODULE_NR[0] 3 3
30200 NUM_ENCS 1 1
30220 ENC_MODULE_NR[0] 4 3
30230 ENC_INPUT_NR[0] 2 2
32110 ENC_FEEDBACK_POL[0] -1 -1
36912 SAFE_ENC_INPUT_NR 1 2
36925 SAFE_ENC_POLARITY 1 -1
1316 SAFE_ENC_CONFIG 0 4
11.03 3 Safety-Related Functions
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-179
3.12 SI I/Os using fail-safe modules connected to
PROFIBUS DP (840D from SW 6.3.30)
3.12.1 Description of functions
From SW 6.3.30 onwards, the SINUMERIK 840D has a fail-safe DP master
(F master). The F master, in conjunction with the fail-safe DP modules
(F modules) permits fail-safe communications on PROFIBUS DP (PROFIsafe
communication) as specified by the PROFIsafe profile.
This means that the safety-relevant input/output signals of the process
(machine) can be coupled to the Safety Integrated function "Safe
programmable logic" (SPL) can be connected in the same way for the PLC and
NCK-SPL via the PROFIBUS DP.
HMI Embedded or
HMI Advanced
Distributed module block
PROFIBUS-DP
MPI-Bus DP-Slave ET 200S
DP-Slave ET 200S
BEI1_PS.DSF
SINUMERIK 840D
Fig. 3-46 SI I/Os via F modules on PROFIBUS DP
The benefits of this type of connection for safety-relevant I/O signals are:
• Fewer cables are required as a result of the distributed structure
• Unified PLC and NCK-SPL I/Os
• Unified safety-relevant and non-safety-relevant I/Os.
PROFIBUS DP is an international, open field bus Standard specified in the
European field bus Standard EN 50170 Part 2. It is optimized for fast data
transfer at the field level (time critical).
In the case of the components that communicate via PROFIBUS DP, a
distinction is made between master and slave components.
1. Master (active node)
Components operating on the bus as master determine the data exchange
on the bus and are therefore also designated active nodes.
General mode of
operation
Benefits
PROFIBUS DP
3 Safety-Related Functions 11.03
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
3-180 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
There are two classes of master:
• DP master, Class 1 (DPMC1):
Central master devices that exchange information with the slaves in
fixed message cycles.
Examples: S7-300 CPUs: CPU 315-2 DP, CPU 314-2F DP etc.
• DP master, Class 2 (DPMC2):
Devices for configuration, commissioning, operator control and
monitoring during bus operation.
Examples: Programming devices, operator control and monitoring
devices
2. Slaves (passive nodes)
These devices may only receive messages, acknowledge them and
transfer message to the master on its request.
Examples: Drives, I/O modules, etc.
PROFIsafe is a PROFIBUS profile:
• PROFIsafe profile for Safety Technology
Version 1.11, July 2001, Order No.: 3.092
for fail-safe data transfer between fail-safe components (F master and F slave)
on PROFIBUS DP.
The PROFIsafe profile is characterized by the fact that the safety-relevant
functions are implemented in the safe terminal nodes, i.e. the F/CPUs, the
distributed slaves and the actuators/sensors/field devices using the standard
PROFIBUS functions.
The useful (net) data of the safety function plus the safety measures are sent.
This does not require any additional hardware components, since the protocol
chips, driver, repeater, cable can still be used as they are. Therefore both
standard components and F components can be used on a PROFIBUS system.
3.12.2 Available fail-safe modules
Presently, the following fail-safe modules are available for the distributed
I/O system ET 200S:
• Digital electronic module 4/8 F-DI DC24V PROFIsafe
The fail-safe digital input module (F-DI) has 8 separate inputs. These can
be used for Safety Integrated in pairs for 4 different 2-channel input
signals.
Order No.: 6ES7 138-4FA00-0AB0
• Digital electronic module 4 F-DO DC24V/2A PROFIsafe
The fail-safe digital output module (F-DO) has 4 P-M-switching outputs that
can be used for 4 different 2-channel output signals with Safety Integrated.
Order No.: 6ES7 138-4FB00-0AB0
• Power module PM-E F DC24V PROFIsafe
In addition to 2 relays to switch the potential busses P1 and P2; 2 fail-safe
digital outputs, P-M switching.
Order No.: 6ES7 138-4CF00-0AB0
• Power module PM-D PROFIsafe
Safety-relevant power module for safety-relevant motor starter for safety-
relevant contact multiplier; 6 switching groups
Order No.: 3RK1 903-3BA00
PROFIsafe
ET 200S distributed I/O
system
11.03 3 Safety-Related Functions
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-181
Detailed information for distributed I/O systems ET 200S and the various
F modules is provided in:
References: SIMATIC Distributed I/O device ET 200S, Manual
Order No.: 6ES7 151-1AA00-8AA0
SIMATIC Distributed I/O device ET 200S fail-safe modules,
Manual
Order No: 6ES7 988-8FA11-8AA0
3.12.3 System prerequisites
The following hardware requirements must be fulfilled when setting-up
PROFIsafe communications:
SIMATIC ET 200S
• Interface module
- IM 151-1 High Feature
Order No.: 6ES7 151-1BA00-0AB0
• Power module
- Power module PM-E F DC24V PROFIsafe
Order No.: 6ES7 138-4CF00-0AB0
- Power module PM-D PROFIsafe
Order No.: 3RK1 903-3BA00
• F electronic modules
- Digital electronics module 4/8 F-DI DC24V PROFIsafe
Order No.: 6ES7 138-4FA00-0AB0
- Digital electronics module 4 F-DO DC24V/2A PROFIsafe
Order No.: 6ES7 138-4FB00-0AB0
Note
1. Standard power modules can used to shutdown fail-safe electronic
modules. If standard electronic modules are to be safely shut down,
fail-safe power modules must be used.
2. Before mounting F modules, these must be configured and
parameterized in STEP7, since the PROFIsafe addresses of the
F modules are automatically assigned by STEP7. The PROFIsafe
address must then be set at each F module using the DIL switches.
This is only possible before mounting the F module.
SINUMERIK
• SINUMERIK 840D NCU
- NCU 561.4
- NCU 571.4
- NCU 572.4
- NCU 573.4
- NCU 573.5
Hardware
3 Safety-Related Functions 11.03
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
3-182 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The following software prerequisites must be fulfilled before PROFIsafe
communications can be commissioned and used:
SIMATIC: Creating and loading the configuration
• SIMATIC STEP 7, from Version V5.1 with Service Pack 6 and Distributed
Safety Integrated V5.2
• STEP 7 V5.2 and S7-F Configuration Pack V5.3 (can be downloaded free of
charge)
SINUMERIK: Parameterizing NCK and PLC
• Software release from SW 6.3.30
• Software option "Distributed I/Os via PROFIBUS DP"
• Software option "SINUMERIK Safety Integrated safety functions for
personnel and machines"
3.12.4 System structure
PS_KOMSTRU1.DSF
PROFIBUS-DP
DP-Slave ET 200S
PLC-SPL
PLC
SINUMERIK 840D
User levelOperating system level
NCK
DP-Slave ET 200S
PROFIsafe comm.
User communication
DP cycle OB1 cycle
IPO cycle
PROFIsafe cycle
DB 18: INSEP/OUTSEP $A_INSE/$A_OUTSE
DP data
NCK-SPL
PROFIsafe-
Layer PROFIsafe-
Layer
PROFIBUS-
Layer
PROFIsafe cycle
(OB40)
PROFIBUS-DP comm.
Fig. 3-47 System structure: SI I/Os using F modules on PROFIBUS DP
Software
11.03 3 Safety-Related Functions
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-183
Just like Safety Integrated, the PROFIsafe system structure also has a
2-channel diverse system design based on the PLC and NCK PROFIsafe layer.
The principle of PROFIsafe communications between SINUMERIK 840D and
the F modules on the PROFIBUS DP is explained in detail below based on the
transfer of the SPL output data $A_OUTSE/OUTSEP to the F-DO modules:
The PROFIsafe layer creates a PROFIsafe telegram (F telegram) in each
PROFIsafe cycle with the ANDed SPL output data as F useful (net) data:
F useful (net) data = (OUTSEP AND $A_OUTSE)
and the backup data (CRC and ConsecutiveNumber) and transfers it to the
PROFIBUS layer via the DP data interface.
The PROFIBUS layer transfers a DP telegram with the PROFIsafe telegram
created by the F layer in each PROFIBUS cycle as DP useful data to the DP
slaves that is independent of the PROFIsafe cycle. The F telegram is sent to
the specific F-DO module via the backplane bus of the DP slaves.
The configuration and parameterization needed to connect the F modules to
the external NCK/PLC-SPL interfaces entails the following steps:
1. Create the configuration using SIMATIC STEP7.
Refer to Chapter: Configuring and parameterizing the ET 200S F I/Os
2. Perform a standard SINUMERIK 840D commissioning (minimum
requirement).
3. Load the configuration and the PLC basic and user program modules into
the SINUMERIK 840D PLC.
4. Parameterize the PROFIsafe-relevant SINUMERIK 840D NCK machine
data.
Refer to the following Chapter: Parameterizing the SINUMERIK 840D NCK
3.12.5 Configuring and parameterizing the ET 200S F-I/O
The information on configuring and parameterizing the ET 200S F I/Os given in
this chapter essentially refers to the specific needs of SINUMERIK Safety
Integrated. A complete set of information on configuring and parameterizing the
ET 200S and/or ET 200S F components is provided in the SIMATIC manuals:
References: SIMATIC Distributed I/O device ET 200S, Manual
Order No.: 6ES7 151-1AA00-8AA0
SIMATIC Distributed I/O device ET 200S fail-safe modules,
Manual
Order No: 6ES7 988-8FA11-8AA0
The F I/Os are configured while configuring the standard PROFIBUS using
STEP7.
After the "S7 Distributed Safety" option package or the S7 F Configuration
Package has been installed (refer to the previous chapter), the F modules are
PROFIsafe
communications
Configuring/
parameterizing
Configuring
3 Safety-Related Functions 11.03
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
3-184 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
available in the HW Catalog of HW Config. (If the hardware catalog is not
displayed, open it using the menu command: View > Catalog):
Profile: Standard > PROFIBUS DP > ET 200S
• Interface module
- IM 151-xxx
• Electronic modules
- IM 151-xxx > DI > 4/8 F-DI DC24V
- IM 151-xxx > DO > 4 F-DO DC24V/2A
• F power module
- IM 151-xxx > PM > PM-E F DC24V/10A 2F-DO DC24V/2A
• Standard power module
- IM 151-xxx > PM > PM-E F DC24V
• Motor starter
- IM 151-xxx > Motor starter > PM > PM-D F PROFIsafe
Refer above for the module Order Nos.: Chapter 3.12.3 System prerequisites.
Both the standard and F parameterization of the F modules is carried out via
the relevant properties dialog box of the module. Choose the appropriate DP
slave (IM 151-1) in the station window and then open the properties dialog box
of the relevant F module in the detailed view.
The input/output addresses that are assigned to an F module in the input/output
address area of the DP master, are parameterized in the properties dialog box
under:
Dialog box: Properties of ET 200S standard module
Tab: Addresses
Input:
Start
Output
Start
Note
The input/output addresses of an F module are subject to the following
conditions:
- Input address > 127
- Output address = Input address.
F parameterization is carried out in the properties dialog box under:
Dialog box: Properties of ET 200S standard module
Tab: Parameter
Parameter > F parameter
The F parameters of the electronic modules are automatically set to the F
monitoring time of the HW configuration and cannot be changed.
The displayed values of the F parameter
- F_Source_Address
- F_Target_Address
must be entered in the NCK machine in a subsequent parameterization step to
configure the NCK (refer below).
Parameterizing
2nd parameter:
Input/output address
F parameterization
11.03 3 Safety-Related Functions
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-185
The F source address is the decimal PROFIsafe address of the F master
allocated automatically by the HW Config.
Note
To parameterize the SINUMERIK 840D (F master) the F source address must
be entered in the hexadecimal format in the following NCK machine data:
• MD 10385: $MN_PROFISAFE_MASTER_ADDRESS
(PROFIsafe address of F master)
Refer to Chapter: Parameterizing the SINUMERIK 840D NCK
The F source address is the decimal PROFIsafe address of the F master
allocated automatically by the HW Config.
Note
To parameterize the SINUMERIK 840D (F master), the F target addresses
must be entered in the hexadecimal format in the following NCK machine
data:
F-DI module:
• MD 10386: $MN_PROFISAFE_IN_ADDRESS[Index],
(PROFIsafe address of an input module)
F-DO, PM-E F, PM-D F module:
• MD 10387: $MN_PROFISAFE_OUT_ADDRESS[Index],
(PROFIsafe address of an output module)
Refer to Chapter: Parameterizing the SINUMERIK 840D NCK
The DIL switch setting shown corresponds to the PROFIsafe address to be set
on the DIL switch of the F module.
The F monitoring time defines the maximum time until a new valid F telegram
must have received from the F master.
Note
If the F monitoring time is configured to be shorter than the PROFIsafe
monitoring time set via the NCK machine, an alarm is issued when the
system runs-up:
• Alarm "27242 PROFIsafe: F module Number, F_WD_Timeout faulted"
The channels of an F module are parameterized in the properties dialog box
under:
Dialog box: Properties of an ET 200S standard module
Tab: Parameter
Parameter > Module group parameter > DO or DI channel x
F parameter:
F_Source_Address
F parameter:
F_Target_Address
F parameter:
DIL switch setting
F parameter:
F monitoring time
Parameter:
DO/DI channel x
3 Safety-Related Functions 11.03
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
3-186 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
F-DI module
The channels of the F-DI module are mapped differently to the NCK/PLC-SPL
inputs $INTSE/INSEP depending on the selected parameterization.
• 2v2 parameterization
For 2v2 parameterization, the process signals of both channels in the F-DI
module are combined to form one F useful (net) data signal and thus
supply an SPL input data.
FDI_ND1.DSF
SINUMERIK 840D
$A_INSE/INSEP n
$A_INSE/INSEP n+1
$A_INSE/INSEP n+2
$A_INSE/INSEP n+3
ET 200S F-DI module
Channel 3
Channel 1
Channel 2
Channel 4
Channel 5
Channel 6
Channel 7
Channel 0
Configuration: channel x,y = 2v
2
AND
AND
AND
AND
Fig. 3-48 2v2 mapping of the F-DI channels to SPL input data
• 1v1 parameterization
For 1v1 parameterization, the process signals of both channels are
transferred from the F-DI module and can thus supply 2 different SPL input
data.
ET 200S F-DI module
FDI_ND2.DSF
SINUMERIK 840D
Configuration channel x,y = 2v
2
Configuration channel x,y = 1v1
AND
AND
Channel 0
Channel 1
Channel 2
Channel 3
Channel 4
Channel 5
Channel 6
Channel 7
$A_INSE/INSEP n
$A_INSE/INSEP n+1
$A_INSE/INSEP n+2
$A_INSE/INSEP n+3
$A_INSE/INSEP n+4
$A_INSE/INSEP n+5
Fig. 3-49 2v2/1v1 mapping of the F-DI channels to SPL input data
11.03 3 Safety-Related Functions
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-187
Note
Mixed 2v2 and 1v1 parameterization within an F-DI module can reduce the
number of usable SPL input data $A_INSE/INSEP. It is therefore
recommended that 1v1 is first parameterized followed by 2v2.
F-DO module
The NCK/PLC-SPL outputs $A_OUTSE/OUTSEP are logically combined in the
F driver to produce an F useful data signal (implicit 2v2 parameterization) and
mapped to the channels of the relevant F/DO module.
ET 200S F-DO module
FDO_ND1.DSF
Channel 0
Channel 1
Channel 2
Channel 3
SINUMERIK 840D
($A_OUTSE n AND OUTSEP n)
($A_OUTSE n+1 AND OUTSEP n+1)
($A_OUTSE n+2 AND OUTSEP n+2)
($A_OUTSE n+3 AND OUTSEP n+3)
Fig. 3-50 Mapping the SPL output data to F-DO channels
When parameterizing the PROFIsafe clock cycle, the DP cycle time determined
by the HW Config must be observed to ensure correct PROFIsafe
communications. Also refer to the following Chapter: Parameterizing the
SINUMERIK 840D NCK
After the station has been fully configured, the DP cycle time can be
determined by activating the isochronous bus cycle as follows:
In HW Config, open the properties dialog box of the PROFIBUS: DP master of
the configured station:
Dialog box: Properties – DP Master system
Tab: General
Subnet, Button: Properties
Dialog box: Properties – PROFIBUS
Tab: Network settings
Button: Options
Dialog box: Options
Tab: Equidistance
Checkbox: Activate equidistant bus cycle
Recalculate equidistant time
(Note: Activate the equidistant bus cycle via the option field: "Activate
equidistant bus cycle/Recalculate equidistant time".)
Display field:
Equidistant bus cycle
(Note: The value calculated by HW Config and displayed in the field:
"Equidistant bus cycle" is the same as the DP cycle time)
Cancel
Cancel
Cancel
PROFIsafe cycle and
DP cycle time
Dialog box
3 Safety-Related Functions 11.03
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
3-188 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
1. The DP cycle time calculated by the HW Config is needed as guideline
for parameterizing the PROFIsafe clock cycle (refer to Chapter:
"Parameterizing the SINUMERIK 840D NCK".
2. Before modifying the DP cycle time, read the information provided in the
online documentation (Button: "Help" of the relevant dialog box).
3.12.6 Parameterizing SINUMERIK 840D NCK
The parameterization of the SINUMERIK 840D NCK is made up of the following
sub-areas:
1. Configuration of the PROFIsafe communications
2. Parameterization of the SPL SGE/SGA interface
1. Configuring the PROFIsafe communications
In order to check the correct assignment of F module to F master, the
PROFIsafe address assigned by the HW Config for the F master must be
entered in the following NCK machine data:
• MD 10385: $MN_PROFISAFE_MASTER_ADDRESS (PROFIsafe address
of F master)
Input format: 0s 00 0a aa
- s: Bus segment (currently only: 5 = DP connection on the PLC side)
- aaa: hexadecimal PROFIsafe address of the F master.
Note
The PROFIsafe address of the F master can be found under:
HW Config -> Properties dialog box of the F module -> F parameter:
F_Source_Address (e.g.: 1: PLC 314-2 DP)
• STEP 7 V5.1 Master address = 01
(up to NCU system-SW < 6.4.15 required)
• STEP 7 V5.2 Master address (standard value) = 2002
(from NCU system-SW >= 6.4.15 possible)
Refer to Chapter: Configuring and parameterizing the ET 200S F I/Os
If the value entered does not match the value displayed in the F modules, an
alarm is issued when the NCK runs-up:
• Alarm: 27220 "PROFIsafe: Number of NCK-F modules (number) <>
Number of DP modules (number)".
F master address
11.03 3 Safety-Related Functions
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-189
The PROFIsafe clock cycle defines the time frame in which new F telegrams
are generated by the F master for transfer to the F modules. The PROFIsafe
clock cycle is derived as standard from the interpolation cycle in the ratio 1:1.
As part of the PROFIsafe communications, a cyclic interrupt of the PLC user
program (OB1) in the PROFIsafe cycle is made via OB40.
Note
The OB40 run time increases by 0.5 ms per F module.
To reduce the resulting computational load, use the NCK machine data:
• MD 10098: $MN_PROFISAFE_IPO_TIME_RATIO,
(factor, PROFIsafe communications cycle)
to change the PROFIsafe clock cycle/interpolation clock cycle ratio.
In order to achieve sufficiently fast response times regarding the PROFIsafe-
communications, the PROFIsafe clock cycle may not be parameterized longer
than 25 ms. The selected PROFIsafe clock cycle is displayed in the NCK
machine data:
• MD 10099: $MN_INFO_PROFISAFE_CYCLE_TIME,
(PROFIsafe communications clock cycle)
If a PROFIsafe cycle is longer than 25 ms, an alarm is issued the next time the
NCK is started:
• Alarm: 27200 "PROFIsafe cycle time time [ms] is too long"
The PROFIsafe clock cycle should be parameterized longer than the DP clock
cycle time displayed by the STEP7: HW Config (refer to Chapter: Configuring
and parameterizing the ET 200S F I/Os). Otherwise, the load on the PLC user
program is increased as a result of unnecessary OB40 interrupts.
Note
The PROFIsafe clock cycle should be parameterized so that the following
applies:
12 ms < PROFIsafe clock cycle < 25 ms
Even if the parameterized software operates error-free in normal operation,
runtime fluctuations in the PLC operating system (e.g. processing diagnostic
alarms) can mean that the processing of the OB40 interrupt was not able to be
completed before the start of the next PROFIsafe clock cycle.
In this particular case, the NCK attempts, up to a limit of 50 ms after the last
correctly processed PROFIsafe clock cycle, to initiate an OB40 interrupt. The
repeated attempts to initiate the OB40 interrupt are no longer executed in the
PROFIsafe clock cycle but in the IPO clock cycle. Alarm 27253: PROFIsafe:
Communications error is not issued within this time.
An alarm is displayed after the 50 ms limit is exceeded:
• Alarm: 27253 "PROFIsafe communications error F master components
Components, Error Error code"
and the configured Stop response (Stop D or E) is output at the Safety axes.
PROFIsafe clock cycle
PROFIsafe clock cycle
and DP clock cycle
time
PROFIsafe clock cycle
overruns
3 Safety-Related Functions 11.03
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
3-190 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Further, an attempt is still made to initiate the OB40 interrupt and to maintain
PROFIsafe communications.
The time up to initiating the next OB40 interrupt is displayed in the following
NCK machine data:
• MD 10099: $MN_INFO_PROFISAFE_CYCLE_TIME,
(PROFIsafe communications clock cycle)
If the PROFIsafe clock cycle is continuously exceeded and just not
sporadically, then the following alarm is displayed:
• Alarm: 27256 "PROFIsafe actual cycle time Cycle time [ms] >
parameterized cycle time"
2. Parameterizing the SPL SGE/SGA interface
The NCK machine data is used to parameterize the F master for the F modules
assigned to it:
• MD 10386: $MN_PROFISAFE_IN_ADDRESS[Index],
(PROFIsafe address of an input module)
• MD 10387: $MN_PROFISAFE_OUT_ADDRESS[Index],
(PROFIsafe address of an output module)
Index: 0...15
Input format: 0s 00 0a aa
- s: Bus segment (currently only: 5 = DP connection on the PLC side)
- aaa: hexadecimal PROFIsafe address of the F module
The PROFIsafe address of the F module is the value of the F parameter
defined by HW Config: F_Target_Address (refer below: Example of an
assignment).
Note
1. The PROFIsafe address of an F module can be found under:
HW Config -> Properties dialog box of the F module -> F parameter:
F_Target_Address (e.g.: 1022D = 3FEH)
Refer to Chapter: Configuring and parameterizing the ET 200S F I/Os
2. The PROFIsafe address of the F modules displayed in the HW Config in
the decimal format must be entered in the hexadecimal format in the
NCK machine data:
• MD 10386: $MN_PROFISAFE_IN_ADDRESS[Index]
• MD 10387: $MN_PROFISAFE_OUT_ADDRESS[Index]
The following parameterizing errors are detected at run-up and the appropriate
alarms displayed:
- Incorrect bus segment (bus segment <> 5) 1)
- Incorrect PROFIsafe address error for F master or F module 2)
- More F modules in the NCK machine data than in the
configuration 3)
- More F modules in the NCK machine data than assigned as
F master in the configuration of the NCK 3)
- The PROFIsafe address of an F module does not exist in the
configuration 4)
- An F module assigned to the NCK as F master in the
configuration has not been entered in the NCK machine data 5)
- The module type (input, output) detected in the NCK machine
data does not match the configuration 6)
- An F module has been parameterized more than once 7)
Assignment: F
modules to F master
Parameterizing errors
11.03 3 Safety-Related Functions
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-191
• 1) Alarm: 27201 "PROFIsafe: MD Number [Index]:
Bus segment
Segment incorrect"
• 2) Alarm: 27202 "PROFIsafe: MD Number [Index]:
Address
Address incorrect"
• 3) Alarm: 27220 "PROFIsafe: Number of NCK-F modules (number) <>
number S7-F modules (number)"
• 4) Alarm: 27221 "PROFIsafe:
NCK-F module MD
Number [Index] unknown"
• 5) Alarm: 27222 "PROFIsafe: S7-F module PROFIsafe address
address unknown"
• 6) Alarm: 27223 "PROFIsafe: NCK-F module MD Number [Index] is not a
module type module"
• 7) Alarm: 27224 "PROFIsafe: F module MD Number [Index] - MD Number
[
Index]: Double assignment of a PROFIsafe address"
F useful data is assigned to the SPL SGE/SGAs using the NCK machine data:
• MD 10388: $MN_PROFISAFE_IN_ASSIGN[Index],
(assignment between ext. SPL-SST $A_INSE/INSEP and PROFIsafe input
modules)
• MD 10389: $MN_PROFISAFE_OUT_ASSIGN[Index],
(assignment between ext. SPL-SST $A_OUTSE/OUTSEP and PROFIsafe
output modules)
Index: 0...15
Input format: eee sss
- sss: decimal SGE/SGA start address (1...64)
- eee: decimal SGE/SGA end address (1...64)
The SGE/SGA start address always assigns bit 0 of the F useful data to the
SPL SGE/SGA[sss].
The SGE/SGA end address always assigns bit n of the F useful data to the
SPL SGE/SGA[eee]. Bit number n is calculated as follows:
n = eee - sss
The bits of the F useful data, that lie between bit 0 and bit n are automatically
assigned by the NCK to the SGEs/SGAs that lie between the SGE/SGA start
address and the end address.
The assignment of the F module for supplying/clearing the input/output data for
the SPL SGE/SGAs is made implicitly via the machine data index; i.e. the
input/output data assigned to the SPL/SGEs/SGAs per NCK machine data:
- ...PROFISAFE_IN/OUT_ASSIGN[Index]
refer to the F module whose PROFIsafe address is entered under the same
index in NCK machine data:
- ...PROFISAFE_IN/OUT_ADDRESS[Index]
Note
The NCK machine data:
• MD 10386: $MN_PROFISAFE_IN_ADDRESS[Index]
• MD 10388: $MN_PROFISAFE_IN_ASSIGN[Index]
and
• MD 10387: $MN_PROFISAFE_OUT_ADDRESS[Index]
• MD 10389: $MN_PROFISAFE_OUT_ASSIGN[Index]
Assignment:
F useful data to
SPL SGE/SGA
3 Safety-Related Functions 11.03
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
3-192 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
refer to each other via their indices.
The following parameterizing errors are detected at run-up and the appropriate
alarms displayed:
- Bit limits interchanged (start value > end value) 1)
- Bit values greater than max. SGE/SGA number (> 64) 1)
- Number greater than max. F useful data bits (end value – start
value + 1> 8) 1)
- No SPL assignment parameterized (start and end value == 0) 1)
- Incorrect SPL assignment (start or end value == 0) 1)
- SPL-SGE multiple assignment (F module and DMP module) 2)
F module: MD 10388 $MN_PROFISAFE_IN_ASSIGN
DMP module: MD 10390 $MN_SAFE_IN_HW_ASSIGN
• 1) Alarm: 27203 "PROFIsafe: MD Number [Index]: SPL assignment
incorrect"
• 2) Alarm: 27204 "PROFIsafe: Dual allocation MD Number [Index] -
MD
Number [Index]"
Note
If, via NCK machine data:
• MD 10388: $MN_PROFISAFE_IN_ASSIGN[Index]
is incorrectly assigned more useful data bits of an F-DI module of the SPL
SGEs than are transferred to the relevant bits defined by the parameterization
of the F/DI module, this cannot be detected by the NCK.
Example:
For 2v2 parameterization of all of the channels of the F module:
- ET 200S F, F-DI module: 4/8 F-DI 24VDC
the 8 transferred useful data bits contain only 4 actually relevant bits (bit 0 to
bit 3). In this case, bit 4 to bit 7 are always 0.
Assignment example based on two ET 200S F-DI modules "4/8 F-DI 24V":
- The F-DI modules have been assigned the F target addresses: 1022 and
1021.
- For the parameter: "2v2" was selected in each case for the parameter:
"encoder analysis", so that only bits 0 to 3 are used to transfer relevant
data in the F useful data. A "0" is always transferred in the other F useful
data.
The F target addresses (1022 and 1021) of the configured F-DI modules are
entered into the NCK machine data:
• MD 10386: $MN_PROFISAFE_IN_ADDRESS[0] and [1].
Using the NCK machine data:
MD 10388: $MN_PROFISAFE_IN_ASSIGN[0] and [1]
the F useful (net) data are assigned:
- F useful data of 1022, bit 0 to bit 3 for SPL-SGE[1] to SPL-SGE[4]
- F useful data of 1021, bit 0 to bit 3 for SPL-SGE[5] to SPL-SGE[8]
Parameterizing errors
Assignment example
11.03 3 Safety-Related Functions
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-193
PS_MD_FS2SGEA.DSF
DP slave ET 200S
NCK machine data:
$MN_PROFISAFE_IN_ADRESS [index]
NCK machine data:
$MN_PROFISAFE_IN_ASSIGN [index]
SPL-SGE $A_INSE [Number]
0
1
03FDH (1021)
14
0
15
0
0
1
14
15
004001
008005
0
0
1
2
3
4
5
6
7
61
62
63
64
8
F-M odul 1022.Bit 0
Contents of F address 1022.bit 1
Contents of F address 1022.bt 2
Contents of F address 1022.bit 3
Contents of F address 1021.bit 0
Contents of F address 1021.bit 1
Contents of F address 1021.bit 2
Contents of F address 1021.bit 3
Contents of F address 1022.bit 0
---
---
---
---
F-DI block
Module parameters
Channel 1, 5
activated
Encoder evaluation
Channel 2, 6
activated
Encoder evaluation
Channel 3, 7
activated
Encoder evaluation
Channel 4, 8
activated
Encoder evaluation
Parameter
F parameter
F_target_address
2v2
2v2
2v2
2v2
1022
2v2
2v2
2v2
2v2
0
0
0
0
Channel 1,5
Channel 2,6
Channel 4,8
Channel 3,7
bit 0
bit 3
bit 2
bit 1
bit 7
bit 6
bit 5
bit 4
SGE start address = 005
SGE-end address = 008
03FEH (1022)
No. of bits = SGE end address - SGE start address + 1
F DI block (1021)
Transferred F useful data
F-DI block
Module parameters
Channel 1, 5
activated
Encoder evaluation
Channel 2, 6
activated
Encoder evaluation
Channel 3, 7
activated
Encoder evaluation
Channel 4, 8
activated
Encoder evaluation
Parameter
F parameter
F_target_address
2v2
2v2
2v2
2v2
1021
Used F useful data
Fig. 3-51 Assignment example: F useful data to the SPL-SGEs
The following machine data:
• MD 10099: $MN_INFO_PROFISAFE_CYCLE_TIME
• MD 10385: $MN_PROFISAFE_MASTER_ADDRESS
• MD 10386: $MN_PROFISAFE_IN_ADDRESS
• MD 10387: $MN_PROFISAFE_OUT_ADDRESS
• MD 10388: $MN_PROFISAFE_IN_ASSIGN
• MD 10389: $MN_PROFISAFE_OUT_ASSIGN
are calculated into axial checksum machine data:
• MD 36889: $MA_SAFE_ACT_CHECKSUM[n] (actual checksum).
Changes only become active after they have been acknowledged on an
axis-for-axis basis:
SINUMERIK HMI Advanced or HMI Embedded:
Operating area changeover > Startup > Drive Configuration > Soft key
"Confirm SI data"
If changes to the machine data are not acknowledged, an alarm is issued the
next time that the NCK runs up:
• Alarm: 27032 "Axis [Name] Checksum error safe monitoring".
Acknowledgement and an acceptance test are required!
Furthermore, the following error states are also detected and the appropriate
alarms displayed:
Axial checksum
Additional alarms
3 Safety-Related Functions 11.03
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
3-194 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
If a DP slave cannot be identified in the loaded configuration, the following
alarm is displayed when the NCK runs-up:
• Alarm: 27225 "PROFIsafe: Slave DP address Configuration error error"
The following error states are detected when the NCK runs-up and the
appropriate alarms are displayed:
- The DP master has not run-up or has not transferred a
configuration to the NCK 1)
- PROFIsafe communications are not possible due to differing DP
interface versions of NCK and PLC 2)
- An error has been detected while evaluating an F module
configuration: 3)
- CRC error detected using F parameter
- The F monitoring time set in the F module is too short
compared to the PROFIsafe clock cycle
- The F telegram lengths entered in the configuration
cannot be processed by the NCK
• 1) Alarm: 27240 "PROFIsafe: DP M has not run-up, DP info: Info "
• 2) Alarm: 27241 "PROFIsafe: DP M version different, NCK: Version,
PLC:
Version"
• 3) Alarm: 27242 "PROFIsafe: F module F target address,
Parameter incorrect"
The following error states are detected during the NCK runtime and the
appropriate alarms are displayed:
- A new configuration was downloaded into the DP master during
operation 1)
- Communications error between the F master and an F module 2)
- Communications error between the DP master and DP slave in
which the F module is inserted 3)
- Communications error between NCK and PLC 4)
- An F module has signaled a channel error 5)
- General error message of an F module 6)
- The PROFIsafe communications cycle time is exceeded 7)
• 1) Alarm: 27250 "PROFIsafe: Configuration in DP-M has been changed;
Error code
Error code1 – Error code2"
• 2) Alarm: 27251 "PROFIsafe: F module F target address, F components
signals error
parameter"
• 3) Alarm: 27252 "PROFIsafe: Slave DP address, sign-of-life error"
• 4) Alarm: 27253 "PROFIsafe: Communications error F master
components
components, error error code"
• 5) Alarm: 27254 "PROFIsafe: F module F target address, Error in channel
Channel" system variable
• 6) Alarm: 27255 "PROFIsafe: F module F target address,
General Error
• 7) Alarm: 27256 "PROFIsafe: Actual cycle time Cycle time [ms] >
Parameterized cycle time"
Configuring error
Run-up error
Runtime error
11.03 3 Safety-Related Functions
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-195
3.12.7 Parameterizing the SINUMERIK 840D PLC
The PLC does not have to be parameterized explicitly when connecting
F modules as SI I/O modules to PROFIBUS DP.
The PLC is parameterized implicitly by:
- Parameterizing the NCK
- Creating and downloading the configuration
The parameterization data required for PROFIsafe communications is made
available to the PLC from the NCK when the SINUMERIK 840D runs-up. This is
in the form of an image of the relevant NCK machine data.
Data block DB18 has been extended to include two read-only bit arrays:
- INSEP_PROFISAFE
- OUTSEP_PROFISAFE
The two bit fields are used to display which INSEP/OUTSEP bytes are only
assigned to F modules as a result of the parameterization in the NCK machine
data:
• MD 10388: $MN_PROFISAFE_IN_ASSIGN
• MD 10389: $MN_PROFISAFE_OUT_ASSIGN
Data block DB18 (excerpt):
STRUCT
:
SPL_DATA:STRUCT
INSEP: ARRAY[1 .. 64]OF BOOL;
OUTSEP: ARRAY[1 .. 64]OF BOOL;
:
END_STRUCT;
:
//External SPL input bytes(HW) with PROFIsafe slaves
INSEP_PROFISAFE: ARRAY[1 .. 8]OF BOOL;
//External SPL output bytes(HW) with PROFIsafe slaves
OUTSEP_PROFISAFE: ARRAY[1 .. 8]OF BOOL;
:
END_STRUCT;
Data block DB18
3 Safety-Related Functions 11.03
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
3-196 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.12.8 Response times
The response time considered here is the time between a signal changing at
the input of an F/DI module and the signal changing at the relevant output of an
F/DO module.
The NC response time TR_NCK is approximated to:
TPST > TIPO: TR_NCK = TINPUT + TOUTPUT + 2* TDPM + 1*TIPO + 3* TPST
TPST = TIPO: TR_NCK = TINPUT + TOUTPUT + 2* TDPM + 2*TIPO
Note
The NC response time is decisive when disabling (1 > 0) an output.
The PLC response time TR_PLC is approximated to:
TR_PLC = TINPUT + TOUTPUT + 4 ms + 1* TPST + 2* TOB1
Note
The PLC response time is decisive when activating (0 > 1) an output.
where:
TINPUT: Processing/transfer times for F-DI module and DP slave
TOUTPUT: Processing/transfer times for F-DO module and DP slave
TDPM: Internal transfer cycle of DP master, typically 2 ms
TIPO: Parameterized IPO cycle
TPST: Parameterized PROFIsafe cycle
TOB1: OB1 processing time
3.12.9 Functional limitations
I/O modules available for SINUMERIK 840D:
- F modules
- DMP modules
- Onboard I/O
can be operated in parallel.
Multiple assignment of inputs of the various modules to the same SPL SGE are
detected and displayed in an alarm:
• Alarm: 27204 "PROFIsafe: Dual allocation MD Number [Index] -
MD Number [Index]"
It is not possible to directly connect the I/Os (F useful data) of an F module to
axial NCK SGE/ SGAs. They can only be connected in the context of the NCK-
SPL which must be installed for the purpose.
NC response time
PLC response time
Mixed mode for
I/O modules
Axial NCK-SGE/SGA
11.03 3 Safety-Related Functions
3.12 SI I/Os using fail-safe modules connected to PROFIBUS DP (840D from SW 6.3.30)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-197
Inputs/outputs (F useful data) of an F module are automatically connected to
the SPL interface in data block DB18 by the PLC basic program.
It is not possible to connect them in a PLC user program.
The I/Os (F useful data) of an F module cannot be connected to axial 611D
SGE/ SGAs. They can only be connected in the context of the NCK-SPL which
must be installed for the purpose.
PLC-SPL SGE/SGA
Axial 611D SGE/SGA
3 Safety-Related Functions 11.03
3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15)
© Siemens AG 2003 All Rights Reserved
3-198 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
3.13 Behavior of Safety Integrated when the drive bus fails
(from SW 6.4.15)
When the drive bus fails, then communications between the drive and NCK
required for SI also fail. The pulses are immediately cancelled from both
channels. This pulse cancellation must be delayed for a short time so that in
this particular fault situation, a drive-autonomous response (ESR) can be
carried-out at the machine.
References: Programming Guide Workshop Planning (PGA)
This is the reason that after a bus failure has been detected, there must be a
delay before canceling the pulses both in the NCK monitoring channel and in
the drive monitoring channel. The selected axial SI functionality (SG,SE, SBH)
at the instant that the drive bus failed, is still available through one channel in
the drive monitoring channel. The NCK monitoring channel can no longer be
monitored as there is no actual value.
The PLC SPL remains functional in the scope in which the drive monitoring
channel is not required. From the PLC-SPL it is not possible to select another
monitoring functionality or immediately cancel the pulses via an external
Stop A.
The NCK-SPL also remains functional if it does not receive its input quantities
($A_INSE) from the DMP modules connected to the drive bus – but instead via
PROFIsafe I/O or the local inputs on the NCU. If another axial monitoring
function (e.g. SE stage changeover) is selected, this remains ineffective as the
axial NCK monitoring functions are de-activated. However, when an external
STOP A is selected, this results in the pulses being immediately cancelled via
terminal 663 – just the same as for an SBH selection. An SG changeover can
also result in immediate pulse cancellation.
If the NCK-SGA "enable pulses" is not output via the local outputs on the NCU,
but via the DMP modules on the drive bus, then it is not possible to delay the
pulse cancellation via terminal 663. The DMP modules delete their outputs
when a drive bus failure is detected.
If the internal pulse cancellation (also refer to Section 3.1.2 "Shutdown paths")
is used, then the SGA "externally enable pulses" must be connected to terminal
663. It is no longer possible to internally cancel the pulses via the drive bus. In
this case, the SGA "externally enable pulses" must be output via the local
outputs on the NCU.
The delay time up to pulse cancellation via terminal 663 must be parameterized
for a value greater than 0 in the NCK machine data 10089
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL and in the appropriate drive
machine data 1380 MD_SB_PULSE_DISABLE_TIME. For a standard value of
0, the function is de-activated; when the drive bus fails, the pulse enable signal
for terminal 663 is immediately withdrawn.
3.13.1 Behavior of the axial NCK monitoring channel
If a delayed pulse cancellation is parameterized using MD
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL, after a bus failure, the SGA leave
all of the axial SI monitoring channels in their old condition. After this delay time
has expired, all SGA are, as before, deleted. The axial monitoring functions are
immediately no longer processed after the bus fails as the basis for the
monitoring function – the safe actual value – is no longer available.
Activation
11.03 3 Safety-Related Functions
3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-199
In the following cases, when the drive bus fails, the pulses are immediately
cancelled via terminal 663 – even if a delay time is parameterized using
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL:
• An external STOP A is selected.
• A test stop or an external pulse cancellation test is selected.
• The SBH function is or will be selected.
• An SG stage is selected or will be selected, for which it was previously
defined, that in this SG stage, no ESR will be executed when the drive bus
fails (e.g. SG stage for personnel protection). This definition is made in
MD 36963 $MA_SAFE_VELO_STOP_REACTION (for the individual
SG stages) or MD 36961 $MA_SAFE_VELO_STOP_MODE (for all
SG stages together).
3.13.2 Behavior without NCK-SPL
Without NCK-SPL, the axial NCK-SGA are directly transferred to the output
modules. The SGA that are output indicate the monitoring status at the instant
in time that the drive bus failed. After this delay time has expired, all NCK-SGA
are set to 0. However, this only applies to SGA that are output via the local
outputs on the NCU. The DMP modules on the drive bus immediately set their
outputs to 0 when the bus fails.
The axial SGE are still read-in if they are not supplied from the DMP modules
on the drive bus. This means, for example, that an immediate pulse
cancellation can be triggered (e.g. by selecting SBH). The images of the SGE
from the DMP modules on the drive bus are left at their old values.
3.13.3 Behavior with NCK-SPL
The NCK-SPL remains active as the actual value is not required for the SPL.
This means, for example, that an Emergency Off still results in an external
STOP A and therefore pulse cancellation, even if the delay time after the drive
bus failed has still not expired.
In order to correctly process NCK-SPL, the input and output quantities of the
SPL must be considered in more detail ($A_INSE, $A_OUTSE, $A_OUTSI).
The system variables $A_INSE contain the input "circuit" of the NCK-SPL. If
these input quantities are received from local inputs on the NCU - or
PROFIsafe - then no other measures have to be made.
If these input quantities come from the DMP modules on the drive bus, then the
last valid image of the input circuit is used. Otherwise, with the fail-safe value of
0, an external STOP A would be immediately initiated which, in turn, results in
immediate pulse cancellation.
Example:
For an Emergency Stop, a STOP A is immediately initiated. This means that
the time up until the pulses are cancelled is extremely short. If the input
$A_INSE
3 Safety-Related Functions 11.03
3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15)
© Siemens AG 2003 All Rights Reserved
3-200 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
required is read-in from the DMP modules on the drive bus, then the response
time for an Emergency Stop – that almost always occurs simultaneously with a
bus failure, increases by the time specified in
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL. The pulses are only cancelled after
this time and the initiated Emergency Stop is not recognized. This is the
reason that $MN_SAFE_PULSE_DIS_TIME_BUSFAIL must be selected to be
relatively short. In situations such as these, we recommend that the local inputs
on the NCU or PROFIsafe are used.
When DMP modules are used on the drive bus with local inputs on the NCU or
F-DI modules with PROFIsafe, the engineer programming the SPL must take
into account this different behavior if he wishes to configure a delayed pulse
cancellation when the drive bus fails.
The $A_OUTSE system variables include the outputs of the NCK-SPL, that
should be output to the peripherals. The output/outputs to terminal 663 of the
terminal module must be output via the local outputs on the NCU. Under no
circumstances may these outputs be output via the DMP modules connected to
the drive bus as this would result in immediate pulse cancellation if the drive
bus was to fail.
$A_INSI is the input interface to the axial NCK monitoring functions. This
means that it includes the NCK-SGA. The NCK-SGA are left in their old state
so that when the drive bus fails, no further action is require here.
$A_OUTSI is the output interface to the axial NCK monitoring functions. This
means that it includes the NCK-SGE. In this interface, only the SGE "de-
selection of the external STOP A", "SBH selection" and the selection of an SG
stage for personnel protection are relevant (also refer to "behavior of the axial
NCK monitoring channel"). The reason for this is that the actual axial monitoring
functions are no longer active:
• An external stop with low priority cannot be executed as setpoints cannot
be transferred to the drive.
• The additional axial NCK monitoring functions required the actual value
that is no longer available.
3.13.4 Behavior of the drive monitoring channel
The drive monitoring channel delays, just like the NCK monitoring channel, its
pulse cancellation by the parameterized time. However, in addition, it keeps the
monitoring functions active that were active at the instant of the failure. The
drive can still monitor as it still has access to the correct actual value.
In the following cases, when the drive bus fails, the pulses are immediately
cancelled – even if a delay time has been parameterized:
• The SBH function is selected.
• An SG stage has been selected where it has been previously defined, that
in this SG stage, no ESR should be executed when the drive bus fails (e.g.
SG stage for personnel protection).
$A_OUTSE
$A_INSI
$A_OUTSI
11.03 3 Safety-Related Functions
3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-201
3.13.5 SGE/SGA processing in the PLC
The SGE/SGA processing in the PLC must always be available in order to
logically combine the 611digital SGA and to output this to the periphery or
read-in the peripheral signals and distribute these to the 611digital SGE.
Without NCK-SPL, they correspond to the assignment of the SGA/SGE to the
digital input/output modules that is made in the NCK using the appropriate
machine data.
With NCK-SPL, the PLC-SPL is the 2nd channel of the SPL; the results are
compared between the NCK and PLC.
The SGE that are read-in are not effective as they cannot be transferred to the
611digital monitoring channel via the faulted drive bus.
When processing the SGA in the PLC, the 611digital SGA are left in the same
state as before the drive bus failed.
Due to the missing sign-of-life character in the SGE/SGA data transfer, the PLC
will detect a fault at the latest after 2 s. However, at this instant in time, the
pulses would already have been cancelled after the expiration of
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL or the appropriate drive machine
data.
3.13.6 Limitations
An ESR executed autonomously in the drive when the drive bus fails is only
possible if the pulse enable is output at terminal 663 via the local outputs on the
NCU. The DMP modules themselves are connected to the same drive bus and
when the drive bus fails, they automatically clear their outputs.
When using the NCK-SPL, the input quantities of the SPL should also come
from the local inputs on the NCU and/or from the PROFIsafe peripherals. The
reason for this is that the input quantities of the DMP modules remain at the
same state at the instant that the bus failed. If an Emergency Stop is
implemented using the SPL, when considering the maximum response time up
to pulse cancellation, the delay time in
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL must be taken into account.
3.13.7 Examples
The following parameterization ensures that when the drive bus fails there is
200 ms time for an ESR executed autonomously in the drive before the pulses
are cancelled. The SG stages for personnel protection are defined differently in
the individual axes.
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL = 0.2
; Parameterization for the X axis (AX1)
; pulses are immediately cancelled in all SG stages, STOP D is initiated when
; the SG is exceeded
$MA_SAFE_VELO_STOP_MODE[AX1] = 3
; Parameterization for the Y axis (AX2)
; pulses are not immediately cancelled in all SG stages, STOP D is initiated
; when the SG is exceeded
$MA_SAFE_VELO_STOP_MODE[AX2] = 13
Example 1
3 Safety-Related Functions 11.03
3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15)
© Siemens AG 2003 All Rights Reserved
3-202 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
; Parameterization for the Z axis (AX3)
; pulses are immediately cancelled in all SG stages, STOP D is initiated when
; the SG is exceeded in SG stages 1 and 2, STOP C in SG stages 3 and 4
$MA_SAFE_VELO_STOP_MODE[AX3] = 5; =>
$MA_SAFE_VELO_STOP_REACTION becomes effective
$MA_SAFE_VELO_STOP_REACTION[0, AX3] = 3 ; SG stage 1
$MA_SAFE_VELO_STOP_REACTION[1, AX3] = 3 ; SG stage 2
$MA_SAFE_VELO_STOP_REACTION[2, AX3] = 2 ; SG stage 3
$MA_SAFE_VELO_STOP_REACTION[3, AX3] = 2 ; SG stage 4
; Parameterization for the A axis (AX4)
; pulses not immediately cancelled in all SG stages, STOP D is initiated when
; the SG is exceeded in SG stages 1 and 2, STOP C in SG stages 3 and 4
$MA_SAFE_VELO_STOP_MODE[AX4] = 5; =>
$MA_SAFE_VELO_STOP_REACTION becomes effective
$MA_SAFE_VELO_STOP_REACTION[0, AX4] = 13 ; SG stage 1
$MA_SAFE_VELO_STOP_REACTION[1, AX4] = 13 ; SG stage 2
$MA_SAFE_VELO_STOP_REACTION[2, AX4] = 12 ; SG stage 3
$MA_SAFE_VELO_STOP_REACTION[3, AX4] = 12 ; SG stage 4
; Parameterization for the B axis (AX5)
; the pulses are only immediately cancelled in SG stages 1 and 3, STOP D
, is initiated when the SG is exceeded in all stages
$MA_SAFE_VELO_STOP_MODE[AX5] = 5; =>
$MA_SAFE_VELO_STOP_REACTION becomes effective
$MA_SAFE_VELO_STOP_REACTION[0, AX5] = 3 ; SG stage 1
$MA_SAFE_VELO_STOP_REACTION[1, AX5] = 13 ; SG stage 2
$MA_SAFE_VELO_STOP_REACTION[2, AX5] = 3 ; SG stage 3
$MA_SAFE_VELO_STOP_REACTION[3, AX5] = 13 ; SG stage 4
; Parameterization for the C axis (AX6)
; pulses are only immediately cancelled in SG stages 1 and 3, STOP D is
; initiated when the SG is exceeded in SG stages 1 and 2, STOP C in SG
; stage 3 and STOP E in SG stage 4
$MA_SAFE_VELO_STOP_MODE[AX6] = 5; =>
$MA_SAFE_VELO_STOP_REACTION becomes effective
$MA_SAFE_VELO_STOP_REACTION[0, AX6] = 3 ; SG stage 1
$MA_SAFE_VELO_STOP_REACTION[1, AX6] = 13 ; SG stage 2
$MA_SAFE_VELO_STOP_REACTION[2, AX6] = 2 ; SG stage 3
$MA_SAFE_VELO_STOP_REACTION[3, AX6] = 14 ; SG stage 4
The following example clearly indicates the problems when grouping axes
whose terminal 663 is controlled using a digital output:
The 3 X, Y and Z axes have the same parameterized behavior in their SG
stages when the drive bus fails: For SG1, the pulses should be immediately
canceled with the drive bus fails, however, for SG2 to SG4, with a delay.
Terminal 663 is controlled from all 3 drives via the same output (local output on
the NCU). When the bus fails, a 500 ms delay should first expire before the
pulses are cancelled. This is parameterized as follows:
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL = 0.5
; Parameterization for the X axis (AX1):
; STOP D is initiated when the SG is exceeded in SG stages 1 and 2, STOP C
; in SG stages 3 and 4
$MA_SAFE_VELO_STOP_MODE[AX1] = 5; =>
$MA_SAFE_VELO_STOP_REACTION becomes effective
$MA_SAFE_VELO_STOP_REACTION[0, AX1] = 3 ; SG stage 1
$MA_SAFE_VELO_STOP_REACTION[1, AX1] = 13 ; SG stage 2
$MA_SAFE_VELO_STOP_REACTION[2, AX1] = 12 ; SG stage 3
$MA_SAFE_VELO_STOP_REACTION[3, AX1] = 12 ; SG stage 4
Example 2
11.03 3 Safety-Related Functions
3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 3-203
; Parameterization for the Y axis (AX2):
; STOP C is initiated when the SG is exceeded in SG stage 1, STOP E
; in SG stages 2, 3 and 4
$MA_SAFE_VELO_STOP_MODE[AX2] = 5; =>
$MA_SAFE_VELO_STOP_REACTION becomes effective
$MA_SAFE_VELO_STOP_REACTION[0, AX2] = 2 ; SG stage 1
$MA_SAFE_VELO_STOP_REACTION[1, AX2] = 14 ; SG stage 2
$MA_SAFE_VELO_STOP_REACTION[2, AX2] = 14 ; SG stage 3
$MA_SAFE_VELO_STOP_REACTION[3, AX2] = 14 ; SG stage 4
; Parameterization for the Z axis (AX3):
; STOP D is initiated when the SG is exceeded in SG stage 1, STOP E
; in SG stages 2, 3 and 4
$MA_SAFE_VELO_STOP_MODE[AX3] = 5; =>
$MA_SAFE_VELO_STOP_REACTION becomes effective
$MA_SAFE_VELO_STOP_REACTION[0, AX3] = 3 ; SG stage 1
$MA_SAFE_VELO_STOP_REACTION[1, AX3] = 14 ; SG stage 2
$MA_SAFE_VELO_STOP_REACTION[2, AX3] = 14 ; SG stage 3
$MA_SAFE_VELO_STOP_REACTION[3, AX3] = 14 ; SG stage 4
This results in the following behavior when the drive bus fails:
1. If SG1 is selected in any one of the three axes at the instant that the bus
fails, then the pulses are immediately cancelled for all 3 axes. This is
because terminal 663 is controlled from all 3 axes via one output and the
pulses are immediately cancelled from the axis with SG1 via this output.
2. If one of the SG stages 2 to 4 is selected in all three axes, then pulse
cancellation is delayed for 500 ms.
3 Safety-Related Functions 11.03
3.13 Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15)
© Siemens AG 2003 All Rights Reserved
3-204 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Notes
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-205
4 Data Descriptions
4.1 Machine data .............................................................................................. 4-206
4.1.1 Overview of the machine data .............................................................. 4-206
4.1.2 Description of the machine data ........................................................... 4-208
4.2 Machine data for SIMODRIVE 611 digital................................................... 4-240
4.2.1 Overview of the machine data .............................................................. 4-240
4.2.2 Description of the machine data ........................................................... 4-242
4.3 Interface signals.......................................................................................... 4-255
4.3.1 Interface signals for SINUMERIK 840D ................................................ 4-255
4.3.2 Description of the interface signals ....................................................... 4-256
4.4 System variable .......................................................................................... 4-263
4.4.1 System variable for SINUMERIK 840D................................................. 4-263
4.4.2 Description of the system variables ...................................................... 4-266
4
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-206 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
The function "safe software limit switch" (SE) is also called "safe limit
positions" and the function "safe software cams" (SN) is also called "safe
cams".
4.1 Machine data
4.1.1 Overview of the machine data
Table 4-1 Overview of machine data for SINUMERIK 840D
Number Name Name Reference
General ($MN_ ... )
10050 SYSCLOCK_CYCLE_TIME System basic clock cycle /FBD/, G2
10060 POSCTRL_SYSCLOCK_TIME_RATIO Factor for position control cycle /FBD/, G2
10070 IPO_SYSCLOCK_CYCLE_TIME_RATIO Factor for IPO clock cycle
10089 SAFE_PULSE_DIS_TIME_BUS_FAIL Delay time, pulse cancellation on drive failure
10090 SAFETY_SYSCLOCK_TIME_RATIO Factor for monitoring cycle
10091 INFO_SAFETY_CYCLE_TIME Display of monitoring cycle
10092 INFO_CROSSCHECK_CYCLE_TIME Display of crosswise data comparison cycle
10093 INFO_NUM_SAFE_FILE_ACCESS Number of SPL file access operation
10094 SAFE_ALARM_SUPPRESS_LEVEL Alarm suppression level
10095 SAFE_MODE_MASK Safety Integrated modes
10096 SAFE_DIAGNOSIS_MASK Safety Integrated diagnostic function
10097 SAFE_SPL_STOP_MODE Sets the stop response for Error 27090 and
protected synchronous responses and PLC-
SPL set
10098 PROFISAFE_IPO_TIME_RATIO Factor for PROFIsafe communications clock
cycle
10099 INFO_PROFISAFE_CYCLE_TIME PROFIsafe communications clock cycle
10200 INT_INCR_PER_MM Calculation resolution for linear positions /FBD/, G2
10210 INT_INCR_PER_DEG Calculation resolution for angular positions /FBD/, G2
10366 HW_ASSIGN_DIG_FASTIN Hardware assignment of external digital NCK
inputs
/FBD/, A4
10368 HW_ASSIGN_DIG_FASTOUT Hardware assignment of external digital NCK
outputs
/FBD/, A4
10385 PROFISAFE_MASTER_ADRESS PROFIsafe address of F master
10386 PROFISAFE_IN_ADRESS PROFIsafe address of an
input module
10387 PROFISAFE_OUT_ADRESS PROFIsafe address of an
output module
10388 PROFISAFE_IN_ASSIGN Assignment between external SPL interface
$A_INSE and PROFIsafe input module
10389 PROFISAFE_OUT_ASSIGN Assignment between external SPL interface
$A_INSE and PROFIsafe output module
10390 SAFE_IN_HW_ASSIGN Input assignment ext. SPL interface
10392 SAFE_OUT_HW_ASSIGN Output assignment ext. SPL interface
13010 DRIVE_LOGIC_NR Logical drive number /FBD/, G2
Axis/spindle-specific ($MA_ ... )
30240 ENC_TYPE Encoder type, actual value sensing method /FBD/, G2
30300 IS_ROT_AX Rotary axis/spindle /FBD/, R2
30320 DISPLAY_IS_MODULO Modulo 360 degrees display for rotary
axis/spindle
/FBD/, R2
30330 MODULO_RANGE Size of modulo range /FBD/, R2
32300 MA_AX_ACCEL Axis acceleration /FBD/, B2
35200 GEAR_STEP_SPEEDCTRL_ACCEL Acceleration in speed control mode /FBD/, S1
35210 STEP_POSCTRL_ACCEL Acceleration in position control mode /FBD/, S1
35410 SPIND_OSCILL_ACCEL Acceleration when oscillating /FBD/, S1
36060 STANDSTILL_VELO_TOL Maximum velocity/speed "Axis/spindle
stationary"
/FBD/, A2
36620 SERVO_DISABLE_DELAY_TIME Shutdown delay controller enable /FBD/, A2
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-207
Number Name Name Reference
36901 SAFE_FUNCTION_ENABLE Enable safety functions
36902 SAFE_IS_ROT_AX Rotary axis
36905 SAFE_MODULO_RANGE Modulo value safe cams (from SW4.2)
36910 SAFE_ENC_SEGMENT_NR Actual value assignment: Drive type
36911 SAFE_ENC_MODULE_NR Actual value assignment: Drive
number/measuring circuit number
36912 SAFE_ENC_INPUT_NR Actual value assignment: Input on drive
module/control loop module
36915 SAFE_ENC_TYPE Encoder type
36916 SAFE_ENC_IS_LINEAR Linear scale
36917 SAFE_ENC_GRID_POINT_DIST Linear scale graduations
36918 SAFE_ENC_RESOL Encoder pulses per revolution
36920 SAFE_ENC_GEAR_PITCH Lead screw pitch
36921 SAFE_ENC_GEAR_DENOM[n] Denominator of encoder/load gear
36922 SAFE_ENC_GEAR_NUMERA[n] Numerator of encoder/load gear
36925 SAFE_ENC_POLARITY Direction reversal actual value
36926 SAFE_ENC_FREQ_LIMIT Encoder frequency for safe operation (only
with Performance 2 controls)
36930 SAFE_STANDSTILL_TOL Zero speed tolerance
36931 SAFE_VELO_LIMIT[n] Limit value for safely reduced speed
36932 SAFE_VELO_OVR_FACTOR[n] Override factor for SG (SW 4.2 and higher)
36933 SAFW_DES_VELO_LIMIT SG set speed limitation
36934 SAFE_POS_LIMIT_PLUS[n] Upper limit value for safe limit position
36935 SAFE_POS_LIMIT_MINUS[n] Lower limit value for safe limit position
36936 SAFE_CAM_POS_PLUS[n] Plus cam position for safe cams
36937 SAFE_CAM_POS_MINUS[n] Minus cam position for safe cams
36940 SAFE_CAM_TOL Tolerance for safe cams
36942 SAFE_POS_TOL Actual value comparison tolerance
(crosswise)
36944 SAFE_REFP_POS_TOL Actual value comparison tolerance
(referencing)
36946 SAFE_VELO_X Speed limit nx (from SW4.2)
36948 SAFE_STOP_VELO_TOL Tolerance actual speed for SBR (from SW4.2)
36949 SAFE_SLIP_VELO_TOL Speed tolerance slip
36950 SAFE_MODE_SWITCH_TIME Tolerance time for SGE changeover
36951 SAFE_VELO_SWITCH_DELAY Delay time speed changeover
36952 SAFE_STOP_SWITCH_TIME_C Transition time, STOP C to safe standstill
36953 SAFE_STOP_SWITCH_TIME_D Transition time, STOP D to safe standstill
36954 SAFE_STOP_SWITCH_TIME_E Transition time, STOP E to safe standstill
36955 SAFE_STOP_SWITCH_TIME_F Delay time STOP F response
36956 SAFE_PULSE_DISABLE_DELAY Delay time pulse cancellation
36957 SAFE_PULSE_DIS_CHECK_TIME Time for testing pulse cancellation
36958 SAFE_ACCEPTANCE_TST_TIMEOUT Time limit for acceptance test
36960 SAFE_STANDSTILL_VELO_TOL Shutoff speed for pulse cancellation
36961 SAFE_VELO_STOP_MODE Stop response safely reduced speed
36962 SAFE_POS_STOP_MODE Stop response safe limit position
36963 SAFE_VELO_STOP_REACTION[n] SG-specific stop response (SW 4.2 and
higher)
36964 SAFE_IPO_STOP_GROUP Grouping, safety IPO response
36965 SAFE_PARK_ALARM_SUPPRESS Alarm suppression for parking axis
36966 SAFE_BRAKETEST_TORQUE Brake test torque
36967 SAFE_BRAKETEST_POS_TOL Position tolerance for brake test
36970 SAFE_SVSS_DISABLE_INPUT Input assignment SBH/SG de-selection
36971 SAFE_SS_DISABLE_INPUT Input assignment SBH de-selection
36972 SAFE_VELO_SELECT_INPUT[n] Input assignment SG selection
36973 SAFE_POS_SELECT_INPUT Input assignment SE selection
36974 SAFE_GEAR_SELECT_INPUT[n] Input assignment gear ratio selection
36975 SAFE_STOP_REQUEST_INPUT Input assignment "Test stop selection"
36976 SAFE_PULSE_STATUS_INPUT Input assignment "Pulses cancelled" status
36977 SAFE_EXT_STOP_INPUT[n] Input assignment external brake request
36978 SAFE_OVR_INPUT[n] Input assignment for SG override selection
(SW 4.2 and higher)
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-208 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Number Name Name Reference
36979 SAFE_STOP_REQUEST_EXT_INPUT Assignment of input terminal to select the
external shutdown test
36980 SAFE_SVSS_STATUS_OUTPUT Output assignment SBH/SG active
36981 SAFE_SS_STATUS_OUTPUT Output assignment for SBH active (from SW
4.2)
36982 SAFE_VELO_STATUS_OUTPUT[n] Output assignment for SG active (from SW
4.2)
36984 SAFE_EXT_PULSE_ENABLE_OUTPUT Assignment of the output terminal for external
pulse enable request.
36985 SAFE_VELO_X_STATUS_OUTPUT Output assignment for n < nx (from SW4.2)
36986 SAFE_PULSE_ENABLE_OUTPUT Output assignment "Enable pulses"
36987 SAFE_REFP_STATUS_OUTPUT Output assignment "Axis safely referenced"
36988 SAFE_CAM_PLUS_OUTPUT[n] Output assignment SN1 + to SN4 +
36989 SAFE_CAM_MINUS_OUTPUT[n] Output assignment SN1 - to SN4 -
36990 SAFE_ACT_STOP_OUTPUT[n] Output assignment act. STOP
36992 SAFE_CROSSCHECK_CYCLE Display of axial crosswise data comparison
clock cycle
36993 SAFE_CONFIG_CHANGE_DATE[n] Date/time of the last change SI-NCK-MD
36994 SAFE_PREV_CONFIG[n] Data of previous safety function
36995 SAFE_STANDSTILL_POS Standstill position
36997 SAFE_ACKN User agreement
36998 SAFE_ACT_CHECKSUM Actual checksum
36999 SAFE_DES_CHECKSUM Setpoint checksum
37000 FIXED_STOP_MODE Traverse to fixed endstop mode
37090 SAFE_BRAKETEST_TORQUE Brake test, holding torque
37092 SAFE_BRAKETEST_POS_TOL Position tolerance for brake test
4.1.2 Description of the machine data
General information about machine data and an explanation of their contents
such as unit, data type, protection level, effectiveness, etc. can be found in the
following references:
References: /LIS/, Lists SINUMERIK 840D
10089
MD number
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL
Delay time until the pulses are cancelled when the drive bus fails
840D
Default: 0 Min. input value: 0 Max. input value: 0.8
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s
Data type: DOUBLE Applies from SW 6.4.09
Meaning This is the time after the drive bus fails that the pulses are safely cancelled. During this
time, it is still possible to implement a response to the bus failure that is executed
autonomously in the drive (refer to extended shutdown and retraction)
In the following cases, the pulses are immediately cancelled (the system does not wait for
this delay time to expire):
• When selecting an external Stop A
• For active SBH or when SBH is selected
• For an active SG stage or when selecting an SG stage for which an immediate pulse
cancellation is parameterized in $MA_SAFE_VELO_STOP_MODE or
$MA_SAFE_VELO_STOP_REACTION.
Special cases, errors .$MN_SAFE_PULSE_DIS_TIME_BUSFAIL is transferred using the copy function of the
SI-MD into drive MD 1380 and then subject to a crosswise data comparison.
These general machine data are included in the axial checksum calculation of the safety-
relevant machine data ( $MA_SAFE_ACT_CHECKSUM,
$MA_SAFE_DES_CHECKSUM).
Corresponds with …
General
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-209
10090
MD number
$MN_SAFETY_SYSCLOCK_TIME_RATIO
Factor for monitoring cycle
840D
Default: 3 Min. input value: 1 Max. input value: 50
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning Ratio between the monitoring and basic system clock cycle. The monitoring clock cycle is
the product of this data and $MN_SYSCLOCK_CYCLE_TIME.
Special cases, errors The monitoring clock cycle is checked during power-up:
• It must be an integral multiple of the position control clock cycle
• It must be ≤ 25 ms
If these conditions are not fulfilled, the factor is rounded to the next possible value. The
monitoring cycle that is actually set is displayed via $MN_INFO_SAFETY_CYCLE_TIME.
The value for the crosswise data comparison clock cycle that is displayed via
$MN_INFO_CROSSCHECK_CYCLE_TIME also changes.
Note:
The monitoring cycle defines the response time of the monitoring functions. It should be
noted that a short monitoring cycle time increases the load on the CPU.
Corresponds with … MD 10050: $MN_SYSCLOCK_CYCLE_TIME
MD 10091: $MN_INFO_SAFETY_CYCLE_TIME
MD 10092: $MN_INFO_CROSSCHECK_CYCLE_TIME
10091
MD number
$MN_INFO_SAFETY_CYCLE_TIME
Displays the monitoring cycle
840D
Default: - Min. input value: - Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/- Unit: ms
Data type: DOUBLE Applies from SW 3.4
Meaning This data displays the monitoring clock cycle time that is actually effective. For display
purposes only – cannot be written into.
Corresponds with … MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO
References Refer to Chapter 2, "Safety monitoring clock cycle and crosswise comparison clock cycle"
10092
MD number
$MN_INFO_CROSSCHECK_CYCLE_TIME
Displays the crosswise comparison clock cycle
840D
Default: - Min. input value: - Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/- Unit: ms
Data type: DOUBLE Applies from SW 3.4
Meaning This data displays the effective time for one full execution of the crosswise data
comparison clock cycle. For display purposes only – cannot be written into.
SW 6.3.21 and higher: Maximum crosswise data comparison clock cycle in seconds.
Corresponds with … MD 10090: $MN_SAFETY_SYSCLOCK_TIME_RATIO
References Refer to Chapter 2, "Safety monitoring cycle and crosswise data comparison clock cycle"
10093
MD number
$MN_INFO_NUM_SAFE_FILE_ACCESS
Number of SPL file accesses
840D
Default: 0 Min. input value: - Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 2/- Unit: -
Data type: DWORD Applies from SW 4.4.18
Meaning Display data: NCK-SPL file /_N_CST_DIR/_N_SAFE_SPF has been accessed n-times in
the protected state. This MD is only used for service purposes. The value of the MD can
only be 0 or 1.
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-210 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
10094
MD number
$MN_SAFE_ALARM_SUPPRESS_LEVEL
"Safety Integrated" alarm suppression level
840D
Default: 2 Min. input value: 0 Max. input value: 13
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: BYTE Applies from SW 6
Meaning The monitoring channels NCK and 611 digital display alarms with the same significance in
several situations.
In order to reduce the size of the alarm image, this MD is used to specify whether safety
alarms with the same significance are to be suppressed. The two-channel stop response
is not influenced by this setting.
0 = Alarms triggered in two channels are displayed to the full extent
- Two-channel display of all axial safety alarms
- Alarm 27001, error code 0 is displayed
- The Alarms 27090, 27091, 27092, 27093 and 27095 are displayed a
multiple number of times using 2 channels
1 = Alarms with the same meaning are only displayed once.
The following alarms are affected:
27010 = 300907
27011 = 300914
27012 = 300915
27013 = 300906
27020 = 300910
27021 = 300909
27022 = 300908
27023 = 300901
27024 = 300900
With these alarms, only one of the specified Alarms (270xx or 300xxx) is
initiated. The alarm of the monitoring channel that then subsequently initiates
the alarm with the same significance, is no longer displayed.
Furthermore, Alarm 27001 with error code 0 is suppressed. This alarm occurs
as a result of drive Alarm 300911. In this particular case, drive machine data
1391, 1392, 193, 1394 provide information regarding the cause of the error.
2 = Default
Going beyond the functionality with MD value=1, the alarms from the SPL
processing (27090, 27091, 27092, 27093 and 27095) are only displayed
through one channel and only once. This machine data must be set to 0 to
generate an acceptance report. This allows the system to document all of the
alarms that have been initiated.
3 = Axial Alarms 27000 and 300950 are replaced by Alarm message 27100 for all
axes/drives.
12 = Going beyond the functionality with MD value = 2, the alarms are assigned priorities.
What appears to be apparent follow-on alarms are no longer displayed or are
automatically cleared from the display.
The following alarms may be affected:
27001, 27004, 27020, 27021, 27022, 27023, 27024, 27091, 27101, 27102,
27103, 27104, 27105, 27106, 27107
13 = Going beyond the functionality with MD value = 3, the alarms are assigned priorities
as for MD value 12.
This machine data must be set to 0 to generate an acceptance report. This allows the
system to document all of the alarms that have been initiated.
Corresponds with …
References
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-211
10095
MD number
$MN_SAFE_MODE_MASK
Safety Integrated modes
840D
Default: 0 Min. input value: 0 Max. input value: 0x0001
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 5.3
Meaning Bit 0=0 $A_INSE[1...64] Default setting "0"
Bit 0=1 $A_INSE[1...64] Default setting "1"
(Compatibility mode for older PLC SW versions)
These functions are only supported by the NCK in one channel. This data is not included
in the axial MD checksum SAFE_ACT_CHECKSUM.
Corresponds with …
References
10096
MD number
$MN_SAFE_DIAGNOSIS_MASK
Safety Integrated diagnostic functions
840D
Default: 1 Min. input value: 0 Max. input value: 0x0001
Change becomes effective after POWER
ON:
Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 5.3
Meaning Bit 0=0 SGE differences between NCK and 611D digital monitoring channels are not
displayed
Bit 0=1 SGE differences between NCK and 611D digital monitoring channels are
displayed
Differences between the following SGEs are detected (the listed bit numbers refer to the
axial mapping of the SGEs, these correspond to the following VDI-interface assignment:
Bit 0: SBH/SG de-selection = DB3<x>.DBX22.0
Bit 1: SBH de-selection = DB3<x>.DBX22.1
Bit 3: SG selection, bit 0 = DB3<x>.DBX22.3
Bit 4: SG selection, bit 1 = DB3<x>.DBX22.4 (from SW 6)
Bit 12: SE selection = DB3<x>.DBX23.4
Bit 28: SG correction, bit 0 = DB3<x>.DBX33.4
Bit 29: SG correction, bit 1 = DB3<x>.DBX33.5
Bit 30: SG correction, bit 2 = DB3<x>.DBX33.6
Bit 31: SG correction, bit 3 = DB3<x>.DBX33.7
<x> is the axis number
The differences are indicated via Alarm 27004.
Corresponds with …
References
10097
MD number
$MN_SAFE_SPL_STOP_MODE
Stop response for SPL errors
840D
Default: 3 Min. input value: 3 Max. input value: 4
Change becomes effective after POWER ON: Protection level (R/W) 2/7 Unit
Data type: BYTE Applies from SW 6.3
Meaning Selects the stop response when errors are detected in the crosswise data comparison of
NCK and PLC-SPL
3: Stop D
4 Stop E
When the value 4 is entered in this MD (Stop E) without enabling the external Stop E in all
axes with SI function enable signals ($MA_SAFE_FUNCTION_ENABLE not equal to 0)
results in Alarm 27033, "Axis %1 Invalid parameterization of
MD MN_SAFE_SPL_STOP_MODE".
To remedy this, either parameterize Stop D or set bit 4 and bit 6 in
$MA_SAFE_FUNCTION_ENABLE for all of the axes involved.
This machine data is incorporated in the checksum for safety-relevant machine data
($MA_SAFE_ACT_CHECKSUM, $MA_SAFE_DES_CHECKSUM)
If this MD is set to 4, then DBX36.1 in DB18 must also be set to signal the PLC about this
parameterization. For a different parameter assignment, Alarm 27090 is output, "Error for
crosswise data comparison NCK-PLC".
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-212 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
10098
MD number
$MN_PROFISAFE_IPO_TIME_RATIO
Factor for PROFIsafe communications cycle
840D
Default: 1 Min. input value: 1 Max. input value: 25
Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 6.3
Meaning Relationship between the interpolator clock cycle and the clock cycle in the
communications with PROFIsafe I/Os modules. In the resulting time grid, OB40 on the
PLC side is initiated from the NCK side to enable communication between F master and F
slaves.
The value obtained for the communication clock cycle from this MD and the set IPO cycle
must not be greater than 25 ms.
Special cases, errors
Corresponds with …
10099
MD number
$MN_INFO_PROFISAFE_CYCLE_TIME
PROFIsafe communications clock cycle
840D
Default: 0.000 Min. input value: - Max. input value: -
Changes effective after POWER ON Protection level (R/W) 7/2 Unit: s
Data type: DOUBLE Applies from SW 6.3
Meaning Shows the time grid for communications between F master and F slaves. The value is
obtained from the interpolator clock cycle and MD $MN_PROFISAFE_IPO_TIME_RATIO.
For display purposes only - cannot be written into.
Special cases, errors
Corresponds with …
10385
MD number
$MN_PROFISAFE_MASTER_ADDRESS
PROFIsafe address of F master
840D
Default: 0 Min. input value: 0 Max. input value: 50FA7DH
Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 6.3
Meaning Defines the PROFIsafe address for the F master NCK/PLC. Used to uniquely assign an F
master to an F slave. This parameter must be entered in accordance with the
"F_Source_Address" parameter set in S7-ES for the F slaves. An attempt to establish
communications is only made for F slaves where this address has been entered.
Special cases, errors
Corresponds with …
10386
MD number
$MN_PROFISAFE_IN_ADDRESS
PROFIsafe address of an input module
840D
Default: 0 Min. input value: 0 Max. input value: 5003FFH
Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 6.3
Meaning Defines the PROFIsafe address of a PROFIsafe input module
Special cases, errors
Corresponds with …
10387
MD number
$MN_PROFISAFE_OUT_ADDRESS
PROFIsafe address of an output module
840D
Default: 0 Min. input value: 0 Max. input value: 5003FFH
Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 6.3
Meaning Defines the PROFIsafe address of a PROFIsafe module
Special cases, errors
Corresponds with …
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-213
10388
MD number
$MN_PROFISAFE_IN_ASSIGN
Assignment between external SPL interface $A_INSE and PROFIsafe input
module
840D
Default: 0 Min. input value: 0 Max. input value: 64064
Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 6.3
Meaning The three lower positions indicate the least significant $A_INSE variables to be supplied.
The three upper positions indicate the most significant $A_INSE variables to be supplied.
Example:
PROFISAFE_IN_ASSIGN[0] = 4001:
The system variables $A_INSE[1...4] are supplied with the state of the input terminals of
the PROFIsafe module defined in MD PROFISAFE_IN_ADDRESS[0].
Special cases, errors
Corresponds with …
10389
MD number
$MN_PROFISAFE_OUT_ASSIGN
Assignment between external SPL interface $A_INSE and PROFIsafe output
module
840D
Default: 0 Min. input value: 0 Max. input value: 64064
Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 6.3
Meaning The three lower positions indicate the least significant $A_OUTSE variables to be
supplied. The three upper positions indicate the most significant $A_OUTSE variables to
be supplied.
Example:
PROFISAFE_IN_ASSIGN[0] = 4001:
The system variables $A_OUTSE[1...4] are supplied at the output terminals of the
PROFIsafe module defined in MD PROFISAFE_OUT_ADDRESS[0].
Special cases, errors
Corresponds with …
The following machine data
$MN_INFO_PROFISAFE_CYCLE_TIME
$MN_PROFISAFE_MASTER_ADDRESS
$MN_PROFISAFE_IN_ADDRESS
$MN_PROFISAFE_OUT_ADDRESS
$MN_PROFISAFE_IN_ASSIGN
$MN_PROFISAFE_OUT_ASSIGN
are included in the axial checksum machine data
$MA_SAFE_ACT_CHECKSUM. This means that, they are protected against
modification. Changes can only be confirmed and activated by pressing
"Confirm SI data" softkey.
Changes to the machine data and resulting axial checksums are displayed via
Alarm 27032, "Axis %1 Checksum error for safe monitoring. Acknowledgement
and acceptance test necessary!".
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-214 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
10390
MD number
$MN_SAFE_IN_HW_ASSIGN[n]: 0...7
Input assignment ext. SPL interface
840D
Default: 0 Min. input value: 0 Max. input value: 01 1E 08 02
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 4.4.18
Meaning One input byte of the NCK I/Os can be assigned bytewise (byte-serial) to the system
variables $A_INSE[x] using this machine data.
n System variables Comment
=0 $A_INSE[1..8] Assignment for 1st byte
=1 $A_INSE[9..16] Assignment for 2nd byte
=2 $A_INSE[17..24] Assignment for 3rd byte
=3 $A_INSE[25...32] Assignment for 4th byte
=4 $A_INSE[33...40] Assignment for 5th byte
=5 $A_INSE[41...48] Assignment for 6th byte
=6 $A_INSE[49...56] Assignment for 7th byte
=7 $A_INSE[57...64] Assignment for 8th byte
Structure: refer to MD 10366: $MN_HW_ASSIGN_DIG_FASTIN.
In this case, the restriction applies that an I/O module must addressed via the MD. An
assignment to another system variable is not possible.
Corresponds with … MD 10392: $MN_SAFE_OUT_HW_ASSIGN
References Refer to Chapter 3, "Safe programmable logic (SPL)"
10392
MD number
$MN_SAFE_OUT_HW_ASSIGN[n]: 0...7
Output assignment ext. SPL interface
840D
Default: 0 Min. input value: 0 Max. input value: 01 1E 08 02
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 4.4.18
Meaning One output byte of the NCK I/Os can be assigned bytewise (byte-serial) to the system
variables $A_OUTSE[x] using this machine data.
n System variables Comment
=0 $A_OUTSE[1..8] Assignment for 1st byte
=1 $A_OUTSE[9..16] Assignment for 2nd byte
=2 $A_OUTSE[17..24] Assignment for 3rd byte
=3 $A_OUTSE[25...32] Assignment for 4th byte
=4 $A_OUTSE[33...40] Assignment for 5th byte
=5 $A_OUTSE[41...48] Assignment for 6th byte
=6 $A_OUTSE[49...56] Assignment for 7th byte
=7 $A_OUTSE[57...64] Assignment for 8th byte
Structure: refer to MD 10364: $MN_HW_ASSIGN_DIG_FASTOUT.
In this case, the restriction applies that an I/O module must addressed via the MD. An
assignment to another system variable is not possible.
Corresponds with … MD 10390: $MN_SAFE_IN_HW_ASSIGN
References Refer to Chapter 3, "Safe programmable logic (SPL)"
Assigning local inputs on the NCU to the SPL interface (from SW 6.3.21):
• Parameterization for s = 0 for SPL SGEs/SGAs:
i =0H fixed
mm =00H fixed
xx =00H fixed
nn =01H – 0FH Screen form for the digital I/O used for
Safety
Inputs/outputs
Setting the value "nn" can be used to define which of the available four digital
I/Os are to be used for the SPL SGEs/SGAs:
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-215
Examples
nn = 01H: only map input/output 1 in $A_INSE/$A_OUTSE
nn = 05H: only map inputs/outputs 1 and 3 in $A_INSE/$A_OUTSE
nn = 0FH: map all inputs/outputs in $A_INSE/$A_OUTSE
This parameterization allows selective digital I/Os to be reserved for SI and, at
the same time, the other I/Os to be used for other functions.
A single output bit is connected to a terminal with each entry. The structure is
the same as $MN_HW_ASSIGN_ANA_FASTOUT[n].
20108
MD number
$MC_PROG_EVENT_MASK
Event-controlled program call
840D
Default: (0x0, 0x0, 0x0,...) Min. input value: 0 Max. input value: 0xF
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 6.1
Meaning Parameterizes the event where the user program, set with $MN_PROG_EVENT_NAME
(default: _N_PROG_EVENT_SPF) is implicitly called:
Bit 0=1: Part program start
Bit 1 = 1: Part program end
Bit 2 = 1: Operator panel reset
Bit 3 = 1: Run-up
The user program is called using the following search path:
1. /_N_CUS_DIR/_NPROG_EVENT_SPF
2. /_N_CMA_DIR/_NPROG_EVENT_SPF
3. /_N_CST_DIR/_NPROG_EVENT_SPF
Corresponds with …
References
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-216 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
36901
MD number
$MA_SAFE_FUNCTION_ENABLE
Enable safety-related functions
840D
Default: 0 Min. input value: 0 Max. input value:
FF 03, FF E3 (from SW4.2)
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Hexadecimal
Data type: DWORD Applies from SW 3.4
Meaning The functions for safe operation can be enabled for one axis/spindle with this data.
It is only possible to enable - on an axis-specific basis - as many axes/spindles for safe
operation as have been enabled by the global option.
If one of the bits from bit 1 is set, then bit 0 must also be set. This is because for a STOP
C, D, E the control switches into the safe operating stop. This condition is checked (if
there is an error, configuration Alarm 27033 is output).
The more partial functions that are set, then the more computing time the safe functions
require.
High byte Bit 15 Bit 14 Bit 13 Bit 12 Bit 11 Bit 19 Bit 9 Bit 8
Enable safe cams
SN4 - SN4 + SN3 - SN3 + SN2 - SN2 + SN1 - SN1 +
Low byte Bit7 Bit6 Bit5 Bit4 Bit 3 Bit 2 Bit 1 Bit 0
Enable (from SW4.2) SW 6.3 From
SW 5.2
Reserve
d
Enable
Cam
synchron
ization
External
STOPs
Override
for
safely-
reduced
speed
Enable
external
ESR
activatio
n
Enable
act.
value
synchr.
2nd
encoder
system
0 SE SBH/
SG
Special cases, errors If bit 1 or a higher bit is set, then bit 0 must also be set since the control system switches
to a safe operational stop in response to STOP C, D or E (a configuration alarm is output
if an error is detected).
If an insufficient number of axes/spindles have been enabled for safe operation using the
global option, then this data may be overwritten with the value 0000 during run-up
Corresponds with … Global option
References Refer to Chapter 2, "Enabling safety-related functions"
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-217
36902
MD number
$MA_SAFE_IS_ROT_AX
Rotary axis
840D
Default: 0 Min. input value: 0 Max. input value: 1
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: BOOLEAN Applies from SW 3.4
Meaning Data specifies whether the axis for safe operation is a rotary axis/spindle or linear axis.
= 0: Linear axis
= 1: Rotary axis/spindle
The value set in this MD must be the same as the value set in MD: $MA_IS_ROT_AX. A
parameterization error is displayed if they are not identical.
Corresponds with … MD 30300: $MA_IS_ROT_AX
36905
MD number
$MA_SAFE_MODULO_RANGE
Modulo value for SN
840D
Default: 0.0 Min. input value: 0.0 Max. input value: 737280.0
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Degrees
Data type: DOUBLE Applies from SW 4.2
Meaning Actual value range within which safe cams for rotary axes are calculated. The axis must
be a rotary axis ($MA_/$MD_SAFE_IS_ROT_AX = 1).
Value = 0: Modulo override after +/- 2048 revolutions
(i.e. after 737 280 degrees)
Setting > 0 and multiples of 360 degrees:
Modulo override after this setting (e.g. setting = 360
the actual value range is between 0 and 359.999 degrees, i.e. a
modulo override is carried-out after every revolution.
Special cases, errors • If the value set in this data is not 0 or a multiple of 360 degrees, then an appropriate
alarm is output during run-up.
• The cam positions are also checked with respect to the parameterized actual value
range during run-up. An appropriate alarm is output if parameterization errors are
detected.
• Actual value ranges set in $MA_SAFE_MODULO_RANGE and
$MA_MODULO_RANGE must be a multiple integer.
Corresponds with … MD 1305: $MD_SAFE_MODULO_RANGE
MD 30330: $MA_MODULO_RANGE
MD 36935/1336: $MA_/$MD_SAFE_CAM_POS_PLUS[n]
MD 36937/1337: $MA_/$MD_SAFE_CAM_POS_MINUS[n]
36910
MD number
$MA_SAFE_ENC_SEGMENT_NR
Actual value assignment: Drive type
840D
Default: 1 Min. input value: 0 Max. input value: 1
Change becomes effective after POWER ON: Protection level (R/W) 0/0 Unit: -
Data type: BYTE Applies from SW 3.4
Meaning Number of the bus segment via which the encoder is addressed.
=1: Drive bus of SIMODRIVE 611 digital (always used)
36911
MD number
$MA_SAFE_ENC_MODULE_NR
Actual value assignment: Drive number/measuring circuit number
840D
Default: 1 Min. input value: 1 Max. input value: NCU 572: 31
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: BYTE Applies from SW 3.4
Meaning Module No. within a segment via which the SI encoder is addressed.
The logical drive number of the drive assigned to the axis via $MN_DRIVE_LOGIC_NR
must be entered here.
For standard applications with a 2-encoder system, the encoder for Safety Integrated is
connected to the second encoder connection (lower input) of the same drive module.
Special cases, errors Any actual value input in the 611 digital group can be used for the second encoder as the
measuring system on the NC side.
Corresponds with … MD 36910: $MA_SAFE_ENC_SEGMENT_NR
MD 36912: $MA_SAFE_ENC_INPUT_NR
MD 36010: $MN_DRIVE_LOGIC_NR
MD 30220: $MA_ENC_MODULE_NR
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-218 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
36912
MD number
$MA_SAFE_ENC_INPUT_NR
Actual value assignment: Input to drive module/measuring circuit board
840D
Default: 1 Min. input value: 1 Max. input value: 2
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: BYTE Applies from SW 3.4
Meaning Number of the actual value input of a module via which the SI encoder is addressed.
= 1: SI encoder is connected to the upper input (motor encoder)
= 2: SI encoder is connected to the lower input (2nd encoder)
For standard applications with a 2-encoder system, the encoder for Safety Integrated is
connected to the second encoder connection (lower input) of the same drive module.
Special cases, errors Any actual value input in the 611 digital group can be used for the second encoder as the
measuring system on the NC side.
Corresponds with … MD 36911: $MA_SAFE_ENC_MODULE_NR
MD 30230: $MA_ENC_INPUT_NR
36915
MD number
$MA_SAFE_ENC_TYPE
Encoder type
840D
Default: 0 Min. input value: 0 Max. input value: 4
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: BYTE Applies from SW 3.4
Meaning The type of SI encoder connected is specified here.
= 0: Reserved
= 1: Raw signal encoder (1V peak-to-peak)
= 4: Absolute encoder with EnDat interface
Special cases, errors • The value is coded in the same way as in data $MA_ENC_TYPE.
• Only the value 1 or 4 is permitted.
• An incorrect configuration (e.g. entry of values 0, 2, 3 or 5) is flagged with Alarm
27033.
Corresponds with … MD 30240: $MA_ENC_TYPE
36916
MD number
$MA_SAFE_ENC_IS_LINEAR
Linear scale
840D
Default: 0 Min. input value: 0 Max. input value: 1
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: BOOLEAN Applies from SW 3.4
Meaning This is used to specify whether the connected encoder is a rotary or a linear encoder.
= 0: Rotary encoder is connected
$MA_SAFE_ENC_RESOL is used to specify its resolution and convert it to the
load side
using $MA_SAFE_ENC_GEAR_PITCH, $MA_SAFE_ENC_GEAR_DENOM[n]
and $MA_SAFE_ENC_GEAR_NUMERA[n].
MD: $MA_SAFE_ENC_GRID_POINT_DIST has not significance.
= 1: Linear encoder is connected
Its resolution is defined in $MA_SAFE_ENC_GRID_POINT_DIST. The
MDs: $MA_SAFE_ENC_RESOL, $MA_SAFE_ENC_GEAR_PITCH,
$MA_SAFE_ENC_GEAR_DENOM[n] and
$MA_SAFE_ENC_GEAR_NUMERA[n] have no significance.
Corresponds with … For 0: $MA_SAFE_ENC_RESOL
$MA_SAFE_ENC_GEAR_PITCH
$MA_SAFE_ENC_GEAR_DENOM[n]
$MA_SAFE_ENC_GEAR_NUMERA[n]
For 1: $MA_SAFE_ENC_GRID_POINT_DIST
36917
MD number
$MA_SAFE_ENC_GRID_POINT_DIST
Linear scale grid spacing
840D
Default: 0.01 Min. input value: 0.000 01 Max. input value: 8
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm
Data type: DOUBLE Applies from SW 3.4
Meaning The grid spacing of the linear scale used is specified here.
MD irrelevant for .... A rotary encoder
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-219
36918
MD number
$MA_SAFE_ENC_RESOL
Encoder pulses per revolution
840D
Default: 2 048 Min. input value: 1 Max. input value: 100 000
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning The number of pulses per revolution for a rotary encoder is specified here.
MD irrelevant for .... a linear encoder
36920
MD number
$MA_SAFE_ENC_GEAR_PITCH
Spindle pitch
840D
Default: 10 Min. input value: 0.1 Max. input value: 10 000
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm
Data type: DOUBLE Applies from SW 3.4
Meaning Gear ratio of gearbox between encoder and load for a linear axis with rotary encoder.
MD irrelevant for .... a linear encoder
36921
MD number
$MA_SAFE_ENC_GEAR_DENOM[n]
Denominator of encoder/load gear
840D
Default: 1 Min. input value: 1 Max. input value: 2 147 000 000
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning Denominator of the gearbox between encoder and load, i.e. the denominator of the
fraction
No. of encoder revolutions / No. of load revolutions
n = 0, 1, ... ,7 stands for gear stage 1, 2, ... 8
The current value is selected via safety-relevant input signals (SGEs).
Corresponds with … MD 36922: $MA_SAFE_ENC_GEAR_NUMERA[n]
MD irrelevant for .... a linear encoder
36922
MD number
$MA_SAFE_ENC_GEAR_NUMERA[n]
Numerator of encoder/load gear
840D
Default: 1 Min. input value: 1 Max. input value: 2 147 000 000
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning Numerator of the gearbox between encoder and load, i.e. the numerator of the fraction
No. of encoder revolutions / No. of load revolutions
n = 0, 1, ... 7 stands for gear stage 1, 2, ... 8
The current value is selected via safety-relevant input signals (SGEs).
Corresponds with … MD 36921: $MA_SAFE_ENC_GEAR_DENOM[n]
MD irrelevant for .... a linear encoder
36925
MD number
$MA_SAFE_ENC_POLARITY
Direction reversal actual value
840D
Default: 1 Min. input value: -1 Max. input value: 1
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning A direction reversal of the actual value can be selected using this data.
= -1: Direction reversed
= 0 or = 1: Direction not reversed
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-220 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
36926
MD number
$MA_SAFE_ENC_FREQ_LIMIT
Encoder frequency for safe operation
840D
Default: 300000 Min. input value: 300000 Max. input value: 420000
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: freq.
Data type: DWORD Applies from SW 6.3
Meaning Encoder frequency above which amplitude monitoring is disabled. A speed corresponding
to this frequency may not be exceeded in safe operation. If the encoder frequency is
exceeded in safe operation (SBH or SG), the stop response parameterized for the active
monitoring function is triggered.
For Performance-2 control modules, High Standard and High Performance, this frequency
can be set higher than 300 kHz.
Parameterization errors are flagged with Alarm 27033.
36930
MD number
$MA_SAFE_STANDSTILL_TOL
Standstill tolerance
840D
Default: 1 mm Min. input value: 0 Max. input value: 100
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees
Data type: DOUBLE Applies from SW 3.4
Meaning The tolerance for the safe operating stop is set in this data.
If the difference between the position reference value and position actual value is greater
than the tolerance set here when safe operating stop is selected, then the control system
activates Alarm 27010 with STOP A or B.
Corresponds with … MD 36956: $MA_SAFE_PULSE_DISABLE_DELAY
36931
MD number
$MA_SAFE_VELO_LIMIT[n]
Limit value for safely-reduced speed
840D
Default: 2 000 mm/min Min. input value: 0 Max. input value: *
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm/min
inch/min, rev./min
Data type: DOUBLE Applies from SW 3.4
Meaning The limit values for safely-reduced speeds 1, 2, 3 and 4 are set in this data.
When SG1, SG2, SG3 or SG4 is selected and the current speed exceeds the limit set
here, then the control system activates Alarm 27011 with the stop response configured in
$MA_SAFE_VELO_STOP_MODE.
n = 0, 1, 2, 3 stand for limit value of SG1, SG2, SG3, SG4
Special cases, errors With active SBH/SG and a 1-encoder system, the speed is monitored on the basis of an
encoder limit frequency of 200kHz (300 kHz from SW 4.2). An appropriate alarm is output
when the limit is exceeded.
Corresponds with … MD 36961: $MA_SAFE_VELO_STOP_MODE
36932
MD number
$MA_SAFE_VELO_OVR_FACTOR[n]
Override factor for SG
840D
Default: 100 Min. input value: 1 Max. input value: 100
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: %
Data type: DWORD Applies from SW 4.2
Meaning Using SGEs it is possible to select overrides for safely-reduced speeds 2 and 4 and to set
the associated override value (percentage) in this machine data.
n = 0, 1, ... , 15 stand for overrides 0, 1, ... 15
Application $MA_SAFE_VELO_OVR_FACTOR[0]=30 (Override 0)
$MA_SAFE_VELO_OVR_FACTOR[1]=50 (Override 1)
$MA_SAFE_VELO_OVR_FACTOR[2]=80 (Override 2)
$MA_SAFE_VELO_OVR_FACTOR[3]=100 (Override 3)
Depending on whether override 0, 1, 2 or 3 is selected, safely-reduced speeds 2 and 4
are monitored for 30, 50, 80 or 100% of the set limit value.
Special cases, errors • The "Override for safely-reduced speed" function is enabled via MD 36901
(MD 1301):
• This override is not applied to the limit values for safely-reduced speeds 1 and 3.
Corresponds with … MD 36978: $MA_SAFE_OVR_INPUT[n]
MD 36931: $MA_SAFE_VELO_LIMIT[n]
References Refer to Chapter 3, "Override for safely-reduced speed"
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-221
36933
MD number
$MA_SAFE_DES_VELO_LIMIT
Evaluation factor to limit the speed setpoint
840D
Default: 0 Min. input value: 0 Max. input value: 100
Change effective after RESET Protection level (R/W) 7/2 Unit: %
Data type: DWORD Applies from SW 5.2
Meaning Evaluation factor to define the setpoint limit from the actual speed limit. The active SG
limit value is evaluated with this factor and specified to the interpolator as the setpoint
limit. Setpoint 0 is specified when SBH is selected.
If 100% is entered, the setpoint is limited to the active SG stage.
If 0% is entered, the speed setpoint limit is not active.
Corresponds with …
Special cases, errors This MD may have to be altered several times before an optimum setting for the dynamic
response of the drives is found. To prevent this procedure from being unnecessarily
awkward, "reset" has been defined as the activation criterion.
This data is not included in the crosswise data comparison with the drive.
This data is not included in the axial checksum $MA_SAFE_ACT_CHECKSUM, as it is a
single-channel function.
References Refer to Chapter 3.5.2, "Limiting the speed setpoint"
36934
MD number
$MA_SAFE_POS_LIMIT_PLUS[n]
Upper limit value for safe end position
840D
Default: 100 000 mm Min. input value: -2 147 000 Max. input value: 2 147 000
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees
Data type: DOUBLE Applies from SW 3.4
Meaning The upper limit value for safe end positions 1 and 2 is specified here.
If SE1 or SE2 is selected and the actual position exceeds the limit set in this data, the
control system activates Alarm 27012 with the stop response configured in
$MA_SAFE_POS_STOP_MODE and changes over to the SBH mode. A violation of the
SBH tolerance window initiates stop response STOP B and A.
n = 0, 1 stands for upper limit value of SE1, SE2
Corresponds with … MD 36962: $MA_SAFE_POS_STOP_MODE
MD 36935: $MA_SAFE_POS_LIMIT_MINUS[n]
MD 36901: $MA_SAFE_FUNCTION_ENABLE
Special cases, errors If a lower or identical value is entered in MD: $MD_SAFE_POS_LIMIT_PLUS[n] than in
MD: $MA_SAFE_POS_LIMIT_MINUS[n], then a parameterizing error is displayed.
36935
MD number
$MA_SAFE_POS_LIMIT_MINUS[n]
Lower limit value for safe end position
840D
Default: -100 000 mm Min. input value: -2 147 000 Max. input value: 2 147 000
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees
Data type: DOUBLE Applies from SW 3.4
Meaning The lower limit value for safe end positions 1 and 2 is specified here.
If SE1 or SE2 is selected and the actual position drops below the limit set in this data, the
control system activates Alarm 27012 with the stop response configured in
$MA_SAFE_POS_STOP_MODE and changes over to the SBH mode. A violation of the
SBH tolerance window initiates stop response STOP B and A.
n = 0, 1 stands for lower limit value of SE1, SE2
Corresponds with … MD 36962: $MA_SAFE_POS_STOP_MODE
MD 36934: $MA_SAFE_POS_LIMIT_PLUS[n]
MD 36901: $MA_SAFE_FUNCTION_ENABLE
Special cases, errors If a lower or identical value is entered in MD: $MD_SAFE_POS_LIMIT_PLUS[n] than in
MD: $MA_SAFE_POS_LIMIT_MINUS[n], then a parameterizing error is displayed.
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-222 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
36936
MD number
$MA_SAFE_CAM_POS_PLUS[n]
Plus cam position for safe cams
840D
Default: 10 mm Min. input value: -2 147 000 Max. input value: 2 147 000
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees
Data type: DOUBLE Applies from SW 3.4
Meaning The plus cam position for safe cams SN1 +, SN2 +,
SN3 + and SN4 + is specified in this data.
If the actual position is ≤ the value set here when the safe cam function is active, then the
appropriate safety-relevant output signal (SGA) is set to 0 and to 1 if the actual position is
> this value. (Observe the hysteresis for cam synchronization)
n = 0, 1, 2, 3 stands for plus cam position of SN1+, SN2+, SN3+, SN4+
Corresponds with … MD 36988: $MA_SAFE_CAM_PLUS_OUTPUT[n]
MD 36901: $MA_SAFE_FUNCTION_ENABLE
36937
MD number
$MA_SAFE_CAM_POS_MINUS[n]
Minus cam position for safe cams
840D
Default: -10 mm Min. input value: -2 147 000 Max. input value: 2 147 000
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees
Data type: DOUBLE Applies from SW 3.4
Meaning The minus cam position for safe cams SN1-, SN2-, SN3- and SN4-.
If the actual position is ≤ the value set here when the safe cam function is active, then the
appropriate safety-relevant output signal (SGA) is set to 0 and to 1 if the actual position is
> this value. (Observe the hysteresis for cam synchronization)
n = 0, 1, 2, 3 stands for minus cam position of SN1-, SN2-, SN3-, SN4-
Corresponds with … MD 36989: $MA_SAFE_CAM_MINUS_OUTPUT[n]
MD 36901: $MA_SAFE_FUNCTION_ENABLE
36940
MD number
$MA_SAFE_CAM_TOL
Tolerance for safe cams
840D
Default: 0.1 mm Min. input value: 0.001 Max. input value: 10 mm
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees
Data type: DOUBLE Applies from SW 3.4
Meaning Due to the different mounting locations of the encoders and variations in clock cycle and
signal transit times, the cam signals of the two monitoring channels never switch at
exactly the same position and never simultaneously.
This data specifies the tolerance for all cams as a load-side distance. The monitoring
channels may have different signal states for the same cam within this tolerance band
without generating Alarm 27001.
Special cases, errors Recommendation:
Enter an identical or slightly higher value than that set in MD 36942.
36942
MD number
$MA_SAFE_POS_TOL
Actual value comparison tolerance (crosswise)
840D
Default: 0.1 mm Min. input value: 0.001 Max. input value:
10 mm or 360 degrees
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees
Data type: DOUBLE Applies from SW 3.4
Meaning Due to the fact that encoders are not mounted in identical locations and the effects of
backlash, torsion, leadscrew errors, etc., the actual positions sensed simultaneously by
the NCK and drive may differ.
The tolerance band for the crosswise comparison of the actual position in the two
monitoring channels is specified in this data.
Special cases, errors • "Finger protection" (about 10 mm) is the primary consideration when setting this
tolerance value.
• Stop response STOP F is activated when the tolerance band is violated.
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-223
36944
MD number
$MA_SAFE_REFP_POS_TOL
Actual value comparison tolerance (referencing)
840D
Default: 0.01 mm Min. input value: 0 Max. input value:
1 mm or 36 degrees
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm, inches, degrees
Data type: DOUBLE Applies from SW 3.4
Meaning The tolerance for the actual value check after referencing (with an incremental encoder)
or at POWER ON (with an absolute encoder) is set in this data.
A second absolute actual position is calculated from the last standstill position that was
saved prior to control power off and the distance traversed since POWER ON. The control
system checks the actual values after referencing on the basis of the two actual positions,
the traversed distance and this data.
The following factors must be taken into consideration when calculating tolerance values:
Backlash, leadscrew errors, compensation (max. compensation values for LEC, sag and
temperature compensation), temperature errors, torsion (2-encoder system), gear play for
selector gearboxes, lower resolution (2-encoder system), oscillating distance for selector
gearboxes.
Special cases, errors If these two actual positions deviate from one another by more than the value set in this
data with valid user agreement, then Alarm 27001 is displayed with error code 1003 and a
new user agreement is required for referencing.
36946
MD number
$MA_SAFE_VELO_X
Speed limit nx
840D
Default: 20.0 Min. input value: 0.0 Max. input value: 1 000.0
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm/min
inch/min, rev./min
Data type: DOUBLE Applies from SW 4.2
Meaning This data defines limit speed nx for SGA "n < nx".
Corresponds with … MD 1346: $MD_SAFE_VELO_X
References Refer to Chapter 3, "SGA "n < nx" and "SG active""
36948
MD number
$MA_SAFE_STOP_VELO_TOL
Actual speed tolerance for SBR
840D
Default: 300.0 Min. input value: 0.0 Max. input value: 20 000.0
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm/min
inch/min, rev./min
Data type: DOUBLE Applies from SW 4.2
Meaning After the safe braking ramp has been activated, the actual speed plus the speed tolerance
set in this machine data are applied as a speed limit.
Corresponds with … MD 1348: $MD_SAFE_STOP_VELO_TOL
References Refer to Chapter 2, "Safe braking ramp (SBR)"
(a recommended setting and setting formula are specified in this Chapter).
36949
MD number
$MA_SAFE_SLIP_VELO_TOL
Speed tolerance slip
840D
Default: 6.0 Min. input value: 0.0 Max. input value: 1000.0
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm/min
inch/min, rev./min
Data type: DOUBLE Applies from SW 5.2
Meaning Speed difference that, for a 2–encoder system is tolerated between the drive and and
load sides without the crosswise data comparison between SIMODRIVE 611digital and
NCK signaling an error.
MD 36949 is only evaluated if MD $MA_SAFE_FUNCTION_ENABLE, bit 3 is set.
Corresponds with … MD 1349: $MD_SAFE_SLIP_VELO_TOL
References Refer to Chapter 3.11.4, Actual value synchronization
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-224 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
36950
MD number
$MA_SAFE_MODE_SWITCH_TIME
Tolerance time for SGE changeover
840D
Default: 0.5 Min. input value: 0 Max. input value: 10
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s
Data type: DOUBLE Applies from SW 3.4
Meaning SGE changeovers do not take effect simultaneously owing to variations in run times for
SGE transmission in the two monitoring channels. A crosswise data comparison would
output an error message in this case.
This data is used to specify the period of time after SGE changeover during which no
crosswise comparison of actual values and monitoring results is carried out (machine data
is still compared!). The selected monitoring functions continue to operate unhindered in
both monitoring channels.
A safe function is immediately activated in a monitoring channel if selection or changeover
is detected in this channel.
The different run times are mainly determined by the PLC cycle time.
Special cases, errors System-dependent minimum tolerance time:
2 x PLC cycle time (maximum cycle) + 1 x IPO cycle time
The variations in run times in the external circuitry (e.g. relay operating times) must also
be taken into account.
References Refer to Chapter 3, "Safety-relevant input/output signals (SGE/SGA)"
36951
MD number
$MA_SAFE_VELO_SWITCH_DELAY
Delay time speed changeover
840D
Default: 0.1 Min. input value: 0 Max. input value: 10
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s
Data type: DOUBLE Applies from SW 3.4
Meaning A timer with the value in this data is started when changing from a high to a lower safely-
reduced speed or when a safe operating stop is selected when the safely-reduced speed
function is active.
While the timer is running, the speed continues to be monitored for the last selected
speed limit value. During this period, the axis/spindle can be braked, for example, via the
PLC user program without the monitoring function signaling an error and initiating a stop
response.
Examples:
1. The timer is interrupted as soon as a higher or identical SG limit (i.e. to that which
was previously active) is selected.
2. The timer is interrupted if "non-safe operation" (=NSB SGE "de-select SBH/SG=1) is
selected.
3. The timer is retriggered (restarted) if an SG limit lower than the one previously active
is selected or SBH is selected while the timer is running.
36952
MD number
$MA_SAFE_STOP_SWITCH_TIME_C
Transition time, STOP C to safe operating stop
840D
Default: 0.1 Min. input value: 0 Max. input value: 10
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s
Data type: DOUBLE Applies from SW 3.4
Meaning This data defines the time period between the initiation of a STOP C and the activation of
the safe operating stop function.
Once the time has expired, the drive is monitored for safe operating stop. If the
axis/spindle has still not been stopped, STOP B/A is initiated.
36953
MD number
$MA_SAFE_STOP_SWITCH_TIME_D
Transition time, STOP D to safe operating stop
840D
Default: 0.1 Min. input value: 0 Max. input value: 60
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s
Data type: DOUBLE Applies from SW 3.4
Meaning This data defines the time period between the initiation of a STOP D and the activation of
the safe operating stop function.
Once the time has expired, the drive is monitored for safe operating stop. If the
axis/spindle has still not been stopped, STOP B/A is initiated.
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-225
36954
MD number
$MA_SAFE_STOP_SWITCH_TIME_E
Transition time STOP E to safe standstill
840D
Default: 0.1 Min. input value: 0 Max. input value: 60
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit:
Data type: DOUBLE Applies from SW 6.4.15
Meaning Time after which a changeover is made from Stop E to a safe operating stop.
Special cases, errors
Corresponds with …
36955
MD number
$MA_SAFE_STOP_SWITCH_TIME_F
Delay time STOP F to STOP B
840D
Default: 0 Min. input value: 0 Max. input value: 60
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s
Data type: Applies from SW 6.4.09
Meaning Time after which, for a STOP F with active monitoring functions, a change is made to
STOP B. The changeover is also made if a STOP C/D/E occurs during this time,
Special cases, errors
Corresponds with …
36956
MD number
$MA_SAFE_PULSE_DISABLE_DELAY
Delay time pulse cancellation
840D
Default: 0.1 Min. input value: 0 Max. input value: 10
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s
Data type: DOUBLE Applies from SW 3.4
Meaning For a STOP B, the axis is braked along the current limit with speed setpoint 0. After the
delay time defined in this data, the braking mode changes to STOP A for pulse
cancellation.
Special cases, errors The pulses are cancelled earlier than defined in this data if the condition for the pulse
cancellation is present as specified in MD 36960: $MA_SAFE_STANDSTILL_VELO_TOL
or MD 36620: $MA_SERVO_DISABLE_DELAY_TIME
If the timer in this data is set to zero, an immediate change is made from a STOP B to a
STOP A (immediate pulse cancellation).
Corresponds with … MD 36960: $MA_SAFE_STANDSTILL_VELO_TOL
MD 36620: $MA_SERVO_DISABLE_DELAY_TIME
MD 36060: $MA_STANDSTILL_VELO_TOL
36957
MD number
$MA_SAFE_PULSE_DIS_CHECK_TIME
Time for testing pulse cancellation
840D
Default: 0.1 Min. input value: 0 Max. input value: 10
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s
Data type: DOUBLE Applies from SW 3.4
Meaning This specifies that time where after pulse cancellation has been requested the pulses
must actually be cancelled.
The time that elapses between setting the SGA "enable pulses" and detecting the SGE
"pulses cancelled status" must not exceed the time limit set in this data.
Special cases, errors If the pulses are not cancelled within this time, a STOP A response is activated.
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-226 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
36958
MD number
$MA_SAFE_ACCEPTANCE_TST_TIMEOUT
Time limit for the acceptance test duration
840D
Default: 40 Min. input value: 5 Max. input value: 100
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: s
Data type: DOUBLE Applies from SW 6.4
Meaning On the NCK side, a time limit can be specified for the duration of an acceptance test
(there is a drive machine data MD 1358 that corresponds with this, in which the same time
must be entered). If an acceptance takes longer than the time specified in MD 36958,
then the NCK terminates the test. The acceptance status is set to zero on the NCK side.
If the acceptance test has been reset, then on the NCK and drive sides, SI POWER ON
alarms are again changed-over from being able to be acknowledged with a reset to being
able to be acknowledged with a POWER ON.
NCK clears Alarm 27007 and the drive, Alarm 300952.
This MD is also used to limit the duration of an acceptance test SE. After the program
time has expired, the acceptance test SE is interrupted and Alarm 27008 is cleared. The
software end positions are then again effective the same as they are used in the machine
data.
Special cases, errors .
36960
MD number
$MA_SAFE_STANDSTILL_VELO_TOL
Shutdown speed for pulse cancellation
840D
Default: 0 Min. input value: 0 Max. input value: 1 000
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm/min, inch/min, rpm
Data type: DOUBLE Applies from SW 3.4
Meaning When the axis/spindle speed drops below this limit, it is considered to be at a "standstill".
In STOP B mode, the pulses are then cancelled (through transition to STOP A).
Corresponds with … MD 36956: $MA_SAFE_PULSE_DISABLE_DELAY
36961
MD number
$MA_SAFE_VELO_STOP_MODE
Stop response, safely reduced speed
840D
Default: 5 Min. input value: 0 Max. input value: 14
Change becomes effective after POWER ON: Protection level (R/W) 2/7 Unit: -
Data type: BYTE Applies from SW 3.4
Meaning The ones position defines the selection of the stop responses when the safely-reduced
speed is exceeded.
The tens position defines the behavior when the drive bus fails if a time greater than 0
was parameterized in $MN_SAFE_PULSE_DIS_TIME_BUSFAIL.
Special case: For a value of 5 in this MD, the stop response for each SG stage is
selectively defined $MA_SAFE_VELO_STOP_REACTION.
=0: Stop A
=1: Stop B
=2: Stop C
=3: Stop D
=4: Stop E
=5: SAFE_VELO_STOP_MODE invalid, the stop response is parameterized using
MD.
SAFE_VELO_STOP_REACTION Stop A, in addition when the drive bus
fails and the SG is active, the pulses
are not immediately cancelled
=11: Stop B, in addition when the drive bus fails and the SG is active, the pulses
are not immediately cancelled
=12: Stop C, in addition when the drive bus fails and the SG is active, the pulses
are not immediately cancelled
=13: Stop D, in addition when the drive bus fails and the SG is active, the pulses
are not immediately cancelled
=14, Stop E, in addition when the drive bus fails and the SG is active, the pulses
are not immediately cancelled
Special cases, errors
Corresponds with … MD 36931: $MA_SAFE_VELO_LIMIT[n]
MD 36963: $MA_SAFE_VELO_STOP_REACTION[n]
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-227
36962
MD number
$MA_SAFE_POS_STOP_MODE
Stop response, safe limit position
840D
Default: 2 Min. input value: 2 Max. input value: 4
Change becomes effective after POWER ON: Protection level (R/W) 2/7 Unit: -
Data type: BYTE Applies from SW 3.4
Meaning Selects the stop response when passing the safe end stops
2: Stop C
3: Stop D
4: Stop E
Corresponds with … MD 36934: $MA_SAFE_POS_LIMIT_PLUS[n]
MD 36935: $MA_SAFE_POS_LIMIT_MINUS[n]
36963
MD number
$MA_SAFE_VELO_STOP_REACTION[n]
Stop response, safely reduced speed
840D
Default: 2,2,2,2 Min. input value: 0 Max. input value: 14
Change becomes effective after POWER ON: Protection level (R/W) 2/7 Unit: -
Data type: BYTE Applies from SW 4.2
Meaning The ones position defines the SG-specific selection of the stop response when the safely-
reduced speed is exceeded.
The tens position defines the behavior when the drive bus fails on an SG-specific basis if
a time greater than 0 was parameterized in $MN_SAFE_PULSE_DIS_TIME_BUSFAIL.
0: Stop A
1: Stop B
2: Stop C
3: Stop D
4: The tens position defines the behavior when the drive bus fails on an SG-
specific basis if a time greater than 0 was parameterized in MD
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL.
10: Stop A, in addition, when the drive bus fails, the pulses are not immediately
cancelled if this SG stage is active.
11: Stop B, in addition, when the drive bus fails, the pulses are not immediately
cancelled if this SG stage is active. Stop C, in addition, when the drive bus
fails, the pulses are not immediately
cancelled if this SG stage is active.
13: Stop D, in addition, when the drive bus fails, the pulses are not immediately
cancelled if this SG stage is active.
14: Stop E, in addition, when the drive bus fails, the pulses are not immediately
cancelled if this SG stage is active.
Special cases, errors This function is active only when MD 36961 and MD 1361 are set to 5.
Corresponds with … MD 36931: $MA_SAFE_VELO_LIMIT[n]
MD 36961: $MA_SAFE_VELO_STOP_MODE
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-228 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
36964
MD number
$MA_SAFE_IPO_STOP_GROUP
Grouping safety IPO response
840D
Default: 0 Min. input value: 0 Max. input value: 1
Change effective after RESET Protection level (R/W) 7/2 Unit: -
Data type: BYTE Applies from SW 4.4.18
Meaning This MD influences the channel-wide IPO stop response distribution of Safety Integrated.
It is only effective for Safety Integrated axes/spindles.
0 = All other axes-spindles in the channel are notified of the
IPO stop response of this axis (default)
• 1 = For internal STOPs, the axes and machining spindles, interpolating with the
axis involved, are also additionally influenced via the initiated safety alarms. On
the other hand, other axes/spindles in the channel continue to run without
any disturbance.
For external STOPs (without alarm) all of the other axes/spindles remain
unaffected by the safety axis/spindle stop. This allows, for example, the
pulses of the spindle to be safely cancelled (using an external STOP A) so that
this spindle can be manually rotated and the axis can still be safely monitored
when moving.
If, in some machining situations, the other axes/spindles should stop together
with the safety/axis/spindle, then the user is responsible in implementing this using PLC or
synchronous action logic combinations.
36965
MD number
$MA_SAFE_PARK_ALARM_SUPPRESS
Suppression of Alarm "Axis not safely referenced" during parking
840D
Default: FALSE Min. input value: - Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: BOOLEAN Applies from SW 5.2
Meaning Enable the suppression of Alarms 27000/300950 "Axis not safely referenced" when the
"Parking" function is selected.
Corresponds with …
36966
MD number
$MA_SAFE_BRAKETEST_TORQUE
Brake test, holding torque
840D
Default: 5% Min. input value: 0 Max. input value: 800
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: %
Data type: DOUBLE Applies from SW 6.3.21
Meaning Specifies the torque or force for the function test of the brake mechanical system. The
holding brake must be capable of applying this torque without any axis slippage.
Activating the appropriate test function via MD $MA_FIXED_STOP_MODE, bit 1. This MD
must be a minimum of 10 % above the actual torque when selecting the brake test (i.e.
with the brake open). This guarantees that if the brake is defective, the motor can again
brake the axis. If this is not the case, the brake test is aborted with Alarm 20095.
If the drive MD 1192 is not correctly parameterized, then the required safety margin is
increased by twice the margin between the real torque and that parameterized in MD
1192.
36967
MD number
$MA_SAFE_BRAKETEST_POS_TOL
Position tolerance, brake test
840D
Default: 1 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: mm/degrees
Data type: REAL Applies from SW 6.3.21
Meaning Maximum position tolerance for the function test of the brake mechanical system. If the
axis position deviates from the position by more than this tolerance, when the brake test is
selected, then the function test for the brake mechanical system is aborted.
The corresponding test function is activated via MD $MA_FIXED_STOP_MODE, bit 1.
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-229
Note
The maximum input value for all axial NCK_SGE/SGA configuring machine
data differs depending on the application:
Configuring on NCK I/Os: 811E0810
Configuring an SGE on the SPL interface: 84020220
Configuring an SGA on the SPL interface: 84010220
An incorrect entry is detected at the next run-up and flagged with Alarm
27033.
Description of the parameterization of the SGE machine data MD 36970 to
MD 36979
Structure for the input assignment SBH/SG de-selection
is mm xx nn Perm. values Explanation
i Inversion 0, 8 0: No inversion
8: Inversion before
processing
s Segment No. 1, 4 1: I/Os on 611 digital bus
(terminal)
4: Internal map in system
memory (system variable)
Further parameterization if one terminal is assigned (s = 1).
mm Module no. 01-1F Number of the logical
slot in which the
terminal block with
external I/Os is inserted
(drive number)
xx Submodule No. 01-08 Slot number of the sub-
module inside the
I/O module
nn I/O No. 01-10 Bit number (input/output-
number on the submodule
Further parameterization if a system variable is assigned (s = 4).
mm Module No. 01-02 01: Addressing of internal
SPL interface $A_OUTSI or
$A_INSI
02: Addressing of external
SPL interface (only for input
signals, $A_INSE)
xx Submodule No. 01-02 Index of system variable word
(per 32 bits)
nn I/O No. 01-20 Bit number in system variable
word $A_OUTSID[xx],
$A_INSID[xx], $A_INSED[xx]
With each entry, a single bit is assigned to a terminal. The structure
corresponds to MD 10362: $MN_HW_ASSIGN_ANA_FASTIN[n].
Coding of input
assignment
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-230 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Additional parameterization for local inputs on the NCU (from SW 6.3.21):
s = 0 Local inputs on the NCU
s = 1 I/Os on the 611 digital bus
s = 4 System variable assignment, internal image in the
system memory
• Parameterization for s = 0 for axial SGEs:
mm =00H fixed
xx =00H fixed
nn =01H – 04H Bit number
36970
MD number
$MA_SAFE_SVSS_DISABLE_INPUT
Input assignment, SBH/SG de-selection
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning
Design:
This data defines the NCK input for selection/de-selection of the SBH and SG functions.
Signal means
= 0 SG or SBH is selected
= 1 SG and SBH are de-selected
Special cases, errors • Input value "0" means:
There is no assignment, the input remains at 0, SG and SBH cannot be de-selected.
• Input value "80 00 00 00" means:
There is no assignment, the input remains at 1
• If MD bit 31 is set, then the signal is processed inverted (ss = 81)
References /FB/, A4, Digital and Analog NCK I/Os
Corresponds with… MD 10366: $MN_HW_ASSIGN_DIG_FASTIN
MD 13010: $MN_DRIVE_LOGIC_NR
36971
MD number
$MA_SAFE_SS_DISABLE_INPUT
Input assignment, SBH de-selection
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning Assignment of the NCK input for de-selecting the safe operating stop function.
Design: See coding of input assignment
Assignment of terminal signal level to the safe functions if safely-reduced speed or safe
operating stop has been activated.
Signal means
= 0 Safe operating stop is selected
= 1 Safely-reduced speed is selected
(only if STOP C, D or E has not been activated by other functions)
Special cases, errors • If MD bit 31 is set, then the signal is processed inverted (ss = 81)
• This input is of no significance if SG and SBH have been de-selected (see
$MA_SAFE_SVSS_DISABLE_INPUT).
References MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-231
36972
MD number
$MA_SAFE_VELO_SELECT_INPUT[n]
Input assignment, SG selection
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning This data defines the two inputs for selecting SG1, SG2, SG3 or SG4.
Structure: Refer to coding of input assignment
n = 1, 0 stands for bits 1, 0 for selecting SG1 to SG4
Assignment of input bits to safely-reduced speeds:
Bit 1 Bit 0 Selected SG
0 0 SG1
0 1 SG2
1 0 SG3
1 1 SG4
Special cases, errors If the MD bits 31 are set, then the signal is processed inverted (ss = 81).
References MD 36971: $MA_SAFE_SVSS_DISABLE_INPUT
36973
MD number
$MA_SAFE_POS_SELECT_INPUT
Input assignment, SE selection
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning This data defines the input for selecting safe limit position 1 or 2.
Structure: Refer to coding of input assignment
Signal means
= 0 SE1 is active
= 1 SE2 is active
Special cases, errors If MD bit 31 is set, then the signal is processed inverted (ss = 81)
References MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT
36974
MD number
$MA_SAFE_GEAR_SELECT_INPUT[n]
Input assignment, gear ratio selection
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning Assignment of the input terminals for selecting the gear ratio (gear stage).
Structure: Refer to coding of input assignment
n = 2, 1, 0 stands for bits 2, 1, 0 for selecting gear stages 1 to 8
Bit 2 Bit 1 Bit 0 Active gear stage
0 0 0 Stage 1
0 0 1 Stage 2
0 1 0 Stage 3
... ... ... ...
1 1 1 Stage 8
Special cases, errors If the MD bits 31 are set, then the signal is processed inverted (ss = 81).
References MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT
36975
MD number
$MA_SAFE_STOP_REQUEST_INPUT
Input assignment, "test stop selection"
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning This data defines the input for selecting the test stop.
Structure: Refer to coding of input assignment
Signal means
= 0 Test stop is de-activated
= 1 Test stop is executed
Special cases, errors If MD bit 31 is set, then the signal is processed inverted (ss = 81)
References MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-232 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
36976
MD number
$MA_SAFE_PULSE_STATUS_INPUT
Input assignment "pulses cancelled" status
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning This data defines the input for reading back the "pulses cancelled" status signal.
Structure: Refer to coding of input assignment
Signal means
= 0 Pulses are enabled
= 1 Pulses are cancelled
Special cases, errors If MD bit 31 is set, then the signal is processed inverted (ss = 81)
References MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT
36977
MD number
$MA_SAFE_EXT_STOP_INPUT[n]: 0...2
Input assignment, external brake request
840D
Default: 0,0,0,0 Min. input value: 0 Max. input value: 0x811E0810
Change becomes effective after POWER ON: Protection level (R/W) 2/7 Unit: -
Data type: DWORD Applies from SW 4.4.18
Meaning Assigns the input terminal for the external brake requests
Assigns the terminal level to stop types ("0" active):
Index 0: Assignment for "de-selection ext. STOP A" (SH, pulse cancellation)
Index 1: Assignment for "de-selection ext. STOP C" (braking along the current limit)
Index 2: Assignment for "de-selection ext. STOP D" (braking along the path)
Index 3: Assignment for "de-selection ext. STOP E" (ESR+braking along the path)
For safety reasons, inverted logic is used for these signals.
Corresponds with … MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT
References Refer to Chapter 3, "External STOPs"
36978
MD number
$MA_SAFE_OVR_INPUT[n]: 0...3
Input assignment, SG override selection
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 4.2
Meaning Assignment of NCK inputs for override of the limit value of safely-reduced speeds 2 and 4.
Structure: Refer to coding of input assignment
n = 3, 2, 1, 0 stand for override selection bits 3, 2, 1, 0
Assignment of input bits to SG override values:
Bit 3 Bit 2 Bit 1 Bit 0
0 0 0 0 Override 0 is selected
0 0 0 1 Override 1 is selected
to
1 1 1 1 Override 15 is selected
The override factor itself (percentage) is defined using the following machine data:
For 840D MD 36932: $MA_SAFE_VELO_OVR_FACTOR[n]
For 611 digital MD 1332: $MD_SAFE_VELO_OVR_FACTOR[n]
Special cases, errors The "override for safely-reduced speed" function is enabled via MD 36901 (MD 1301):
$MA($MD)_SAFE_FUNCTION_ENABLE
If the MD bits 31 are set, then the signal is processed inverted (ss = 81).
Corresponds with … MD 36970: $MA_SAFE_SVSS_DISABLE_INPUT
MD 36932: $MA_SAFE_VELO_OVR_FACTOR[n]
References Refer to Chapter 3, "override for safely-reduced speed"
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-233
36979
MD number
$MA_SAFE_STOP_REQUEST_EXT_INPUT
Assignment of input terminals for selecting the "test stop external shutdown"
840D
Default: 0 Min. input value: 0 Max. input value: 0x811E0810
Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 6.3
Meaning This MD must be parameterized as soon as the internal pulse cancellation is used (bit 30
in $MA_SAFE_PULSE_ENABLE_OUTPUT=1)
Structure: Refer to coding of input assignment
With each machine data of this kind, a single I/O bit is connected to a terminal or a system
variable. Otherwise, the structure of the machine data is as for 36970 and onwards.
Special cases, errors
References
Description of the parameterization of the SGA machine data MD 36980 to
MD 36990
Structure of the output assignment SBH/SG de-selection
is mm xx nn Perm. values Explanation
i Inversion 0, 8 0: No inversion
8: Inversion before
processing
s Segment No. 1, 4 1: I/Os on 611 digital bus
(terminal)
4: Internal image in system
memory (system variable)
Further parameterization if one terminal is assigned (s = 1).
mm Module No. 01-1F Number of the logical
slot in which the
terminal block with
external I/Os is inserted
(drive number)
xx Submodule No. 01-08 Slot number of the sub-
module inside the
I/O module
nn I/O No. 01-10 Bit number (input/output-
number on the submodule
Further parameterization if a system variable is assigned (s = 4).
mm Module No. 01-02 01: Addressing internal
SPL interface $A_OUTSI or
$A_INSI
02: Addressing of external
SPL interface (only for input
signals, $A_INSE)
xx Submodule No. 01-02 Index of system variable word
(per 32 bits)
nn I/O No. 01-20 Bit number in system variable
word $A_OUTSID[xx],
$A_INSID[xx], $A_INSED[xx]
Additional parameterization for local outputs on the NCU (from SW 6.3.21):
Coding of the output
assignment
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-234 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
s = 0 Local outputs on the NCU
s = 1 I/Os on the 611 digital bus
s = 4 System variable assignment, internal image in the
system memory
36980
MD number
$MA_SAFE_SVSS_STATUS_OUTPUT
Output assignment, SBH/SG active
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning Assignment of the output for signaling the status of the safely-reduced speed or safe
operating stop function.
Signal means
= 0 SG and SBH are not active
(only if STOP C, D or E has not been activated by other functions)
= 1 SG or SBH is active
Special cases, errors • Input value of 0 means:
There is no assignment, the output remains unaffected by status changes
• Input value of 80 00 00 00 means:
There is no assignment, the output remains at 1
• If a single output signal is connected to a terminal, the following applies:
If MD bit 31 is set, then the signal is processed inverted (ss = 81)
• If several output signals are connected to the same terminal, the following applies:
If MD bit 31 is set (ss = 81), the relevant signal is initially inverted. The (in some
cases inverted) output signals are then ANDed and the result output at the terminal.
References /FB/, A4, Digital and analog NCK I/Os
36981
MD number
$MA_SAFE_SS_STATUS_OUTPUT
Output assignment, SBH active
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 4.2
Meaning This data determines the output or system variable for the "SBH active" signal.
Structure: Refer to coding of output assignment
Signal means
= 0 SBH is not active
= 1 SBH is active
Special cases, errors • If a single output signal is connected to a terminal, the following applies:
If MD bit 31 is set, then the signal is processed inverted (ss = 81)
• If several output signals are connected to the same terminal, the following applies:
If MD bit 31 is set (ss = 81), the relevant signal is initially inverted.
The (in some cases inverted) output signals are then ANDed and the result output at
the terminal.
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-235
36982
MD number
$MA_SAFE_VELO_STATUS_OUTPUT[n]
Output assignment, SG active
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 4.2
Meaning This data determines the outputs or system variables for the "SG active bit 0" and "SG
active bit 1" signals.
Structure: Refer to coding of output assignment
n = 1, 0 stands for SG active, bits 1, 0
SG active
Bit 1 Bit 0 means
= 0 = 0 SG1 active if SBH/SG is active and SBH is not active
SBH active if SBH/SG and SBH are active
= 1 = 0 SG2 active
= 0 = 1 SG3 active
= 1 = 1 SG4 active
Special cases, errors • If a single output signal is connected to a terminal, the following applies:
If MD bit 31 is set, then the signal is processed inverted (ss = 81)
• If several output signals are connected to the same terminal, the following applies:
If MD bit 31 is set (ss = 81), the relevant signal is initially inverted.
The (in some cases inverted) output signals are then ANDed and the result output at
the terminal.
36984
MD number
$MA_SAFE_EXT_PULSE_ENAB_OUTPUT
Assignment of output terminal for selection of "external pulse enable"
840D
Default: 0 Min. input value: 0 Max. input value: 0x811E0810
Change becomes effective after RESTART Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 6.3
Meaning This MD must be parameterized as soon as the internal pulse cancellation is used (bit 30
in $MA_SAFE_PULSE_ENABLE_OUTPUT=1)
Structure: Refer to coding of input assignment
With each machine data of this kind, a single I/O bit is connected to a terminal or a system
variable. Otherwise, the structure of the machine data is as for 36970 and onwards.
Special cases, errors
References
36985
MD number
$MA_SAFE_VELO_X_STATUS_OUTPUT
Output assignment for n < nx
840D
Default: 0 Min. input value: 0 Max. input value:
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit:
Data type: DWORD Applies from SW 4.2
Meaning This data determines the output or system variable for the "n < nx" signal.
Structure: Refer to coding of output assignment
Signal means
= 0 Actual speed is higher than the limit speed in $MA_SAFE_VELO_X
= 1 Actual speed is lower or equal to the limit speed
Corresponds with … $MA_SAFE_VELO_X
Special cases, errors • If a single output signal is connected to a terminal, the following applies:
If MD bit 31 is set, then the signal is processed inverted (ss = 81)
• If several output signals are connected to the same terminal, the following applies:
If MD bit 31 is set (ss = 81), the relevant signal is initially inverted.
The (in some cases inverted) output signals are then ANDed and the result output at
the terminal.
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-236 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
36986
MD number
$MA_SAFE_PULSE_ENABLE_OUTPUT
Output assignment, enable pulses
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning The output assignment for the pulses is enabled using this data.
Structure: Refer to coding of output assignment
Signal means
= 0 Request for pulse cancellation
= 1 Request for pulse enable
Special cases, errors • If a single output signal is connected to a terminal, the following applies:
If MD bit 31 is set, then the signal is processed inverted (ss = 81)
• If several output signals are connected to the same terminal, the following applies:
If MD bit 31 is set (ss = 81), the relevant signal is initially inverted.
The (in some cases inverted) output signals are then ANDed and the result output at
the terminal.
• Bit 30 has the following special meaning
If bit 30 is set to 1, the internal pulse cancellation via the drive bus is used (only
permissible for 611 digital Performance 2 modules). In this case, the MDs for
external pulse enabling must also be parameterized as an additional safety measure
in the event that the internal pulse cancellation fails
($MA_SAFE_EXT_PULSE_ENABLE_OUTPUT and
$MA_SAFE_STOP_REQUEST_EXT_INPUT)
Possible values of i:
Value Meaning
0 The SGA "enable pulses" is output at the parameterized interface
(SPL or periphery).
4 The pulses are internally cancelled via the drive bus.
The SGA "enable pulses" contains the same information and is
output
at the parameterized interface (SPL or periphery). This SGA is not
transferred if mm, xx and nn=0.
8 The SGA "enable pulses" is output inverted at the parameterized
interface.
12 (=0CH) The pulses are cancelled internally via the drive bus. The SGA
"enable pulses" contains the same information
and is output inverted at the parameterized interface
(SPL or periphery).
36987
MD number
$MA_SAFE_REFP_STATUS_OUTPUT
Output assignment "axis safely referenced"
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning This data specifies the output for the "axis safely referenced" signal.
Structure: Refer to coding of output assignment
Signal means
= 0 Axis is not safely referenced
(i.e. the SE is de-activated)
= 1 Axis is safely referenced
Special cases, errors • If a single output signal is connected to a terminal, the following applies:
If MD bit 31 is set, then the signal is processed inverted (ss = 81)
• If several output signals are connected to the same terminal, the following applies:
If MD bit 31 is set (ss = 81), the relevant signal is initially inverted.
The (in some cases inverted) output signals are then ANDed and the result output at
the terminal.
Further references MD 36980: $MA_SAFE_SVSS_STATUS_OUTPUT
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-237
36988
MD number
$MA_SAFE_CAM_PLUS_OUTPUT[n]
Output assignment, SN1 + to SN4 +
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning This data specifies the outputs for plus cams SN1+ to SN4+.
Structure: Refer to coding of output assignment
n = 0, 1, 2, 3 stands for the assignment of plus cams SN1+, SN2+, SN3+, SN4+
Signal means
= 0 Axis is located to the left of the cam (actual value ≤ cam position)
= 1 Axis is located to the right of the cam (actual value > cam position)
(also refer to Chapter 3.7 Safe software cams, output assignment)
Special cases, errors • If a single output signal is connected to a terminal, the following applies:
If MD bit 31 is set, then the signal is processed inverted (ss = 81)
• If several output signals are connected to the same terminal, the following applies:
If MD bit 31 is set (ss = 81), the relevant signal is initially inverted.
The (in some cases inverted) output signals are then ANDed and the result output at
the terminal.
Further references MD 36980: $MA_SAFE_SVSS_STATUS_OUTPUT
36989
MD number
$MA_SAFE_CAM_MINUS_OUTPUT[n]
Output assignment, SN1 - to SN4 -
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit:
Data type: DWORD Applies from SW 3.4
Meaning This data defines the outputs for minus cams SN1- to SN4-.
Structure: Refer to coding of output assignment
n = 0, 1, 2, 3 stands for the assignment of minus cams SN1-, SN2-, SN3-, SN4-
Signal means
= 0 Axis is located to the left of the cam (actual value ≤ cam position)
= 1 Axis is located to the right of the cam (actual value > cam position)
(also refer to Chapter 3.7 Safe software cams, output assignment)
Special cases, errors • If a single output signal is connected to a terminal, the following applies:
If MD bit 31 is set, then the signal is processed inverted (ss = 81)
Further references MD 36980: $MA_SAFE_SVSS_STATUS_OUTPUT
4 Data Descriptions 11.03
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
4-238 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
36990
MD number
$MA_SAFE_ ACT_STOP_OUTPUT[n]: 0...3
Output assignment active STOP
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 4.4.18
Meaning This data defines the assignment of the states
"STOP A/B is active", "STOP C is active" and "STOP D is active" to an output terminal or
system variable.
Structure: Refer to coding of output assignment
n associated status (on "1" level)
n = 0 "STOP A/B is active "
n = 1 "STOP C is active "
n = 2 "STOP D is active "
n = 3 "STOP E is active"
Special cases, errors • Test stop can be detected using SGA "Pulse enable".
• "STOP A/B is active" can only be used for "leading brake control" because after the
time specified in MD36956: $MA_SAFE_PULSE_DISABLE_DELAY changeover is
made from STOP B to STOP A.
• "STOP A/B is active", "STOP C is active" and "STOP D is active" can be used for the
forced checking procedure of external STOPs.
Corresponds with … MD 36980: $MA_SAFE_ SVSS_STATUS_OUTPUT
Further references Refer to Chapter 3, "External STOPs"
36992
MD number
$MA_SAFE_CROSSCHECK_CYCLE
Displays axial crosswise comparison clock cycle
840D
Default: 0 Min. input value: 0 Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: DWORD Applies from SW 6.3
Meaning Indicates effective axial comparison clock cycle in seconds.
Obtained from INFO_SAFETY_CYCLE_TIME and the number of data to be compared
crosswise.
The axial value displayed depends on the associated drive module, since the length of the
crosswise data comparison lists between Performance-1/Standard-2 and Performance-2
modules is different.
36993
MD number
$MA_SAFE_CONFIG_CHANGE_DATE[n]; n=0...4
Date/time of last configuration change of safety-relevant NCK machine data
840D
Default: "Blank" Min. input value: - Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: -
Data type: STRING Applies from SW 5.2
Meaning Display data which logs when safety-relevant NCK machine data are activated. The last
change is logged in the MD with
field index 0. Previous times in fields 1...4.
Special cases, errors
36994
MD number
$MA_SAFE_PREV_CONFIG[n]; n=0...4
Save data to verify safety configuration changes
840D
Default: "Blank" Min. input value: - Max. input value: -
Change becomes effective after POWER ON: Protection level (R/W) 7/7 Unit: -
Data type: STRING Applies from SW 3.4
Meaning If the safety configuration is changed, safety-relevant configuration data is stored in this
field.
Special cases, errors
11.03 4 Data Descriptions
4.1 Machine data
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-239
36995
MD number
$MA_SAFE_STANDSTILL_POS
Standstill position
840D
Default value 0 Min. input value:
-2 147 483 647
Max. input value:
2 147 483 647
Change becomes effective after POWER ON: Protection level (R/W) 0/0 Unit: -
Data type: DWORD Applies from SW 3.4
Meaning The position at which the axis has currently stopped is displayed in this MD.
To be able to perform a plausibility check on the axis referencing when the control system
is powered-up the next time, the current axis position is saved permanently when the
following events take place:
• When safe operating stop (SBH) is selected
• Cyclically when SE/SN is active
Special cases, errors Any manual changes to the MD are detected the next time the control is powered-up and
the axis reference checked for plausibility. "User agreement" is required again after
referencing.
36997
MD number
$MA_SAFE_ACKN
User agreement
840D
Default: 0 Min. input value: 0 Max. input value: FF FF FF FF
Change becomes effective after POWER ON: Protection level (R/W) 7/2 Unit: Hexadecimal
Data type: DWORD Applies from SW 3.4
Meaning The user agreement status is displayed in this machine data.
The user can confirm or cancel his "user agreement" via an appropriate screen display.
If it is internally detected in the software that the reference to the machine has been lost,
then the "user agreement" is automatically cancelled (e.g. during gear changes, or if the
plausibility comparison with the stored standstill position fails during referencing).
Special cases, errors Any manual changes to the MD are detected the next time the control is powered-up and
the axis reference checked for plausibility. "User agreement" is required again after
referencing.
36998
MD number
$MA_SAFE_ACT_CHECKSUM
Actual checksum
840D
Default: 0 Min. input value: 0 Max. input value: FF FF FF FF
Change becomes effective after POWER ON: Protection level (R/W) 7/- Unit: Hexadecimal
Data type: DWORD Applies from SW 3.4
Meaning The actual checksum calculated after POWER ON or for a RESET, over the current
values of safety-relevant machine data is entered here.
36999
MD number
$MA_SAFE_DES_CHECKSUM
Setpoint checksum
840D
Default: 0 Min. input value: 0 Max. input value: FF FF FF FF
Change becomes effective after POWER ON: Protection level (R/W) 7/1 Unit: Hexadecimal
Data type: DWORD Applies from SW 3.4
Meaning This data contains the setpoint (reference) checksum of the actual values of safety-
relevant machine data that was saved during the last machine acceptance test.
37000
MD number
$MA_FIXED_STOP_MODE
Travel to fixed endstop mode
840D
Default: 0 Min. input value: 0 Max. input value: 3
Change becomes effective after POWER ON: Protection level (R/W) 7/1 Unit: Hexadecimal
Data type: BYTE Applies from SW
Meaning Bit 0: Selects "Traverse to fixed endstop" from the part program or
synchronous actions.
Bit 1: Selects "Traverse to fixed endstop" for the function test of the
braking mechanical system from the PLC
4 Data Descriptions 11.03
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
4-240 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
4.2 Machine data for SIMODRIVE 611 digital
4.2.1 Overview of the machine data
Table 4-2 Machine data for SIMODRIVE 611 digital
No. Name for 611 digital Equivalent MD for 840D
Name
No.
Name
1300 $MD_SAFETY_CYCLE_TIME 10090: $MA_SAFETY_SYSCLOCK_TIME_RATIO
SI Monitoring cycle Factor for monitoring cycle
1301 $MD_SAFE_FUNCTION_ENABLE 36901: $MA_SAFE_FUNCTION_ENABLE
Enable safety functions Enable safety functions
1302 $MD_SAFE_IS_ROT_AX 36902: $MA_SAFE_IS_ROT_AX
Axis-specific bits for safe functions Rotary axis
1305 $MD_SAFE_MODULO_RANGE 36905: $MA_SAFE_MODULO_RANGE
Actual value range for SN for rotary axes Modulo value for safe cams
1316 $MD_SAFE_ENC_CONFIG 36916: $MA_SAFE_ENC_IS_LINEAR
Motor encoder configuration, safe functions Linear scale
1317 $MD_SAFE_ENC_GRID_POINT_DIST 36917: $MA_SAFE_ENC_GRID_POINT_DIST
Grid spacing linear scale Grid spacing linear scale
1318 $MD_SAFE_ENC_RESOL 36918: $MA_SAFE_ENC_RESOL
Encoder pulses per revolution Encoder pulses per revolution
1320 $MD_SAFE_ENC_GEAR_PITCH 36920: $MA_SAFE_ENC_GEAR_PITCH
Lead screw pitch Lead screw pitch
1321 $MD_SAFE_ENC_GEAR_DENOM[n] 36921: $MA_SAFE_ENC_GEAR_DENOM[n]
Denominator of encoder/load gear Denominator of encoder/load gear
1322 $MD_SAFE_ENC_GEAR_NUMERA[n] 36922: $MA_SAFE_ENC_GEAR_NUMERA[n]
Numerator of encoder/load gear Numerator of encoder/load gear
1326 $MD_SAFE_ENC_FREQ_LIMIT 36926: $MD_SAFE_ENC_FREQ_LIMIT
Encoder limit frequency for safe operation Encoder limit frequency for safe operation
1330 $MD_SAFE_STANDSTILL_TOL 36930: $MA_SAFE_STANDSTILL_TOL
Standstill tolerance SBH Standstill tolerance
1331 $MD_SAFE_VELO_LIMIT[n] 36931: $MA_SAFE_VELO_LIMIT[n]
Limit values for safely-reduced speed Limit value for safely-reduced speed
1332 $MD_SAFE_VELO_OVR_FACTOR[n] 36932: $MA_SAFE_VELO_OVR_FACTOR[n]
Correction factor for SG SG override values
1334 $MD_SAFE_POS_LIMIT_PLUS[n] 36934: $MA_SAFE_POS_LIMIT_PLUS[n]
Upper limit value for SE Upper limit value for safe end position
1335 $MD_SAFE_POS_LIMIT_MINUS[n] 36935: $MA_SAFE_POS_LIMIT_MINUS[n]
Lower limit value for SE Lower limit value for safe end position
1336 $MD_SAFE_CAM_POS_PLUS[n] 36936:
$MA_SAFE_CAM_POS_PLUS[n]
Plus cams position SN Plus cams position for safe cams
1337 $MD_SAFE_CAM_POS_MINUS[n] 36937: $MA_SAFE_CAM_POS_MINUS[n]
Minus cams position SN Minus cams position for safe cams
1340 $MD_SAFE_CAM_TOL 36940: $MA_SAFE_CAM_TOL
Tolerance for safe cams Tolerance for safe cams
1342 $MD_SAFE_POS_TOL 36942: $MA_SAFE_POS_TOL
Actual-value tolerance crosswise data
comparison
Actual value comparison tolerance (crosswise)
1344 $MD_SAFE_REFP_POS_TOL 36944: $MA_SAFE_REFP_POS_TOL
Actual value tolerance safe axis position Actual value comparison tolerance (referencing)
1346 $MD_SAFE_VELO_X 36946: $MA_SAFE_VELO_X
Speed limit nx Speed limit n_x
1348 $MD_SAFE_STOP_VELO_TOL 36948: $MA_SAFE_STOP_VELO_TOL
Actual speed tolerance for SBR Speed tolerance for safe braking ramp
1349 $MD_SAFE_SLIP_VELO_TOL 36949: $MA_SAFE_SLIP_VELO_TOL
Tolerance 2-encoder drift / slip Speed tolerance slip
1350 $MD_SAFE_MODE_SWITCH_TIME 36950: $MA_SAFE_MODE_SWITCH_TIME
Tolerance time for SGE changeover Tolerance time for SGE changeover
1351 $MD_SAFE_VELO_SWITCH_DELAY 36951: $MA_SAFE_VELO_SWITCH_DELAY
Delay time SG changeover Delay time SG changeover
1352 $MD_SAFE_STOP_SWITCH_TIME_C 36952: $MA_SAFE_STOP_SWITCH_TIME_C
Transition time STOP C to SBH Transition time STOP C to safe standstill
11.03 4 Data Descriptions
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-241
1353 $MD_SAFE_STOP_SWITCH_TIME_D 36953: $MA_SAFE_STOP_SWITCH_TIME_D
Transition time STOP D to SBH Transition time STOP D to safe standstill
1354 $MD_SAFE_STOP_SWITCH_TIME_E 36954: $MA_SAFE_STOP_SWITCH_TIME_E
Transition time STOP E to SBH Transition time STOP E to safe standstill
1355 $MD_SAFE_STOP_SWITCH_TIME_F 36955 $MA_SAFE_STOP_SWITCH_TIME_F
Transition time STOP F to SBH Transition time STOP F to safe standstill
1356 $MD_SAFE_PULSE_DISABLE_DELAY 36956: $MA_SAFE_PULSE_DISABLE_DELAY
Delay time pulse cancellation Delay time pulse cancellation
1357 $MD_SAFE_PULSE_DIS_CHECK_TIME 36957: $MA_SAFE_PULSE_DIS_CHECK_TIME
Time for testing pulse cancellation Time for testing pulse cancellation
1358 $MD_SAFE_ACC_TEST_TIMEOUT 36958 $MA_SAFE_ACCEPTANCE_TST_TIMEOUT
SI acceptance test timer Time limit for the acceptance test duration
1360 $MD_SAFE_STANDSTILL_VELO_TOL 36960: $MA_SAFE_STANDSTILL_VELO_TOL
Shutoff speed for pulse cancellation Shutoff speed for pulse cancellation
1361 $MD_SAFE_VELO_STOP_MODE 36961: $MA_SAFE_VELO_STOP_MODE
Stop response for SG Stop response safely reduced speed
1362 $MD_SAFE_POS_STOP_MODE 36962: $MA_SAFE_POS_STOP_MODE
Stop response for SE Stop response safe end position
1363 $MD_SAFE_VELO_STOP_REACTION[n] 36963: $MA_SAFE_VELO_STOP_REACTION[n]
SG-specific stop response SG-specific stop response
1370 $MD_SAFE_TEST_MODE corresponds to BTSS variables for NCK
SI acceptance test mode
1371 $MD_SAFE_TEST_STATE corresponds to BTSS variables for NCK
SI acceptance test status
1380 $MD_SAFE_PULSE_DIS_TIME_FAIL corresponds to BTSS variables for NCK
Time until pulse cancellation
1390 $MD_SAFE_FIRMWARE_VERSION not available for 840D
Firmware release Safety Integrated
1391 $MD_SAFE_DIAG_NC_RESULTLIST1 not available for 840D
Diagnostics: NC result list 1
1392 $MD_SAFE_DIAG_611D_RESULTLIST1 not available for 840D
Diagnostics: 611digital result list 1
1393 $MD_SAFE_DIAG_NC_RESULTLIST2 not available for 840D
Diagnostics: NC result list 2
1394 $MD_SAFE_DIAG_611digital_RESULTLIST2 not available for 840D
Diagnostics: 611digital result list 2
1395 $MD_SAFE_STOP_F_DIAGNOSIS For 840D, integrated in alarm text
Diagnostics for STOP F
1396 $MD_SAFE_ACKN_WRITE not available for 840D
User agreement
1397 $MD_SAFE_ACKN_READ 36997: $MA_SAFE_ACKN
611 digital internal agreement User agreement
1398 $MD_SAFE_ACT_CHECKSUM 36998 $MA_SAFE_ACT_CHECKSUM
Checksum display of SI-MD Actual checksum
1399 $MD_SAFE_DES_CHECKSUM 36999 $MA_SAFE_DES_CHECKSUM
Checksum for SI-MD Setpoint checksum
Note:
• The drive machine data is copied to the drive after the soft key COPY TO DRIVE is pressed.
13xx Drive machine data marked in this way are not taken into account when copying. The machine
manufacturer must manually enter this data.
• The same description as for the equivalent machine data of the 840D system apply to the machine data copied to
the drive.
When the standard motor data is loaded, some drive machine data is
overwritten. If another type of motor is mounted (e.g. after repairs have been
carried-out) and the associated motor default data is loaded, then the encoder
data must be changed back to their original values.
Loading the standard
motor data
4 Data Descriptions 11.03
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
4-242 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
4.2.2 Description of the machine data
1300 $MD_SAFETY_CYCLE_TIME 611 digital
Monitoring clock cycle Relevant for:
FD/MSD
Unit:
31.25 µs
Default:
384 (= 12 ms)
Minimum value:
16
Maximum value:
800
Data type:
short integer
Becomes effective:
POWER ON
This data sets the monitoring clock cycle for safe operation.
Position controller clock cycle <= Monitoring clock cycle <= 25ms
The monitoring clock cycle defines the response time of the monitoring
functions. It should be noted that a short monitoring cycle time increases the
load on the CPU.
1301 $MD_SAFE_FUNCTION_ENABLE 611 digital
Enable safety functions Relevant for:
FD/MSD
Unit:
Hexadecimal
Default:
0
Minimum value:
0
Maximum value:
FFEB Hex
Data type:
Binary
Becomes
effective:
POWER ON
This data enables the partial functions for safe operation on an axis-specific or
spindle-specific basis. The bit assignment is as follows:
Bit 15 Bit 14 Bit 13 Bit 12 Bit 11 Bit 10 Bit 9 Bit 8
High byte Enable safe cams
SN4 - SN4 + SN3 - SN3 + SN2 - SN2 + SN1 - SN1 +
Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
Low byte Enable
(840D from SW4.2)
Reserved, these bits must be set to 0 Enable
Cam
synchron-
ization
External
STOPs
Override,
safely-
reduced
speed
Enable
external
ESR
activation
Enable
actual
value
synchroniz
ation 2-
encoder
system
Reserved
for
functions
with
absolute
reference
SE SBH/SG
1302 $MD_SAFE_IS_ROT_AX 611 digital
Axis-specific bits for safety-relevant functions
Relevant for:
FD/MSD
Unit:
-
Default:
0
Minimum value:
0
Maximum value:
00 03
Data type:
Binary
Becomes
effective:
POWER ON
Axis and encoder bits related to safety functions.
Bit 15 Bit 14 Bit 13 Bit 12 Bit 11 Bit 10 Bit 9 Bit 8
High byte Reserved, these bits must be set to 0
0 0 0 0 0 0 0 0
Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
Low byte Reserved, these bits must be set to 0
0 0 0 0 0 0 Inch
system
Axis type
Bit 0 1: Rotary axis/spindle
0: Linear axis
Bit 1 1: Imperial system (inches etc.)
0: Metric system:
11.03 4 Data Descriptions
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-243
1305 $MD_SAFE_MODULO_RANGE 611 digital
Actual value range for SN for rotary axes
Relevant for:
FD/MSD
Valid from:
840D from SW4.2
Unit:
mdegree
Default:
0
Minimum value:
0
Maximum value:
737 280 000
Data type:
long integer
Becomes effective:
POWER ON
Actual value range within which safe cams for rotary axes are calculated. The
axis must be a rotary axis ($MA_/$MD_SAFE_IS_ROT_AX = 1).
Value = 0: Modulo correction after +/- 2048 revolutions (i.e. after 737
280 000 mdegrees)
Setting > 0 and multiples of 360 000 mdegrees:
Modulo correction after this setting e.g. setting = 360 000
the actual value range is between 0 and 359.999 degrees,
i.e. a modulo correction is carried-out after every revolution.
Corresponding machine data:
MD 36905: $MA_SAFE_MODULO_RANGE
MD 36936/1336: $MA_/$MD_SAFE_CAM_POS_PLUS[n]
MD 36937/1337: $MA_/$MD_SAFE_CAM_POS_MINUS[n]
1316 $MD_SAFE_ENC_CONFIG 611 digital
Motor encoder configuration, safety-relevant functions
Relevant for:
FD/MSD
Unit:
-
Default:
0
Minimum value:
0
Maximum value:
00 07
Data type:
Binary
Becomes effective:
POWER ON
Axis and encoder bits related to safety functions.
Bit 15 Bit 14 Bit 13 Bit 12 Bit 11 Bit 10 Bit 9 Bit 8
High byte Reserved
0 0 0 0 0 0 0 0
Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
Low byte
0 0 0 0 0 2-
encoder
system
Sign
change
Motor
encoder
(IMS)
Bit 0 1: Linear motor encoder (e.g.: Linear scale for linear motors)
0: Rotary motor encoder
Bit 1 1: Sign change
0: No sign change
Bit 2 1: 2-encoder system (for encoder limit frequency
is not monitored)
0: 1-encoder system (for encoder limit frequency is monitored)
1317 $MD_SAFE_ENC_GRID_POINT_DIST 611 digital
Linear scale graduations Relevant for:
FD/MSD
Unit:
µm
Default:
10
Minimum value:
0.010
Maximum value:
8 000
Data type:
float
Becomes
effective:
POWER ON
Grid spacing of encoder (only applies to linear encoders)
4 Data Descriptions 11.03
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
4-244 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
1318 $MD_SAFE_ENC_RESOL 611 digital
Encoder pulses per revolution Relevant for:
FD/MSD
Unit:
Default:
2 048
Minimum value:
1
Maximum value:
100 000
Data type:
-
Becomes effective:
POWER ON
Number of pulses per encoder revolution (only applies to rotary encoders)
1320 $MD_SAFE_ENC_GEAR_PITCH 611 digital
Lead screw pitch Relevant for:
FD/MSD
Unit:
mm/rev
Default:
10
Minimum value:
0.1
Maximum value:
8 388.00
Data type:
float
Becomes effective:
POWER ON
Gear ratio between encoder and load (applies to linear axes with rotary
encoder)
1321 $MD_SAFE_ENC_GEAR_DENOM[n] 611 digital
Denominator of encoder/load gear Relevant for:
FD/MSD
Unit:
-
Default:
1
Minimum value:
1
Maximum value:
8 388 607
Data type:
long integer
Becomes effective:
POWER ON
Denominator of the gear between encoder and load, i.e. the denominator of the
fraction number of encoder revolutions / number of load revolutions
There are a total of 8 values (n = 0 ... 7); the current value is selected by means
of SGEs.
1322 $MD_SAFE_ENC_GEAR_NUMERA[n] 611 digital
Numerator of encoder/load gear Relevant for:
FD/MSD
Unit:
-
Default:
1
Minimum value:
1
Maximum value:
8 388 607
Data type:
long integer
Becomes effective:
POWER ON
Numerator of the gear between encoder and load, i.e. the numerator of the
fraction number of encoder revolutions / number of load revolutions"
There are a total of 8 values (n = 0 ... 7); the current value is selected by means
of SGEs.
1326 $MD_SAFE_ENC_FREQ_LIMIT 611 digital
Encoder limit frequency for safe operation Relevant for:
FD/MSD
Unit:
-
Default:
300000
Minimum value:
300000
Maximum value:
420000
Data type:
long integer
Becomes effective:
POWER ON
Encoder limit frequency setting due to hardware requirements (encoder cable
length, encoder type). Only applies with 611 digital Performance 2 control
1330 $MD_SAFE_STANDSTILL_TOL 611 digital
Standstill tolerance (SBH) Relevant for:
FD/MSD
Unit: µm or
mdegrees
Default:
1 000
Minimum value:
1
Maximum value:
100 000
Data type:
long integer
Becomes effective:
POWER ON
Tolerance value for the safe standstill monitoring.
This machine data defines the standstill tolerance window for SBH. The actual
value must be within this tolerance value otherwise an alarm is output
11.03 4 Data Descriptions
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-245
(tolerance for safe operating stop exceeded, STOP a/B) and the drive is
switched into the safe standstill condition.
1331 $MD_SAFE_VELO_LIMIT[n] 611 digital
Limit values for safely-reduced speed Relevant for:
FD/MSD
Unit: mm/min or
rev/min
Default:
2 000
Minimum value
0
Maximum value:
1 000 000
Data type:
float
Becomes
effective:
POWER ON
Limit values for the safely reduced speed monitoring.
n = 0, 1, 2, 3, stands for limit value of SG1, 2, 3, 4
If the actual speed is greater than this limit value, then the drive initiates a stop
response (this can be parameterized in MD 1361:
$MD_SAFE_VELO_STOP_MODE) and switches into the safe operating stop.
With active SBH/SG and a 1-encoder system, the speed is monitored on the
basis of an encoder limit frequency of 200kHz (300 kHz, 840D from SW 3.6).
The parameterized stop response is output when the limit is exceeded.
1332 $MD_SAFE_VELO_OVR_FACTOR[n] 611digital
Correction factor for SG Relevant for:
FD/MSD
Valid from:
SW version 4.2
Unit:
%
Default:
100
Minimum value:
1
Maximum value:
100
Data type:
short integer
Becomes
effective:
POWER ON
It is possible to select overrides via SGEs for safely-reduced speeds 2 and 4
and to set the associated override value (percentage) in this machine data.
n = 0, 1, ... , 15 stand for overrides 0, 1, ... 15
The "override for safely-reduced speed" function is enabled via MD 36901
(MD 1301): $MA($MD)_SAFE_FUNCTION_ENABLE (refer to Chapter 3.4.5
"Override for safely-reduced speed").
1334 $MD_SAFE_POS_LIMIT_PLUS[n] 611 digital
Upper limit value for safe end position Relevant for:
FD/MSD
Unit: µm or
mdegrees
Default:
100 000 000
Minimum value:
-2 147 000 000
Maximum value:
2 147 000 000
Data type:
long integer
Becomes
effective:
POWER ON
Upper (positive) limit value for safe monitoring of a limit position
n = 0, 1 stands for safe limit position SE1, SE2
When passing the active, upper limit value, the drive initiates an alarm (this can
be parameterized using MD 1362: $MD_SAFE_POS_STOP_MODE) and
switches into the safe operating stop.
1335 $MD_SAFE_POS_LIMIT_MINUS[n] 611digital
Lower limit value for safe end position Relevant for:
FD/MSD
Unit: µm or
mdegrees
Default:
-100 000 000
Minimum value:
-2 147 000 000
Maximum value:
2 147 000 000
Data type:
long integer
Becomes
effective:
POWER ON
Lower (negative) limit value for SE.
n = 0, 1 stands for safe end position SE1, SE2
4 Data Descriptions 11.03
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
4-246 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
When passing the active, lower limit value, the drive initiates an alarm (this can
be parameterized using MD 1362: $MD_SAFE_POS_STOP_MODE) and
switches into the safe operating stop condition.
1336 $MD_SAFE_CAM_POS_PLUS[n] 611digital
Plus cams position for safe cams Relevant for:
FD/MSD
Unit: µm or 0.001
degrees
Default:
10 000
Minimum value:
-2 147 000 000
Maximum value:
2 147 000 000
Data type:
long integer
Becomes
effective:
POWER ON
Absolute position for plus cams.
n = 0, 1, 2, 3 stands for plus cams SN1+, SN2+, SN3+, SN4+
If the safe actual position is greater than the machine data, then the safety-
relevant output (SGA) assigned to this cam, is set to 1.
1337 $MD_SAFE_CAM_POS_MINUS[n] 611digital
Minus cams position for safe cams Relevant for:
FD/MSD
Unit: µm or 0.001
degrees
Default:
-10 000
Minimum value:
-2 147 000 000
Maximum value:
2 147 000 000
Data type:
long integer
Becomes
effective:
POWER ON
Absolute position for minus cams.
n = 0, 1, 2, 3 stands for minus cams SN1-, SN2-, SN3-, SN4-
If the safe actual position exceeds the position set in the machine data, then the
SGA assigned to the relevant cam is set to 1.
1340 $MD_SAFE_CAM_TOL 611 digital
Tolerance for safe cams Relevant for:
FD/MSD
Unit: µm or 0.001
degrees
Default:
100
Minimum value:
1
Maximum value
10 000
Data type:
long integer
Becomes
effective:
POWER ON
Tolerance threshold for all safe cams.
As a result of the minimum measuring, computational and runtime deviations,
the two monitoring channels (NC and drive) rarely detect when a cam position
is passed at exactly the same time and at exactly the same position. This data
creates a tolerance window within which cam results in the two monitoring
channels may deviate without resulting in an error.
Cam tolerance and actual value tolerance (MD 1342) should be identical.
1342 $MD_SAFE_POS_TOL 611 digital
Actual value tolerance, crosswise data comparison Relevant for:
FD/MSD
Unit:
µm or
mdegrees
Default:
100
Minimum value:
1
Maximum value:
360 000
Data type:
long integer
Becomes
effective:
POWER ON
Tolerance threshold for the crosswise data comparison of the position actual
value between the NC and drive. This machine data creates a tolerance
window within which the position actual values of the NC and drive may deviate
from one another.
"Finger protection" (about 10 mm) is the primary consideration when setting this
tolerance value.
11.03 4 Data Descriptions
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-247
If the difference between the position actual values is greater than the tolerance
window, the drive initiates an alarm (STOP F) and shuts down if at least one
monitoring function is active.
1344 $MD_SAFE_REFP_POS_TOL 611 digital
Actual value tolerance safe axis position Relevant for:
FD/MSD
Unit:
µm or
mdegrees
Default:
10
Minimum value:
0
Maximum value:
36 000
Data type:
long integer
Becomes
effective:
POWER ON
Tolerance threshold for the actual value monitoring after referencing. A second
absolute actual position is calculated from the last standstill position that is
saved before the encoder is powered down and the distance traversed since
POWER ON. These two actual positions must be within the tolerance window
or else the axis cannot be referenced without a "user agreement". If the user
agreement is not present, alarm "axis not safely referenced" is output with error
code.
The following factors must be taken into consideration when calculating
tolerance values:
Backlash, leadscrew errors, temperature errors, torsion for 2-encoder systems,
gear play for selector gearboxes, lower resolution for 2-encoder systems,
oscillating travel for selector gearboxes.
1346 $MD_SAFE_VELO_X 611 digital
Speed limit nx Relevant for:
FD/MSD
Valid from:
SW4.2 for 840D
Unit:
mm/min, rpm
Default:
20
Minimum value:
0
Maximum value:
1 000
Data type:
float
Becomes
effective:
POWER ON
This data defines the speed limit nx for SGA "n < nx".
Setting 0 means: n < nx is not active.
1348 $MD_SAFE_STOP_VELO_TOL 611 digital
Actual speed tolerance for SBR Relevant for:
FD/MSD
Valid from:
SW4.2 for 840D
Unit:
mm/min,
inch/min, rpm
Default:
300
Minimum value:
0
Maximum value:
20 000
Data type:
float
Becomes
effective:
POWER ON
After activating the safe braking ramp (SBR), the actual speed plus the speed
tolerance, specified using this machine data, is activated as speed limit. If a
value > 0 is specified in this MD, a value, converted to the internal format, is
limited to >= 1.
Recommended settings: Refer to Chapter 3 "Safe braking ramp"
1349 $MD_SAFE__SLIP_VELO_TOL 611 digital
Tolerance 2-encoder drift / slip Relevant for:
FD/MSD
Valid from:
SW5.2 for 840D
Unit:
mm/min,
inch/min, rpm
Default:
6
Minimum value:
0
Maximum value:
1000
Data type:
float
Becomes
effective:
POWER ON
The tolerance specified in this MD is used as the maximum permissible speed
difference between the NC and drive if the function in bit 3 of MD 1301 "Enable
actual value synchronization" is selected. The tolerance in this MD is then used
for the crosswise data comparison instead of the parameterized tolerance in
4 Data Descriptions 11.03
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
4-248 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
$MD_SAFE_POS_TOL. If this value is exceeded, STOP F is initiated with fine
code 3 or 44-57 (actual value comparison or dynamic limit value comparison).
1350 $MD_SAFE_MODE_SWITCH_TIME 611 digital
Tolerance time for SGE changeover Relevant for:
FD/MSD
Unit:
ms
Default:
500
Minimum value:
0
Maximum value:
10 000
Data type:
float
Becomes
effective:
POWER ON
Timer for SGE changes. The timer is started every time new SGEs are
accepted. The new monitoring functions are immediately active, however, the
crosswise comparison of the result lists, position actual value and dynamic
position limit values must be delayed for a specific time as the two monitoring
channels cannot detect the SGE changes at precisely the same time.
Note
System-dependent minimum tolerance time:
2 x PLC cycle time (maximum cycle) + 1 x IPO cycle time
The variations in runtime in the external circuitry (e.g. relay operating times)
must also be taken into account.
1351 $MD_SAFE_VELO_SWITCH_DELAY 611 digital
Delay time speed changeover Relevant for:
FD/MSD
Unit:
ms
Default:
100
Minimum value:
0
Maximum value:
10 000
Data type:
float
Becomes
effective:
POWER ON
Timer for the SGE delay timer.
The timer is started at the transition from the safely-reduced speed function to
the safe operating stop mode or when the speed monitoring limit is reduced to
a lower speed. During this period, the last selected SG limit remains active.
Example:
1. The timer is interrupted as soon as a higher or identical SG limit (i.e. to that
which was previously active) is selected.
2. The timer is immediately stopped if a changeover is made to "non-safe
operation" (=NSB SGE "de-select SBH/SG=1).
3. The timer is restarted if an SG limit, lower than the one previously active, is
selected or a changeover made to SBH while the timer is running.
1352 $MD_SAFE_STOP_SWITCH_TIME_C 611 digital
Transition time from STOP C to safe operating stop Relevant for:
FD/MSD
Unit:
ms
Default:
100
Minimum value:
0
Maximum value:
10 000
Data type:
float
Becomes
effective:
POWER ON
When the time in this timer expires, a transition is made from STOP C (initiated
by SG or SE) to SBH.
After the time has elapsed, the axis/spindle is monitored for a safe operating
stop. If it has still not reached zero speed, a STOP A or STOP B is initiated.
11.03 4 Data Descriptions
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-249
1353 $MD_SAFE_STOP_SWITCH_TIME_D 611 digital
Transition time from STOP D to safe operating stop Relevant for:
FD/MSD
Unit:
ms
Default:
100
Minimum value:
0
Maximum value:
60 000
Data type:
float
Becomes effective:
POWER ON
When the time in this timer has expired, a transition is made from STOP D
(initiated by SG or SE) to SBH.
After the time has elapsed, the axis/spindle is monitored for a safe operating
stop. If it has still not reached zero speed, a STOP A or STOP B is initiated.
1354 $MD_SAFE_STOP_SWITCH_TIME_E 611 digital
Transition time from STOP E to safe operating stop Relevant for:
FD/MSD
Unit:
ms
Default:
100
Minimum value:
0
Maximum value:
60 000
Data type:
float
Becomes effective:
POWER ON
When the time in this timer expires, a transition is made from STOP E (initiated
by SG or SE) to SBH.
After the time period has elapsed, the axis/spindle is monitored for a safe
operating stop. If it has still not reached zero speed, a STOP A or STOP B is
initiated.
1355 $MD_SAFE_STOP_SWITCH_TIME_F 611 digital
Transition time from STOP F to STOP B Relevant for:
FD/MSD
Unit:
ms
Default:
100
Minimum value:
0
Maximum value:
60 000
Data type:
float
Becomes effective:
POWER ON
When this time in this timer stage expires, a transition is made from STOP F to
STOP B.
1356 $MD_SAFE_PULSE_DISABLE_DELAY 611digital
Delay time pulse cancellation Relevant for:
FD/MSD
Unit:
ms
Default:
100
Minimum value:
0
Maximum value:
10 000
Data type:
float
Becomes effective:
POWER ON
Delay time to cancel the pulses after STOP B was initiated as a result of safe
standstill monitoring or as a result of a STOP F.
The pulses are cancelled earlier than defined in this data if the condition for
pulse cancellation is present via MD 1360:
$MD_SAFE_STANDSTILL_VELO_TOL.
If the timer stage in this data is set to zero, then an immediate transition is
made from STOP B to STOP A (the pulses are immediately cancelled).
1357 $MD_SAFE_PULSE_DIS_CHECK_TIME 611 digital
Time for checking the pulse cancellation Relevant for:
FD/MSD
Unit:
ms
Default:
100
Minimum value:
0
Maximum value:
10 000
Data type:
float
Becomes effective:
POWER ON
After the time in this timer stage has expired, the pulses must have been
cancelled if this has been requested using the SGE "test stop selection". If the
pulses have not been cancelled after the parameterized time, a STOP A
response is initiated. If the pulses have been cancelled after the parameterized
4 Data Descriptions 11.03
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
4-250 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
time, this is indicated to the user by setting the SGA "pulses cancelled". The
user can now reset the SGE "Stop selection".
1358 $MD_SAFE_ACCTEST_TIME 611 digital
Acceptance test timer Relevant for:
FD/MSD
Unit: ms
Default:
40000
Minimum value:
5000
Maximum value:
100000
Data type:
float
Becomes effective:
POWER ON
Corresponds to MD $MA_SAFE_ACCEPTANCE_TST_TIMEOUT for NCK as
timer starting value to monitor the active acceptance test mode..
1360 $MD_SAFE_STANDSTILL_VELO_TOL 611 digital
Shutdown speed, pulse cancellation Relevant for:
FD/MSD
Unit: mm/min or
rev/min
Default:
0.0
Minimum value:
0.0
Maximum value:
1 000.0
Data type:
float
Becomes effective:
POWER ON
Speed, below which the axis is considered to be at a "standstill" and the pulses
are cancelled. If this speed threshold is fallen below when the STOP B
response has expired, then the higher-priority STOP A response is activated
with pulse cancellation.
MD 1356: $MD_SAFE_PULSE_DISABLE_DELAY must be observed. If the
delay time expires before the speed drops below the limit set in the above data,
then the drive pulses are prematurely cancelled.
1361 $MD_SAFE_VELO_STOP_MODE 611 digital
Stop response for safely-reduced speed Relevant for:
FD/MSD
Unit:
-
Default:
5
Minimum value:
0
Maximum value:
15
Data type:
short integer
Becomes effective:
POWER ON
Selects the STOP response when the safely reduced speed monitoring
responds.
= 0, 1, 2, 3, 4 corresponding to STOP A, B, C, D, E – is initiated when an error
occurs
= 5 means that the stop reaction can be configured for specific SGs in
MD 36963/1363.
1362 $MD_SAFE_POS_STOP_MODE 611 digital
Stop response, safe limit position Relevant for:
FD/MSD
Unit:
-
Default:
2
Minimum value:
2
Maximum value:
4
Data type:
short integer
Becomes effective:
POWER ON
When the activated safe limit position 1 or 2 is passed, then the stop response
specified in this data is initiated.
= 2, 3, 4 corresponding to STOP C, D or E – is initiated when an error occurs.
1363 $MD_SAFE_VELO_STOP_REACTION[n] 611 digital
SG-specific stop response Relevant for:
FD/MSD
840D from SW4.2
Unit:
-
Default:
2
Minimum value:
0
Maximum value:
14
Data type:
short integer
Becomes effective:
POWER ON
The stop response programmed in this data is initiated when a selected limit
value for safely-reduced speed 1, 2, 3 or 4 is exceeded.
Significance of the field index: n = 0, 1, 2, 3 stands for SG1, SG2, SG3, SG4
Value = 0, 1, 2, 3, 4 corresponds to STOP A, B, C, D, E
11.03 4 Data Descriptions
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-251
This function is only active when MD 36961 and MD 1361 are set to 5. If a
value not equal to 5 is entered, then the parameterized stop response from MD
1361 is valid and 1363 is not evaluated.
1370 $MD_SAFE_TEST_MODE 611 digital
SI acceptance test mode Relevant for:
FD/MSD
840D
from SW 6.4.15
Unit:
-
Default:
0
Minimum value:
0
Maximum value:
0xAC
Data type:
short integer
Becomes
effective:
Immediate
Corresponds to the BTSS variables safeAcceptTestMode for NCK – signals the
request for an acceptance test mode:
0: Request, exit the acceptance test mode, error acknowledgement
0xAC: Request, go into the acceptance test mode
1371 $MD_SAFE_TEST_STATE 611 digital
Acceptance test status Relevant for:
FD/MSD
840D from SW4.2
Unit:
-
Default:
0
Minimum value:
0
Maximum value:
0xAC
Data type:
short integer
Becomes
effective:
ImmediateE
Corresponds to the BTSS variables safeAcceptTestState for the NCK – signals
the state of the drive regarding the acceptance test mode:
0: Acceptance test mode inactive
0xC: At least 1 active SI POWER ON alarm present when the system
goes into the acceptance test mode
0xD: Incorrect ID received in MD 1370
0xF: Acceptance timer has expired
0xAC: Acceptance test mode is active
1380 $MD_SAFE_PULSE_DIS_TIME_FAIL 611 digital
Time up to pulse cancellation Relevant for:
FD/MSD
840D from SW4.2
Unit:
ms
Default:
0
Minimum value:
0
Maximum value:
800
Data type:
float
Becomes
effective:
Restart
After the drive bus fails, the pulses must have been safely cancelled after this
time has expired.
1390 $MD_SAFE_FIRMWARE_VERSION 611 digital
Firmware version SINUMERIK Safety Integrated Relevant for:
FD/MSD
SW: 4.02/07
Unit:
-
Default:
-
Minimum value:
-
Maximum value:
-
Data type:
long integer
Becomes
effective:
Immediate
The machine data is assigned each time the machine tool is powered up –
irrespective of whether SINUMERIK Safety Integrated is selected or not.
When a separate version ID for SI is displayed, the certification costs with the
German Statutory Industrial Accident Insurance Association (BIA) are reduced
as only software releases have to be registered that include changes.
4 Data Descriptions 11.03
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
4-252 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
1391
1392
$MD_SAFE_DIAG_NC_RESULTLIST1
$MD_SAFE_DIAG_611digital_RESULTLIST1
611 digital
Diagnostics, NC result list 1
Diagnostics, 611 digital result list 1
Relevant for:
FD/MSD
Unit:
-
Default:
0
Minimum value:
0
Maximum value:
FFFF FFFF
Data type:
Long integer
Becomes effective:
POWER ON
This machine data is used to decode errors in result list 1.
Bit No. Bit 31 Bit 30 Bit 29 Bit 28 Bit 27 Bit 26 Bit 25 Bit 24
Function - - - - - - - -
Bit No. Bit 23 Bit 22 Bit 21 Bit 20 Bit 19 Bit 18 Bit 17 Bit 16
Function - - - - - - - -
Bit No. Bit 15 Bit 14 Bit 13 Bit 12 Bit 11 Bit 10 Bit 9 Bit 8
Function - - SG4 SG4 SG3 SG3 SG2 SG2
Bit No. Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
Function SG1 SG1 SE2 SE2 SE1 SE1 SBH SBH
The bits assigned to SI functions have an identical status when there is no
error, but have different states when there is an error.
In the case of a difference between 1391 and 1392, an error has occurred in
the SI function that is assigned to this bit.
Example:
MD 1391 = 0000 1556Hex = 0000 0000 0000 0000 0001 0101 0101 0110Binary
MD 1392 = 0000 1557Hex = 0000 0000 0000 0000 0001 0101 0101 0111Binary
--> Bit 0 is different --> error in the result cross-check of the safe operating stop
(SBH function). Data that is relevant for the safe operating stop function must
be checked in the NCK and drive channels.
1393
1394
$MD_SAFE_DIAG_NC_RESULTLIST2
$MD_SAFE_DIAG_611digital_RESULTLIST2
611 digital
Diagnostics, NC result list 2
Diagnostics, 611 digital result list 2
Relevant for:
FD/MSD
Unit:
-
Default:
0
Minimum value:
0
Maximum value:
FFFF FFFF
Data type:
Long integer
Becomes effective:
POWER ON
This machine data is used to decode errors in result list 2.
Bit No. Bit 31 Bit 30 Bit 29 Bit 28 Bit 27 Bit 26 Bit 25 Bit 24
Function - - - - - - - -
Bit No. Bit 23 Bit 22 Bit 21 Bit 20 Bit 19 Bit 18 Bit 17 Bit 16
Function - - Cam
modulo
range
Cam
modulo
range
nx lower
limit
nx lower
limit
nx upper
limit
nx upper
limit
Bit No. Bit 15 Bit 14 Bit 13 Bit 12 Bit 11 Bit 10 Bit 9 Bit 8
Function SN4 - SN4 - SN4 + SN4 + SN3 - SN3 - SN3 + SN3 +
Bit No. Bit7 Bit6 Bit5 Bit4 Bit 3 Bit 2 Bit 1 Bit 0
Function SN2 - SN2 - SN2 + SN2 + SN1 - SN1 - SN1 + SN1 +
The bits assigned to SI functions have an identical status when there is no
error, but have different states when there is an error.
In the case of a difference between 1393 and 1394, an error has occurred in
the SI function that is assigned to this bit.
Example:
MD 1393 = 0000 1547Hex = 0000 0000 0000 0000 0001 0101 0100 0111Binary
MD 1394 = 0000 1557Hex = 0000 0000 0000 0000 0001 0101 0101 0111Binary
--> Bit 4 is different --> error in result cross-check of safe cam (SN2 +). Data
that is relevant for this cam must be checked in the NCK and drive channels.
11.03 4 Data Descriptions
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-253
1395 $MD_SAFE_STOP_F_DIAGNOSIS 611 digital
Diagnostics for STOP F Relevant for:
FD/MSD
Unit:
-
Default:
32 767
Minimum value:
0
Maximum value:
32 767
Data type:
Short integer
Becomes effective:
Immediate
The fine diagnostics for the following alarms is displayed in this data:
for 840D Alarm 27001 "Defect in a monitoring channel"
for 611 digital Alarm 300911 "Defect in a monitoring channel"
For error code = 1: Evaluate fine error coding in MDs 1391 and 1392
For error code = 2: Evaluate fine error coding in MD 1393 and 1394
For SINUMERIK 840D, the error code is output together with the alarm display.
Note
The error code for stop F is shown in detail in Alarm 27001.
1396 $MD_SAFE_ACKN_WRITE 611digital
User agreement Relevant for:
FD/MSD
Unit:
Hexadecimal
Default:
00 00
Minimum value:
00 00
Maximum value:
FFFF Hex
Data type:
Binary
Becomes effective:
Immediate
The user must input his agreement (acknowledgement) manually to change
over the axis from the "axis referenced" (IS) state to the "axis safely referenced"
(SGA) state. The user agreement does not have to be given when the axis is
referenced again provided that the comparison of the standstill position and the
"reference position", which is automatically made during power-up, produces a
positive result.
Bit 15 ... 0 Meaning
= 00AC Agreement set
= 0 Agreement not set
1397 $MD_SAFE_ACKN_READ 611digital
611 digital internal agreement Relevant for:
FD/MSD
Unit:
Hexadecimal
Default:
00 00
Minimum value:
00 00
Maximum value:
FF FF
Data type:
Binary
Becomes effective:
Immediate
Indicates that an axis is in the "axis safely referenced" state after user
agreement has been issued.
Bit 15 ... 0 Meaning
= 00AC Agreement set
= 0 Agreement not set
1398 $MD_SAFE_ACT_CHECKSUM 611digital
Displays the checksum of the Safety Integrated machine data Relevant for:
FD/MSD
Unit:
Default:
00 00 00 00
Minimum value:
00 00 00 00
Maximum value:
FF FF FF FF
Data type:
Long integer
Becomes effective:
Immediate
The actual checksum calculated after POWER ON over the actual values of the
SI machine data is entered here.
4 Data Descriptions 11.03
4.2 Machine data for SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
4-254 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
If the actual checksum does not match the setpoint checksum in MD 1399:
$MD_SAFE_DES_CHECKSUM, then the Alarm 300744 "Checksum error safe
monitoring" is displayed.
1399 $MD_SAFE_DES_CHECKSUM 611digital
Checksum of machine data for safety functions Relevant for:
FD/MSD
Unit:
Default:
00 00 00 00
Minimum value:
00 00 00 00
Maximum value:
FF FF FF FF
Data type:
Long integer
Becomes effective:
POWER ON
This data contains the setpoint checksum of the actual values of the SI
machine data that was saved during the last machine acceptance test.
After POWER ON, the actual checksum is calculated, entered into MD 1398:
$MD_SAFE_ACT_CHECKSUM and compared with the setpoint checksum in
this data.
If the values are not identical, data has either been changed or there is an error
and Alarm 300744 "Checksum error safe monitoring" is displayed.
11.03 4 Data Descriptions
4.3 Interface signals
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-255
4.3 Interface signals
The safety-relevant input and output signals (SGEs and SGAs) are signals that
are sent to and received from the system via two channels:
• Via the NCK monitoring channel
<--> NCK I/O devices <--> signal processing <-->
NCK SGE/SGA interface <-> NCK-CPU
• Via the drive monitoring channel
<--> PLC I/O devices <--> signal processing via PLC <-->
NC/PLC interface <-->drive CPU
Note
The SGEs/SGAs in the drive monitoring channel are mapped in an area of
the NC/PLC interface (signals to/from drive) and must be supplied in the PLC
user program.
As a result of the two-channel structure of Safety Integrated, the machine
manufacturer must supply the SGEs and SGAs in both the NCK monitoring
channel and the drive monitoring channel.
Unused SGEs must be set to a defined state.
4.3.1 Interface signals for SINUMERIK 840D
Table 4-3 Interface signals for 840D
DB 31... Signals to/from drive
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
... ...
... ...
... ...
22 Reserved Reserved Reserved SG selection Reserved SBH- SBH/SG-
Bit 1 Bit 0 De-
selection
De-
selection
23 Test stop Reserved Reserved SE- Reserved Gear ratio selection
Selection: Selection Bit 2 Bit 1 Bit 0
SGE (signals to drive)
32 Reserved Reserved De-
selection
ext.
STOP_E
De-
selection
ext.
STOP_D
De-
selection
ext.
STOP_C
De-
selection
ext.
STOP_A
Reserved Reserved
33 SG override selection
Bit 3 Bit 2 Bit 1 Bit 0 Reserved Reserved Reserved Reserved
... ...
... ...
... ...
108 Axis safely
referenced
Reserved Reserved Reserved Reserved "Pulses
cancelled"
status
Reserved SBH/ SG
active
General
4 Data Descriptions 11.03
4.3 Interface signals
© Siemens AG 2003 All Rights Reserved
4-256 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
109 Cam signals of plus and minus cams
SN4 - SN4 + SN3 - SN3 + SN2 - SN2 + SN1 - SN1 +
SGA (signals from drive)
110 Reserved Reserved n < nx SG active (from SW4.2) SBH active
(from
SW4.2)
Bit 1 Bit 0 Reserved (from
SW4.2)
Reserved
111 STOP_C
active
STOP_D
active
STOP_C
active
STOP_A/B
active
Reserved Reserved Reserved Reserved
Note:
DB 31 / 32 / 33 ... contains the interface signals for axis/spindle 1 / 2 / 3 ...
4.3.2 Description of the interface signals
Description of the signals sent to the monitoring channel
These signals are used to select/deselect the SBH and SG functions.
Table 4-4 Selection/de-selection of SBH and SG
SGE
SBH/SG
de-selection
SBH
de-selection
Meaning
= 1 x SBH and SG are deselected
= 0 = 0 SBH is selected
(refer to Chapter 3, "Safe operating stop (SBH)")
= 0 = 1 SG is selected
x: Signal state optional
This signal provides the NC monitoring channel with feedback as to whether
the pulses were cancelled during the test stop.
By combining these signals, it is possible to select the speed limit value for
SG1, 2, 3 or 4 when the SG function is activated.
Tabelle 4-5 Selection of speed limit values for SG
SGE
SG selection
Bit 1
SG selection
Bit 0
Meaning
= 0 = 0 Speed limit value for SG1 is selected
= 0 = 1 Speed limit value for SG2 is selected
= 1 = 0 Speed limit value for SG3 is selected
= 1 = 1 Speed limit value for SG4 is selected
SGE
SBH/SG de-selection
SBH de-selection
SGE
status pulses
cancelled
(only for an axis)
SGE
SG selection, bits 1, 0
11.03 4 Data Descriptions
4.3 Interface signals
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-257
The combination of these signals determines the selected gear ratio 1, 2, ... ,8.
Table 4-6 Gear ratio selection
SGE gear ratio selection
Bit 2 Bit 1 Bit 0 Meaning
0 0 0 Gear stage 1 is selected
0 0 1 Gear stage 2 is selected
0 1 0 Gear stage 3 is selected
... ...
1 1 1 Gear stage 8 is selected
SE1 or SE2 is selected when this SGE is activated and the SE function is
active.
0 signal: SE1 is selected
1 signal: SE2 is selected
16 overrides for the limit value of safely-reduced speeds 2 and 4 can be defined
using the SGEs. This means that the limit values for SG2 and SG4 can be
more finely graduated.
An override factor of between 1 and 100% can be assigned to the selected
override via the following machine data:
For 840D MD 36932: $MA_SAFE_VELO_OVR_FACTOR[n]
(override factor safely-reduced speed)
For 611 digital MD 1332: $MD_SAFE_VELO_OVR_FACTOR[n]
This signal is used to initiate the shutdown path test for the drive monitoring
channel.
SGE
Teststop-Anwahl
Vorgang
"Impulse löschen"
SGA
"Status Impulse sind gelöscht"
1
NST_01.DSF
1 Mit Setzen des Signals (1 PLC-Zyklus) wird das Löschen der Impulse gestartet.
2Nach dem Starten des Teststops läuft ein Timer. Am Ende wird über den SGA
"Status Impulse sind gelöscht" die Ausführung des Teststops geprüft.
3Die Signale werden vom System zurückgesetzt.
Vorgang
"Teststop läuft"
2
Timer und Prüfung
3
Fig. 4-1 Signal timing for SGE test stop selection
SGE gear ratio
selection,
bits 2, 1, 0
SGE
SE selection
SGE GE override
bits 3, 2, 1, 0
(840D, from SW 4.2)
SGE
test stop selection
4 Data Descriptions 11.03
4.3 Interface signals
© Siemens AG 2003 All Rights Reserved
4-258 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The sequence for "test stop external shutdown" is comparable with the
sequence for test stop (refer to Chapter 3.1.3 Testing the shutdown paths).
After selecting "test stop external shutdown", the SGA "enable pulse externally"
is cancelled and a timer started with the value
For 840D MD 36957: $MA_SAFE_PULSE_DIS_CHECK_TIME
For 611 digital MD 1357: $MD_SAFE_PULSE_DIS_CHECK_TIME
When the timer expires before a checkback signal for pulse cancellation is
received, Alarm 27001 with code number 1010 is output. In addition, a STOP A
is initiated for the drive and the pulses cancelled via the internal shutdown path.
This state can only be exited with a POWER ON.
The state of the active monitoring functions (SBH, SG, SE, SN) is not changed
by the "test stop external shutdown".
This branch must also be subject to a forced-checking procedure due to the
introduction of an additional possibility of activating STOP A, C, D and E (from
SW 6.4.15 onwards) via SGEs.
The test stop of external STOPs is divided into the following 2 phases:
• Phase 1
The shutdown path is tested as always (refer to Chapter 3.1.3, "Testing
shutdown paths"). The safe pulse cancellation is tested to ensure that it is
functioning correctly. Successful completion of this phase is signaled as
follows:
– For the NCK monitoring channel:
A positive checkback signal is returned in the form of a 0/1 edge from
SGE "status, pulses cancelled".
– For the drive monitoring channel:
The positive checkback signal is displayed using the SGA "pulses are
cancelled".
• Phase 2
The correct functioning of the safe pulse cancellation was already
separately tested for both channels in phase 1.
Therefore, in this phase, it is sufficient to check the function of the SGE
standstill requests.
Procedure:
All of the externally wired/used stopping SGEs are switched in both
channels one after the other and the positive response evaluated via the
associated SGA.
Note
Phase 2 only has to be performed if the function "external STOPs" has been
enabled.
Only the enabled and activated external standstill functions have to be tested.
SGE
test stop external
shutdown
(at axis only,
SW 6.3 and higher)
Test stop for external
STOPs
(840D, SW 4.4.18 and
higher)
11.03 4 Data Descriptions
4.3 Interface signals
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-259
SGE
De-select ext. STOP A
"Pulse cancellation" can be requested and executed via this SGE from both
monitoring channels.
The safe functions currently active (SG/SBH/SN/SE) are not influenced by this
SGE.
If one of the limits currently active is violated an alarm is triggered. The
associated switch-off response cannot be activated because the pulses have
already been cancelled. As soon as the stop request is cancelled via the SGE
"de-select ext. STOP A" any queued shutdown responses become active.
If a stop request is active, SGA "STOP A/B is active" is set in the same way as
it would be for an internally triggered STOP A.
0 signal: "Pulse cancellation" is requested
1 signal: "Pulse cancellation" is not requested
This SGE requests "braking with nset = 0" (braking at the current limit).
When this stopping type is initiated, the safe braking ramp (SBR) is activated.
In addition, the time set in MD36952/1352:
$MA_/$MD_SAFE_STOP_SWITCH_TIME_C (transition time, STOP C to safe
operating stop) is started.
When this time has elapsed the system automatically changes over to SBH.
If a stop request is active, SGA "STOP C is active" is set in the same way as it
would be for an internally triggered STOP C.
0 signal: "Braking with nset = 0" is requested
1 signal: No request for "braking with nset = 0"
Note
Stopping with an external STOP A (pulse cancellation) has a higher priority
and can interrupt an external STOP C (braking at the current limit).
"Braking along a path" can be requested via this SGE.
When ext. STOP D is triggered, the time set via MD 36953/1353 $MA_/
$MD_SAFE_STOP_SWITCH_TIME_D (transition time, STOP D to safe
operating stop) is started.
When this time has elapsed the system automatically changes over to SBH.
If a stop request is active, SGA "STOP D is active" is set in the same way as it
would be for an internally triggered STOP D.
0 signal: "Braking along a path" is requested
1 signal: "Braking along a path" is not requested
Note
Stopping with an external STOP A (pulse cancellation) and external STOP C
(braking at the current limit) have a higher priority and can interrupt an
external STOP D (braking along a path).
STOP E only produces a different response than STOP D if the user has
configured the ESR function (extended stop and retract) and the initiation of the
ESR is programmed depending on $VA_STOPSI or $A_STOPESI. If no ESR is
active, the STOP E behaves like a STOP D. However, if the ESR was
SGE
De-select ext. STOP C
SGE
De-select ext. STOP D
SGE
De-select ext. STOP E
(SW 6.4.15 and higher)
4 Data Descriptions 11.03
4.3 Interface signals
© Siemens AG 2003 All Rights Reserved
4-260 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
incorrectly configured, there is a delay up to the time
$MC_ESR_DELAY_TIME1 and $MC_ESR_DELAY_TIME2 compared to STOP
D until the braking operation is initiated.
After these times have expired, braking is initiated at the current limit.
An external STOP E in contrast to the other external stops, results in Alarm
27020, which can only be acknowledged with a reset. The program cannot be
directly continued, since retraction from the desired contour was performed by
the configured ESR. The reset required must also be taken into consideration
for the test stop sequence.
Description of signals from the monitoring channel
When internal pulse cancellation is used, the pulses are cancelled without
using the NCK I/O for the drive module involved (currently only possible for
611D Performance 2 modules). If bit 30 is set in
$MA_SAFE_PULSE_ENABLE_OUTPUT, the pulses are internally cancelled.
This SGA is used by the drive monitoring channel to signal the status of the
SBH and SG functions in the following way:
0 signal: SBH/SG is not active
1 signal: SBH/SG is active
This SGA controls terminal 663 to enable signals for the drive.
After the shutdown path test has been initiated via the SGE "test stop selection"
or if a limit-value is violated with a resulting STOP A response, this signal is
output to indicate that the drive pulses have been internally cancelled (refer to
Chapter 3 "Shutdown paths").
0 signal: Pulses are enabled
1 signal: Pulses are cancelled
This SGA indicates whether the relevant axis/spindle is safely referenced (refer
to Chapter 3.11.2, "Adjustment, calibration, axis states and previous history").
0 signal: Axis is not safely referenced
1 signal: Axis is safely referenced
These signals are used to indicate which plus or minus cam of cam pair 1, 2, 3
or 4 is "actuated".
0 signal: Axis/spindle is located to the left of the cam
1 signal: Axis/spindle is located to the right of the cam
SGA
external pulse enable
(from axis only)
SGA
SBH/SG active
SGA
enable pulses
(from axis only)
SGA
status, pulses
are cancelled
(from drive only)
SGA
axis safely referenced
SGA
SN1+, SN1-
SN2+, SN2-
SN3+, SN3-
SN4+, SN4-
11.03 4 Data Descriptions
4.3 Interface signals
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-261
This signal indicates the status of safe operating stop (SBH) (refer to Chapter 3,
"Safe operating stop (SBH)").
1 signal: SBH is active
0 signal: SBH is not active
This signal indicates that STOP A/B is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP A/B is not active
1 signal: STOP A/B is active
This signal indicates that STOP C is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP C is not active
1 signal: STOP C is active
This signal indicates that STOP D is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP D is not active
1 signal: STOP D is active
This signal indicates that STOP E is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP E is not active
Otherwise: STOP E is active
This SGA indicates whether the absolute value of the actual speed is above or
below a speed specified in the machine data.
1 signal: Actual speed is lower than the limit speed
0 signal: Actual speed is greater or equal to the limit speed
SGA: SBH active
(840D, from SW 4.2)
SGA
STOP A/B is active
(840D, from SW 4.4.18)
SGA
STOP C is active
(840D, from SW 4.4.18)
SGA
STOP D is active
(840D, from SW 4.4.18)
SGA
STOP E is active
(840D, from SW 6.4.15)
SGA „n < nx
(840D from SW4.2)
4 Data Descriptions 11.03
4.3 Interface signals
© Siemens AG 2003 All Rights Reserved
4-262 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
n
nx
t
N_KL_NX.DSF
SGA "n < nx"
0
1
Fig. 4-2 Signal n < nx, depending on the speed characteristic
Only when the spindle has stopped (SGA "n < nx" = 0) is the chuck, for
example, controlled.
The limit speed nx is defined using the following machine data:
For 840D MD 36946: $MA_SAFE_VELO_X
For 611 digital MD 1346: $MD_SAFE_VELO_X
Note
If the axis/spindle runs at nx, changes in the actual value in both monitoring
channels of the SGA can cause the SGA "n < nx" to have different states.
This must be taken into account in the safe further processing of the SGA.
The SGAs "SG active bit 1, 0" display which safely reduced speed and
therefore which speed limit value is actively monitored. The SGAs are only
updated when the function "SBH/SG" is enabled and SG is active (SGE
"SBH/SG de-selection" = 0 and "SBH de-selection" = 1).
Table 4-7 Display of the active safely-reduced speed
SGA
SG
active
Bit 1
SG
active
Bit 0
SBH/
SG
active
SBH
active
Meaning
= 0 = 0 1 1 SBH is active (no safely-reduced speed active)
= 0 = 0 1 0 Speed limit value for SG1 active
= 0 = 1 1 0 Speed limit value for SG2 active
= 1 = 0 1 0 Speed limit value for SG3 active
= 1 =1 1 0 Speed limit value for SG4 active
= 0 = 0 0 0 Neither SBH nor SG is active
Note:
State "SG active Bit 1, 0" = "0" has two different meanings. An unambiguous
interpretation can be obtained by additionally evaluating the SGAs "SBH active" and
"SBH/SG active".
Application
Defining limit speed nx
Description of the
SGAs
"SG active bit 1, 0"
(840D from SW 4.2)
11.03 4 Data Descriptions
4.4 System variable
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-263
4.4 System variable
4.4.1 System variable for SINUMERIK 840D
Table 4-9 Overview of system variables
System variables Meaning Value range Data type Possible access for
Part
program
Synchr.
action
l s l s
Actual position
$VA_IS[Achse] Safe actual position for Safety
Integrated
DOUBLE x x
$AA_IM[Achse] Actual position for closed-loop control DOUBLE x x
$VA_IM[Achse] Encoder actual value in machine
coordinate system
DOUBLE x x
Internal inputs/outputs
$A_INSI[n] NCK input n = 1, 2, ... 64
stands for
No. of input
BOOL x x
$A_INSID[n] NCK inputs n = 1,2 INT x x
$A_INSIP[n] Image of the PLC input n = 1,2, ...64 BOOL x x
$A_INSIPD[n] Image of the PLC-SPL inputs from the
drive monitoring channel
n = 1,2 INT x x
$A_OUTSI[n] NCK output n = 1, 2, ... 64
stands for
No. of output
BOOL x x x x
$A_OUTSID[n] NCK outputs n = 1,2 INT x x x x
$A_OUTSIP[n] Image of the PLC output n = 1, 2, ... 64 BOOL x x
$A_OUTSIPD[n] Image of the PLC-SPL outputs from
the drive monitoring channel
n = 1,2 INT x x
External inputs/outputs
$A_INSE[n] NCK input n = 1, 2, ... 64
stands for
No. of input
BOOL x x
$A_INSED[n] NCK inputs n = 1,2 INT x x
$A_INSEP[n] Image of a PLC-SPL input from the
PLC hardware I/O
n = 1, 2, ... 64
stands for
No. of input
BOOL x x
$A_INSEPD[n] Image of PLC-SPL inputs from the
PLC hardware I/O
n = 1,2 INT x x
$A_OUTSE[n] NCK output n = 1, 2, ... 64
stands for
No. of output
BOOL x x x x
$A_OUTSED[n] NCK outputs n = 1,2 INT x x x x
$A_OUTSEP[n] Image of a PLC-SPL output from the
PLC hardware I/O
n = 1, 2, ... 64
stands for
No. of output
BOOL x x
$A_OUTSEPD[n] Image of PLC-SPL outputs to PLC
hardware I/O
n = 1,2 INT x x
Markers and timers
$A_MARKERSI[n] Markers n = 1, 2, ... 64
stands for
No. of marker
BOOL x x x x
$A_MARKERSID[n] Markers
(from SW 4.4.18)
n = 1, 2 INT x x x x
$A_MARKERSIP[n] Image of the PLC markers n = 1,2, ...64 BOOL x x
System variables
4 Data Descriptions 11.03
4.4 System variable
© Siemens AG 2003 All Rights Reserved
4-264 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
System variables Meaning Value range Data type Possible access for
Part
program
Synchr.
action
l s l s
$A_MARKERSIPD[n] Image of PLC the markers
(from SW 4.4.18)
n = 1, 2 INT x x
$A_TIMERSI[n] Timer n = 1, 2...16
stands for
No. of timer
REAL x x x x
$A_STATSID Crosswise data comparison error
initiated if the value is not equal to 0
n = 0 Error not
triggered
n = 1 Error
triggered
INT x x
$A_CMDSI 10-fold change timer timeout value for
long forced checking procedure pulses
and/or single-channel test stop logic.
Bit 0 = 0
10-fold time
active
BOOL x x x x
$A_LEVELSID Crosswise data comparison stack level
display: Number of signals for which
NCK and PLC detect different signals
0...320 INT x x
Note:
l -> read, s -> write
An implicit preliminary stop is generated
Only permitted in the commissioning phase
11.03 4 Data Descriptions
4.4 System variable
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-265
System variables
from SW 6
System variables Meaning Value range Data type Possible access for
Part
program
Synchr.
action
l s l s
Actual position
$A_XFAULTSI
(from SW 6.4.15)
0: In the crosswise data
comparison between NCK
and 611D of any axis, an
actual-value error has
been detected
1: In the crosswise data
comparison between NCK
and 611D of any axis, an
error was detected and
the delay time until
STOP B is initiated in this
axis is running or has
already expired.
[0,3] INT x x
$VA_XFAULTSI[axis]
(from SW 6.4.15)
0: For a crosswise data
comparison of this axis
between NCK and 611D,
an actual value error has
been detected
1: In the crosswise data
comparison between NCK
and 611D of any axis, an
error was detected and
the delay time until
STOP B is initiated in this
axis is running or has
already expired.
[0,3] INT x x
$VA_STOPSI
(from SW 6.4.15)
Actual Safety Integrated stop of
relevant axis
–1: No stop
0: Stop A
1: Stop B
2: Stop C
3: Stop D
4: Stop E
5: Stop F
10: Test stop
11: Test, external pulse
cancellation
[-1,11] INT x x
$VA_STOPESI
(from SW 6.4.15)
Actual Safety Integrated Stop E for
any axis
0: No stop
Otherwise: For one of the axes,
a Stop E is present
[0,MAX_INT] INT x x
$A_PLCSIIN
(from SW 6.3.30)
Single-channel direct
communication between NCK and
PLC-SPL. Signals can be written by
the PLC and read by the NCK.
[FALSE,
TRUE]
BOOL x x
$A_PLCSIOUT
(from SW 6.3.30)
Single-channel direct
communication between NCK and
PLC-SPL. Signals can be read by
the PLC and written by the NCK.
[FALSE,
TRUE]
BOOL x x
4 Data Descriptions 11.03
4.4 System variable
© Siemens AG 2003 All Rights Reserved
4-266 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
4.4.2 Description of the system variables
The safe actual value, used by SI, can be read and further processed from the
NC part program for every axis/spindle.
Example:
When an NC part program is started, Safety Integrated checks whether axis X
would move into the vicinity of shutdown limits as a result of the zero offsets
when a program is processed. The part program can be programmed as
follows, for example:
IF ($VA_IS[X] < 10000) GOTOF POS_OK ; if actual value too high,
MESG ("Axis has nearly reached limit switch!") ; then message,
POS_OK: ; otherwise, continue here
...
The variable can also be used in synchronous actions in order to reduce the
override when the axis is nearly at the limit switch.
Both variable $VA_IS and variable $AA_IM can be used to read actual values.
Table 4-60 Difference between $VA_IS and $AA_IM
Variable Meaning
$VA_IS Reads the actual value used by Safety Integrated
$AA_IM Reads the actual value (setpoint of position closed-loop control) used by
the closed-loop control
References: /PGA/, Programming Guide, Production Planning
Reading actual value crosswise data comparison errors using system
variables
If a crosswise data comparison between NCK and 611 digital detects errors,
the response is determined by the current operating state:
• SBH, SG, SE or SN active: After a Stop F, a crosswise data comparison
error leads to a Stop B, which initiates the fastest possible braking of the
axis. Then a Stop A is initiated and the pulse enable is cancelled.
• SBH and SG are not active and SE/SN are not used or Stop C/D/E has
already been activated: In this case, a Stop F due to a crosswise data
comparison error does not result in any further action – only Alarm 27001
is output that provides information. Processing then continues.
This chain of responses is not altered to ensure personnel safety.
To allow responses to a crosswise data comparison error, a new system
variable $A_XFAULTSI is introduced and indicates that a crosswise data
comparison error has occurred on any of SI axes. Retraction can then be
initiated as a response to this system variable.
An axis-specific system variable $VA_XFAULTSI[<Axis name>] is also
introduced so that, if necessary, axis-specific responses can be configured for
particular applications.
System variable
$VA_IS
Difference between
$VA_IS and $AA_IM
System variables
$A_XFAULTSI and
$VA_XFAULTSI
11.03 4 Data Descriptions
4.4 System variable
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-267
The system variables are only set as reference if crosswise data comparison
errors occur.
The system variables are updated whether or not the SI monitoring functions
are active or not active.
The Stop F error codes that result in the system variables being set are listed in
Chapter 4.4.
Axial system variable that contains the current stop. In the case of a value of 2,
a Stop E is active for this axis.
Global system variable that uses a value not equal to 0 to indicate that a Stop E
is active on one of the axes.
The status signals of the NCK monitoring channel in the NCK-SPL can be used
via these system variables. Each of the system variables $A_INSI[1...64] can
be assigned any safety-relevant output signal or the AND operation of several
signals via axial MD $MA_SAFE_xxx_OUTPUT. These system variables can
only be read by the user program.
Parameterizing example
- $MA_SAFE_CAM_PLUS_OUTPUT[0] = 04010101H
=> SGA "Cam 1+" can be evaluated in the SPL via system variable
$A_INSI[1].
For a precise description of MD parameterization refer to Chapter 4, "Machine
data for SINUMERIK 840D".
Programming example:
; Copying an SGA from the internal SPL interface
; into the external SPL interface (NCK I/O)
N1010 IDS = 01 DO $A_OUTSE[1] = $A_INSI[1]
These system variables can only be read by the user program.
The status signals of the NCK monitoring channel in the NCK-SPL can be
evaluated double-word-serial via this system variable:
$A_INSID[1] corresponds to $A_INSI[1...32]
$A_INSID[2] corresponds to $A_INSI[33...64]
These system variables can only be read by the user program.
The control signals of the NCK monitoring channel can be addressed from the
NCK-SPL via these system variables. Each of the system variables
$A_OUTSI[1...64] can be assigned any one or several safety-relevant input
signals simultaneously via the axial MD $MA_SAFE_ xxx_INPUT.
Parameterizing example
- $MA_SAFE_VELO_SELECT_INPUT[0] = 04010204H
=> SGE "SG selection, bit0" is controlled in the SPL via system variable
$A_OUTSI[36].
Programming example:
; SGA "Cam 1+" (see above) controls SG selection
;
N1020 IDS = 02 DO $A_OUTSI[36] = $A_INSI[1]
System variable
$VA_STOPSI
System variable
$A_STOPESI
System variables
$A_INSI[1...64]
System variables
$A_INSID[1,2]
System variables
$A_OUTSI[1...64]
4 Data Descriptions 11.03
4.4 System variable
© Siemens AG 2003 All Rights Reserved
4-268 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
These system variables can be read and written by the user program.
The control signals of the NCK monitoring channel in the NCK-SPL can be
addressed double-word-serial via these system variables:
$A_OUTSID[1] corresponds to $A_OUTSI[1...32]
$A_OUTSID[2] corresponds to $A_OUTSI[33...64]
These system variables can be read and written by the user program.
Up to 64 external control signals can be used in the NCK-SPL via these system
variables. The status of one byte of an NCK I/O input module can be assigned
to a block of eight system variables via
MD $MN_SAFE_IN_HW_ASSIGN[0...7].
$MN_SAFE_IN_HW_ASSIGN[0] -> $A_INSE[1...8]
$MN_SAFE_IN_HW_ASSIGN[1] -> $A_INSE[9...16]
$MN_SAFE_IN_HW_ASSIGN[2] -> $A_INSE[17..24]
$MN_SAFE_IN_HW_ASSIGN[3] -> $A_INSE[25..32]
$MN_SAFE_IN_HW_ASSIGN[4] -> $A_INSE[33..40]
$MN_SAFE_IN_HW_ASSIGN[5] -> $A_INSE[41..48]
$MN_SAFE_IN_HW_ASSIGN[6] -> $A_INSE[49..56]
$MN_SAFE_IN_HW_ASSIGN[7] -> $A_INSE[57..64]
For a precise description of MD parameterization refer to Chapter 4, "Machine
data for SINUMERIK 840D".
The user program can only read these system variables.
The external control signals can be evaluated double-word-serial in the NCK-
SPL via these system variables:
$A_INSED[1] corresponds to $A_INSE[1...32]
$A_INSED[2] corresponds to $A_INSE[33...64]
The user program can only read these system variables.
Up to 64 external status signals can be addressed by the NCK-SPL via these
system variables. The status of eight system variables can be copied to an
NCK I/O output module via MD $MN_SAFE_OUT_HW_ASSIGN[0...7].
$MN_SAFE_OUT_HW_ASSIGN[0] <- $A_OUTSE[1...8]
$MN_SAFE_OUT_HW_ASSIGN[1] <- $A_OUTSE[9...16]
$MN_SAFE_OUT_HW_ASSIGN[2] <- $A_OUTSE[17..24]
$MN_SAFE_OUT_HW_ASSIGN[3] <- $A_OUTSE[25..32]
$MN_SAFE_OUT_HW_ASSIGN[4] <- $A_OUTSE[33..40]
$MN_SAFE_OUT_HW_ASSIGN[5] <- $A_OUTSE[41..48]
$MN_SAFE_OUT_HW_ASSIGN[6] <- $A_OUTSE[49..56]
$MN_SAFE_OUT_HW_ASSIGN[7] <- $A_OUTSE[57..64]
For a precise description of MD parameterization refer to Chapter 4, "Machine
data for SINUMERIK 840D".
These system variables can be read and written by the user program.
System variables
$A_OUTSID[1,2]
System variables
$A_INSE[1...64]
System variables
$A_INSED[1,2]
System variables
$A_OUTSE[1...64]
11.03 4 Data Descriptions
4.4 System variable
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-269
The external status signals can be addressed double-word-serial from the
NCK-SPL via these system variables:
$A_OUTSED[1] corresponds to $A_OUTSE[1...32]
$A_OUTSED[2] corresponds to $A_OUTSE[33...64]
These system variables can be read and written by the user program.
Up to 64 status bits of the SPL can be flagged via these system variables. The
markers are read and written directly in the NCK-SPL.
Programming example:
N1030 IDS = 03 DO $A_MARKERSI[2] = $A_OUTSI[1] AND
$A_INSE[2]
N1040 IDS = 04 DO $A_OUTSE[1] = $A_MARKERSI[2]
The SPL status bits can be addressed word-serial via these system variables.
$A_MARKERSID[1] corresponds to $A_MARKERSI[1...32]
$A_MARKERSID[2] corresponds to $A_MARKERSI[33...64]
Up to sixteen timer stages can be programmed using these system variables.
Programming example:
; Set marker once after two seconds, reset
; timer value and stop timer.
N1050 IDS = 05 WHENEVER $A_TIMERSI[1] > 2.0 DO
$A_TIMERSI[1] = 0.0 $A_TIMERSI[1] = -1.0
$A_MARKERSI[2] = 1
This system variable can be used in the NCK-SPL to evaluate whether, in the
crosswise data comparison between NCK and PLC, an error was detected in
the two-channel control/processing of the control and status signals. This gives
the user the opportunity to respond to this error with special synchronous
actions.
Programming example:
; For crosswise data comparison error, set the ext. output
N1060 IDS = 06 WHENEVER $A_STATSID <> 0 DO $A_OUTSE[1] = 1
The user program can only read this system variable.
The system variable can be used to increase the time up to 10 s for the signal
change monitoring in the crosswise data comparison between NCK and PLC.
This extension is used, among other things, to carry-out the test stop function
that must be separately perform for the NCK and drive monitoring channel.
Signal differences between the NCK and PLC system variables up to a period
of 10s are tolerated without Alarm 27090 being output.
This system variable can be read and written by the user program.
System variables
$A_OUTSED[1,2]
System variables
$A_MARKERSI[1...64]
System variables
$A_MARKERSID[1,2]
System variables
$A_TIMERSI[1...16]
System variable
$A_STATSID
System variable
$A_CMDSI[1]
4 Data Descriptions 11.03
4.4 System variable
© Siemens AG 2003 All Rights Reserved
4-270 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
This system variable is used to display the stack level of the signal change
monitoring in the crosswise data comparison between NCK and PLC. This
variable indicates the current number of signals to be checked by the crosswise
data comparison function.
Images of the PLC-SPL interface and markers are provided to make it easier to
commission the SPL. Access to these variables is no longer allowed in the final
NCK-SPL program, i.e. they are only permitted in the commissioning phase!
Images of the PLC-side internal SPL input signals (status signals from the drive
monitoring channel) can be read via these system variables.
Associated DB18 values: DB18.DBX54.0 ... DBX61.7
Images of the PLC-side internal SPL input signals (status signals from the drive
monitoring channel) can be read double-word-serial (32bit) via these system
variables.
Associated DB18 values: DB18.DBD54, DBD58
Images of the PLC-side internal SPL output signals (control signals to the drive
monitoring channel) can be read via these system variables.
Associated DB18 values: DB18.DBX62.0 ... DBX69.7
Images of the PLC-side internal SPL output signals (control signals to the drive
monitoring channel) can be read double-word-serial (32bit) via these system
variables.
Associated DB18 values: DB18.DBD62, DBD66
Images of the PLC-side external SPL input signals (control signals to the PLC-
SPL) can be read via these system variables.
Associated DB18 values: DB18.DBX38.0 ... DBX45.7
Images of the PLC-side external SPL input signals (control signals to the PLC-
SPL) can be read double-word-serial (32bit) via these system variables.
Associated DB18 values: DB18.DBD38, DBD42
Images of the PLC-side external SPL output signals (status signals from the
PLC-SPL) can be read via these system variables.
Associated DB18 values: DB18.DBX46.0 ... DBX53.7
System variable
$A_LEVELSID
Commissioning SPL
System variables
$A_INSIP[1...64]
System variables
$A_INSIPD[1,2]
System variables
$A_OUTSIP[1...64]
System variables
$A_OUTSIPD[1,2]
System variables
$A_INSEP[1...64]
System variables
$A_INSEPD[1,2]
System variables
$A_OUTSEP[1...64]
11.03 4 Data Descriptions
4.4 System variable
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 4-271
Images of the PLC-side external SPL output signals (status signals from PLC-
SPL) can be read double-word-serial (32bit) via these system variables.
Associated DB18 values: DB18.DBD46, DBD50
Images of the PLC-side SPL markers can be read via these system variables.
Associated DB18 values: DB18.DBX70.0 ... DBX77.7
Images of the PLC-side SPL markers can be read double-word-serial (32bit) via
these system variables.
Associated DB18 values: DB18.DBD70, DBD74
Direct single-channel communications between NCK and PLC-SPL. Signals
can be written by the PLC and read by the NCK.
Direct single-channel communications between NCK and PLC-SPL. Signals
can be read by the PLC and written by the NCK.
The system variables are updated in the same clock cycle as the crosswise
data comparison between the NCK and the PLC.
These system variables can only be accessed reading.
These system variables may only be used in the commissioning phase.
As soon as commissioning has been signaled as completed, access to these
system variables is disabled. If these program commands are processed, this is
indicated as an error with Alarm 17210.
Note
Write access operations to all named system variables
$A_OUT..../$A_MARKER... and $A_TIMERSI is only possible from the
program saved in program file /_N_CST_DIR/_N_SAFE_SPF reserved for the
SPL. Access operations from other programs are flagged as an error with
Alarm 17070.
System variables
$A_OUTSEPD[1,2]
System variables
$A_MARKERSIP[1..64]
System variables
$A_MARKERSIPD[1,2]
System variable
$A_PLCSIIN
System variable
$A_PLCSIOUT
General information
about system
variables $A_xxxP(D)
4 Data Descriptions 11.03
4.4 System variable
© Siemens AG 2003 All Rights Reserved
4-272 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Notes
11.03 5 Commissioning
5.1 Commissioning SINUMERIK 840D
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-273
5 Commissioning
5.1 Commissioning SINUMERIK 840D ............................................................. 5-275
5.1.1 Commissioning procedure .................................................................... 5-275
5.1.2 First commissioning.............................................................................. 5-276
5.1.3 Series commissioning........................................................................... 5-279
5.1.4 Upgrading software .............................................................................. 5-280
5.1.5 Changing data ...................................................................................... 5-280
5.2 Acceptance report....................................................................................... 5-282
5.3 Conventional acceptance test..................................................................... 5-286
5.4 NCK acceptance test support ..................................................................... 5-288
5.4.1 Scope of the test list ............................................................................. 5-289
5.4.2 Internal mechanisms to support the test procedure .............................. 5-290
5.4.3 Trace techniques .................................................................................. 5-292
5.4.4 Basic operating information and instructions ........................................ 5-293
5.5 Diagnostics ................................................................................................. 5-294
5.5.1 Troubleshooting procedure................................................................... 5-294
5.5.2 Diagnostics support by configuring your own extended alarm text........ 5-298
5.5.3 Servo trace bit graphics for Safety Integrated....................................... 5-301
5.5.4 Bit graphics for SI signals in the servo trace ......................................... 5-304
5
5 Commissioning 11.03
5.1 Commissioning SINUMERIK 840D
© Siemens AG 2003 All Rights Reserved
5-274 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
The function "safe software limit switch" (SE) is also called "safe limit position"
and the function "safe software cams" (SN) is also called "safe cams".
Note
If SI functions SH, SBH and SG have been enabled, then they become
operational after the control system has run-up (basic display on screen).
Cam and limit positions can be evaluated reliably for the SN and SE functions
once the axes have been "safely" referenced.
!
Caution
Protection of operating personnel must be the primary consideration when
configuring machine data for SINUMERIK Safety Integrated®. This is this
reason that the parameterizable tolerances, limit values and delay times
should be determined and optimized during the commissioning phase
dependent on the machine design and arrangement.
11.03 5 Commissioning
5.1 Commissioning SINUMERIK 840D
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-275
5.1 Commissioning SINUMERIK 840D
5.1.1 Commissioning procedure
In order to commission the SI functions, the "Start-up\machine configuration"
display must be selected in the basic control display using the STARTUP
softkey. For example, the following screen is displayed:
T-Nr.
Suchen
Neue
Schneide
Neues
Werkzeug
Werkzeug-
verwaltung
Lšschen
Werkzeug-
korrektur
P-Para-
meter
Setting
Daten
Anwender-
daten
Nullpkt.
Verschieb
MPF.DIR
TEST.MPF
Kanal aktiv
Programm lŠuft
AUTO CHAN1Parameter
T-Nr.
-
D-Nr.
+
D-Nr.
-
:
:
:
:
:
:
T-Nummer 1
Werkzeugtyp 100
Schneidenlage 1
D-Nummer 1 Schneidenanzahl 1
Geometrie Verschlei§
Grad
Basis
LŠngenkorrektur
Radiuskorrektur
LŠngenkorrektur
LŠnge 1 : mm
LŠnge 2 :
Freiwinkel
DP25.res :
mm
LŠnge 3 : mm
Radius : mm
DP7.18.res
DPR.17.res
DP9.18.res
DP10,19.res
DP11,20.res
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
0.000
Werkzeugkorrekturdaten
V24
Stop
PG
Archiv
Schnitt-
stelle
Daten ein Daten aus Serien-
IBN
Daten
verwalten
Daten-
Auswahl
Systemein-
stellungen
Protokoll
Dienste
Programm angehalten:
Kanal aktiv
AUTO CHAN1
SKP DAY ROV SBL2 MO1 DRF PRT FST
EXIT
Programme/Daten
Freier Speicher: Festplatte: NCU: 2355.565.568
Name Typ LŠnge Datum Freigabe
X10.04.95DIR GP-Makros
Diagnose DIR 10.04.95 X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
10.04.95
10.04.95
10.04.95
10.04.95
10.04.95
10.04.95
10.04.95
10.04.95
10.04.95
10.04.95
10.04.95
10.04.95
10.04.95
10.04.95
DIR
DIR
DIR
DIR
DIR
DIR
DIR
DIR
DIR
DIR
MDN
DIR
DIR
DIR
Datenhaltung
Dialog-Programmierung
DP-Anwenderbilder
DP-Werkzeuge
DP-Hilfe
DP-Basisinfo
HSA-Daten
MBDDE-Alarmtexte
Teileprogramme
NC_Daten
OEM-Daten
Unterprogramme
System
Technologie-Speicher
MMC-Alarm
quittieren
Alarme Meldungen Alarm-
protokoll
Service-
anzeigen
PLC-
Status
Diagnose
Programm abgebrochen:
Kanal RESET
MMC MMC_1
JOG MPF.DIR
MAR.MPF
CHAN1
ROV FST
25030 Standard-Maschine: Achse X1 Istgeschwindigkeit Alarmgrenze
Alarme
Nr. Datum Lšsch. Text
25030 02.01.96
11:10:50
Standard Maschine: Achse XI Istgeschwindigkeit Alarmgrenze
i
Machine
data
User
views
NC PLC MMC
Drives
Servo
Start-up MPF.DIR
MAR.MPF
Program aborted
Channel reset
Machine configuration
JOGCHAN1
ROV
Machine axis Drive Channel
Index Name Type Number Type
1 X1 Linear axis 6 VSA
2 Y1 Linear axis 7 VSA
3 Z1 Linear axis 10 VSA
4 A1 Spindle 14 HSA
Current access level manufacturer
Tool
managem.
LCD brighter
LCD darker
Change
language
NCK
Reset
Password...
De-
activate
1
1
1
1
Fig. 5-1 Example of display for "Start-up\Machine configuration" on 840D
An NCK RESET can be executed in this display.
The softkey "MACHINE DATA" must be selected to allow SI data to be entered.
To copy and confirm SI data, select the softkey labeled DRIVE CONFIG. to call
the appropriate display. The following screenshot is an example of this display:
Configuring safety-
relevant functions
5 Commissioning 11.03
5.1 Commissioning SINUMERIK 840D
© Siemens AG 2003 All Rights Reserved
5-276 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Fig. 5-2 Example of display for "Start-up\Drive configuration" on 840D
When the softkey is pressed, all NC machine data, relevant for the SI functions,
is transferred into the appropriate drive machine data.
The commissioning engineer must separately enter the SI machine data to
define the encoder mounting relationships separately for the NCK and drive.
The copy function cannot be used to transfer the drive machine data marked in
the Table "Machine data for SIMODRIVE".
The boot files are automatically saved after data has been copied.
After an NCK RESET and the current checksum is saved by selecting the
softkey labeled CONFIRM SI DATA in the "Drive configuration" display and
acknowledging the following dialog box with "OK". From now on the SI data will
be monitored for changes. The boot files are automatically saved after being
acknowledged.
5.1.2 First commissioning
It is advisable to commission the machine so that at least the axes can be
moved. The safety monitoring functions can then be immediately tested after
SI data has been entered. This type of test is absolutely essential in order to
detect any data entry errors. This test is referred to as the "acceptance test".
The following steps must be taken in the specified sequence to commission
SI functions:
Enable option
Softkey
COPY SI DATA
Softkey
CONFIRM SI DATA
Step 1
Enable option
11.03 5 Commissioning
5.1 Commissioning SINUMERIK 840D
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-277
• Basic "start-up" display: Set the password (at least machine manufacturer
password) by selecting softkeys PASSWORD\SET PASSWORD
• "General machine data" display:
Enter the number of axes for which safety monitoring functions need to be
activated in the option machine data.
Enter the monitoring clock cycle
• "General machine data" display:
Enter the factor for the monitoring clock cycle in data
$MN_SAFETY_SYSCLOCK_TIME_RATIO (refer to Chapter 2, "Safety
monitoring cycle and crosswise comparison cycle").
• The actual monitoring time is immediately displayed in data
$MN_INFO_SAFETY_CYCLE_TIME.
Note
Before you perform an NCK RESET, you must copy the current monitoring
clock cycle to machine data $MD_SAFETY_CYCLE_TIME of the drive by
selecting softkey COPY SI DATA in the "Drive configuration" display.
Set the monitoring function for all of the axes to be safely monitored.
Enter the following in the specified sequence in the "axis-specific machine data"
display
• Function enabling bits
• Axis characteristics (rotary or linear axis)
• Measuring-circuit assignment, i.e. which encoder will supply the "safety"
actual value, what type of encoder it is and how it is mechanically flanged.
• For rotary axes, an NCK RESET must be given.
• Monitoring limits and tolerances
• Changeover and monitoring times
• Stop responses after a monitoring function has responded
• Assignment of safety-relevant inputs and outputs, i.e. which hardware
terminals are supplying the drive signals for the NC monitoring channel
and where are the checkback and cam signals being sent (the PLC
accepts this link for the drive monitoring channel, i.e. there are no
corresponding drive machine data).
Recommendation:
The software switches should be set closer together while the system is being
commissioned.
Assign measuring circuits and actual values to axes/spindles
• Select the softkey labeled COPY SI DATA in the "Drive configuration"
display
Step 2
Monitoring cycle
Step 3
Set axis monitoring
Step 4
Actual value and
measuring circuit
assignment
5 Commissioning 11.03
5.1 Commissioning SINUMERIK 840D
© Siemens AG 2003 All Rights Reserved
5-278 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
• Enter the measuring circuit assignment, i.e. which encoder will supply the
safe actual value - the type of encoder being used and how it is
mechanically flange mounted - for each drive in the "FD machine data" or
"MSD machine data" display. For ERN 1387 encoders, this step is not
required; for EQN 1325 encoders, only the data for the absolute encoder
has to be set. At the same time, the data, copied using the softkey, can be
subject to a visual check.
• If you alter anything in the "FD or MSD" display, select the softkey SAVE
BOOTFILES to transfer the setting to the non-volatile memory.
• Carry-out an NCK RESET.
Acknowledge and save the monitoring data
• Press the CONFIRM SI DATA softkey in the "Drive configuration" display
A dialog box describing the function of the softkey then appears. Select OK
to acknowledge the box. The actual checksum of the safety-relevant data
is then saved in both monitoring channels and monitored for changes from
this point onwards.
Drive data is also automatically saved to a non-volatile memory (as with
SAVE BOOTFILES).
A dialog box is now displayed on the screen requesting you to perform an
acceptance test. You must acknowledge the box.
• The safety monitoring functions are now ready to be used and can be
activated as described in Chapter 2, "Monitoring clock cycle and crosswise
data comparison clock cycle".
Enter a user agreement (refer to Chapter 2, "User agreement")
• The safe limit positions and safe cams are now activated (provided that
they have been enabled, refer to Chapter 2, "Enabling safety-relevant
functions"). This step can be omitted if you do not wish to use either of
these functions.
• Key-operated switch position 3 must be set for "User agreement".
Carry-out general machine tests.
• Optimize the axes/spindle.
• Adjust SI functions (monitoring limits, timers).
Carry-out the acceptance test and enter in the logbook.
• A function test must be carried-out for all of the enabled safe monitoring
functions for each axis/spindle. For suggestions on how to test activated
SI functions, please refer to Chapter 5, "Acceptance test" and "Acceptance
report"
Step 5
Acknowledge/save
monitoring data
Step 6
User agreement
Step 7
Machine
commissioning
Step 8
Acceptance test
11.03 5 Commissioning
5.1 Commissioning SINUMERIK 840D
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-279
All standard monitoring functions (e.g. zero-speed monitor, software limit
switches) that were de-activated or altered for the purpose of the acceptance
test must now be re-activated/returned to original settings.
Save machine data.
• Use the SERVICES\DATA OUTPUT softkeys to save all machine data to
an external computer or the hard disk in the MMC. This data can be used
to commission series equipment.
• In order to carry-out series commissioning, the machine data of the NCK
and drive must be available as separate data sets (the softkey COPY SI
DATA may not be used for the purpose of commissioning series
equipment).
!
Caution
On completion of the acceptance text, all illegal (old) MD files must be
removed from the hard disk (to avoid confusion between old and new data).
The data that corresponds to the acceptance test data must be backed-up
(archived).
Delete password .
To delete the password, go to the screen "Start-up\Machine configuration" and
select the vertical softkey labeled PASSWORD...\DELETE PASSWORD.
5.1.3 Series commissioning
The settings for the safety monitoring functions are automatically transferred
with other data in the course of a normal series commissioning process. The
following steps need to be taken in addition to the normal commissioning
procedure:
1. Enter a user agreement
2. Carry-out an acceptance test
(individual monitoring functions must be randomly tested).
Note
When series machines are commissioned, two separate data sets for the
drive and NCK must be downloaded into the control system. The copy
function may be used after machine data have been altered.
The following sequence of operations makes sense when commissioning series
equipment:
• Download the data set for the series machine (separate sets for NCK and
drive) into the control system.
• Adjust the absolute encoder
• Carry out a POWER ON.
This ensures that any errors, i.e. deviations in data content that may exist
between the NCK and drive will be detected by the checksum check and
crosswise data comparison.
Step 9
Re-activate standard
monitoring functions
Step 10
Save machine data
Step 11
Delete password
Sequence of
operations for series
commissioning
5 Commissioning 11.03
5.1 Commissioning SINUMERIK 840D
© Siemens AG 2003 All Rights Reserved
5-280 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The data must be checked if an error is detected.
If an error is not detected, then data has not been changed and is identical
to the acceptance test data. The copy function may be used if data is
subsequently altered.
• Carry-out random function tests. The tests are required for acceptance of
the new machine.
• Set special features
When special features are set, each altered safety data must be checked.
The copy functions may be used.
5.1.4 Upgrading software
!
Important
Please carefully read the instructions in the relevant Update Guide before
updating the software.
5.1.5 Changing data
The user must enter the correct password before he can transfer the machine
data for SI functions to the system. After data for SI functions has been altered,
a new acceptance test must be carried-out on the SI function(s) involved and
then recorded and confirmed in the acceptance report.
Changes made to NCK machine data important for Safety Integrated are
recorded in a display data. These change times are displayed in axial MD
36996: $MA_SAFE_CONFIG_CHANGE_DATE[0...4].
This MD can neither be overwritten by manual entry nor by loading an MD
archive. It can only be deleted by running-up the control from the general reset
mode (switch position 1).
After the control has been run-up from the general reset mode, nothing is
displayed in the MD.
36996: SAFE_CONFIG_CHANGE_DATE[0] 25/08/98 17:35:23
This data is updated when the following changes are made to the NCK
machine data:
• Activation of an altered safety MD configuration
(NCK safety MD have been changed and confirmed by correction of
$MA_SAFE_DES_CHECKSUM).
• Alteration of MD $MA_SAFE_FUNCTION_ENABLE from values not equal
to zero to zero, or from zero to values not equal to zero. These changes
mean that the safety functionality of an axis are completely enabled/
disabled.
Other changes to MD $MA_SAFE_FUNCTION_ENABLE always change
MD $MA_SAFE_ACT_CHECKSUM, which themselves have to be
acknowledged by changes to MD $MA_SAFE_DES_CHECKSUM.
Change report
11.03 5 Commissioning
5.1 Commissioning SINUMERIK 840D
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-281
• Changes to MD $MA_SAFE_FUNCTION_ENABLE by limiting the safety
option. If the scope of axial safety functions is enabled for more axes than
are set in the safety option data, the function enable are automatically
cancelled again for the excess number of axes when the control runs-up.
• Loading an MD archive that is different to the NCK MD set currently active
• Upgrade (corresponds to downloading an MD archive)
• Series commissioning (corresponds to downloading an MD archive).
Changes to the MD configuration are only noted when the change becomes
active, i.e. after altering MD $MA_SAFE_DES_CHECKSUM and subsequent
power on. This MD is calculated, effective immediately, also for axes that were
not released for Safety Integrated.
Limitations
5 Commissioning 11.03
5.2 Acceptance report
© Siemens AG 2003 All Rights Reserved
5-282 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
5.2 Acceptance report
The machine manufacturer must perform an acceptance test of the activated SI
functions on the machine. This test must provoke that all of the limit values are
violated for the enabled SI functions to ensure that they are operating correctly.
Note
Some of the standard NC monitoring functions, such as zero speed
monitoring, software limit switches, etc. must be de-activated (monitoring
limits must be made less sensitive) before the acceptance test is carried out.
The function sequences can be acquired and listed using the servo trace
function (840D, from SW 4.2 onwards) or using the D/A converter output.
References /IAD/, SINUMERIK 840D Installation & Start-Up Guide
Note
If the machine data of SI functions are changed, a new acceptance test must
be carried-out for the modified SI function and recorded in the acceptance
report.
All SI functions must be acceptance-tested by an authorized person and the
test results recorded in a test report. The report must be signed by the person
who carried-out the acceptance tests. The acceptance test report must be kept
in the logbook of the particular machine.
After the SPL has been commissioned the access rights for the NCK-SPL
(SAFE.SPF) via the HMI interface must be reduced to the manufacturer or
service level and documented in the acceptance report.
Authorization in the above sense is a person authorized by the machine
manufacturer who on account of his or her technical qualifications and
knowledge of the safety functions has the necessary skill sets to perform the
acceptance test in the correct manner.
Note
• Please refer to the information in Chapter 5, "Commissioning for
SINUMERIK 840D".
• The acceptance report presented below is both an example and
recommendation. The specified values apply to the system chosen for
this particular example.
• Template for the acceptance report:
An electronic template for the acceptance report is available:
– in the toolbox for SINUMERIK 840D
– on DOCONCD for SINUMERIK 840D
– on the service CD for SINUMERIK 840
• The acceptance report comprises checking the alarm displays and
including the alarm reports in the overall acceptance report. In order to
obtain reproducible and comparable alarm displays, during the
acceptance test, MD 10094: $MN_SAFE_ALARM_SUPPRESS_LEVEL
must be set to 0 in order to avoid suppressing alarm outputs.
Authorized person,
acceptance report
11.03 5 Commissioning
5.2 Acceptance report
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-283
A full acceptance test (as described in this Chapter) must always be carried-out
when the functionality of Safety Integrated is commissioned for the first time on
a machine.
Extended safety-relevant functionality, transferring the commissioned software
to additional series machines, modifications to the hardware, software
upgrades etc. may make it necessary to carry-out the acceptance test with a
reduced test scope. The conditions prescribing the necessity for, or giving
suggestions for the required test scope are given below.
In order to define a partial acceptance test it is first necessary to describe the
individual parts of the acceptance test and then define logical groups that
represent the components of the acceptance text.
DOCUMENTATION
Documentation of the machine incl. safety functions
1. Machine description (with overview)
2. Details about the control system
3. Configuration plan
4. Function table
Active monitoring functions depending on the operating mode, the
protective doors and other sensors
Ideally, this table should be the object and result of the configuring work.
5. SI functions per axis
6. Information about the safety equipment.
FUNCTION TEST PART 1
General function check incl. checking the wiring/programming
7. Test the shutdown paths path
(test the forced checking procedure of the shutdown paths)
8. Test the external stops
9. Test the forced checking procedure of the inputs and outputs
10. Test the crosswise data comparison of the basic Safety Integrated
functions and Safety Integrated SPL system variables
11. Test the EMERGENCY STOP function and the safety circuits
12. Test the changeover of SI functions.
FUNCTION TEST PART 2
Detailed function test incl. checking the values of the individually used SI
functions
13. Test the SI function "safely-reduced speed" – SG
(in each case with evaluated measurement diagram and measured values)
14. Test the SI function "safe operating stop" – SBH
(in each case with evaluated measurement diagram and measured values)
15. Test the SI function "safe software limits" – SE
(in each case with evaluated measurement diagram and measured values)
Necessity of an
acceptance test
Overview/definitions
for performing the
acceptance test
Contents of the full
acceptance test
5 Commissioning 11.03
5.2 Acceptance report
© Siemens AG 2003 All Rights Reserved
5-284 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
16. Test the SI function "safe cams" – SN
(check using the diagnostics display and assigned SGAs)
17. If necessary, test of SI function "external stops"
in each case with evaluated measurement diagram and measured values.
COMPLETION OF THE REPORT
A report of the commissioning status that was checked is generated with the
appropriate counter-signatures
18. Check the SI machine data
19. Log the checksums (axis MD / SPL)
20. Complete the NCK commissioning
21. Complete the PLC commissioning
22. Verify the data backup
23. Counter-signature.
APPENDIX
Reports/measurement records for FUNCTION TEST PART 1/2
Alarm logs/servo trace measurements
Effect of the acceptance test for specific measures
Table 5-1 Depth of acceptance test as a function of specific measures
Measure DOCUMENT-
ATION
FUNCTION TEST
PART 1
FUNCTION TEST
PART 2
REPORT COMPLETION
Replace the encoder
system
(cf. 7.6.4)
No No Partial check of safe
actual values and
function of SE/SN
(axis specific)
No
Upgrade software
(NCU/drive/PLC)
Supplement
version data
Yes
with note about when
the new function is to
be introduced
Yes,
if system cycles or
acceleration behavior
(e.g. also jerk) have
been changed and
the new function tested.
Supplement,
possibly new checksums
and counter-signature
Upgrade software
(MMC)
Possible
supplement,
SW version
No No No
Replace NCU hardware
(e.g. upgrade of
NCU 572 <-> NCU 573)
If the NCU hardware is
identical, no measures
are necessary
Supplement the
hardware data
No Yes,
if system clock cycles
or dynamic response
were changed
Supplement,
possibly new checksums
and counter-signature
Replace control board
(e.g. from Standard.2 <->
Performance)
If control board is
identical, no measures
are necessary
Supplement,
hardware data/
configuration
No Partial,
if the system cycles or
dynamic response were
changed
(axis specific)
Supplement,
possibly new checksums
and counter-signature
Change an individual limit
value (e.g. SG limit)
Supplement,
SI functions per
axis
No Partial,
test the changed limit
value
Supplement,
new checksums and
counter-signature
Function expansion (e.g.
additional actuator,
additional SG stage)
Supplement,
SI functions per
axis or function
table
Yes
with note, if relevant
limited to adapted
parts
Partial,
test of possible
additional limit values
Supplement,
possibly new checksums
and counter-signature
11.03 5 Commissioning
5.2 Acceptance report
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-285
Transfer data to
additional machines with
series commissioning
Possibly
supplement,
machine
description
(check the SW
version)
Yes
with note
No
if data are identical
No
if data are identical
(check checksums)
Replace hardware of
SI-relevant peripherals
(e.g. I/O modules)
No Yes
with note about
limitation to replaced
components
No No
The acceptance report is included as a Word file in the toolbox supplied and is
made up of the following parts:
• System description
• Description of safety functions
• Test of safety functions.
5 Commissioning 11.03
5.3 Conventional acceptance test
© Siemens AG 2003 All Rights Reserved
5-286 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
5.3 Conventional acceptance test
The crosswise data comparison can be tested by removing the connectors from
the NCK I/O (NCU terminal block or mixed I/O modules).
The NCK and drive test stop can be checked by viewing the SGE/SGA signals.
SGEs:
Test stop selection (drive, also the interface signal DB <axis>.DBX23.7
status, pulses are cancelled (only axis).
SGAs:
Shutdown path NCK – enable pulses
Shutdown path checkback signal from the drive – pulses are cancelled, also the
interface signal DB<axis>.DBX108.2.
Negative test:
Remove the terminal block for AS1/ AS2 from the drive and carry-out the NCK
test stop. STOP A stop response must be initiated.
Test the SBH function by violating the monitoring limits
• Execute numerically controlled traversing motion (JOG).
• Provide positive feedback in the position closed-loop control by reversing
the polarity of the position actual value using the machine data.
• Start the function generator with speed controller/setpoint input
References /IAD/, SINUMERIK 840D Installation & Start-Up Guide
The distance traveled by the axis until it is stopped by the configured stop
response can be read from the actual value display. The time required to stop
the axis can be determined by recording the actual speed value via D/A
converters.
The following cases must be tested.
• Correct response:
After the active speed limit value has been exceeded, the axis must have
been stopped within the changeover time to SBH by the configured stop
response.
• Incorrect response:
After the active speed limit value was exceeded, the axis was not stopped
to SBH within the changeover time as a result of the configured stop
response. This results in a transition from STOP B to STOP A.
• Changeover between the SG limit values (if set). A limit value is selected
that is lower than the actual axis speed.
• Changeover between the SG and SBH functions.
Testing the SGAs
and SGEs
Checking the test stop
Testing the SBH
SI function
Testing the SG SI
function
11.03 5 Commissioning
5.3 Conventional acceptance test
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-287
Test the cams by traversing them at various axis speeds.
• Position the cam at the center of the axis. Traverse the cam at various axis
speeds and in the rapid traverse mode. Calculate the time and distance
traveled by the axis until the desired cam signal (NCK-SGA, PLC-SGA) is
output.
Test the limit positions/enstops by passing them at various axis speeds.
• Locate the limit position/enstops at the center of the axis. Pass the position
at various axis speeds and in the rapid traverse mode. Calculate the
remaining distance traveled by the axis until it is stopped by the configured
stop response. Locate the safe limit in front of the fixed endstop of the axis
at a distance corresponding to the calculated remaining distance plus a
safety margin defined by the machine manufacturer.
Testing the SN
SI function
Testing the SE
SI function
5 Commissioning 11.03
5.4 NCK acceptance test support
© Siemens AG 2003 All Rights Reserved
5-288 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
5.4 NCK acceptance test support
The requirements associated with an acceptance test can be derived from the
EU Machinery Directive. Presently IEC 22G WG 10 is working on a standard for
"functional safety". This also includes a specific description of the requirements
for an acceptance test. Accordingly, the machinery construction (OEM) is
responsible for the following:
• to carry-out an acceptance test for safety-relevant functions and machine
parts, and
• to issue an "Acceptance certificate" that includes the results of the test.
When using the Safety Integrated function, the acceptance test is used to
check the functionality of the SI monitoring functions used in the NCK, PLC and
drive. In this case, the correct implementation of the defined safety functions is
investigated, the implemented test mechanisms checked (forced checking
procedure measures) as well as the response of individual monitoring
functions, provoked by individually violating the tolerance limit. This should be
carried-out for the safety functions that were implemented using SPL as well as
all of the axial monitoring functions of the axes that are monitored with SI.
Previously, the result of the test was a manually created document (refer to
Section 5.2). The test steps required were accompanied, in some instances, by
changes made to the PLC program and to MD settings and the alarms that
were issued were documented. Further, servo trace plots were evaluated using
the associated measuring function and the results and graphics transferred into
a document that the OEM had created. The principle contents and structure of
such a document is described in Chapter 5.2 "Acceptance report".
Based on this method, the existing SI functionality was expanded in the NCK
and drive software in order, in conjunction with an operator interface (SinuCom
NC), to support and simplify the test procedure as well as the associated
documentation.
The objective of this support is to control the creation and administration of an
acceptance report and prepare and carry-out the required test steps using the
appropriate operator actions via the operator interface. The test steps that are
required as part of the acceptance test are not fully automatically executed but
are controlled using a skilled operator. This operator must carry-out the
measures, associated with the test step, at the system being tested.
The following mechanisms are applied in order to carry-out the test steps and
to optimize the creation of the acceptance report:
• Support when documenting the active monitoring functions and monitoring
limit values by reading-out the appropriate machine data.
• Support when documenting the checksum values.
• Standardization of the procedure when carrying-out the test, following a
pre-defined test list.
• The test time is reduced by preparing test procedures within the system,
automatic trace and evaluation techniques and reduced time when
acknowledging SI alarms that are output.
General
11.03 5 Commissioning
5.4 NCK acceptance test support
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-289
The acceptance test report function is based on the interaction between the
NCK/drive and the SinuCom NC operator interface. This means that if this
function is used, these components must have a certain minimum software
version.
SinuCom NC software Version 06.03.07. or higher
NCU system software Version 06.04.15 or higher
The basic functionality of the SinuCom NC software is explained within the
scope of its own documentation. This documentation also provides information
about the steps when handling the acceptance test support function, a
description of the screen forms and the menu prompting. This is the reason that
this is not handled in this documentation.
References: Start-up Tool SINUMERIK SinuCOM NC
Edition 08.2003
5.4.1 Scope of the test list
The test steps of the SI acceptance test, supported by the system, is based on
the previous test execution and comprises the following steps:
Designation Purpose of the test step
General
Overview Document the machine details (e.g. manufacturer, machine type,…)
Check the forced-checking procedure measures
Shutdown paths Test the forced checking procedure of the shutdown paths for the
NCK and drive.
External stops Test the forced checking procedure of the (used) external stop
responses (when using SPL).
SPL inputs/outputs Test the forced checking procedure (if required) of the external SPL
I/O.
Qualitative function checks
EMERGENCY STOP Test the internal EMERGENCY STOP functionality when executed
via external stop responses and the response to the external SPL I/O.
Inter-relationships between
functions
Test all of the states relevant for the safety functions that should be
first documented within the scope of a function table or similar
(interdependency of sensor signals, positions, modes).
In this case, the following should be taken into account – the active
monitoring function for SI-monitored axes (internal safety functions)
and the switching state of safety-related external SPL output
peripherals
Quantitative function checks
SBH (safe operating stop) Test the response when provoking that the SBH limit value is
exceeded and define associated characteristic quantities/parameters.
SG (safely-reduced speed) Test the response when provoking that the SG limit value is exceeded
and define associated characteristic quantities/parameters.
SE (safe software limit switch) Test the response when provoking that the SE limit value is exceeded
and define associated characteristic quantities/parameters.
Termination
Finished The test results are saved and loaded.
The acceptance report is generated based on the test results that
have been determined.
Software requirements
5 Commissioning 11.03
5.4 NCK acceptance test support
© Siemens AG 2003 All Rights Reserved
5-290 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
5.4.2 Internal mechanisms to support the test procedure
In order to support the execution of the individual test steps, defined states are
activated as a result of the interaction between the SinuCom NC operator
interface and NCK/drive. This creates the appropriate requirements relating to
the secondary conditions of the test step, that up until now, had to be manually
set.
If the acceptance test function is selected on the SinuCom NC operator
interface, then on the NCK side, the acceptance test phase is selected. As a
result, the acceptance test phase is continually active while working through the
test list.
In order to ensure that all of the SI alarms are output when they occur while
executing the test steps and that these SI alarms can also be logged, then the
alarm suppression that might have been set in MD 10094
$MN_SAFE_ALARM_SUPPRESS_LEVEL is not taken into account and
therefore does not have to be manually reset to 0 for the duration of the
acceptance test.
The acceptance test phase is de-selected by exiting the acceptance test
function.
For the new acceptance test support provided by the NCK and drive, the
SI functions to be tested are sub-divided into groups that require a specific
acceptance test mode (acceptance test from group 1, e.g. SBH test, SG test)
and in groups that do not require an acceptance test mode (acceptance tests
from group 2, e.g. acceptance test for SE).
For the test steps of group 1 – these include testing the SBH response and
SG response – an additional state is active under defined secondary
conditions. This state has specific internal features that support the test
procedure.
This acceptance test mode becomes active under the following secondary
conditions (in a test associated with group 1):
• There is no active SI power on alarm for the axis to be tested.
• The pulses of the axis to be tested are enabled.
• JOG is active as NC mode
• The SI monitoring function selected when carrying-out the test step is
active, i.e. if for example the SG2 test is selected as test, then if the SG1 is
active, the acceptance test mode (group 1) is not active.
• Both monitoring channels (NCK, drive) allow modes to be activated. The
state that is assumed is subject to a crosswise data comparison between
the NCK and drive.
For the active acceptance test mode (group 1) the following features are active
for the axis to tested:
• NCK (Alarm No. 27007) and drive (Alarm No. 300952) return the state
using the "Acceptance test mode active" alarm.
• The reference (setpoint) speed limit is de-activated via the axial MD 36933
$MA_ SAFE_DES_VELO_LIMIT. This means that the machine data is
internally handled as if it has been parameterized with 0%. This allows the
axis to be traversed in spite of the fact that the SBH monitoring is active or
Acceptance test phase
Acceptance test mode
Acceptance tests with
the acceptance test
mode
11.03 5 Commissioning
5.4 NCK acceptance test support
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-291
a traversing speed greater than the actual SG monitoring without having to
change the selected reference (setpoint) speed limiting.
• SI POWER ON alarms can be temporarily acknowledged with a reset so
that after an SBH response has been tested for an axis, an NCK reset
does not have to be initiated for the fault acknowledgement. The
acknowledgement criteria for the following alarms is involved:
Alarm No. NCK Alarm No. drive Alarm text
27010 300907 Tolerance for safe operating stop
exceeded:
27023 300901 STOP B activated
27024 300900 STOP A activated
• Traversing motion is possible in spite of the external Stop C/D. This means
that it is also possible to test the active SBH monitoring state that results
from an external Stop.
• An active Stop in another axis does not result in the traversing inhibit for
the axis being tested also for the setting MD 36964
$MA_SAFE_IPO_STOP_GROUP = 0 for this axis.
• When traversing the axes using the JOG buttons, then the set speed limits
are ignored – such as e.g. MD 32020 $MA_JOG_VELO – and the G0
value is activated as effective limit value (maximum axis speed).
This state is only active from time to time as the described acceptance test
mode has some associated internal and extensive consequences. It is de-
selected using the following conditions:
• As a result of an NCK Reset
• When an internal timer value expires that defines the maximum time that
the state can be active.
This timer value is set in the following machine data
MD 36958 $MA_SAFE_ACCEPTANCE_TST_TIMEOUT (NCK) and
MD 1358 $MD_SAFE_ACC_TEST_TIMEOUT (drive).
• Automatically when the measured value trace has been completed.
• If the monitoring function to be tested, that was active when selected, is no
longer active; e.g. when changing-over from SBH to SG monitoring with
the mode active.
• With the mode active, if the JOG NC mode is no longer active.
For test steps associated with group 2 – this also involves testing the SE
response – under defined secondary conditions, an additional state is active
that has specific internal features to support the test procedure.
This acceptance test (group 2) becomes active under the following secondary
conditions (in a test of group 2):
• There is no active SI power on alarm for the axis to be tested.
• The pulses of the axis to be tested are enabled.
• JOG is active as NC operating mode
• The SI monitoring function selected for the particular test step is active, this
means, for example, that if the SE1 test is selected as test, if SE2 is active,
the acceptance test mode (group 2) is not active.
• The NCK monitoring channel allows the mode to be activated through one
channel.
Acceptance tests
without acceptance
test mode
5 Commissioning 11.03
5.4 NCK acceptance test support
© Siemens AG 2003 All Rights Reserved
5-292 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The following features apply for an active acceptance test (group 2) for the axis
to be tested:
• The NCK returns the state (Alarm No. 27008) via the alarm "single-channel
software limit switch de-activated".
• The single-channel software limit switches (set positions, refer to MD
36100 to MD 36130) are de-activated. This means that an axis can pass
these software limit switches without having to change the associated
machine data.
The acceptance test (group 2) is again de-activated for the following conditions:
• As a result of an NCK reset.
• When an internal timer value expires that defines the maximum time that
the state can be active.
This timer value is set in the following machine data
MD 36958 $MA_SAFE_ACCEPTANCE_TST_TIMEOUT (NCK) and
MD 1358 $MD_SAFE_ACC_TEST_TIMEOUT (drive).
• Automatically when the measured value trace has been completed.
• If the monitoring function to be tested, that was active when selected, is no
longer active; e.g. when changing-over from SE1 to SE2 monitoring with
the mode active.
• With the mode active, if the JOG NC mode is no longer active.
5.4.3 Trace techniques
A test is carried-out prompted step-by-step using the SinuCom NC operator
interface. There are various trace techniques, which can be used to confirm
and log as to whether the test was positively carried-out.
Text entry by the operator
A table or cell for the user documentation is provided for the test. This should
then be completed corresponding to the specifications. In addition to how the
test is initiated, the text entry includes, e.g. the description of test situations and
responses or similar.
Alarms that have occurred are automatically logged
Specific system and user alarms expected for the test step that are
automatically logged after data trace has been started. After the appropriate
data has been traced, the selection of alarms to be logged can be reduced to
those alarms that are relevant for the specific test step.
Internal signal trace function
The SinuCom NC internal trace function is started when the data trace is
started and the signals, relevant for the specific test step, recorded. After the
appropriate trace time (the relevant signal changes have taken place), then the
trace must be manually terminated.
TEXT
ALARM
TRC
11.03 5 Commissioning
5.4 NCK acceptance test support
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-293
Internal signal trace function with additional automatic determination of
the characteristic quantities
The SinuCom NC internal trace function is started when the data trace is
started and the signals, relevant for the specific test step, recorded. The trace is
automatically terminated after the appropriate (expected) signal changes and
transitions and the appropriate characteristic quantities are automatically
determined and displayed for the test. It is not necessary to manually terminate
the trace.
Designation of the test step TEXT ALARM TRC TRC+
General
Overview X
Checking the forced-checking procedure measures
Shutdown paths X X
External stops X X
SPL inputs/outputs X X
Qualitative function checks
EMERGENCY STOP X X
Function inter-relationships X
Quantitative function checks
SBH (safe operating stop) X X
X
SG (safely-reduced speed) X X X
SE (safe software limit switch) X X
X
Termination
Completed
Specific NC machine data must be set in order that the trace function can be
used. This prepares the appropriate resources for the function. The values to
be set should be taken from the SINUMERIK SinuCom NC start-up tool
5.4.4 Basic operating information and instructions
• The operator is prompted, step-by-step when carrying-out a test. The
following secondary conditions must be observed, especially for those
tests that use the internal trace function:
If a traversing direction has been selected, then this must also be taken
into account for the subsequent task. The reason for this is that the
trigger condition for the automatic data acquisition and evaluation is
based on this direction data.
A procedure is initiated to activate the trace function using the button
<start data acquisition>. This can take several seconds. The signal is
only acquired after the appropriate message in a message box.
If the trace has to be manually terminated, then this step should, if at all
possible, be made directly after the last expected signal change that is
relevant for the trace. This ensures that the relevant area is optimally
displayed in the subsequent trace display.
• For each test step, the operator must decide as to whether the test was
successfully carried-out. He should make this decision based on traced
and determined data and test situations that have been carried-out and
documented. This can be confirmed after the test has been carried-out by
selecting the appropriate results.
TRC+
Using the internal
trace function
5 Commissioning 11.03
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
5-294 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
• The test list, provided and supported via SinuCom NC includes the basic
test steps to be carried-out. Depending on the machine configuration,
several tests may not be necessary for the particular machine. This can be
selected in the basic display of the test step. Further, there are test cases,
that are required for the machine but are not (or still not) included within
the scope of the test list, e.g. measuring the braking travel when a light
barrier is obstructed, or similar. These tests should still be manually
carried-out.
• When generating the acceptance certificate, for documentation purposes,
data is automatically retrieved from some machine data (SI limit values,
checksums, hardware information).
Further, the results for the test that was carried-out are incorporated in the
document. The report is structured the same as the document that was
previously manually created. Some sections, such as for example, the
machine overview, function table of the configured safety functions etc.,
that are not standardized, are still manually incorporated in the document
at a later data.
5.5 Diagnostics
5.5.1 Troubleshooting procedure
• The alarms that have been activated in response to an error are output in
the "DIAGNOSIS - ALARMS" display.
• When the alarm "Defect in a monitoring channel" is output, for the NCK
monitoring channel, the cause of the alarm can be directly read-out from
the diagnostics for STOP F.
• The cause of the alarm in the drive monitoring channel can be found in
MD 1395: MD_SAFE_STOP_F_DIAGNOSIS in the "START-UP -
MACHINE DATA - FDD OR MSD" display.
Note
Different error codes may be displayed for the NCK and drive monitoring
channels.
• When the "Service SI" softkey is actuated, three data blocks are listed in
HMI Advanced (from SW 6.2) for the selected axis via Safety Integrated
- Status SI (selected per default)
- SGE/SGA
- SPL
11.03 5 Commissioning
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-295
Fig. 5-3 Status SI
The vertical softkeys axis +, axis - or direct selection are used to set the desired
axis. The current axis is displayed at the top righthand side of the table.
Safe actual position
Position deviation NCK/drive
"Safe operating stop" monitoring active
"Safely-reduced speed" monitoring active
Active SG step
Active SG correction factor
Safely-reduced actual speed limit
Setpoint speed limit
Actual speed difference
Maximum speed difference
Active safe software limit switch
Active gear ratio (step)
Active stop
Currently requested external stop
Stop F code value (Alarm 300911)
Pulses enabled
Traversing inhibit due to a stop in other axis
The vertical softkeys "SGE/SGA" and "SPL" can be used to select two
additional screens, which show the situation for the safety-relevant inputs/
outputs and the safe programmable logic.
Available
values/signals
5 Commissioning 11.03
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
5-296 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Fig. 5-4 Status display of SGE/SGA
The available signals are shown in the figure above. The vertical softkey Status
SI accesses the SI status screen, the SPL softkey accesses the screen for safe
programmable logic.
Fig. 5-5 shows the status display of the safe input/output signals.
11.03 5 Commissioning
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-297
0 0 1 10 0 0 00 0 0 0
0 0 0 0
Bit 0 ... 15
SBH/SG deselection
SBH deselection
0 0 0 00 0 0 00 0 0 01 1 1 1
0 1 0 0
1 0 0 0
1 1 1 11 0 1 1
Save output signals, axis 1
0 0 0 0
0 0 1 00 0 0 0
0 0 0 0
Safe output signals, drive 2
SG selection
SE selection
Test stop selection
SG Override
selection
Bit 1
Bit 0
Bit 2
Bit 3
SBH/SG active
Pulses diabled status
Axis safety referenced
SN1 +
SN1 -
SN2 +
SN2 -
SN3 +
SN3 -
SN4 +
SN4 -
SBH active
n < nx
Bit 0
Bit 1
Bit 2
Bit 0
Bit 1
0 X 1 10 0 0 00 0 0 0
0 0 0 0
0 0 0 00 0 0 00 0 0 0
1 1 1 1
0 1 0 0
1 0 0 01 1 1 1
1 0 1 1
Safe output signals, drive 1
0 0 0 0
0 0 1 00 0 0 0
0 0 0 0
Safe output signals, axis 2
Enable pulses
SG active
Bit 1
Bit 0
Axis: NCK monitoring channel
Drive: Drive monitoring channel
Stop A
Stop C
Stop D
Deselection
ext. Stops
Stop A/B
Stop C
Stop D
active Stop
Status impulses disabled (Axis only)
Bit 16 ... 31 Safe input signals, drive 2
Save input signals, axis 1
Safe input signals, drive 1
Safe input signals, axis 2
Gear ratio
selection
Bit 0 ... 15
Bit 16 ... 31
Fig. 5-5 Status display of safe input/output signals
5 Commissioning 11.03
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
5-298 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Fig. 5-6 Status display SPL
In the "Variable" selection box, you can select:
$A_INSE(P) corresponds to simultaneous selection of
$A_INSE upper line, origin of the NCK and
$A_INSEP lower line, origin of the PLC
and effectively the same for the other variables:
$A_OUTSE(P)
$A_INSI(P)
$A_OUTSI
$A_MARKERSI(P)
The variables that have been selected and the associated bit areas are saved
and are taken into account when subsequently selecting the screen.
Using the select key, the following formats can be selected in the variable rows
B Binary
H Hexadecimal
D Decimal
The selected format applies for all of the variables displayed in the screens.
5.5.2 Diagnostics support by configuring your own extended alarm
text
In order to upgrade the level of diagnostics information when an error occurs,
certain Safety Integrated system alarms can be supplemented by a freely-
definable user text. For instance, for hardware-related faults, supplementary
information such as input designation, circuit diagram identification number or
similar can be included in the system alarm that is output.
SPL
11.03 5 Commissioning
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-299
This extended alarm text is based on the interaction between the NCK system
software (that specifies the parameter that addresses the supplementary
information for the alarm text) and the HMI software (that has to appropriately
process this parameter).
Dedicated extended alarm texts can be defined for the following Safety
Integrated system alarms:
• General SPL crosswise data comparison error (different status of the
SPL variables)
Alarm 27090, error for crosswise data comparison NCK-PLC
extended alarm text is available from NCU system software 05.03.25 and
06.03.01.
• Channel-related error on the PROFIsafe module (only when using the
PROFIsafe I/O
Alarm 27254 PROFIsafe: F module, error in the channel
Extended alarm text available from NCU system software 06.04.15
The following entry is located in the configuration file for the alarm server (file
MBDDE.INI) in the section [Text files].
File excerpt: mbdde.ini
[Textfiles]
NCK=f:\dh\mb.dir\aln_ ; Example : Standard entry
This means that all of the NCK alarms are defined in the file referenced after
the NCK entry. The processing of an extended alarm text for the above
specified alarms is prepared as part of this definition
File excerpt: aln_gr.com
027090 0 0 "Error for crosswise data comparison NCK-PLC,
%1[%2], NCK: %3; %4<ALSI>"
027254 0 0 "PROFIsafe: F module %1, error in channel %2;
%3<ALSI>"
An extended alarm text can be defined for an alarm using the supplement
%4<ALSI> (Alarm 27090) and %3<ALSI> (Alarm 27254). If required, this entry
can be subsequently entered into older HMI software versions, in order to
activate the display of the extended alarm text – under the assumption that the
NCK system software supports this.
If Alarm 27090 or Alarm 27254 occurs, the NCK transfers an additional
parameter value (27090:%4; 27254: %3) to the HMI software. This parameter
has a defined value range. Each value can be uniquely assigned an extended
alarm text.
Value range of the transfer parameter
000 Parameterizing error detected at run-up (different state active)
Crosswise data comparison error, SPL protective mechanism:
MD 11500 – DB18.DBX36.0
Crosswise data comparison error, stop response for SPL error:
MD 10097 – DB18.DBX36.1
001...064 Error in system variables $A_INSE(P)[01...64] (Alarm 27090/
Alarm 27254)
If the safety-related input signal is taken from a PROFIsafe
module, then only a safe signal state is transferred to the NCK
and PLC. This means that internally, a different state no longer
Prerequisites, HMI
Advanced
Principle of operation
– extended alarm text
5 Commissioning 11.03
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
5-300 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
occurs between $A_INSE and $A_INSEP. The index value then
results from a channel error signaled from the PROFIsafe module
(Alarm 27254) that is assigned the appropriate $A_INSE(P)
variable (e.g. discrepancy error)
065...128 Error in the system variables $A_OUTSE(P)[01...64] (Alarm
27090 / Alarm 27254)
If the safety-related output signal is output at a PROFIsafe
module, then only a safe signal state is transferred. This means,
Alarm 27090 signals an internal logic error ($A_OUTSE(P)-
variables differ) and Alarm 27254 signals a channel error
signaled from the PROFIsafe module that is assigned to the
appropriate $A_OUTSE(P) variable (e.g. short-circuit fault)
129...192 Error in system variables $A_INSI(P)[01...64]
(only Alarm 27090)
193...256 Error in system variables $A_OUTSI(P)[01...64]
(only Alarm 27090)
257...320 Error in system variables $A_MARKERS(P)[01...64]
(only Alarm 27090)
The file, in which the extended texts are defined, is also declared in the
configuration file for the alarm server (file MBDDE-INI) in the section
[IndexTextFiles]
File excerpt: mbdde.ini
[IndexTextfiles]
ALSI=f:\dh\mb.dir\alsi_ ; Example : Standard entry
We recommend that this file for the extended text is located in the HMI user
directory.
Every parameter can be assigned a dedicated text in this file, whereby the text
entry is located in front of the associated parameter value (refer to the following
file excerpt).
File excerpt: alsi_gr.com
000000 0 0 "Parametrierfehler MD11500/DB18.DBX36.0 bzw.
MD10097/DB18.DBX36.1"
000001 0 0 "Anwendertext $A_INSE(P)[01]"
..
000064 0 0 "Anwendertext $A_INSE(P)[64]"
000065 0 0 "Anwendertext $A_OUTSE(P)[01]"
..
000128 0 0 "Anwendertext $A_OUTSE(P)[64]"
000129 0 0 "Anwendertext $A_INSI(P)[01]"
000192 0 0 "Anwendertext $A_INSI(P)[64]"
Definition of the
extended text
11.03 5 Commissioning
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-301
000193 0 0 "Anwendertext $A_OUTSI(P)[01]"
000256 0 0 "Anwendertext $A_OUTSI(P)[64]"
000257 0 0 "Anwendertext $A_OUTSI(P)[01]"
000320 0 0 "Anwendertext $A_OUTSI(P)[64]"
The assigned user text is then displayed when Alarms 27090 or 27254 occur,
referred to the associated SPL variable.
5.5.3 Servo trace bit graphics for Safety Integrated
The servo trace function is one of the measuring functions in the start-up area.
Using the servo trace, for drive signals and NCK signals, measurements can be
started by entering a measuring time and trigger conditions. The results of the
measurements are then graphically displayed. Two curves can be displayed in
2 graphics. The results of the measurements can be saved in files. Further, the
graphics can be saved as bitmap file in the HMI_ADV data manager – or
directly printed out.
After MMCWIN has been started, the start-up operator area can be reached
using the horizontal "Start-up" softkey (also refer to Section 5.3).
After this softkey has been pressed, one menu level lower can be accessed
and the servo trace reached by pressing the horizontal "drives/servo" softkey.
The basic servo trace display appears after pressing the horizontal servo trace
softkey:
General
Starting servo trace
5 Commissioning 11.03
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
5-302 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The servo trace belongs to those measuring functions that request measured
values from the NCK via a parameterized PI service and graphically display the
measured values with respect to time. When successful, the NCK returns up to
4 measured value buffers to the HMI for evaluation.
When selecting signals, axes and signal names can be selected from the lists
for a maximum of 4 trace channels (trace 1 to trace 4). Trace 1 has a special
significance – a signal must be selected in trace 1 otherwise when the
PI service is started using the vertical "start" softkey, this is negatively
acknowledged from the NCK.
For the measuring parameters, the measuring time, the trigger time, specific
thresholds and various trigger signals can be set (e.g. a trigger from the part
program). These settings are used to parameterize the PI services at segment
values and offset values of NCK using the vertical "start" softkey. A measure-
ment that has already been started can be interrupted using the vertical "stop"
softkey. In this case, the NCK does not supply any measured values.
If the physical address entry is selected in the signal selection list, the vertical
softkey having the same name is activated. Using the input masks under this
softkey, segment values and offset values of NCK system variables etc. can be
specified and then measured.
It is possible to scroll over the axes and spindles in the application using the
vertical "Axis +" and "Axis –" softkeys. The axis name or spindle name is
included in the selected selection list for the axis/spindle names.
The selection of the SI signal SGE drive (from the PLC) is shown in the
following.
Selecting signals
Measuring parameters
Physical address
Selecting SGE drive
11.03 5 Commissioning
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-303
The measurement is started on the NCK side and appropriate information
output in the dialog line after pressing the vertical "start" softkey.
If the measurement cannot be started, appropriate error information and
instructions are provided which can be used to troubleshoot the problem.
When NCK ends the measurement, the buffers, that contain the factors that are
used to convert from the formats on the NCK side to the physical units for
display with HMI_ADV and the actual measured values, are transferred to the
HMI_ADV. The number of buffers depends on the number of trace channels
that are assigned (trace 1 to trace 4).
When the buffers are being transferred, this is signaled in the dialog line.
Once the measurement has been completed, the results of the measurement
can be graphically displayed using the horizontal "display" softkey.
Measured value buffer
Display
5 Commissioning 11.03
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
5-304 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Two graphics (graphic 1 and graphic 2) are displayed. Each graphic can
include up to two measured value curves that are color-coded (trace 1 in
graphic 1: green, trace 2 in graphic 1: blue, trace 3 in graphic 2: green, trace 4
in graphic 2: blue).
Trace 1 and trace 2 are displayed in graphic 1, trace 3 and trace 4 in graphic 2.
The X axis of the graphics is the time axis and the Y axis is scaled in the
physical units of the particular signal. The title lines of the graphics indicate
(Tr.1 :X1 axis) that the measured values come from an actual measurement.
The parameterization of the measurement can be seen from the basic screen
of the servo trace (this can be accessed using the horizontal "measurement"
softkey).
Measurement settings and the measured values of the servo trace functions
can be saved, downloaded or deleted using the horizontal "file functions"
softkey. A detailed description will not be provided here. More detailed
information can be found in the following document
References: //IAD//, Start-up Guide, SINUMERIK 840D, Chapter 10
5.5.4 Bit graphics for SI signals in the servo trace
Using the expansion of the servo trace, individual bits can be selected from bit-
coded SI signals and the characteristic over time can be graphically displayed
similar to a logic analyzer. Bit characteristics can be displayed as a function of
time for 10 character channels (tracks).
The bit-coded SI signals are principally sub-divided into two groups:
Graphic
File functions
Bit-coded SI signals
11.03 5 Commissioning
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-305
• SI signals where the system allocates the names of the bits (signals: SGE-
NCK, SGA-NCK, SGE-PLC and SGA-PLC)
• SI signals where the user can freely select their names and default names
are entered into an Ini file (hmi_adv\ibsvtsi.ini). If the user wishes to
change the default assignment, he can do this in the file hmi_adv\ibsvtsi.ini
or using the appropriate forms in the operator interface.
These different bit-coded SI signals are parameterized on the operator
interface.
The settings do not modify the measurement but only how the results of the
measurement are actually displayed in the graphic.
No bit graphics are generated for SI signals that are not bit-coded.
The setting possibilities are accessed using the vertical "bit selection…"
softkey:
Bit selection
5 Commissioning 11.03
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
5-306 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The following screen appears after pressing the vertical "bit selection…"
softkey:
The vertical "bit selection trace 1...", "bit selection trace 2...", "bit selection trace
3..." and "bit selection trace 4..." softkeys listed allow, for the SI signals selected
in trace channels trace 1 to trace 4, bit names of these SI signals to be
assigned a possible 10 character channels (tracks) in the bit graphics for these
signals. A dedicated graphic is displayed for trace 1, trace 2, trace 3 and trace
4.
If a bit-coded SI signal is not selected in a trace channel, then when the
corresponding softkey is pressed, it has no effect; information is output in the
dialog line to signal that it does not involve a bit-coded SI signal.
In the example, the signal SGE-NCK has been read-in to graphic 1 for trace 1.
The following screen is displayed when the vertical "bit selection trace 1…"
softkey is pressed:
Bit selection, trace 1 ...
11.03 5 Commissioning
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 5-307
The bits of this signal are consecutively numbered. Every bit is permanently
assigned an associated bit name. In the entry boxes "track", by assigning the
value in the range between 0..9 it is possible to define in which of the 10
character channels (tracks) the bit should be graphically displayed. In the
example Bit 0 SBH/SG de-selection NCK is displayed in track 0 of the bit
graphic for trace 1. Bit 19 de-select ext. Stop C NCK is displayed in track 9 of
the bit graphic for trace 1.
The user is shown which track numbers have already been allocated (they
have a blue background in the label "track number:"). If a track number is
allocated twice, an error message is displayed. All of the signal bits are listed;
bits that are not available are designated with free or reserved. Using the
scrollbar, it is possible to scroll over the bit range from 0 to bit 31.
Starting values for the track assignments have been entered into the file
hmi_adv\ibsvtsi.ini. If the user does not like these, then he can make changes
as he wishes. These changes for the bit graphics become effective if the
vertical "Accept" softkey and are also transferred into the file hmi_adv\ibsvtsi.ini
as new starting values. This means that they also apply for new measurements
with this signal as default settings.
Using the vertical "Abort" softkey, the screen is exited without accepting
possible changes made to values.
A similar procedure is also obtained for trace 2.. to trace 4 that, in this particular
example, contain the following signals:
Trace 2 SGE drive (from the PLC)
Trace 3 SGA-NCK
Trace 4 SGA drive (from the PLC)
The handling is the same as described under bit selection, trace 1.
Using the vertical softkey "Mix traces…", the user can select individual bits of SI
signals from 4 traces and display these in the tracks as bit graphics for
Bit selection, trace 2…
to trace 4…
Mixing traces…
5 Commissioning 11.03
5.5 Diagnostics
© Siemens AG 2003 All Rights Reserved
5-308 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
comparison purposes. This means that especially inputs and outputs of various
SI signals can be combined.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-309
6 Alarms
6.1 Alarms for SINUMERIK 840digital .............................................................. 6-310
6.2 Alarms from SIMODRIVE 611 digital .......................................................... 6-343
6.3 Alarm suppression ...................................................................................... 6-355
6
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-310 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
The function "safe software limit switch" (SE) is also called "safe limit
positions" and the function "safe software cams" (SN) is also called "safe
cams".
6.1 Alarms for SINUMERIK 840digital
Detailed explanations of all alarms that are not described here can be found in
the following references for the SINUMERIK 840D system with SIMODRIVE
611 digital:
References: /DA/, Diagnostics Guide.
Note
In systems with MMC 101/102, the alarms are also explained in the online
help.
The alarms that can occur in connection with the SI option are listed below:
20095 Axis %1 illegal torque, current torque %2
Parameter %1 = axis name, spindle number
%2 = measured holding torque when selecting the brake test
Explanation The actually measured holding torque cannot be provided with the existing
parameterization of the brake test.
Response Alarm display
The function test of the brake mechanical system is aborted
Remedy Check the parameterization for the brake test function:
The torque for the weight equalization in drive machine data 1192 should be
nearly the same as the actual holding torque.
The specified torque for the brake test in MD
$MA_SAFE_BRAKETEST_TORQUE must be set higher than the actual
holding torque.
Program continuation Clear the alarm with the Clear key or with NC START.
20096 Axis %1 brake test aborted, additional information %2
Parameter %1 = axis name, spindle number
%2 = fault information, based on $VA_FXS_INFO
Explanation The brake test has detected a problem. The additional information provides
details of the cause of the alarm. An explanation is provided in the
documentation about the system variables $VA_FXS_INFO
Supplementary info:
0: No additional information available
1: Axis type is neither a PLC nor a command axis
2: Limit position reached, motion stopped
3: Abort using NC RESET (key reset)
4: Exit monitoring window
5: Torque reduction rejected by drive
6: PLC has withdrawn the enable signal.
Alarms for SINUMERIK
840D/611 digital
Alarms for SINUMERIK
Safety Integrated®
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-311
Response Alarm display
Interface signals are set
Remedy Note the supplementary conditions of the brake test, refer to supplementary
info.
Program continuation Clear the alarm with the Clear key or with NC START.
27000 Axis %1 is not safely referenced
Parameter %1 axis number
Explanation There are two reasons for this alarm:
- the user has still not acknowledged the machine position,
- the machine position has still not been verified by subsequent referencing.
Even if the axis is already referenced, there is no acknowledgement that
referencing has supplied the correct result. For example, incorrect results can
occur if the axis was moved after the control was powered-down, with the result
that the standstill position saved prior to powering-down is no longer correct. To
make sure that this does not happen, the user must acknowledge the displayed
actual position after the first referencing process.
When the user agreement has first been set, the axis must be subsequently
referenced each time that the control is run-up (with absolute encoders, this
subsequent referencing is automatically executed). This procedure is carried
out to verify the standstill position saved prior to powering-down the control.
The alarm display can be set using MD
$MN_SAFE_ALARM_SUPPRESS_LEVEL (MD>=3) so that the group alarm
27100 is displayed for all SI axes.
Response Alarm display
The SGA "Axis safely referenced" is not set. SE is disabled if the safety actual
position has not yet been acknowledged by user agreement. If user agreement
is set SE remains active. The safe cams are calculated and output, but their
significance is limited because referencing has not been acknowledged.
Remedy Move the axis to a known position, change to the "Referencing" mode and
press the softkey "Agreement". Check the positions displayed in the agreement
diagram at the machine. If these correspond to those expected at the known
positions, confirm this using the toggle key. If the user agreement has already
been set, reference the axis again.
The user agreement can only be changed in key-actuated switch setting 3 or
after entering a password.
WARNING:
If the axis has not been safely referenced and there is no user agreement, then
the following applies:
- the safe cams are still not safe
- the safe limit positions are still not active
Program continuation The alarm display disappears together with the cause of the alarm. No further
operator action necessary.
!
Warning
If the axis has not been safely referenced and there is no user agreement,
then the following applies:
- the safe cams are still not safe
- the safe limit positions are still not active
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-312 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27001 Axis %1 error in a monitoring channel, code %2, values: NCK %3,
drive %4
Parameter %1 = axis number
%2 = supplementary information, crosswise data comparison index
%3 = supplementary information, comparison value, NCK
%4 = supplementary information, comparison value, drive
Explanation The mutual comparison of the two monitoring channels has found a difference
between input data or results of the monitoring operations. One of the
monitoring functions is no longer reliable, i.e. safe operation is no longer
possible.
The following fault codes are possible on the NCK side:
– 0 No fault has been detected in this channel, subsequent (follow-on) alarm
at drive Alarm 300911.
– 1 Result list 1: Difference in SBH, SG, SBR or SE
result, e.g. because the monitoring channels
are not equally controlled. For further information refer to
Drive MD 1391, 1392.
– 2 Result list 2: Difference in the SN, n_x result. For further
information, refer to the drive MD 1393, 1394.
– 3 Actual value difference greater than that set in $MA_SAFE_POS_TOL.
– 4 Not assigned
– 5 Function enable signals $MA_SAFE_FUNCTION_ENABLE.
– 6 Speed limit $MA_SAFE_VELO_LIMIT[0].
– 7 Speed limit $MA_SAFE_VELO_LIMIT[1].
– 8 Speed limit $MA_SAFE_VELO_LIMIT[2].
– 9 Speed limit $MA_SAFE_VELO_LIMIT[3].
– 10 Tolerance for safe operating stop $MA_SAFE_STANDSTILL_TOL.
– 11 Limit position $MA_SAFE_POS_LIMIT_PLUS[0].
– 12 Limit position $MA_SAFE_POS_LIMIT_MINUS[0].
– 13 Limit position $MA_SAFE_POS_LIMIT_PLUS[1].
– 14 Limit position $MA_SAFE_POS_LIMIT_MINUS[1].
– 15 Cam position $MA_SAFE_CAM_POS_PLUS[0] +
$MA_SAFE_CAM_TOL.
– 16 Cam position $MA_SAFE_CAM_POS_PLUS[0].
– 17 Cam position $MA_SAFE_CAM_POS_MINUS[0] +
$MA_SAFE_CAM_TOL.
– 18 Cam position $MA_SAFE_CAM_POS_MINUS[0].
– 19 Cam position $MA_SAFE_CAM_POS_PLUS[1] +
$MA_SAFE_CAM_TOL.
– 20 Cam position $MA_SAFE_CAM_POS_PLUS[1].
– 21 Cam position $MA_SAFE_CAM_POS_MINUS[1] +
$MA_SAFE_CAM_TOL.
– 22 Cam position $MA_SAFE_CAM_POS_MINUS[1].
– 23 Cam position $MA_SAFE_CAM_POS_PLUS[2] +
$MA_SAFE_CAM_TOL.
– 24 Cam position $MA_SAFE_CAM_POS_PLUS[2].
– 25 Cam position $MA_SAFE_CAM_POS_MINUS[2] +
$MA_SAFE_CAM_TOL.
– 26 Cam position $MA_SAFE_CAM_POS_MINUS[2].
– 27 Cam position $MA_SAFE_CAM_POS_PLUS[3] +
$MA_SAFE_CAM_TOL.
– 28 Cam position $MA_SAFE_CAM_POS_PLUS[3].
– 29 Cam position $MA_SAFE_CAM_POS_MINUS[3] +
$MA_SAFE_CAM_TOL.
– 30 Cam position $MA_SAFE_CAM_POS_MINUS[3].
– 31 Position actual value tolerance $MA_SAFE_POS_TOL.
$MA_SAFE_SLIP_VELO_TOL for active actual value synchronization
(slip)
– 32 Ref. position tolerance $MA_SAFE_REFP_POS_TOL.
– 33 Delay time SG[x] -> SG[y] $MA_SAFE_VELO_SWITCH_DELAY.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-313
– 34 Delay time, crosswise data comparison
$MA_SAFE_MODE_SWITCH_TIME.
– 35 Delay time, pulse cancellation Stop B
$MA_SAFE_PULSE_DISABLE_DELAY.
– 36 Delay time pulse cancellation, test stop
$MA_SAFE_PULSE_DIS_CHECK_TIME.
– 37 Delay time, Stop C -> SBH $MA_SAFE_STOP_SWITCH_TIME_C.
– 38 Delay time, Stop D -> SBH $MA_SAFE_STOP_SWITCH_TIME_D.
– 39 Delay time, Stop E -> SBH $MA_SAFE_STOP_SWITCH_TIME_E.
– 40 Stop response when SG exceeded
$MA_SAFE_VELO_STOP_MODE.
– 41 Stop response when SE exceeded
$MA_SAFE_POS_STOP_MODE.
– 42 Standstill speed $MA_SAFE_STANDSTILL_VELO_TOL.
– 43 Data save test, stop response.
– 44 Actual position + SG[0] $MA_SAFE_VELO_LIMIT[0].
– 45 Actual position - SG[0] $MA_SAFE_VELO_LIMIT[0].
– 46 Actual position + SG[1] $MA_SAFE_VELO_LIMIT[1].
– 47 Actual position - SG[1] $MA_SAFE_VELO_LIMIT[1].
– 48 Actual position + SG[2] $MA_SAFE_VELO_LIMIT[2].
– 49 Actual position - SG[2] $MA_SAFE_VELO_LIMIT[2].
– 50 Actual position + SG[3] $MA_SAFE_VELO_LIMIT[3].
– 51 Actual position - SG[3] $MA_SAFE_VELO_LIMIT[3].
– 52 Standstill position + tolerance $MA_SAFE_STANDSTILL_TOL.
– 53 Standstill position - tolerance $MA_SAFE_STANDSTILL_TOL.
– 54 Position actual value + n_x + tolerance $MA_SAFE_VELO_X +
$MA_SAFE_POS_TOL.
– 55 Position actual value + n_x $MA_SAFE_VELO_X.
– 56 Position actual value - n_x $MA_SAFE_VELO_X.
– 57 Position actual value - n_x - tolerance $MA_SAFE_VELO_X -
$MA_SAFE_POS_TOL
– 58 Active external stop request.
– 59 SG correction factor 1 $MA_SAFE_VELO_OVR_FACTOR[0].
– 60 SG correction factor 2 $MA_SAFE_VELO_OVR_FACTOR[1].
– 61 SG correction factor 3 $MA_SAFE_VELO_OVR_FACTOR[2].
– 62 SG correction factor 4 $MA_SAFE_VELO_OVR_FACTOR[3].
– 63 SG correction factor 5 $MA_SAFE_VELO_OVR_FACTOR[4].
– 64 SG correction factor 6 $MA_SAFE_VELO_OVR_FACTOR[5].
– 65 SG correction factor 7 $MA_SAFE_VELO_OVR_FACTOR[6].
– 66 SG correction factor 8 $MA_SAFE_VELO_OVR_FACTOR[7].
– 67 SG correction factor 9 $MA_SAFE_VELO_OVR_FACTOR[8].
– 68 SG correction factor 10 $MA_SAFE_VELO_OVR_FACTOR[9].
– 69 SG correction factor 11 $MA_SAFE_VELO_OVR_FACTOR[10].
– 70 SG correction factor 12 $MA_SAFE_VELO_OVR_FACTOR[11].
– 71 SG correction factor 13 $MA_SAFE_VELO_OVR_FACTOR[12].
– 72 SG correction factor 14 $MA_SAFE_VELO_OVR_FACTOR[13].
– 73 SG correction factor 15 $MA_SAFE_VELO_OVR_FACTOR[14].
– 74 SG correction factor 16 $MA_SAFE_VELO_OVR_FACTOR[15].
– 75 Speed limit n_x $MA_SAFE_VELO_X.
– 76 Stop response SG1 $MA_SAFE_VELO_STOP_REACTION[0].
– 77 Stop response SG2 $MA_SAFE_VELO_STOP_REACTION[1].
– 78 Stop response SG3 $MA_SAFE_VELO_STOP_REACTION[2].
– 79 Stop response SG4 $MA_SAFE_VELO_STOP_REACTION[3].
– 80 Modulo value, safe cams $MA_SAFE_MODULO_RANGE.
– 81 Tolerance actual speed SBR $MA_SAFE_STOP_VELO_TOL.
– 82 SG correction factor SGEs 0...15 = active SGE position. -1 = SG
correction inactive (neither SG2 nor SG4 active or function not
selected via $MA_SAFE_FUNCTION_ENABLE).
– 83 Acceptance test duration differs
$MA_SAFE_ACCEPTANCE_TST_TIMEOUT.
– 84 Delay time, Stop F -> Stop B
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-314 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
$MA_SAFE_STOP_SWITCH_TIME_F.
– 85 Delay time, pulse cancellation, bus failure
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL.
– 86 Not assigned
– 87 Not assigned
– 88 Not assigned
– 89 Encoder limit frequency $MA_SAFE_ENC_FREQ_LIMIT (only
Performance_2).
– 1000 Check timer (watchdog) has expired: If a channel is signaled an
SGE change in the other channel, then this is checked using this
check (watchdog) timer as to whether the change timer in
the other channel expires..
– 1001 (only assigned on the drive, refer to Alarm 300911)
– 1002 User agreement inconsistent: Data for the user
agreement are different in both monitoring channels after
2 sec. have expired.
%3 = status of the user agreement, NCK.
%4 = status of the user agreement, 611D.
– 1003 Reference tolerance $MA_SAFE_REFP_POS_TOL
exceeded
– 1004 Plausibility error, user agreement.
– 1005 Pulses already cancelled during test stop selection.
– 1006 (only assigned on drive, refer to Alarm 300911).
– 1007 (only assigned on drive, refer to Alarm 300911).
– 1008 (only assigned on drive, refer to Alarm 300911).
– 1009 Pulses are not cancelled after the test stop time
$MA_SAFE_PULSE_DIS_CHECK_TIME.
– 1010 Pulses are not cancelled for a test with external pulse
cancellation after the test stop time
$MA_SAFE_PULSE_DIS_CHECK_TIME.
– 1011 NCK/drive acceptance test status differs.
– 1020 Communications error between NCK and the
drive monitoring channel.
Response NC start inhibit in this channel
Alarm display
If safe monitoring was active, STOP B was also automatically triggered. It is
necessary to power-down/power-up the control (power on).
Remedy Find the difference between the monitoring channels. The fault code %2
indicates the cause of the alarm.
It is possible that the safety-relevant machine data is no longer the same (if
required, re-load), or the safety-related inputs do not have the same signal level
(measure).
If no error of this type is apparent, an error may have occurred in the CPU, e.g.
a "flipped" memory cell. This can be temporary (in this case it can be cleared
using a power on) or permanent (if it re-occurs after power on, replace the
hardware).
Error codes for STOP F for 840D/611D:
0: No error in this channel. Search for the cause in the other channel.
1: Result list 1. The functions are controlled differently via the SGEs;
evaluate the fine error coding in the 611D MDs 1391 and 1392.
2: Result list 2. Check the tolerance of the cams, evaluate the fine error
coding in the 611D-MDs 1393 and 1394.
3: Actual position. Incorrect encoder evaluation (check MDs). Different
standstill positions have been saved.
4: No crosswise data comparison.
5: Function enable signals Enter equal MDs.
6: Limit value for SG1. Enter equal MDs.
7: Limit value for SG2. Enter equal MDs.
8: Limit value for SG3. Enter equal MDs.
9: Limit value for SG4. Enter equal MDs.
10: Standstill tolerance. Enter equal MDs.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-315
11: Upper limit value SE1. Enter equal MDs.
12: Lower limit value SE1. Enter equal MDs.
13: Upper limit value SE2. Enter equal MDs.
14: Lower limit value SE2. Enter equal MDs.
15: Safe cam 1+ (+tolerance). Enter equal MDs.
16: Safe cam 1+. Enter equal MDs.
17: Safe cam 1- (+tolerance). Enter equal MDs.
18: Safe cam 1-. Enter equal MDs.
19: Safe cam 2+ (+tolerance). Enter equal MDs.
20: Safe cam 2+. Enter equal MDs.
21: Safe cam 2- (+tolerance). Enter equal MDs.
22: Safe cam 2-. Enter equal MDs.
23: Safe cam 3+ (+tolerance). Enter equal MDs.
24: Safe cam 3+. Enter equal MDs.
25: Safe cam 3- (+tolerance). Enter equal MDs.
26: Safe cam 3-. Enter equal MDs.
27: Safe cam 4+ (+tolerance). Enter equal MDs.
28: Safe cam 4+. Enter equal MDs.
29: Safe cam 4- (+tolerance). Enter equal MDs.
30: Safe cam 4-. Enter equal MDs.
31: Position tolerance. Enter equal MDs.
32: Reference position tolerance. Enter equal MDs.
33: Time, speed changeover. Enter equal MDs.
34: Tolerance time SGE changeover. Enter equal MDs.
35: Delay time, pulse cancellation. Enter equal MDs.
36: Time to test the pulse cancellation. Enter equal MDs.
37: Transition time, STOP C to SBH. Enter equal MDs.
38: Transition time, STOP D to SBH. Enter equal MDs.
39: Transition time, STOP E to SBH. Enter equal MDs.
40: Stop response after SG. Enter equal MDs.
41: Stop response after SE. Enter equal MDs.
42: Shutdown speed after pulse cancellation. Enter equal MDs.
43: Data save test, stop response.
44: Actual position value + limit value SG1.
45: Actual position value - limit value SG1.
46: Actual position value + limit value SG2.
47: Actual position value - limit value SG2.
48: Actual position value + limit value SG3.
49: Actual position value - limit value SG3.
50: Actual position value + limit value SG4.
51: Actual position value - limit value SG4.
52: Standstill position + tolerance.
53: Standstill position - tolerance.
54: Actual position value "+ nx" + tolerance.
55: Actual position value "+ nx".
56: Actual position value "- nx".
57: Actual position value "- nx" + tolerance.
58: Actual stop request.
59: SG correction factor 1. Enter equal MDs.
60: SG correction factor 2. Enter equal MDs.
61: SG correction factor 3. Enter equal MDs.
62: SG correction factor 4. Enter equal MDs.
63: SG correction factor 5. Enter equal MDs.
64: SG correction factor 6. Enter equal MDs.
65: SG correction factor 7. Enter equal MDs.
66: SG correction factor 8. Enter equal MDs.
67: SG correction factor 9. Enter equal MDs.
68: SG correction factor 10. Enter equal MDs.
69: SG correction factor 11. Enter equal MDs.
70: SG correction factor 12. Enter equal MDs.
71: SG correction factor 13. Enter equal MDs.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-316 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
72: SG correction factor 14. Enter equal MDs.
73: SG correction factor 15. Enter equal MDs.
74: SG correction factor 16. Enter equal MDs.
75: Speed limit "nx". Enter equal MDs.
76: Stop response for SG1. Enter equal MDs.
77: Stop response for SG2. Enter equal MDs.
78: Stop response for SG3. Enter equal MDs.
79: Stop response for SG4. Enter equal MDs.
80: Modulo value for safe cams. Enter equal MDs.
81: Speed tolerance for the safe braking ramp. Enter
equal MDs.
82: SG correction factor SGEs Control the SGEs the same.
83: Acceptance test duration. Enter equal MDs.
84: Delay time, Stop F -> Stop B. Enter equal MDs.
85: Delay time, pulse cancellation, bus failure. Enter equal MDs.
89: Encoder limit frequency. Enter equal MDs.
1000: Check (watchdog) timer has expired. Too many switching operations at
the SGEs (e.g. due to contact problems, poor contact).
1001: Incorrect control timer initialization.
1002: User agreement timer expired.
1003: Reference tolerance violated. Compare the reference position with the
actual safe actual position.
1004: Plausibility violation of user agreement.
1005: Pulses already cancelled for test stop selection. Test stop selection
for missing pulse enable, fault in the wiring of the SGEs "Pulses are
cancelled".
1006: Error for SGA forced checking procedure.
1007: Communications failure between PLC and drive.
1008: Data transfer error between PLC and drive.
1009: Trigger a subsequent stop after test stop. Check the wiring.
Check the configuring of the SGE via MD
$MA_SAFE_PULSE_STATUS_INPUT Check the timer stage for the test
stop.
1010: Pulses not cancelled. Check the MD.
1020: Cyclic communications error between the NCK and drive.
Program continuation Clear the alarm with the RESET key. Restart part program.
If a STOP B was initiated, then the control must be power-down/powered-up
(power on).
Note
The previous display of Alarm 27001 with error codes 1 and 2 is replaced by
the new alarms being displayed (27101 to 27107).
27002 Axis %1 Test stop in progress
Parameter %1 = axis number
Explanation Proper functioning of the shutdown path is presently being tested by setting of
the SGE "Test stop selection".
Response Alarm display
Remedy The message serves only for user information.
Program continuation Alarm display disappears with alarm cause. No further operator action
necessary.
The alarm automatically disappears after expiration of the delay time that is
defined in MD $MA_SAFE_PULSE_DIS_CHECK_TIME, and the removal of the
SGE "Test stop selection" when the controller detects pulse cancellation, i.e.,
the test is successfully concluded. An unsuccessful test can be recognized as a
result of Alarm 27001 with error code 1005 or Alarm 27024.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-317
27003 Checksum error occurred %1 %2
Parameter %1 = reference to the code section or table
%2 = table number
Explanation Checksum error in safety-relevant code or safety-relevant data. The safe
monitoring (Safety Integrated) in the NCK could be damaged.
Response Alarm display
Remedy Only continue with the work with increased caution. Reload code and data as
soon as possible (power on). If this error occurs again, contact your service
personnel.
Program continuation Power-down the control system and power-up again.
27004 Axis %1, difference safe input %2, NCK %3, drive %4
Parameter %1 = axis number
%2 = monitoring involved
%3 = interface label, NCK input
%4 = interface label, drive input
Explanation A difference has been found at the specified safe input. The state of the
specified input signal differed in the two monitoring channels NCK and 611D
during the time set in $MA_SAFE_MODE_SWITCH_TIME.
Monitoring involved (%2).
SS/SV Difference in the SGE "De-selection safe operating stop / safely
reduced speed
SS Difference in SGE "De-selection safe operating stop"
SV Difference in SGE "Selection safely-reduced speed"
SP Difference in SGE "Selection safe limit position"
SVOVR Difference in SGEs "Selection SG corrections"
Interface label, NCK input (%3):
DMP<drv><mod><bit>=<value>
<drv> = drive number of the terminal block (1...31)
<mod> = sub-module number (1...8)
<bit> = connection number (1...16)
<value> = value of the NCK-SGE (0,1)
SPL for the case that SGE is parameterized at the SPL interface.
<io> = parameterized system variable range (01=$A_INSID, 02=$A_INSED)
<dword> = system variable double word (1,2)
<bit> = bit number in the system variable double word (1...32)
<value> = value of the NCK-SGE (0,1)
Onboard input - for the case that the SGE is parameterized at an onboard
input.
<bit> = input number = 01 ...04
<value> = value of the NCK-SGE = 0,1
Interface label, drive input (%4):
DBX<byte><bit>=<value>
<byte> = byte number in the axial DB (22, 23, 32, 33)
<bit> = bit number in the byte (0...7)
<value> = value of the drive SGE (0,1)
This alarm can be hidden using the MD $MN_SAFE_DIAGNOSIS_MASK, Bit
0=0.
Response Alarm display
Remedy Check settings for safe input signals (NCK I/Os, PLC DB parameters).
Program continuation Clear the alarm with the RESET key. Restart part program.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-318 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27005 Axis %1 error for crosswise data comparison: Static actual value
difference
Parameter %1 = axis number
Explanation A difference in the actual values was detected using the crosswise data
comparison between NCK and 611D monitoring channel. This difference is
greater than the maximum tolerance defined in MD $MA_SAFE_POS_TOL.
This can be checked using the safe position actual values of the two monitoring
channels displayed in the service screen.
The alarm is only displayed, if monitoring with absolute reference (SE/SN) has
been enabled for the specified axis and if the user agreement has been set. As
soon as the user agreement is deleted or the actual difference between the two
monitoring channels again drops below the maximum permissible difference,
the alarm is cleared.
Response Alarm display
Remedy The user agreement must be deleted if the alarm is available as a steady-stage
alarm. When the control is then rebooted, the machine can be brought into the
safe state again and operation resumed by a new referencing process and
setting the user agreement. Prior to setting the user agreement, the actual
position of the axis displayed in the "User enable" screen must be compared
with the current machine position. This is obligatory to ensure proper
functioning of the safe limit positions (SE) and safe cams (SN).
The user agreement can only be changed in key-actuated switch setting 3 or
after entering a password.
Program continuation Alarm display disappears with the alarm cause. No further operator action
necessary.
27006 Axis %1 test ext. pulse cancellation running
Parameter %1 = axis number
Explanation The perfect functioning of the external pulse cancellation is presently being
tested by setting the SGE "Test stop external shutdown".
Response Alarm display
Remedy Alarm automatically disappears when the test is terminated by deleting the
SGE "Test stop external shutdown".
Program continuation Alarm display disappears with the alarm cause. No further operator action
necessary.
27007 Axis %1 acceptance test mode is active
Parameter %1 = axis number
Explanation An SI acceptance test has been started with the acceptance test wizard at the
operator panel. The acceptance test mode is activated via the NCK and drive
for the duration of this acceptance test. In the acceptance test mode, SI power
on alarms can be acknowledged with the reset key.
Response Alarm display
Remedy Acceptance test, e.g. de-select using the acceptance test Wizard or wait until it
has been completed (the duration of the acceptance test can be parameterized
using MD $MA_SAFE_ACCEPTANCE_TST_TIMEOUT).
Program continuation Alarm display disappears with the alarm cause. No further operator action
necessary.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-319
27008 Axis %1 SW limit switch deactivated
Parameter %1 = axis number
Explanation An SI acceptance test safe end position has been started with the acceptance
test wizard at the operator panel. For these acceptance tests, the single-
channel SW limit switches are de-activated for the axis/spindle in order to
ensure that the safe limit positions can be approached.
Response Alarm display
Remedy De-select the acceptance test, e.g. using the acceptance test wizard or wait for
the end of the test.
Program continuation Alarm display disappears with alarm cause. No further operator action
necessary.
27010 Axis %1 tolerance for safe operating stop exceeded
Parameter %1 = axis number
Explanation The axis has moved too far away from the reference position. It is further away
than allowed in MD $MA_SAFE_STANDSTILL_TOL.
The alarm can be re-configured in the MD
$MN_ALARM_REACTION_CHAN_NOREADY (channel not ready).
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals were set
Alarm display
NC stop for alarm
Channel not ready
Stop the axis with speed setpoint = 0 (STOP B). As soon as the speed actual
value is less than that defined in the MD
$MA_SAFE_STANDSTILL_VELO_TOL, at the latest however, after the time in
MD $MA_SAFE_PULSE_DISABLE_DELAY expires, the pulses are cancelled
(STOP A).
Remedy Check the tolerance for the standstill monitoring: does the value match the
precision and control dynamics of the axis?
If not, increase tolerance. If yes, check the machine for damage and repair it.
Program continuation Power-down the control and power-up again.
27011 Axis %1 safely-reduced speed exceeded
Parameter %1 = axis number
Explanation The axis has moved too quickly and faster than that specified in MD
$MA_SAFE_VELO_LIMIT. When SBH/SG is active and for a 1-encoder
system, the speed, that corresponds to the encoder limit frequency saved in
MD SAFE_ENC_FREQ_LIMIT was exceeded.
Response NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
The axis is stopped with STOP A, C, D or E, depending on what has been
configured in MD $MA_SAFE_VELO_STOP_MODE or MD
$MA_SAFE_VELO_STOP_REACTION.
Remedy If no obvious operator error has occurred: Check the value entered into the
MDs, check SGEs: Was the correct safely-reduced speed selected? If the MDs
and SGEs are o.k., check the machine for any damage and rectify.
Program continuation Clear the alarm with the RESET key. Restart part program.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-320 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27012 Axis %1 Safe limit position crossed
Parameter %1 = axis number
Explanation The axis has passed the limit position entered in MD
$MA_SAFE_POS_LIMT_PLUS or MD $MA_SAFE_POS_LIMIT_MINUS.
Response NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
The axis is stopped with STOP C, D or E, according to the configuration in MD
$MA_SAFE_POS_STOP_MODE.
Remedy If no obvious operator error has occurred: Check the value entered in the
machine data, check the SGEs: Was the correct one of 2 limit positions
selected? If the MDs and SGEs are o.k., check the machine for any damage
and repair.
Program continuation Clear the alarm with the RESET key. Restart part program.
Withdraw the user agreement for this axis. Then press the RESET key. The
program is aborted and the alarm reset. Move the axis in the JOG mode to the
valid traversing range. After the NC program error has been eliminated and the
position of this axis carefully checked, the user agreement can be re-issued
and the program can be restarted.
27013 Axis %1 safe braking ramp exceeded
Parameter %1 = axis number
Explanation After the initiation of STOP B or C, the speed exceeded the tolerance value
entered in MD $MA_SAFE_STOP_VELO_TOL.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Interlock the pulses by initiating a STOP A.
Remedy Check the MD $MA_SAFE_STOP_VELO_TOL. Check the braking
characteristics of the drive involved.
Program continuation Power-down the control and power-up again.
27020 Axis %1: STOP E activated
Parameter %1 = axis number
Explanation This alarm comes with Alarms 27011 "Safely-reduced speed exceeded" or
27012 "Safe limit position exceeded" (according to the configuration in MD
$MA_SAFE_VELO_STOP_MODE, $MA_SAFE_VELO_STOP_REACTION or
MD $MA_SAFE_POS_STOP_MODE).
Response NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
A LIFTFAST-ASUP (sub-routine) is initiated and the safe operating stop (SBH)
is internally activated after the time set in MD
$MA_SAFE_STOP_SWITCH_TIME_E has expired.
Remedy Remove the causes for "Safely-reduced speed exceeded" and/or "Safe limit
position exceeded" (refer to a description of the alarms).
Program continuation Clear the alarm with the RESET key. Restart part program.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-321
27021 Axis % 1: STOP D activated
Parameter %1 = axis number
Explanation This alarm comes with Alarms 27011 "Safely-reduced speed exceeded" or
27012 "Safe limit position exceeded" (according to the configuration in MD
$MA_SAFE_VELO_STOP_MODE, $MA_SAFE_VELO_STOP_REACTION or
$MA_SAFE_POS_STOP_MODE).
Response NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
"Braking along the path" is initiated and the safe operating stop (SBH) is
internally activated after the time set in MD
$MA_SAFE_STOP_SWITCH_TIME_D has expired.
Remedy Remove the causes for "Safely-reduced speed exceeded" and/or "Safe limit
position exceeded" (refer to a description of the alarms).
Program continuation Clear the alarm with the RESET key. Restart part program.
27022 Axis %1: STOP C activated
Parameter %1 = axis number
Explanation This alarm comes with Alarms 27011 "Safely-reduced speed exceeded" or
27012 "Safe limit position exceeded" (according to the configuration in MD
$MA_SAFE_VELO_STOP_MODE, $MA_SAFE_VELO_STOP_REACTION or
$MA_SAFE_POS_STOP_MODE).
Response NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
"Braking along the current limit" is initiated and the safe operating stop (SBH) is
internally activated after the time, set in MD
$MA_SAFE_STOP_SWITCH_TIME_C has expired.
Remedy Remove the causes for "Safely-reduced speed exceeded" and/or "Safe limit
position exceeded" (refer to a description of the alarms).
Program continuation Clear the alarm with the RESET key. Restart part program.
27023 Axis %1: STOP B activated
Parameter %1 = axis number
Explanation This alarm comes with the alarm 27010 "Tolerance for safe standstill
exceeded" or after the Alarm 27001 "STOP F initiated".
The alarm can be reconfigured in the MD
ALARM_REACTION_CHAN_NOREADY (channel not ready).
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
"Braking along the current limit" is initiated and the timer for changeover to
STOP A is activated (refer to MD $MA_SAFE_PULSE_DISABLE_DELAY).
Remedy Remove the causes for "Tolerance for safe standstill exceeded" or for "Safe F
initiated" (refer to a description of these alarms).
Program continuation Power-down the control and power-up again.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-322 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27024 Axis %1: STOP A activated
Parameter %1 = axis number
Explanation This alarm is output as a result of
- Alarm 27011 "safely-reduced speed exceeded" (for the appropriate
configuring in $MA_SAFE_VELO_STOP_MODE,
$MA_SAFE_VELO_STOP_REACTION),
- Alarm 27013 "safe braking ramp exceeded",
- Alarm 27023 "Stop B initiated"
- unsuccessful test stop.
The alarm can be re-configured in the MD
ALARM_REACTION_CHAN_NOREADY (channel not ready).
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
"Pulse cancellation" initiated.
Remedy Remove the causes of
- Alarm "safely-reduced speed exceeded",
- Alarm "safe braking ramp exceeded",
- Alarm "Stop B initiated"
- Unsuccessful test stop
(refer to the description of the alarms).
Program continuation Power-down the control and power-up again.
27030 Axis %1 function not supported on this 611D module
Parameter %1 = axis number
Explanation SINUMERIK Safety Integrated can only be used with the 611D Performance
control modules with 2 measuring circuits per drive and shutdown relay. An
attempt has been made to activate a safety function although no such module
is plugged in.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Replace the module or switch-off safety functions in MD
$MA_SAFE_FUNCTION_ENABLE.
Program continuation Power-down the control and power-up again.
27031 Axis %1 limit value for safely-reduced speed %2 for ratio %3 too
high (max. %4)
Parameter %1 = axis number
%2 = limit value index
%3 = number of the ratio
%4 = maximum speed
Explanation All of the limit values in MD $MA_SAFE_VELO_LIMIT must be set so that the
limit frequency of the amplitude monitoring in the measuring circuit hardware is
not exceeded. The limit value that does not maintain this condition, is specified
here as second parameter (1 for SG1, 2 for SG2, etc.). The third parameter
indicates the gear stage, e.g. 1 for gear stage 1, 2 for gear stage 2, etc. The
fourth parameter indicates the maximum speed that can be entered to just
maintain the limit frequency in safe operation.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-323
The alarm can be re-configured in the MD
ALARM_REACTION_CHAN_NOREADY (channel not ready).
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Initiation of a "Pulse cancellation".
Remedy Reduce the limit value in MD $MA_SAFE_VELO_LIMIT[x], x = (2nd alarm
parameter) - 1, or correct the setting of the gear factors.
Program continuation Power-down the control and power-up again.
27032 Axis %1: Checksum error safety monitors. Acknowledgement and
acceptance test required!
Parameter %1 = axis number
Explanation The relevant MDs $MN_SAFE_..., $MN_PROFISAFE_..., $MA_SAFE ... are
protected by a checksum. The alarm indicates that the current checksum is no
longer the same as the stored setpoint checksum, i.e. that an MD value has
either been changed illegally or that data is corrupted.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check MDs. Have the checksum re-calculated. Safety functions should be
subject to a new acceptance test.
Program continuation Power-down the control and power-up again.
27033 Axis %1 parameterization of the MD %2[%3] not valid
Parameter %1 = axis number
%2 = machine data label
%3 = machine data index
Explanation The parameterization of machine data %2 is incorrect. An additional indication
is the field index of the machine data. If the machine data is a single machine
data a zero is specified as array index. This alarm occurs in the following
contexts:
- 1. The conversion of the specified MD into the internal computation format
results in an overflow.
- 2. The values entered in MD $MA_SAFE_POS_LIMIT_PLUS
and $MA_SAFE_POS_LIMIT_MINUS have been interchanged.
The upper limit is less than or equal to the lower limit.
- 3. For an axis with safety functions the setpoint/actual value
assignment in MD $MA_SAFE_ENC_SEGMENT_NR,
MD $MA_CTRLOUT_SEGMENT_NR was not made for the drive
bus. No module number was specified for a setpoint /actual value
channel assignment in MD $MA_CTRLOUT_MODULE_NR, MD
$MA_SAFE_ENC_MODULE_NR.
- 4. The number of drives has changed. When reading back the
standstill position and the associated drive number, a difference was
identified to the current drive configuration.
- 5. A safety function was enabled in
MD $MA_SAFE_FUNCTION_ENABLE
without the safety functions SBH/SG having been enabled.
- 6. Error when parameterizing the input/output assignments for the
SGEs/SGAs.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-324 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
- 7. A zero was entered into MD $MA_SAFE_ENC_GRID_POINT_DIST.
- 8. A zero was entered into MD $MA_SAFE_ENC_RESOL.
- 9. Various settings were made in MD $MA_IS_ROT_AX and
MD $MA_SAFE_IS_ROT_AX.
- 10. A non-existent measuring circuit was parameterized in
MD $MA_SAFE_ENC_INPUT_NR.
- 11. The number of drive was entered into MD
$MA_SAFE_ENC_MODULE_NR
that is either non-existent or is detected as being inactive. For an inactive
drive, MD $MA_SAFE_ENC_TYPE was not reset to 0.
- 12. An encoder type was parameterized in MD $MA_SAFE_ENC_TYPE
that does not correspond to the actual type being used.
- 13. An incorrect encoder type ($MA_SAFE_ENC_TYPE = 0, 2, 3 or 5)
for active drive was entered in MD $MA_SAFE_ENC_TYPE.
- 14. When parameterizing the motor encoder in MD
$MA_SAFE_ENC_INPUT_NR, the measuring circuit for the
2nd measuring system is also used in order to secure the
two-channel functionality. The 2nd
measuring circuit of this drive module was also parameterized in the
data of another axis so that there is a double assignment. The
2nd measuring circuit connection – for this parameterization -
cannot be used for the actual value sensing.
- 15. For a linear axis, a value of greater than 10mm was entered into
MD $MA_SAFE_POS_TOL.
- 16. For linear axis, a value of greater than 1mm was entered into
MD $MA_SAFE_REFP_POS_TOL .
- 17. The limit values for the "n<n_x" monitoring function, calculated from
MD $MA_SAFE_VELO_X and MD $MA_SAFE_POS_TOL are the
same magnitude.
- 18. One of the activated cam positions is outside the actual value
modulo range.
- 19. The parameterized cam modulo range MD
$MA_SAFE_MODULO_RANGE is not an integral multiple of
360 degrees.
- 20. The parameterized cam modular range MD
$MA_SAFE_MODULO_RANGE and the modulo range in MD
$MA_MODULO_RANGE cannot be divided by one another to give
an integer number.
- 21. The function "actual value synchronization 2-encoder system" (slip) is
selected for a single-encoder system or a function with absolute
reference (SE/SN) is simultaneously selected.
- 22. The Alarms 27000/300950 should be suppressed when parking (MD
$MA_SAFE_PARK_ALARM_SUPPRESS!=0). In this case, the SGA
"axis safely referenced" must be parameterized
using the MD $MA_SAFE_REFP_STATUS_OUTPUT.
- 23. An axial SGE/SGA was parameterized at the SPL interface (segment
number = 4) and the function enable for the external stops is missing
(MD $MA_SAFE_FUNCTION_ENABLE, Bit 6).
- 24. An axial SGE/SGA was parameterized at the SPL interface (segment
number = 4) and the SGE "de-selection ext Stop A" (assigned using
MD $MA_SAFE_EXT_STOP_INPUT[0]) was parameterized inverted
(bit 31 = 1) or the SGE "de-selection ext. Stop A" was not parameterized
at the SPL interface $A_OUTSI.
- 25. For the parameterized incremental encoder, the function
"save actual value for incremental encoder" is selected via
MD $MA_ENC_REFP_STATE and a monitoring function with
absolute reference (SE/SN) is selected via MD
$MA_SAFE_FUNCTION_ENABLE. The combination of functions is
not permitted.
- 26. For a linear axis, a value greater than 1,000 mm/min was entered into
MD $MA_SAFE_STANDSTILL_VELO_TOL.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-325
- 27. For a linear axis, a value greater than 20,000 mm/min was entered into
MD $MA_SAFE_STOP_VELO_TOL.
- 28. For a linear axis, a value greater than 1,000 mm/min was entered into
MD $MA_SAFE_VELO_X.
- 29. For a linear axis, a value greater than 1,000 mm/min was entered into
MD $MA_SAFE_SLIP_VELO_TOL.
- 30. A value greater than the maximum selectable encoder limit
frequency for safe operation of a single-encoder system was set in
MD $MA_SAFE_ENC_FREQ_LIMIT.
- 31. A value greater than 300 kHz for a Performance 1 or Standard 2
control module was set in MD $MA_SAFE_ENC_FREQ_LIMIT.
- 32. MD $MA_SAFE_EXT_PULSE_ENAB_OUTPUT was not parameterized
or was not correctly parameterized. This MD must be parameterized if
bit 30 in MD $MA_SAFE_PULSE_ENABLE_OUTPUT is set to 1 – i.e.
internal pulse cancellation is used.
- 33. MD $MN_SAFE_SPL_STOP_MODE was parameterized to a value of 4
(Stop E) without having enabled the external Stop E in all axes with
SI function enable signals (MD $MA_SAFE_FUNCTION_ENABLE
not equal to 0).
- 34. The test of the brake mechanical system was enabled in MD
$MA_FIXED_STOP_MODE (bit 1 = 1),
without safe operation having been enabled for this axis in
MD $MA_SAFE_FUNCTION_ENABLE. The test
of the brake mechanical system is only permissible in this axis with
safety functions.
- 35. The MD $MA_SAFE_VELO_STOP_MODE or MD
$MA_SAFE_VELO_STOP_REACTION was parameterized for an
illegal value.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check and alter the MD named in the alarm text. Have the checksum re-
calculated. Re-accept safety functions.
Program continuation Power-down the control and power-up again.
27034 Parameterization of MD %1 invalid
Parameter %1 = machine data label
Explanation The parameterization of %1 is incorrect. This alarm occurs in the following
cases:
An invalid value was set for MD $MN_SAFE_ALARM_SUPPRESS_LEVEL.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check and correct the specified machine data.
Program continuation Power-down the control and power-up again.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-326 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27090 Error in data NCK-PLC %1 [%2], NCK: %3; %4<ALSI>
Parameter %1 = name of the system variable in which error was detected
%2 = supplementary info, system variables – field index
%3 = supplementary information, comparison value NCK
%4 = supplementary information, crosswise data comparison – field index
Explanation For the cyclic crosswise data comparison between NCK and PLC, differences
have occurred in the compared data.. Parameter %1 specifies the incorrect
system variable ($A_INSI, $A_OUTSI, $A_INSE, $A_OUTSE or
$A_MARKERSI) with field index %2.
Special cases:
- Display "Error for crosswise data comparison NCK-PLC,
$MN_PREVENT_SYNACT_LOCK[0], ..." means that the SPL
commissioning status is set differently in the NCK and PLC.
- Display "Error for crosswise data comparison NCK-PLC,
$MN_SPL_STOP_MODE[0], ..." means that the SPL
stop response (Stop D or E) is set differently in the NCK and PLC.
- Display "error for crosswise data comparison NCK-PLC, TIMEOUT[0],
NCK: 0" means that there is a major communications error between
the NCK and PLC and no crosswise data comparison can be
carried-out.
For crosswise data comparison errors on the system variables $A_INSE, the
system variable involved is specified in alarm parameter %1 and the hardware
assignment parameterized in MD $MN_SAFE_IN_HW_ASSIGN[0...7] is
displayed, so that the hardware connection involved can be directly seen from
the data in the alarm line.
Example: Error for crosswise data comparison, NCK-PLC, DMP 04.03 bit
01=$A_INSE[2], NCK: 1;
The information in the example (04.03) corresponds to the entries made in the
machine data $MN_SAFE_IN_HW_ASSIGN[0...7] about the system variables.
They specify:
DMP 04.xx The drive number of the terminal block involved (value range =
01...21)
Module number of the input module (value range = 01...08)
The specified numbers are in the hexadecimal notation the same as in MD
$MN_SAFE_IN_HW_ASSIGN[0...7].
The bit number is specified starting just like the numbering of the inputs on the
DMP modules with the value 0 (value range = 00...15)
When assigning the SPL inputs to the NC onboard inputs, the expanded alarm
text looks like this:
Error for the crosswise data comparison, NCK-PLC, NC-Onboard-In
01=$A:INSE[1], NCK: 1;2
A specific alarm message can be configured on the HMI for each of the listed
system variables using parameter %4:
%4 = 0: Error SPL commissioning status
($MN_PREVENT_SYNACT_LOCK[0,1] - DB18.DBX36.0)
or different stop response ($MN_SAFE_SPL_STOP_MODE - DB18.DBX36.1)
%4 = 1.... 64: Error in system variables $A_INSE[1...64]
%4 = 65...128: Error in system variables $A_OUTSE[1...64]
%4 = 129...192: Error in system variables $A_INSI[1...64]
%4 = 193..256: Error in system variables $A_OUTSI[1...64]
%4 = 257…320: Error in system variables $A_MARKERSI[1...64]
In order to parameterize Alarm 27090, file ALSI_xx.com must be incorporated
in the data management and communicated to the HMI via MBDDE.INI in
section [IndexTextFiles] ALNX=f:\dh\mb.dir\alsi_. The machinery construction
OEM can re-define this file in order to incorporate sensible expanded texts in
the alarm for his particular machine/system. If the file is to be re-defined, the
new file to be created must be made known to the system via MBDDE.INI.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-327
The display of Alarm 27090 is influenced via the MD
$MN_SAFE_ALARM_SUPPRESS_LEVEL: MD
$MN_SAFE_ALARM_SUPPRESS_LEVEL = 2 : Alarm 27090 is only displayed
for the first data difference found.
Response Alarm display
A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE)
on all of the axes with safety functionality if the SPL commissioning phase (MD
$MN_PREVENT_SYNACT_LOCK[0,1] not equal to 0) has been completed.
Remedy Analyze the displayed value and evaluate DB18: SPL_DELTA on the PLC side.
Find the difference between the monitoring channels. Possible causes:
- incorrect wiring
- incorrect SPL
- the axial SGEs have been incorrectly assigned to the internal interface
$A_OUTSI
- the axial SGAs have been incorrectly assigned to the internal interface
$A_INSI
- the SPL-SGEs have been incorrectly assigned to the external interface
$A_INSE
- the SPL-SGAs have been incorrectly assigned to the external interface
$A_OUTSE
- different SPL commissioning status has been set in the NCK and PLC
- different SPL stop response has been set in the NCK and PLC
Program continuation Clear the alarm with the RESET key. Restart part program.
27091 Error in data cross check NCK-PLC, STOP of %1
Parameter %1 = supplementary information about the monitoring channel that has initiated
the stop
Explanation The monitoring channel specified in %1 (NCK or PLC) has triggered a stop D
or E (depending on the parameterization in MD
$MN_SAFE_SPL_STOP_MODE). Alarm 27090 provides additional information
about the reason for the Stop D/E.
Response Alarm display
A STOP D/E has been initiated (this can be set using MD
$MN_SPL_STOP_MODE) on all of the axes with safety functionality if the SPL
commissioning phase (MD $MN_PREVENT_SYNACT_LOCK[0,1] not equal to
0) has been completed.
Remedy Evaluate the alarm parameters of Alarm 27090 and correct the SPL, or check
the I/O modules/wiring or the internal SPL interfaces to the safety monitoring
channels in the NCK and drive 611D.
Program continuation Clear the alarm with the RESET key. Restart part program.
27092 Communications interrupted for crosswise data comparison, NCK-
PLC, error detected by %1
Parameter %1 = supplementary information about the detecting monitoring channel
Explanation The delay timer stage (1s) for the communication monitoring has been
exceeded in the monitoring channel specified in %1 (NCK or PLC). The other
monitoring channel did not send a new data packet within this time.
Response Alarm display
A STOP D/E has been initiated (this can be set using MD
$MN_SPL_STOP_MODE) on all of the axes with safety functionality if the SPL
commissioning phase (MD $MN_PREVENT_SYNACT_LOCK[0,1] not equal to
0) has been completed.
A timer stage of 5 sec is started – after it has expired
- the external NCK-SPL outputs are deleted
- the PLC goes to stop.
Remedy Do not start the SPL again. Check the system components (PLC must have the
correct version of FB15 and have DB18).
Program continuation Power-down the control and power-up again.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-328 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27093 Checksum error NCK-SPL, %1, %2, %3
Parameter %1 = supplementary information about the type of error
%2 = supplementary information about reference size
%3 = supplementary information about current size
Explanation The checksum error in the NCK SPL. The file /_N_CST_DIR/_N_SAFE_SPF
was subsequently modified. The safe programmable logic (SPL) in the NCK
may be corrupted. Parameter %1 provides further information about the type of
change:
%1 = FILE_LENGTH: The file length has changed.
%1 = FILE_CONTENT: The file contents have changed.
%2 specifies the variable calculated as the reference (file length, checksum
about file contents),
%3 specifies the current size calculated cyclically.
Response Alarm display
Remedy Check the file and when the last change was made to that file. Reload the
original file and start the monitoring system again with a power on.
Program continuation Power-down the control and power-up again.
27094 Write access to system variable %1 only allowed from NCK-SPL
Parameter %1 = name of the safety system variable involved
Explanation Write access to one of the safety system variables is only possible from
part program /_N_CST_DIR/_N_SAFE_SPF. If this error occurs, an instruction
from another part program was detected.
Response Alarm display
Remedy Check the part program used for write access to safety system variables.
Program continuation Clear the alarm with the RESET key. Restart part program.
27095 %1 SPL protection not activated
Parameter %1 = name of the component for which the protection is not activated
(NCK or PLC).
Explanation The protective mechanisms for the SPL have not been activated. The
commissioning phase of the SPL has not yet been completed. For an error in
the crosswise data comparison between NCK and PLC, a stop response
(Stop D or E) is not initiated.
Response Alarm display
Remedy Remedy for NCK: Activate the protective mechanisms by writing to MD
$MN_PREVENT_SYNACT_LOCK[0,1]. The number range of the synchronous
action IDs used in the SPL must be entered in this MD.
Remedy for PLC: Activate the protective mechanisms by setting the appropriate
data bit in DB18.
Program continuation Clear the alarm with the RESET key. Restart part program.
27096 SPL start not allowed
Explanation To start the SPL in the protected state ($MN_PREVENT_SYNACT_LOCK[0,1]
not equal to 0), at least one axis must have safety integrated functionality
activated (via MD $MA_SAFE_FUNCTION_ENABLE) beforehand. Without this
functionality it is only possible to operate the SPL in the commissioning state.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-329
Remedy Commissioning the axial safety integrated functionality or cancellation of the
SPL protection using MD $MN_PREVENT_SYNACT_LOCK[0,1]
Program continuation Power-down the control and power-up again.
27100 At least one axis is not safely referenced
Explanation There are two reasons for this alarm:
- the machine position of at least one of the axes monitored with SI has
not been acknowledged by the user or
- the machine position of at least one of the axes monitored with SI has
still not been verified by subsequent referencing
Even if the axis is already referenced, there is no acknowledgement that
referencing has supplied the correct result. For example, incorrect results can
occur if the axis was moved after the control was powered-down, with the result
that the standstill position saved prior to powering-down is no longer correct. To
make sure that this does not happen, the user must acknowledge the displayed
actual position after the first referencing process.
When the user agreement has been set for the first time, the axis must be
subsequently referenced each time that the control is run-up (with absolute
encoders, this subsequent referencing is automatically executed). This
procedure is carried out to verify the standstill position saved prior to powering-
down the control.
The alarm display can be set in $MN_SAFE_ALARM_SUPPRESS_LEVEL
(MD<3) in such a way that incorrect referencing is displayed separately for
each axis.
Response Alarm display
The SGA "Axis safely referenced" is not set. SE is disabled if the safe actual
position has not yet been acknowledged by the user agreement. If the user
agreement is set, SE remains active. The safe cams are calculated and output,
but their significance is limited because referencing has not been
acknowledged.
Remedy Move all of the SI axes to the known positions and change into the
"Referencing" mode. Check the positions on the machine displayed in the user
agreement field and set "User agreement" using the selection/toggle key.
If the user agreement has already been set for the axis, then re-reference the
axes. It is only possible to change the user agreement in the key-operated
switch position 3 or after entering a password.
Program continuation Alarm display disappears with alarm cause. No further operator action
necessary.
27101 Axis %1, difference in function safe operating stop, NCK: %2,
drive: %3
Parameter %1 = Axis number
%2 = Monitoring status, safe operating stop
%3 = Monitoring status, safe operating stop
Explanation In the crosswise data comparison of result list 1 between the monitoring
channels, NCK and drive, a difference was detected in the monitoring state of
the safe operating stop monitoring.
Safe operating stop: Bit 0,1 in result list 1
monitoring state (%2, %3):
- OFF = monitoring inactive in this monitoring channel
- OK = monitoring active in this monitoring channel, limit values not violated
- L+ = monitoring active in this monitoring channel, upper limit value violated
- L- = monitoring active in this monitoring channel, lower limit value violated
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-330 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Response Alarm display
If safe monitoring was active, then STOP B was also automatically initiated. It is
necessary to power-down the control and power it up again (power on).
Remedy Check that the safe inputs in both monitoring channels have switched into the
same state within the permissible time tolerance.
For further diagnostics, refer to the drive machine data 1391, 1392 and the
servo-trace signal "Results list 1 NCK" and "Results list 1 Drive".
Program continuation Clear the alarm with the RESET key. Restart part program.
27102 Axis %1, difference in function safe velocity %2, NCK: %3,
drive: %4
Parameter %1 = Axis number
%2 = SG stage for which the difference was detected
%3 = Monitoring status, safely-reduced speed
%4 = Monitoring status, safely-reduced speed
Explanation In the crosswise data comparison of result list 1between the monitoring
channels, NCK and drive, a difference in the monitoring state of the safely-
reduced speed monitoring was detected.
- Safely-reduced speed 1: Bits 6, 7 in result list 1
- Safely-reduced speed 2: Bits 8, 9 in result list 1
- Safely-reduced speed 3: Bits 10, 11 result list 1
- Safely-reduced speed 4: Bit 12, 13 in result list 1
Monitoring state (%3, %4):
- OFF = monitoring inactive in this monitoring channel
- OK = monitoring active in this monitoring channel, limit values not violated
- L+ = monitoring active in this monitoring channel, upper limit value violated
- L- = monitoring active in this monitoring channel, lower limit value violated
Response Alarm display
If safe monitoring was active, then STOP B was also automatically initiated. It is
necessary to power-down the control and power it up again (power on).
Remedy Check that the safe inputs in both monitoring channels have switched into the
same state within the permissible time tolerance.
For further diagnostics, refer to the drive machine data 1391, 1392 and the
servo-trace signal "Results list 1 NCK" and "Results list 1 Drive".
Program continuation Clear the alarm with the RESET key. Restart part program.
27103 Axis %1, difference in function safe limit position %2, NCK: %3,
drive: %4
Parameter %1 = Axis number
%2 = Number of SE limit
%3 = Monitoring status, safe limit position
%4 = Monitoring status, safe limit position
Explanation In the crosswise comparison of result list 1between the monitoring channels,
NCK and drive, a difference was detected in the monitoring state of the safe
limit position monitoring.
- safe limit position 1: Bits 2, 3 in result list 1
- safe limit position 2: Bits 4, 5 in result list 1
Monitoring state (%3, %4):
- OFF = monitoring inactive in this monitoring channel
- OK = monitoring active in this monitoring channel, limit values not violated
- L+ = monitoring active in this monitoring channel, upper limit value violated
- L- = monitoring active in this monitoring channel, lower limit value violated
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-331
Response Alarm display
If safe monitoring was active, the STOP B was also automatically initiated. It is
necessary to power-down the control and power it up again (power on).
Remedy Check that the safe inputs in both monitoring channels have switched into the
same state within the permissible time tolerance.
For further diagnostics, refer to the drive machine data 1391 and 1392 and the
servo-trace signal "Results list 1 NCK" and "Results list 1 Drive".
Program continuation Clear the alarm with the RESET key. Restart part program.
27104 Axis %1, difference in function safe cam plus %2, NCK: %3,
drive: %4
Parameter %1 = Axis number
%2 = Number of cam
%3 = Monitoring status, safe cam plus
%4 = Monitoring status, safe cam plus
Explanation During the crosswise comparison of result list 2 between the monitoring
channels, NCK and drive, a difference was detected in the monitoring state of
the safe cam plus monitoring.
- safe cam 1+: Bits 0, 1 in result list 2
- safe cam 2+: Bits 4, 5 in result list 2
- safe cam 3+: Bits 8, 9 in result list 2
- safe cam 4+: Bits 12, 13 in result list 2
Monitoring state (%3, %4):
- OFF = monitoring inactive in this monitoring channel
- OK = monitoring active in this monitoring channel, limit values not violated
- L+ = monitoring active in this monitoring channel, upper limit value violated
- L- = monitoring active in this monitoring channel, lower limit value violated
Response Alarm display
If safe monitoring was active, then STOP B was also automatically initiated. It is
necessary to power-down the control and power it up again (power on).
Remedy Check that the safe actual values in both monitoring channels match.
For further diagnostics, the drive machine data 1393, 1394 and the servo trace
signals "Result list 2, NCK" and "Result list 2, drive" can be used.
Program continuation Clear the alarm with the RESET key. Restart part program.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-332 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27105 Axis %1, difference in function safe cam minus %2, NCK: %3,
drive: %4
Parameter %1 = Axis number
%2 = Number of cam
%3 = Monitoring status, safe cam minus
%4 = Monitoring status, safe cams minus
Explanation In the crosswise comparison of result list 2 between the monitoring channels,
NCK and drive, a difference was detected in the monitoring state of the safe
cam minus monitoring.
- safe cam 1-: Bits 2, 3 in result list 2
- safe cam 2-: Bits 6, 7 result list 2
- safe cam 3-: Bits 10, 11 in result list 2
- safe cam 4-: Bits 14, 15 result list 2
Monitoring state (%3, %4):
- OFF = monitoring inactive in this monitoring channel
- OK = monitoring active in this monitoring channel, limit values not violated
- L+ = monitoring active in this monitoring channel, upper limit value violated
- L- = monitoring active in this monitoring channel, lower limit value violated
Response Alarm display
If safe monitoring was active, then STOP B was also automatically initiated. It is
necessary to power-down the control and power it up again (power on).
Remedy Check that the safe actual values in both monitoring channels match.
For further diagnostics, the drive machine data 1393, 1394 and the servo trace
signals "Result list 2, NCK" and "Result list 2, drive" can be used.
Program continuation Clear the alarm with the RESET key. Restart part program.
27106 Axis %1, difference in function safe velocity nx, NCK: %2,
drive: %3
Parameter %1 = Axis number
%2 = Monitoring status, safely-reduced speed nx
%3 = Monitoring status, safely-reduced speed nx
Explanation In the crosswise data comparison of result list 2 between the monitoring
channels, NCK and drive, a difference was detected in the monitoring state of
the safely-reduced speed nx monitoring.
- safely-reduced speed nx+: Bits 16, 17 in result list 2
- safely-reduced speed nx-: Bits 18, 19 in result list 2
Monitoring state (%2, %3):
- OFF = monitoring inactive in this monitoring channel
- OK = monitoring active in this monitoring channel, limit values not violated
- L+ = monitoring active in this monitoring channel, upper limit value violated
- L- = monitoring active in this monitoring channel, lower limit value violated
Response Alarm display
If safe monitoring was active, then STOP B was also automatically initiated. It is
necessary to power-down the control and power it up again (power on).
Remedy Check that the safe actual values in both monitoring channels match.
For further diagnostics, the drive machine data 1393, 1394 and the servo trace
signals "Result list 2, NCK" and "Result list 2, drive" can be used.
Program continuation Clear the alarm with the RESET key. Restart part program.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-333
27107 Axis %1, Difference with Cam Modulo Monitoring function, NCK:
%2, drive: %3
Parameter %1 = Axis number
%2 = Monitoring status, safe cam modulo range
%3 = Monitoring status, safe cam modulo range
Explanation In the crosswise data comparison of result list 2 between the monitoring
channel, NCK and drive, a difference was detected in the monitoring state of
the cam modulo area monitoring.
Safe cam modulo range: Bits 20, 21 in result list 2
Monitoring state (%2, %3):
- OFF = monitoring inactive in this monitoring channel
- OK = monitoring active in this monitoring channel, limit values not violated
- L+ = monitoring active in this monitoring channel, upper limit value violated
- L- = monitoring active in this monitoring channel, lower limit value violated
Response Alarm display
If safe monitoring was active, then STOP B was also automatically initiated. It is
then necessary to power-down the control and power it up again (power on).
Remedy Check that the safe actual values in both monitoring channels match.
For further diagnostics, the drive machine data 1393, 1394 and the servo trace
signals "Result list 2, NCK" and "Result list 2, drive" can be used.
Program continuation Clear the alarm with the RESET key. Restart part program.
27124 Stop A initiated for at least 1 axis
Explanation This alarm only indicates that Stop A has been triggered in at least one axis
and power on is required to acknowledge the alarm. This alarm is output if the
alarm priority function was activated in MD
$MN_SAFE_ALARM_SUPPRESS_LEVEL.
Response Alarm display
Interface signals are set
"Pulse cancellation" is initiated for the axis involved.
Remedy Locate the cause of the error using additional alarm messages.
Program continuation Power-down the control and power-up again.
27200 PROFIsafe: Cycle time %1 [ms] is too long
Parameter %1 = parameterized cycle time
Explanation The PROFIsafe communication cycle time resulting from MD
$MN_PROFISAFE_IPO_TIME_RATIO and MD $MN_IPO_CYCLE_TIME
exceeds the permissible limit value (25 ms).
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the cycle time using MD $MN_PROFISAFE_IPO_TIME_RATIO or
reduce the IPO clock cycle.
Program continuation Power-down the control and power-up again.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-334 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27201 PROFIsafe: MD %1[%2]: Bus segment %3 error
Parameter %1 = MD name
%2 = MD field index
%3 = Parameterized bus segment
Explanation An incorrect bus segment was entered in the specified machine data. The value
must be 5.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the MD.
Program continuation Power-down the control and power-up again.
27202 PROFIsafe: MD %1[%2]: Address %3 error
Parameter %1 = MD name
%2 = MD field index
%3 = Parameterized PROFIsafe address
Explanation An incorrect PROFIsafe address was entered in the specified machine data.
The value must be greater than 0.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the MD.
Program continuation Power-down the control and power-up again.
27203 PROFIsafe: MD %1[%2]: Wrong SPL assignment
Parameter %1 = MD name
%2 = MD field index
Explanation The parameterization in the specified MD for the connection between the
SPL interface and a PROFIsafe module is incorrect. The reasons for this are as
follows:
- bit limits interchanged (upper bit value < lower bit value)
- bit values greater than in the definition of the SPL interface (bit value > 64)
- number of bits too high for this PROFIsafe module (upper bit value – lower bit
value + 1> 8)
- no SPL assignment was parameterized (both bit values are equal to zero)
- incorrect SPL assignment (bit value equal to zero)
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the MD.
Program continuation Power-down the control and power-up again.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-335
27204 PROFIsafe: Double assignment MD %1[%2] - MD %3[%4]
Parameter %1 = MD name 1
%2 = MD field index for MD name 1
%3 = MD name 2
%4 = MD field index for MD name 2
Explanation A double assignment has illegally been parameterized in the specified machine
data:
A_INSE parameterized on the DMP as well as PROFIsafe modules. MDs
involved:
- MD $MN_SAFE_IN_HW_ASSIGN
- MD $MN_PROFISAFE_IN_ASSIGN
$A_INSE parameterized on several PROFIsafe modules. MD involved:
- MD $MN_PROFISAFE_IN_ASSIGN
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the MD.
Program continuation Power-down the control and power-up again.
27205 PROFIsafe: Number of signals in MD %1[%2] – MD %3[%4]
Parameter %1 = MD name 1
%2 = MD field index to the MD name 1
%3 = MD name 2
%4 = MD field index to the MD name 2
Explanation The parameterized number of signals used must be the same in both machine
data.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the MD.
Program continuation Power-down the control and power-up again.
27206 PROFIsafe: MD %1[%2] max. bit index %3 exceeded
Parameter %1 MD name
%2 MD field index to the MD name
%3 max. bit index
Explanation Data parameterized in the specified machine data lie outside the useful (net) F
data area of the F module.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the MD.
Program continuation Power-down the control and power-up again.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-336 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27207 PROFIsafe: MD %1[%2] max. sub-slot number: %3 exceeded
Parameter %1 MD name
%2 MD field index to the MD name
%3 max. number of sub-slots
Explanation The sub-slot parameterized in the specified machine data exceeds the max.
permissible number of sub slots per PROFIsafe module.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Reduce the number of sub-slots by changing the F useful (net) data distribution
of the PROFIsafe module.
Program continuation Power-down the control and power-up again.
27220 PROFIsafe: Number of NCK F modules (%1) < > number of
S7-F modules (%2)
Parameter %1 = number of parameterized NCK-F modules
%2 = number of parameterized S7-F modules
Explanation The number of F modules parameterized using the NCK machine data
$MN_PROFISAFE_IN/OUT_ADDRESS is
- greater than the number of PROFIBUS slaves configured in the
S7 PROFIBUS
- less than the number of F modules in the configured S7 PROFIBUS
- greater than the number of F modules in the configured S7 PROFIBUS
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the F parameterization in the MD
$MN_PROFISAFE_IN/OUT_ADDRESS.
Check the F configuration in the configured S7 PROFIBUS.
Check the parameterized PROFIsafe master address in MD
$MN_PROFISAFE_MASTER_ADDRESS and configured S7-PROFIBUS.
Program continuation Power-down the control and power-up again.
27221 PROFIsafe: NCK F module MD %1[%2] unknown
Parameter %1 = MD name
%2 = MD field index
Explanation The F module parameterized in the specified machine data is unknown under
this PROFIsafe address in the S7 PROFIBUS configuration.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the PROFIsafe addresses in the NCK-MD and S7 PROFIBUS
configuration
Program continuation Power-down the control and power-up again.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-337
27222 PROFIsafe: S7 F module PROFIsafe address %1 unknown
Parameter %1 = PROFIsafe address
Explanation The F module with the specified PROFIsafe address has not been
parameterized as an F module in the NCK MD.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the S7 PROFIBUS configuration. Register the module in the NCK MD.
Program continuation Power-down the control and power-up again.
27223 PROFIsafe: NCK F module MD %1[%2] is not a %3 module
Parameter %1 = MD name
%2 = MD field index
%3 = Module type
Explanation The F module parameterized in the specified NCK MD has not been designated
as an appropraite input/output module in the S7 PROFIBUS configuration.
- %3 = INPUT: - NCK F parameterization expects an INPUT module
- %3 = OUTPUT: NCK F parameterization expects an OUTPUT module
- %3 = IN/OUT: NCK F parameterization expects an INPUT or OUTPUT
module
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the module in the S7 PROFIBUS configuration
Program continuation Power-down the control and power-up again.
27224 PROFIsafe: F module MD %1[%2] - MD %3[%4]: Double
assignment of PROFIsafe address
Parameter %1 = MD name 1
%2 = MD field index 1
%3 = MD name 2
%4 = MD field index 2
Explanation In the NCK MD or in the S7 F parameters, the same PROFIsafe address has
been parameterized for the F modules parameterized in the specified machine
data. This means that there is no unique communications relationship possible
between the F master and F slave.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check and correct the S7 F parameterization and NCK MD.
Program continuation Power-down the control and power-up again.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-338 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27225 PROFIsafe: Slave %1, configuration error, %2
Parameter %1 = PROFIBUS slave address
%2 = Configuration error
Explanation An error occurred during the evaluation of the S7 PROFIBUS configuration for
the specified slave. This is specified further in the alarm parameter.
%2 = PRM header: the PRM telegram for this slave could not clearly be
interpreted.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the S7 PROFIBUS configuration and correct.
Program continuation Power-down the control and power-up again.
27240 PROFIsafe: DP M has not run-up, DP info: %1
Parameter %1 = actual information from the DP interface NCK-PLC
Explanation There is no DP configuration available to the NCK after the time specified via
the MD $MN_PLC_RUNNINGUP_TIMEOUT.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy - increase MD $MN_PLC_RUNNINGUP_TIMEOUT
- check the PLC operating state
- check the PLC operating system software release
- delete the F parameterization in the NCK-MD.
Program continuation Power-down the control and power-up again.
27241 PROFIsafe: DP M version different, NCK: %1, PLC: %2
Parameter %1 = version of the DP interface on the NCK side
%2 = version of the DP interface on the PLC side
Explanation The DP interface has been implemented differently for the NCK and PLC
components. The F communication cannot be initialized.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy - check PLC operating system and correct NCK software versions.
- upgrade the PLC operating system.
- delete NCK-F parameterization.
Program continuation Power-down the control and power-up again.
27242 PROFIsafe: F module %1, %2 faulty
Parameter %1 = PROFIsafe address
%2 = incorrect F parameter
Explanation An error was detected during the evaluation of the F parameters.
%2 = CRC1: CRC error, F parameters.
%2 = F_WD_Timeout: The monitoring time parameterized in Step 7 is too short
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-339
for the PROFIsafe cycle time defined by the MD
$MN_PROFISAFE_IPO_TIME_RATIO.
%2 = CRC2_Len: Incorrect length of the telegram CRC.
%2 = F_Data_Len: The incorrect telegram length has been defined for the
stated module.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy %2 = CRC1: General PLC reset, reload the S7 F configuration.
%2 = F_WD_Timeout: Reparameterize the PROFIsafe cycle time or F
monitoring time.
%2 = CRC2_Len: General PLC reset, reload the S7 F configuration.
%2 = F_Data_Len: General PLC reset, reload the S7 F configuration.
Program continuation Power-down the control and power-up again.
27250 PROFIsafe: Configuration in DP-M changed;
Error code %1 – %2
Parameter %1 = NCK project Number
%2 = Current PLC project number
Explanation The DP master shows a modified S7 PROFIBUS configuration. Error-free
operation can no longer be guaranteed.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Communications with the F slaves is terminated.
A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE)
on all of the axes with safety functionality.
Remedy Restart the PLC/NCK.
Program continuation Power-down the control and power-up again.
27251 PROFIsafe: F module %1, %2 reports error %3
Parameter %1 = PROFIsafe address
%2 = Signaling components (master/slave)
%3 = Error detection
Explanation An error has occurred in the PROFIsafe communication between the F master
and the specified F module which was detected by the signaling component
(master/slave).
The error code specifies the error type:
- %3 = TO: The parameterized communications timeout has been exceeded
- %3 = CRC: A CRC error was detected
- %3 = CN: An error was detected in the sequence (timing) of the F telegrams
- %3 = SF: F master error, NCK/PLC are no longer in synchronism
- %3 = EA: Communications error, slave sends empty telegrams
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE)
on all of the axes with safety functionality.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-340 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Remedy Check the DP wiring. Restart F slave modules. Restart the NCK/PLC.
Program continuation Clear the alarm with the RESET key. Restart part program.
27252 PROFIsafe: Slave %1, sign-of-life error
Parameter %1 = DP slave address
Explanation The specified DP slave no longer communicates with the master. Stop D/E is
triggered.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE)
on all of the axes with safety functionality.
Remedy Check the DP wiring. Restart F slave modules. Restart the NCK/PLC.
Program continuation Clear the alarm with the RESET key. Restart part program.
27253 PROFIsafe: Communication fault F master component %1, error
%2
Parameter %1 = faulty components (NCK/PLC)
%2 = fault/error detected
Explanation The F master signals a communications error between the NCK and PLC.
The cause of the error is indicated by error code %1;
- %1 = NCK: Link between PROFIsafe and SPL interface is interrupted.
- %1 = PLC: The PLC no longer executes the OB40 request.
- %1 = PLC-DPM: DP master is no longer in the OPERATE state.
Parameter %2 provides additional information about the reason for the error:
- %2 = 0: NCK-internal sequence error (refer to %1=NCK).
- %2 = 1,2,4: PLC processing of the OB40 not finished.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE)
on all of the axes with safety functionality.
Remedy Extend the PROFIsafe cycle time via MD
$MN_PROFISAFE_IPO_TIME_RATIO.
Program continuation Clear the alarm with the RESET key. Restart part program.
27254 PROFIsafe: F module%1, error on channel %2; %3<ALSI>
Parameter %1 = PROFIsafe address
%2 = channel number
%3 = supplementary information system variables – field index
Explanation The F module signals that an error has occurred in the interface of the specified
channel.
11.03 6 Alarms
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-341
This alarm is only triggered for ET200S F modules.
%2=0: Special meaning: A general fault has occurred in the F module.
Using parameter %3, a specific alarm message can be configured on the HMI
for each of the listed system variables:
- %3 = 1....64: Error in system variables $A_INSE[1...64]
- %3 = 65...128: Error in system variables $A_OUTSE[1...64]
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE)
on all of the axes with safety functionality.
Remedy Check the wiring. Wiring OK: Replace F module.
Program continuation Clear the alarm with the RESET key. Restart part program.
27255 PROFIsafe: F module %1, general error
Parameter %1 = PROFIsafe address
Explanation The specified PROFIsafe module signals an error. A more exact specification of
the cause of the error cannot be made without further resources.
This alarm is triggered for all types of PROFIsafe slaves.
For ET200S F modules, this error can only occur if there already is a channel
error when cyclic communication starts between the F master and module.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the wiring.
A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE)
on all of the axes with safety functionality.
Program continuation Clear the alarm with the RESET key. Restart part program.
27256 PROFIsafe: Actual cycle time %1 [ms] > parameterized cycle time
Parameter %1 = actual PROFIsafe communications cycle time
Explanation The current PROFIsafe communication cycle time is greater than the value set
via MD $MN_PROFISAFE_IPO_TIME_RATIO. The parameterized PROFIsafe
communication cycle time is continually exceeded on the PLC side.
Response Mode group not ready
NC start inhibit in this channel
Interface signals are set
Alarm display
NC stop for alarm
A STOP D/E is initiated (this can be set using MD $MN_SPL_STOP_MODE)
on all of the axes with safety functionality.
Remedy Adapt the cyclic time using MD $MN_PROFISAFE_IPO_TIME_RATIO
At least the value, displayed in parameter %1 must be set.
The selected cycle time has an effect on the runtime utilization of the PLC
module. This must also be taken into account in the setting.
Program continuation Clear the alarm with the RESET key. Restart part program.
6 Alarms 11.03
6.1 Alarms for SINUMERIK 840digital
© Siemens AG 2003 All Rights Reserved
6-342 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27299 PROFIsafe: Diagnostics %1 %2 %3 %4
Parameter %1 error ID 1
%2 error ID 2
%3 error ID 3
%4 error ID 4
Explanation Internal error in the NCK PROFIsafe implementation.
Response Alarm display
Remedy Please contact the Siemens A&D MC, Hotline with the error text
- Tel 0180 / 5050 - 222 (Germany)
- Fax 0180 / 5050 - 223
- Tel +49-180 / 5050 - 222 (outside Germany)
- Fax +49-180 / 5050 - 223
- email techsupport@ad.siemens.de
Program continuation Power-down the control and power-up again.
11.03 6 Alarms
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-343
6.2 Alarms from SIMODRIVE 611 digital
Alarms that may occur in connection with SINUMERIK Safety Integrated are
listed below.
300500 Axis %1, drive %2 system error, error codes %3, %
Parameter %1 = NC axis number
%2 = drive number
%3 = error code 1
%4 = error code 2
Explanation The drive has signaled a system error.
Safety Integrated:
Interrogation: In the corresponding clock cycle.
For FD: Regenerative stop (corresponds to STOP B)
For MSD: Pulse and controller inhibit (corresponds to STOP A)
The error occurs if the computation time of the drive processor is not sufficient
for the cycle indicated in the supplementary information.
Error No.: 03, Supplementary information: 40, monitoring clock cycle for
SINUMERIK Safety Integrated too low.
Response Mode group not ready
Channel not ready
NC stop for alarm
NC start inhibit in this channel
NC switches into the tracking mode
Alarm display
Interface signals are set
Remedy Increase the relevant clock cycle or subordinate clock cycle (e.g. current-
control, speed-control or position-control clock cycle) or deselect any functions
that are not required.
Program continuation Power-down the control and power-up again.
300743 Axis %1 drive %2 function not supported on this 611D controller
module
Parameter %1 = NC axis number
%2 = drive number
Explanation The 611D Performance control module is required for SINUMERIK Safety
Integrated. If this hardware has not been installed, this alarm is triggered.
This alarm is also triggered if the motors 1PH2/4/6 are connected but neither a
611D Performance control module nor 611D Standard 2 control module is
available.
Interrogation: When the control is running-up.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Replace the 611 digital control module.
Program continuation Power-down the control and power-up again.
6 Alarms 11.03
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
6-344 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
300744 Axis %1, drive %2 checksum error safe monitoring functions –
acknowledgement and acceptance test required!
Parameter %1 = NC axis number
%2 = drive number
Explanation The actual checksum of the safety-relevant MDs calculated by the drive and
saved in MD 1398: $MD_SAFE_ACT_CHECKSUM (display of the checksum of
the machine data for safe functions) has another value than the setpoint
(reference) checksum saved during the last machine acceptance in MD 1399:
$MD_SAFE_DES_CHECKSUM (checksum of the machine data for safety-
related functions). The safety-relevant data has been modified or there is an
error.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Check all safety-relevant MDs and correct if necessary. Then carry-out a power
on. Carry-out an acceptance test on the machine.
Program continuation Power-down the control and power-up again.
300745 Axis %1, drive %2 limit values for safe end positions exchanged
Parameter %1 = NC axis number
%2 = drive number
Explanation The data for the upper limit for the SE monitoring function contains a lower
value than the data for the lower limit.
Interrogation: When the control runs-up.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Check the following MDs
MD 1334: $MD_SAFE_POS_LIMIT_PLUS[n] (upper limit value for the safe limit
position) and
MD 1335: $MD_SAFE_POS_LIMIT_MINUS[n] (lower limit value for the safe
limit position) and change so that the upper limit value is greater than the lower
limit value.
Program continuation Power-down the control and power-up again.
300746 Axis %1, drive %2 SBH/SG not enabled
Parameter %1 = NC axis number
%2 = drive number
Explanation In the machine data 1301: $MD_SAFE_FUNCTION_ENABLE (safe functions
enable) the function SBH/SG has not been enabled although the function
SE/SN has been selected in this MD.
Interrogation: When the control runs-up.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
11.03 6 Alarms
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-345
Remedy Enable the function SBH/SG via MD 1301: $MD_SAFE_FUNCTION_ENABLE
(enable safe functions)
Program continuation Power-down the control and power-up again.
300747 Axis %1, drive %2 Invalid monitoring cycle clock for MD 1300
Parameter %1 = NC axis number
%2 = drive number
Explanation MD 1300: $MD_SAFETY_CYCLE_TIME (monitoring clock cycle) was not set
as a multiple of the NC position controller clock cycle.
Interrogation: When the control runs-up.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Using MD 1300, set the monitoring cycle to n * NC position control cycle. Note
that n must be >= 1.
Program continuation Power-down the control and power-up again.
300748 Axis %1, drive %2 Monitoring cycle not identical for both axes
Parameter %1 = NC axis number
%2 = drive number
Explanation The monitoring clock cycle in MD 1300: $MD_SAFETY_CYCLE_TIME
(monitoring time) for the two axes of a 2-axis module has not been set to the
same value.
Interrogation: When the control runs-up.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Set MD 1300: $MD_SAFETY_CYCLE_TIME (monitoring cycle) the same on all
drives of the module.
Program continuation Power-down the control and power-up again.
300749 Axis %1, drive %2 conversion factor between motor and load too
large
Parameter %1 = NC axis number
%2 = drive number
Explanation The factor to convert from the motor system [increments] to the load system
[µm/mdeg] is larger than 1 or the factor which converts the load system to the
motor system is larger than 65535.
Conditions:
The condition for the factor to convert from the load system to motor system is:
µm_to_incr <= 65535
The condition for the factor to convert from the motor system to load system is:
inkr_to_µm <= 1 with µm_to_inkr = 1 / inkr_to_µm
Formula for rotary axis:
The following applies for rotary motor encoder and rotary axis:
inkr_to_µm(n) = (MD1321 SAFE_ ENC_ GEAR_ DENOM(n) / (MD1322 SAFE_
ENC_NUMERA(n)) * inkr_to_µm_rot_rund
with n = 0 ... 7 (gear stage) and
inkr_to_µm_rot_rund = (360000 / 8192) * (1 / MD1318 SAFE_ENC_RESOL)
6 Alarms 11.03
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
6-346 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
• MD 1318 SAFE_ENC_RESOL (number of encoder pulses per revolution)
• MD 1321 SAFE_ENC_GEAR_DENOM[n] (encoder/load gear denominator)
• MD 1322 SAFE_ENC_GEAR_NUMERA[n] (encoder/load gear numerator)
Formula for linear axis:
The following applies for a rotary motor encoder and linear axis:
inkr_to_µm(n) = (MD1321 SAFE_ ENC_ GEAR_ DENOM(n) / (MD1322 SAFE_
ENC_NUMERA(n)) * inkr_to_µm_rot_lin
inkr_to_µm_rot_lin = (1000 / 8192) * (1 / MD1318 SAFE_ENC_RESOL) *
MD1320 SAFE_ENC_GEAR_PITCH
Explanation:
• MD 1318 SAFE_ENC_RESOL (number of encoder pulses per revolution)
• MD 1320 SAFE_ENC_GEAR_PITCH (spindle pitch)
• MD 1321 SAFE_ENC_GEAR_DENOM[n] (encoder/load gear denominator)
• MD 1322 SAFE_ENC_GEAR_NUMERA[n] (encoder/load gear numerator)
• n = 0 ... 7 (gear stage)
Interrogation: When the control runs-up.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. Check the
following safety-relevant MDs depending on the motor encoder type and axis
type and correct, if necessary.
• MD 1317 SAFE_ENC_GRID_POINT_DIST Grid division, linear scale (for
linear encoder)
• MD 1318 SAFE_ENC_RESOL Encoder pulses per revolution (for rotary
encoder)
• MD 1318 SAFE_ENC_RESOL
• MD 1320 SAFE_ENC_GEAR_PITCH (for rotary encoder and linear axis)
• MD 1321 SAFE_ENC_GEAR_DENOM
• MD 1322 SAFE_ENC_GEAR_NUMERA (when using a gear)
• The motor encoder type and the axis type are specified using MD 1302
SAFE_IS_ROT_AX
Program continuation Power-down the control and power-up again.
300776 Axis %1, drive %2 Measuring circuit monitoring must be active
Parameter %1 = NC axis number
%2 = drive number
Explanation For FD:
The control is inhibited, the motor is braked, SIMODRIVE_READY and
DRIVE_READY are withdrawn.
For MSD:
The pulses are cancelled, the motor coasts down, SIMODRIVE_READY and
DRIVE_READY are withdrawn.
Note: The response (FD, MSD) can be configured using 611D-MD 1613.0.
Interrogation: When the control runs-up and cyclic.
For active Safety Integrated (MD 1301 <> 0:
$MD_SAFE_FUNCTION_ENABLE (enable safe functions)), the measuring
circuit monitoring of the motor (incremental) must be activated via MD 1600:
$MD_ALARM_MASK_POWER_ON (alarms that can be suppressed (power on)
bit 4.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
11.03 6 Alarms
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-347
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. Activate the
measuring circuit monitoring of the motor (incremental).
Program continuation Power-down the control and power-up again.
300900 Axis %1, drive %2 STOP A initiated
Parameter %1 = NC axis number
%2 = drive number
Explanation The drive is stopped using STOP A. This inhibits the pulses using the relay
"Antrieb_IMP" ["Drive_IMP"].
Interrogation: In the monitoring clock cycle.
If STOP A has been triggered, this can have several reasons:
1. The timer in MD 1356: $MD_SAFE_PULSE_DISABLE_DELAY (delay
time, pulse cancellation) of STOP B has expired.
2. The speed threshold in MD 1360: $MD_SAFE_STANDSTILL_VELO_TOL
(shutdown speed, pulse cancellation) of STOP B has not been reached.
3. The user has requested a test of the shutdown path using SGE "Test stop
selection", but the pulses were not cancelled after the timer stage in MD
1357: $MD_SAFE_PULSE_DIS_CHECK_TIME (time to test the pulse
cancellation) had expired.
4. Safe brake ramp (SBR) has responded.
5. "SG-specific stop response" is set to STOP A and has responded.
The alarm can be re-configured in the MD
ALARM_REACTION_CHAN_NOREADY (channel not ready).
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. The user must
identify the cause and take appropriate measures.
Program continuation Power-down the control and power-up again.
300901 Axis %1, drive %2 STOP B initiated
Parameter %1 = NC axis number
%2 = drive number
Explanation The drive is shut down using a STOP B. This inhibits the pulses using the relay
"Antrieb_IMP" ["Drive_IMP"].
Interrogation: In the monitoring clock cycle.
If STOP B has been triggered, this can have several reasons:
1. Safe standstill monitoring has responded.
2. Call for STOP F, i.e. a crosswise data comparison error has occurred.
3. The "SG-specific stop response" is set to STOP B and has responded.
The alarm can be re-configured in the MD
ALARM_REACTION_CHAN_NOREADY (channel not ready).
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. The user must
identify the cause and take appropriate measures.
Program continuation Power-down the control and power-up again.
6 Alarms 11.03
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
6-348 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
300906 Axis %1, drive %2 safe braking ramp exceeded
Parameter %1 = NC axis number
%2 = drive number
Explanation The drive is stopped using a STOP A.
Interrogation: In the monitoring clock cycle.
The actual speed of the axis has not decreased when braking with "nset = 0"
(STOP B or STOP C), but has increased again above the speed limit corrected
by braking and the tolerance specified in MD 1348: $MD_SAFE_VELO_TOL
(actual speed tolerance for SBR).
The alarm can be re-configured in the MD
ALARM_REACTION_CHAN_NOREADY (channel not ready).
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. Check the braking
characteristics and, if necessary, modify the speed tolerance in MD 1348:
$MD_SAFE_VELO_TOL (actual speed tolerance for SBR). Restart is only
possible with power on.
Program continuation Power-down the control and power-up again.
300907 Axis %1, drive %2 Tolerance for safe operational stop exceeded
Parameter %1 = NC axis number
%2 = drive number
Explanation The drive is stopped using a STOP A or STOP B. This inhibits the pulses using
the relay "Antrieb_IMP" ["Drive_IMP"].
Interrogation: In the monitoring clock cycle.
The actual position has moved too far away from the setpoint/standstill position
(outside the standstill window). The standstill window is parameterized using
MD 1330: $MD_SAFE_STANDSTILL_TOL (standstill tolerance SBH)
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. Check the
tolerance for the safe operating stop: does the value match the precision and
control dynamic performance of the axis? If not, increase the tolerance.
Program continuation Power-down the control and power-up again.
300908 Axis %1, drive %2 STOP C initiated
Parameter %1 = NC axis number
%2 = drive number
Explanation The drive is stopped using a STOP C. At the end of the stop response, the
drive remains in closed-loop control, the axis is monitored for SBH.
Interrogation: In the monitoring clock cycle.
If a STOP C was initiated, then this can have several reasons (depending on
what has been configured):
1. The safely-reduced speed monitoring has responded (MD 1361:
$MD_SAFE_VELO_STOP_MODE (stop response, safely-reduced speed )
or MD 1363: $MD_SAFE_VELO_STOP_REACTION (SG-specific stop
response) (840D from SW4.2)).
11.03 6 Alarms
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-349
2. The safe limit-position monitoring has been triggered (MD 1362:
$MD_SAFE_POS_STOP_MODE (safe limit position, stop response)).
The alarm indicates the initiation of a "braking at the current limit" and the
internal activation of "safe operation stop".
Response NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. The user must
identify the cause and take appropriate measures.
Program continuation Clear the alarm with the RESET key. Restart part program.
300909 Axis %1, drive %2 STOP D initiated
Parameter %1 = NC axis number
%2 = drive number
Explanation The drive was stopped by the NC with a STOP D. At the end of the stop
response, the drive remains in closed-loop control, the axis is monitored for
SBH.
Interrogation: In the monitoring clock cycle.
If a STOP D was initiated, then this can have several reasons (depending on
what has been configured):
1. The safely-reduced speed monitoring has responded (MD 1361:
$MD_SAFE_VELO_STOP_MODE (stop response, safely-reduced speed )
or MD 1363: $MD_SAFE_VELO_STOP_REACTION (SG-specific stop
response) (840D from SW 4.2)).
2. The safe limit-position monitoring has been triggered (MD 1362:
$MD_SAFE_POS_STOP_MODE (safe limit position, stop response)).
The alarm indicates the initiation of a "braking along the path" in the NC and the
internal activation of "safe operating stop" in the NC and drive.
Response NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. The user must
identify the cause and take appropriate measures.
Program continuation Clear the alarm with the RESET key. Restart part program.
300910 Axis %1, drive %2 STOP E initiated
Parameter %1 = NC axis number
%2 = drive number
Explanation The drive was stopped by the NC with a STOP E. At the end of the stop
response, the drive remains in closed-loop control, the axis is monitored for
SBH.
Interrogation: In the monitoring clock cycle.
If a STOP E was initiated, then this can have several reasons (depending on
what has been configured):
1. The safely-reduced speed monitoring has been triggered (MD 1361:
$MD_SAFE_VELO_STOP_MODE (stop response, safely-reduced speed)
2. The safe end limit monitoring has been triggered (MD 1362:
$MD_SAFE_POS_STOP_MODE (safe limit position, stop response)).
The alarm indicates the initiation of an "extended stop and retract ESR" on the
NC side or "LIFTFAST-ASUB" (840D) and the internal activation of "safe
operating stop" in the NC and drive.
Response NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
6 Alarms 11.03
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
6-350 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Remedy Please inform the authorized personnel/service department. The user must
identify the cause and take appropriate measures.
Program continuation Clear the alarm with the RESET key. Restart part program.
300911 Axis %1, drive %2 error in one monitoring channel
Parameter %1 = NC axis number
%2 = drive number
Explanation The mutual comparison of the two monitoring channels has found a difference
between input data or results of the monitoring functions. One of the monitoring
functions no longer functions reliably, i.e. safe operation is no longer possible.
Response Alarm display
Remedy Please inform the authorized personnel/service department. Locate the
difference between the monitoring channels. The error code indicating the
cause is displayed as follows:
For 840D the error code is output in the alarm text.
For 661D MD 1395: $MD_SAFE_STOP_F_DIAGNOSIS (diagnostics for
STOP F)
This significance of the error code can be found as follows:
For 840D: Description of Alarm 27001
The safety-relevant machine data might not be identical or the SGEs might not
be at the same level (re-measure or check in SI service display). If no error of
this type is apparent, an error may have occurred in the CPU, e.g. a "flipped"
memory cell. This error can be temporary (in this case it can be eliminated by a
power on) or permanent (if it re-occurs again after power on replace the
hardware).
Program continuation Clear the alarm with the RESET key. Restart part program.
300914 Axis %1, drive %2 Safely reduced velocity exceeded
Parameter %1 = NC axis number
%2 = drive number
Explanation The drive is stopped using the response configured in MD 1361:
$MD_SAFE_VELO_STOP_MODE. At the end of the stop response, the drive
remains in closed-loop control, the axis is monitored for SBH.
Interrogation: In the monitoring clock cycle.
The axis has moved faster than that specified in MD 1331:
$MD_SAFE_VELO_LIMIT[n] (limit values for safely-reduced speed). If the
function "correction, safely-reduced speed" in MD 1301:
$MD_SAFE_FUNCTION_ENABLE has been enabled (enable safe functions),
then, for SG2 and SG4, the entered correction factor must be taken into
account for the permissible speed.
Response NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. Check the
machine data values that have been entered. Check the safe input signals: Is
the correct one of the four speed limits selected?
Program continuation Clear the alarm with the RESET key. Restart part program.
11.03 6 Alarms
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-351
300915 Axis %1, drive %2 safe end positions exceeded
Parameter %1 = NC axis number
%2 = drive number
Explanation The drive is stopped using the response configured in MD 1362:
$MD_SAFE_POS_STOP_MODE. At the end of the stop response, the drive
remains in closed-loop control, the axis is monitored for SBH.
Interrogation: In the monitoring clock cycle.
The axis has exceeded the limit position (i.e. endstop) that is entered in
• MD 1334: $MD_SAFE_POS_LIMIT_PLUS[n] (upper limit for safe limit
position)
• MD 1335: $MD_SAFE_POS_LIMIT_MINUS[n] (lower limit for safe limit
position)
Response NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department.
If no obvious operator error occurred: Check the SGEs: Was the correct one of
2 limit positions selected? If the MDs and SGEs are o.k., check the machine for
any damage and repair.
Program continuation Clear the alarm with the RESET key. Restart part program.
300950 Axis %1, drive %2 Axis not safely referenced
Parameter %1 = NC axis number
%2 = drive number
Explanation No stop response is initiated. When the SN/SE functions are enabled, the
message remains until the axis state "Axis safely referenced" has been
reached.
Interrogation: In the monitoring clock cycle.
1.) Axis is not safely referenced or
2.) User agreement for this axis is missing or has been withdrawn. This can
occur, for example, if the axis was moved after the machine was powered-down
and the standstill position that was saved is therefore no longer correct.
This message prompts the user to confirm the actual position. To do this, you
must determine the position, e.g. as follows:
• Measure the position.
• Move to a known position.
Response Alarm display
Remedy Please inform the authorized personnel/service department.
If the axis cannot be automatically and safely referenced, then the user must
enter a "user agreement" for the new position using the appropriate softkey.
This user agreement identifies this position as safe - that means the axis status
"Axis safely referenced" is reached.
Warning:
If the axis has not been safely referenced and the user has not issued a user
agreement, then the following applies:
- The safe cams are active, but not yet safe
- The safe limit positions are not yet active
Program continuation Alarm display disappears with alarm cause. No further operator action
necessary.
6 Alarms 11.03
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
6-352 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
300951 Axis %1, drive %2 test stop running
Parameter %1 = NC axis number
%2 = drive number
Explanation The drive pulses are cancelled.
1. If the positive acknowledgement that the pulses were cancelled is not
received within the time configured in MD 1357:
$MD_SAFE_PULSE_DIS_CHECK_TIME (time to check the pulse
cancellation), a STOP A is triggered.
2. If pulse cancellation is acknowledged within the configured time in the
drive, no stop response is triggered. When selected via the SGE "test stop
selection", the message remains until the selection has been withdrawn
(de-selected). The user activated the test stop by setting the SGE "test
stop selection". If the users withdraws this SGE, then the message is also
withdrawn.
Interrogation: In the monitoring clock cycle.
The test stop has been activated by the user by setting the SGE "Test stop
selection". The drive pulses are cancelled.
1. If the positive acknowledgement that the pulses were cancelled is not
received within the time configured in MD 1357:
$MD_SAFE_PULSE_DIS_CHECK_TIME (time to check the pulse
cancellation), a STOP A is triggered.
2. If pulse cancellation is acknowledged within the configured time in the
drive, no stop response is triggered. When selected via the SGE "test stop
selection", the message remains until the selection has been withdrawn
(de-selected).
Response Alarm display
Remedy The message disappears automatically if the user terminates the test by
withdrawing the SGE "Test stop selection". If a STOP A was initiated, then the
system can only be re-started using a power on.
Program continuation Alarm display disappears with alarm cause. No further operator action
necessary.
300952 Axis %1 drive %2 Acceptance test mode is active
Parameter %1 = axis number
%2 = drive number
Explanation The acceptance test mode has been activated by the user.
Response Alarm display
Remedy This message disappears automatically when the test is completed.
Program continuation Alarm display disappears with alarm cause. No further operator action
necessary.
301701 Axis %1 drive %2 Limit value for safe velocity too large
Parameter %1 = NC axis number
%2 = drive number
Explanation The run-up sequence is interrupted. The pulses remain cancelled.
Interrogation: In the monitoring clock cycle.
The limit value set for the safely-reduced speed is higher than the speed that
corresponds to a limit frequency of 200 kHz (300 kHz for 840D from SW 4.2).
The max. permissible speed that can be monitored is determined as follows:
nmax[rev/min] = (200000[Hz] * 60) / number of encoder pulses
Monitoring condition:
MD 1331: $MD_SAFE_VELO_LIMIT[n] <= (1 / ue) * nmax
11.03 6 Alarms
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-353
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. Check the entry in
machine data MD 1331: $MD_SAFE_VELO_LIMIT[n] (limit values for safely-
reduced speed) correct, if necessary, and carry-out a power on.
Program continuation Power-down the control and power-up again.
301706 Axis %1 drive %2 parameterization of cam position invalid
Parameter %1 = NC axis number
%2 = drive number
Explanation At least one of the parameterized cams enabled via MD 1301:
$MD_SAFE_FUNCTION_ENABLE (enable safety-relevant functions) has failed
to comply with the rule that cam positions may not be located within the
tolerance range around the modulo position.
The valid tolerance range is:
• for inactive cam synchronization (MD 1301 bit 7 = 0):
lower modulo value + POS_TOL ≤ cam position
upper modulo value - POS_TOL > cam position
• for active cam synchronization (MD 1301 bit 7 = 1):
lower modulo value + POS_TOL ≤ cam position
upper modulo value - POS_TOL - CAM_TOL > cam position
Explanations:
POS_TOL: Actual value tolerance (MD 1342: $MD_SAFE_POS_TOL
(tolerance, crosswise actual value comparison))
CAM_TOL: Cam tolerance (MD 1340: $MD_SAFE_CAM_TOL
(tolerance for safe cams))
lower/upper modulo values:
is defined using MD 1305: $MD_SAFE_MODULO_RANGE
(for rotary axes, the actual value range)
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department.
Check/correct parameter settings of cam positions in
MD 1336: $MD_SAFE_CAM_POS_PLUS (plus cam position for safe cams) or
MD 1337: $MD_SAFE_CAM_POS_MINUS (minus cam position for safe cams)
and carry-out power on.
MD 1305: Check $MD_SAFE_MODULO_RANGE (for rotary axes, the actual
value range for SN).
Program continuation Power-down the control and power-up again.
301707 Axis %1, drive %2 Invalid modulo value parameters for SN
Parameter %1 = NC axis number
%2 = drive number
Explanation The cam modulo range parameterized in $MD_SAFE_MODULO_RANGE (for
rotary axes, the actual value range for SN ) for a rotary axis has failed to
6 Alarms 11.03
6.2 Alarms from SIMODRIVE 611 digital
© Siemens AG 2003 All Rights Reserved
6-354 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
comply with the rule that only a multiple integer of 360 degrees may be set for
this range.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. Change the
parameterization of the cam modulo range in MD 1305 :
$MD_SAFE_MODULO_RANGE (for rotary axes, the actual value range for
SN).
Program continuation Power-down the control and power-up again.
301708 Axis %1 drive %2 actual value synchronisation not allowed
Parameter %1 = NC axis number
%2 = drive number
Explanation The actual value synchronization for drift/slip in MD 1301:
$MD_SAFE_FUNCTION_ENABLE (enable safety-relevant functions) is
selected. This is only permissible for SBH/SG because the absolute actual
position is of no significance for these monitoring types. However, safe limit
position and/or cam monitoring is also selected.
Response Mode group not ready
Channel not ready
NC start inhibit in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy Please inform the authorized personnel/service department. De-select the
actual value synchronization for drift/slip or the safe limit position and/or safe
cam monitoring in MD 1301: $MD_SAFE_FUNCTION_ENABLE (enable safety-
related functions).
Program continuation Power-down the control and power-up again.
11.03 6 Alarms
6.3 Alarm suppression
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-355
6.3 Alarm suppression
Some alarms with the same meaning are triggered by both NCK and 611 digital
monitoring channels. In order to improve the transparency of the alarm display,
alarms with the same significance triggered at a later time are suppressed. The
alarm of the monitoring channel, that first detected the error that triggered the
alarm, is displayed.
This only applies to some of the axial alarms. Alarms whose information
content differs for the NCK and 611 digital alarm display are still displayed
separately.
The two-channel stop initiation is not affected by this alarm suppression. This
functionality is implemented and ensured irrespective of how the type of alarm
was initiated.
All NCK and 611 digital safety alarms are listed in the table below.
The alarms marked with "No" are not suppressed if triggered in two channels,
those marked with "Yes", are only displayed for one monitoring channel if
actively suppressed.
Table 6-2 Comparison of NCK and 611 digital safety alarms
NCK
alarm
number
611 digital
alarm
number
Suppression
20095 - no
20096 - no
27000 300950 yes, replaced by Alarm 27100
27001 300911 no
27002 300951 no
27003 - no
27004 - no
27005 - no
27006 - no
27007 300952 no
27008 - no
27010 300907 yes
27011 300914 yes
27012 300915 yes
27013 300906 yes
27020 300910 yes
27021 300909 yes
27022 300908 yes
27023 300901 yes
27024 300900 yes
27030 300743 no
27031 301701 no
27032 300744 no
27033 - no
27034 - no
27090 - no
27091 - no
27092 - no
27093 - no
27094 - no
27095 - no
27096 - no
27100 - no
27101 - no
27102 - no
27103 - no
6 Alarms 11.03
6.3 Alarm suppression
© Siemens AG 2003 All Rights Reserved
6-356 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
27104 - no
27105 - no
27106 - no
27107 - no
27124 - no
27200 - no
27201 - no
27202 - no
27203 - no
27204 - no
27205 - no
27206 - no
27207 - no
27220 - no
27221 - no
27222 - no
27223 - no
27224 - no
27225 - no
27240 - no
27241 - no
27242 - no
27250 - no
27251 - no
27252 - no
27253 - no
27254 - no
27255 - no
27256 - no
27299 - no
- 300500 no
- 300745 no
- 300746 no
- 300747 no
- 300748 no
- 300749 no
- 300776 no
- 301706 no
- 301707 no
- 301708 no
Reasons for not suppressing alarms:
• 27001-300911: The information content of the NCK alarm is more
extensive than that of the drive alarm and must continue to appear in the
alarm log so that this information is accessible to service personnel.
• 27002-300951: These alarms continue to be displayed separately because
under normal conditions they are never triggered by both channels
simultaneously and because simultaneous occurrence of these alarms
causes problems in the test stop interface.
• 27031-301701: Parameterization alarm - is no longer triggered on the
NCK side.
• 27032-300744: Checksum errors in the parameterization of the safety
MD are initiated once at power on and then usually do not re-occur. If
these alarms do occur, this indicates a problem in the MD parameterization
which can be separately changed for both monitoring channels.
• 27003: OEM monitoring functions are only implemented in the NCK.
11.03 6 Alarms
6.3 Alarm suppression
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 6-357
• 27030-300743: Configuring error. Only occurs in systems that contain 611
digital control modules that are not safety-related.
• 27033: MD parameterizing errors displayed on the NCK side are covered
on the drive side by the Alarms 300745-300747, 301706-301708.
• 27090, 27091, 27092, 27093, 27095: These SPL monitoring alarms are not
implemented on the drive side.
• 300748, 300749, 300776: These drive-side monitoring functions are not
implemented on the NCK side.
• 300745, 300746, 300747, 301706, 301707, 301708: These monitoring
functions are displayed by the NCK using Alarm 27033 with reference to
the associated MD.
The function is activated via MD 10094
$MN_SAFE_ALARM_SUPPRESS_LEVEL. The function is already active when
standard data is loaded. This means that the alarms are displayed with a
reduced scope. Alarms 27000 and 300950 can be replaced by Alarm 27100
using MD 10094.
The MD is not included in the axial safety MD checksum. This means that the
function can be enabled/disabled at any time by changing the MD. During the
acceptance test, the alarm suppression function should be disabled in order to
be able to check the two-channel error detection. After the acceptance test it
can be re-enabled to reduce the number of alarms displayed to the final user.
Activating
Limitation
6 Alarms 11.03
6.3 Alarm suppression
© Siemens AG 2003 All Rights Reserved
6-358 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Notes
11.03 7 Configuring example
7.1 General information on engineering
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-359
7 Configuring example
7.1 General information on engineering............................................................ 7-360
7.2 Circuit examples ......................................................................................... 7-361
7.2.1 Control and drive components.............................................................. 7-362
7.2.2 Engineering .......................................................................................... 7-363
7.3 Safety Integrated with SPL ......................................................................... 7-365
7.3.1 Start configuration in the OB100........................................................... 7-367
7.3.2 Starting the NCK-SPL and PLC-SPL.................................................... 7-368
7.3.3 Declaring variables ............................................................................... 7-371
7.3.4 Connecting-up the drives...................................................................... 7-379
7.3.5 EMERGENCY STOP............................................................................ 7-381
7.3.6 Test stop............................................................................................... 7-388
7.3.7 Protective door interlocking .................................................................. 7-397
7.3.8 De-selecting SBH via the key-operated switch ..................................... 7-398
7.3.9 SG changeover..................................................................................... 7-400
7.3.10 NCK-SPL.............................................................................................. 7-401
7.3.11 PLC blocks ........................................................................................... 7-403
7.3.12 Appendix .............................................................................................. 7-410
7.4 Safety Integrated without SPL .................................................................... 7-413
7.4.1 Connecting-up the drives...................................................................... 7-413
7.4.2 EMERGENCY STOP and connecting-up the I/R module...................... 7-414
7.4.3 Test stop............................................................................................... 7-416
7.4.4 Protective door interlocking .................................................................. 7-417
7.4.5 De-selecting SBH using the key-operated switch/SG changeover
using the door safety contactor............................................................. 7-418
7.5 External STOPs.......................................................................................... 7-420
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP..................... 7-424
7.6.1 Functional scope of the application....................................................... 7-424
7.6.2 Connecting-up the sensors and actuators ............................................ 7-424
7.6.3 Individual application functions ............................................................. 7-428
7.6.4 Configuring and connecting-up the ET200S I/O.................................... 7-429
7.6.5 Parameterizing the Sinumerik 840D NCK............................................. 7-434
7.6.6 Programming the NCK-SPL.................................................................. 7-435
7.6.7 Programming the PLC-SPL .................................................................. 7-438
7.6.8 Modified limitations with PROFIsafe ..................................................... 7-441
7
7 Configuring example 11.03
7.1 General information on engineering
© Siemens AG 2003 All Rights Reserved
7-360 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
7.1 General information on engineering
Please refer to the information in the following references for instructions on
how to interconnect the SINUMERIK 840D with SIMODRIVE 611 digital
systems:
References: /HBD/, NCU Manual
/IAD/, Start-Up Guide
/LID/, Lists
References: /PJ1/, SIMODRIVE 611, Planning Guide for Inverters
/PJ2/, SIMODRIVE, Planning Guide for AC Motors
References: /ASI/, Low-Voltage Switchgear and Systems,
Catalog 1997/1998
Note
Please note that the possibilities of connecting-up the NE unit are not
restricted in any way by SI. For example, three-wire or six-wire line supply
connections, star-delta operation and operation when the power fails can still
be implemented as before.
The following basic engineering options are available:
Safety Integrated without safe programmable logic
Safety Integrated with safe programmable logic (SPL) without contactless
EMERGENCY STOP
Safety Integrated with safe programmable logic (SPL) and contactless
EMERGENCY STOP
The EMERGENCY STOP circuit and door monitoring (for limitations, refer to
Chapter 7.4.4, "Protective door locking") must be implemented conventionally
with safety switching devices. Switches and sensors are interconnected on the
PLC side using the S7 program - and on the NCK side by connecting-up
contactors, switches and sensors. The NC logic and PLC logic must be
identical.
If SPL is used without contactless EMERGENCY STOP, the SPL is exclusively
used for logically combining safety-related input and output signals. The
EMERGENCY STOP circuit and the connection of the input/regenerative
feedback module have to be implemented in the same way as for Safety
Integrated without SPL.
References for
SINUMERIK 840D
References for
SIMODRIVE 611
References for
switchgear
Some basic
engineering
information
Safety Integrated
without SPL
Safety Integrated with
SPL and without
contactless
EMERGENCY STOP
11.03 7 Configuring example
7.2 Circuit examples
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-361
If SPL is used, emulation of S7 logic by the contactors and therefore the wiring
is no longer necessary. The safe programmable logic is programmed on the
PLC side in the form of an S7 program and on the NCK side by an ASUB. A
contactless EMERGENCY STOP function can be implemented with the
external stop function and the SPL. This means that safety switching devices
are not required for the EMERGENCY STOP function. The door switch can
also be monitored by the SPL – in this case, the safety switching devices are
also not required.
7.2 Circuit examples
A machine tool with two axes and one spindle was selected as an example:
MASCHINE.DSF
Fig. 7-1 Schematic diagram of a machine
The following must be taken into account before the machine is configured:
• What is the magnitude of the hazard potential?
• Which measures can be implemented to reduce the risk?
• What risks remain?
• Which safety functions should be implemented?
The circuit shown below is an example of a drive with an incremental
measuring system. It is provided to illustrate the principle of how a safety zone
on a machine can be monitored.
The following functions are implemented with Safety Integrated in the example:
• Contactless EMERGENCY STOP
Safety Integrated with
SPL and contactless
EMERGENCY STOP
General
7 Configuring example 11.03
7.2 Circuit examples
© Siemens AG 2003 All Rights Reserved
7-362 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
• When the protective door is open the operator can select either safe
operating stop or traverse with safely reduced speed at 2 m/min (axes) and
50 rpm (spindle) using the key-operated switch.
• When the protective door is closed all the drives are monitored for
maximum speed by Safety Integrated
• Testing the shutdown paths (with SPL: Test of the external STOPs and
forced checking procedure of the inputs and outputs).
i.e. Safety Integrated with SPL with contactless EMERGENCY STOP
Note
• This basic circuit must be adapted to the various safety zones (if
applicable) and the number of axes according to the machine
configuration.
• SI functions are used to safely monitor the drives for standstill or a
specific speed and to stop them safely in the event of an error.
7.2.1 Control and drive components
The configuration of the individual components is illustrated below.
The system requirements are described in the Description of Functions.
E/R NCU MSD FDDFDD
MMC
MCP
SINUMERIK 840D
NCK I/Os
SIMODRIVE 611D + motors Switches, buttons, contactors
BEI2_03.DSF
PLC I/Os
Fig. 7-2 Structure of the control and drive components
The MMC 103, NC572 and SIMODRIVE 611 digital components are used in
this example. The design must also be expanded to include a terminal block
with 16-bit I/O modules for the NCK side and additional S7 modules for the
PLC/drive side.
The additional operating elements (switches, buttons etc.) and the contactors
required for switching off the power are listed and described in more detail in
the relevant sections.
Description
11.03 7 Configuring example
7.2 Circuit examples
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-363
The drive configuration is shown in the following table:
Slot Drive number Active Drive Module
2 1 Yes FD 2-axis-1
3 2 Yes FD 2-axis-2
1 3 Yes MSD 1axis
4 4 Yes PER
The 16 bit DMP submodules used are located in the following slots in the
terminal block:
16-bit input module Slot 1
16-bit output module Slot 2
7.2.2 Engineering
In order to achieve functional safety of a machine or system, the safety-relevant
parts of the protection and control equipment must function correctly and
respond in such a way that if a fault occurs the system remains in a safe state
or is brought into a safe state. This demands the use of specifically qualified
technology that meets the requirements described in the relevant standards.
"SINUMERIK Safety Integrated" is one aspect of this qualified technology
(certified, e.g. to EN 954-1) and must be integrated in the machine in such a
way that functional safety is achieved in conjunction with the other protective
equipment of the machine/system (e.g. protective doors, EMERGENCY STOP
buttons, ...).
The aim of this configuration is to describe the machine-specific combination of
"SINUMERIK Safety Integrated®" and other protective equipment.
When engineering the SI system, the machine functions are sub-divided into
different operating modes (these operating modes are initially independent of
the NC operating mode – the relevant combinations must be configured). The
safety functions that are to be activated when the protective doors are opened
and closed are then defined.
The two operating modes – setting-up and production - are used in the machine
example. For an EMERGENCY STOP, the drives of the complete drive group
are brought to a standstill via external stops (Stop C -> Stop A).
The required safety functions are defined for the machine operating modes.
The machine operating mode (setting-up/production) is selected using a key-
operated switch. Production is the default machine operating mode. Usually,
the key-operated switch can only be actuated by authorized personnel. This
means that only appropriately trained personnel can move the machine when
the protective door is open.
Terminal block
Objective
Sequence
Assigning the
operating modes
7 Configuring example 11.03
7.2 Circuit examples
© Siemens AG 2003 All Rights Reserved
7-364 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Setting-up with the protective door open
• Safely-reduced speed (SG1) spindle axes
(example values) 2m/min 50 rpm
• The axes and spindles must stop when the door is opened, or the speed of
axis/spindle must be < SG1 (this must be ensured by the PLC user
program).
• The PLC program interlocks the NC modes MDA and AUTO.
Setting-up with the protective door closed
• Safely-reduced speed (SG2) spindle axes
(example values) 10 m/min 2000 rpm
(drives are monitored for maximum speed).
• When the door is closed, Safety Integrated automatically changes over to
the SG2 limit
• All NC operating modes are permitted when the protective door is closed.
Production with the protective door open:
• The NC operating modes MDA and AUTO are disabled by the PLC
program – automatic mode is not permitted when the protective door is
open.
The safety function safe operating stop (SBH) is activated with the key-
operated switch position "Production" when the protective door is open.
This means that the drive is monitored for zero speed.
• The axes and the spindle must stop when the protective door is opened
(this must be controlled by the PLC user program)
Production with the protective door closed:
• Safely-reduced speed (SG2) ) axes spindle
(example values) 10 m/min 2000 rpm
• When the door is closed, Safety Integrated automatically changes-over to
the SG2 limit
• All operating modes are permitted when the protective door is closed.
Once the safety functions have been defined function charts are drawn up for
the individual functions to which the
• SPL program
• PLC program
• Circuit diagram and
• Machine data configuration
refer.
Function charts
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-365
7.3 Safety Integrated with SPL
The principal method of operation is illustrated in the diagram below. Please
refer to this diagram when reading the following sections.
1234 7658
NCK-SPL
$A_INSE
SPL input
variables
$A_OUTSE
SPL output
variables
NCK-SGA/SGE signals
SI Kernel
$A_OUTSI
SPL output
variables
$A_INSI
SPL input
variables
NCK I/Os
Machine data
Machine data
Switches. light barriers, signal lamps, contactors, etc.
Inputs Outputs
Drive SGA/
SGE signals
Drive SW (on RK)
Simatic I/Os
Data and event
cross-check
Data exchange via drive bus
Data and event
cross-check
NCK-SW / FB 15
PLC-SPL
DB18
DB18-DB31-61
Safe_SPF
Logic Safe_SPF
Logic
FC XXX
Logic
Fig. 7-3 Function chart – a detailed view of this diagram is provided in the Appendix (7.3.12)
Note
Examples of the PLC blocks can be requested from the Centre of
Competence Service (CoCS) – Sinumerik Safety Integrated.
Also refer to Chapter 2.10.
The PLC blocks, listed in Chapter 7 are available as example in the toolbox for
the basic PLC program. Further, an S7 library can be requested via Customer
Support (refer to 2.10) within the scope of a Hotline request. This S7 library has
example blocks for the SI application that can be generally used. They can be
incorporated in a specific project and adapted to the particular requirements by
appropriately parameterizing them.
In this example, PLC blocks FC95 (start ASUB), FC96 (PLC-SPL), FC97
(safety test routine) are used for Safety Integrated.
The basic program blocks FB4 and FC9 are called (FB1/P3) in FC 95 to start
the NCK ASUB. The parameter supply for FC9 and FB4 is stored in DB120.
Description
Example blocks for
SI applications
Description
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-366 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
DB120 program excerpt:
DATA_BLOCK DB 120
TITLE =
VERSION : 0.1
STRUCT
pname : STRING [32 ] := '_N_SAFE_SPF';
//Program name
ppath : STRING [32 ] := '/_N_CST_DIR/';
//Directory
FB4_Error : BOOL ; //Error bit
FB4_Done : BOOL ; //Task completed
FB4_State : WORD ; //Cause of error
FC9_Active : BOOL ; //ASUB active
FC9_Done : BOOL ; //ASUB completed
FC9_Error : BOOL ; //Error during task processing
FC9_SError : BOOL ; //Interrupt number not
//assigned
FC9_Ref : WORD ; //Internal use
END_STRUCT ;
BEGIN
pname := '_N_SAFE_SPF';
ppath := '/_N_CST_DIR/';
FB4_Error := FALSE;
FB4_Done := FALSE;
FB4_State := W#16#0;
FC9_Activ := FALSE;
FC9_Done := FALSE;
FC9_Error := FALSE;
FC9_SError := FALSE;
FC9_Ref := W#16#0;
END_DATA_BLOCK
When the NCK-SPL has been successfully started by the PLC (FC95)
processing of the PLC-SPL (FC96) is enabled in OB1.
Two more predefined blocks are integrated in FC97 – FC60 (Example blocks
can be requested from the hotline, telephone No. 0180-525 8000) and FC21
(basic program block – FB1/P3). Modifications must also be made to OB100 to
ensure perfect operation of the safe programmable logic.
The markers, outputs and inputs used in this example have been freely
selected according to the test set-up being used.
Chapter 7.3.3 contains an overview of the I/O (peripherals) and variables used.
The ASUB for the NCK-SPL must be saved in the standard cycle directory
(CST.DIR) under the name SAFE.SPF.
The Safety Integrated functions SBH/SG and the SI function "External STOPs"
are activated for the individual drives. External stops are a prerequisite for
using the SPL logic.
X axis 36901 SAFE_FUNCTION_ENABLE 41H
Z axis 36901 SAFE_FUNCTION_ENABLE 41H
Spindle 36901 SAFE_FUNCTION_ENABLE 41H
Program
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-367
The following machine data must either be set or checked to ensure error-free
start-up of the NCK-SPL.
11602 ASUP_START_MASK 7H
11604 ASUP_START_PRIO_LEVEL 1H
7.3.1 Start configuration in the OB100
A marker (M210.0) is set in FC 95 in OB100 to start the NCK ASUB. This
marker also inhibits initialization of the PLC-SPL (FC96) in OB1 until the NCK-
SPL has started.
The PLC outputs that are used for the forced-checking procedure of the inputs
and outputs must be set to "1".
From software release 5.3 onwards (or from 04.04.29), it is no longer
necessary to pre-assign the INSIP variables in the DB18. Parameterization of
machine data 10095 SAFE_MODE_MASK = "0" (default setting) ensures that
all SGAs of the NCK channel are automatically set to "0", also the INSI
variables (if SPL is used).
Any NC alarm can prevent ASUB SAFE.SPF from starting up. They must be
cancelled when the system is running-up. For example, in the program excerpt,
the EMERGENCY STOP alarm is cancelled during run-up.
OB100 program excerpt:
// Set ASUB_start_marker and forced checking procedure
//output / Reset alarms (e.g. EMERGENCY STOP)
SET
S M 210.0 // NCK ASUB Start
S A 88.1 // Supply EMERGENCY STOP
R DB10.DBX56.1 // Deactivate EMERGENCY STOP (PLC)
R DB21.DBX21.7 // De-activate single blo ck
//
// Pre-assignment of SGE
L 0 // Logical "0”
T DB31.DBW 22 // SGE axis X
T DB32.DBW 22 // SGE axis Z
T DB33.DBW 22 // SGE spindle C
T DB31.DBW 32 // SGE axis X
T DB32.DBW 32 // SGE axis Z
T DB33.DBW 32 // SGE spindle C
The bits in the axis/spindle data blocks are not cleared when the system runs-
up (only valid up to SW 5 – from SW 5 the bits in the axis/spindle data block are
deleted when the system runs-up). The supply of values to the NCK-SGE is
however slightly delayed by the NCK-SPL running-up so that the crosswise
data comparison of the SGE signals can respond. This is the reason that the
SGEs on the PLC side must be pre-assigned a value of "0".
Description
Program
Description
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-368 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Correspondingly, if NCK-SGE is permanently de-selected by the axis-specific
machine data (80000000H), the PLC-SGE must also be pre-assigned or
directly supplied from the PLC when the system runs-up.
Example: SBH is permanently de-selected safely-reduced speed is active
1. Drive:
36971 SAFE_SS_DISABLE_INPUT 80000000H
set DB31.DBX22.1 to "1" when the system starts-up (OB100) – not with
the PLC-SPL.
7.3.2 Starting the NCK-SPL and PLC-SPL
ABLAUF01.DSF
Switch on/Start up
control:OB100: M210.0="1"
PLC waiting for checkback
drive group is in cyclic
operation
Scan DB10.DBX108.5 -
Drive in cyclic operation
Drive in
cyclic operation
ASUB not running
OB1: Loop
when M210.0="1" PLC starts NCK-SPL via
FB4 and FC9
PLC-SPL is not activated
until ASUB checkback
successfully started
ASUB started
FC 95: M210.0="0"
PLC-SPL (FC96) NCK-SPL
ASUB started
Drive not
in cyclic
operation
Fig. 7-4 Flowchart
In order to ensure that the crosswise data comparison function does not
respond, the NCK-SPL and the PLC-SPL must be started almost at the same
time. The PLC program is exclusively responsible in activating the individual
SPL programs. The following program excerpt shows how the PLC-SPL and
the NCK-SPL can be started almost simultaneously.
Description
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-369
An overview of the PLC program structure used is given in the Appendix
(Subsection 7.3.12).
Note
From software release 6.4.15 onwards, the NCK-SPL can also be started
using the PROG_EVENT mechanism (refer to Chapter 3.10.13).
OB1 program excerpt:
//
CALL "GP_HP" // Basic program
//
CALL FC 95 // "Start NCK-SPL"
U M 210.0 // NCK SPL inactive
BEB // PLC SPL is started
// if NCK-SPL is started
//
// Before running the ASUB "SAFE.SPF", it is not
// advisable to run any of the user program blocks
// Exception: To check correct functioning of
// function block FC 19, it might be necessary to run
// it immediately. In this case,
// critical function keys such as RESET and single block
// must be de-activated until the SPL has started:
// Example:
// U M 210.0 // NCK SPL inactive
// R E3.7 // Reset RESET key
//.R E3.5 // Reset single block key
CALL FC 50 // User program
CALL FC 51 // User program
//
CALL FC 96 // PLC SPL
CALL FC 97 // Safety test stop
//
The NCK SPL is started with the programs (PLC basic program) FB4 and FC9.
Once it has successfully started, marker 210.0 is reset in order to enable
processing of the PLC blocks FC96 (PLC SPL) and FC97 (safety test) in OB1.
Program
Description
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-370 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
FC95 program excerpt:
TITLE =
VERSION : 0.1
BEGIN
NETWORK
TITLE =
U M 210.0; // ASUB start marker from OB100
U DB10.DBX 108.5; // Drive group and terminal block
// run-up
FP M 210.1; // Start edge marker, PI service
= M 210.2; // Start cycle marker, PI service
//
U M 210.2; // Start cycle marker, PI service
S M 210.3; // Start PI service
//
CALL FB 4 , DB 121 ( // PI service interrupt number and priority
Req := M 210.3,// Start PI service
PI service := P#DB16.DBX 18.0 BYTE 26,// PI service ASUB
Unit := 1,
Addr1 := P#DB120.DBX 34.0 BYTE 34,// Program path
Addr2 := P#DB120.DBX 0.0 BYTE 34,// Program name
WVar1 := W#16#1,// Interrupt number = 1
WVar2 := W#16#1,// Priority = 1
WVar3 := W#16#0,// LIFTFAST = 0
WVar4 := W#16#0,// BLKSYNC
Error := DB120.DBX 68.0,// Error occurred
Done := DB120.DBX 68.1,// Task, error-free
State := DB120.DBW 70); // Error code
//
U DB120.DBX 68.1; // Task successfully completed
S M 210.4; // Start ASUB
R M 210.3; // Reset PI service start ASUB
//
//
CALL FC 9 (
Start := M 210.4,// Start ASUB
ChanNo := 1,// Channel number 1
IntNo := 1,// Interrupt number 1
Active := DB120.DBX 72.0,// ASUB active
Done := DB120.DBX 72.1,// Task completed
Error := DB120.DBX 72.3,// Error occurred
StartErr := DB120.DBX 72.4,// Interrupt number
missing
Ref := DB120.DBW 74);// Memory range internal
//
U DB120.DBX 72.1; // Request completed ==> ASUB running
S M 210.7;
R M 210.0; // Reset ASUB start marker from OB100
R M 210.4; // Reset start ASUB
//
END_FUNCTION
Interrupt number 1 and priority 1 are assigned to the ASUB with FB4. The
variables LIFTFAST (fast retraction from the contour) and BLSYNC (the
program block is still being processed and the interrupt routine is only started
after this) must be assigned the value 0.
Description
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-371
Further, it must be noted that the ASUB (SAFE.SPF in the directory CST.DIR)
must be started in channel 1 for the NCK-SPL in order that the SPL completely
runs-up.
Once FB4 has been successfully executed, the ASUB is started with function
FC9. Here it is important that the FC9 bit "Done" is interrogated in order that the
program can continue. This is because the PLC-SPL can only be started once
the ASUB start task has been completed.
In addition to the FC9 bit "Done", the interface bit "Channel 1-M02/M17/M30
active – DB21.DBX33.5" is also logically combined in order to identify that the
ASUB has been completely executed. It might be possible for a user-written
M function to be output at the end of ASUB instead of using M02/M17/M30.
7.3.3 Declaring variables
The individual SPL variables must be declared in the NCK-SPL and the
PLC-SPL.
On the PLC side, the I/O input and output bits and the Safety Integrated SGEs
and SGAs are transferred to DB 18 or supplied from DB18. The PLC-SPL only
has to be programmed with the variables of DB18 (exception, test stop and the
forced-checking procedure of the inputs and outputs).
To ensure clear configuration and programming, it is necessary to list the
variables used and to document their meaning. A suggestion for how to do this
is documented below. To achieve clarity and uniform formatting, a separate
declaration table is created both for the NCK and for the PLC sides. For
diagnostics and support during the commissioning phase, both of these tables
should be considered as a single-entity in order to clearly represent cross-
references.
The two variable tables which are relevant for programming SPL (PLC and
NCK sides)
When programming the PLC-SPL, please not that the "worst-case" response
time of the PLC also applies. This means, that under worst case conditions, a
time difference of 2 PLC cycle times can expire between changing the input
signal and the appropriate change of the associated output signal.
A bitwise (bit-serial) overview of the individual signals of the DB18 is provided
in the Appendix (Subsection 7.3.12).
A list of the complete NCK-SPL program and the PLC modules that are
required for the PLC-SPL is given in Chapter 7.3.10 or Chapter 7.3.11.
Description
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-372 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
NCK-I/O NCK variables Symbolic Machine data
E1 $A_INSE[1] NOT_HALTE
10390 SAFE_IN_HW_ASSIGN[0] = 01040101
I2 $A_INSE[2] TUERZUVER "
I3 $A_INSE[3] - "
I4 $A_INSE[4] NOT_QUIT "
E5 $A_INSE[5] SCHLUESSEL "
I6 $A_INSE[6] - "
I7 $A_INSE[7] KL_AS12_XZ "
E8 $A_INSE[8] KL_AS12_C "
E9 $A_INSE[9] TESTSTOP1E
10390 SAFE_IN_HW_ASSIGN[1] = 01040102
E10 $A_INSE[10] TESTSTOP2E "
E11 $A_INSE[11] TEST_STOPA "
E12 $A_INSE[12] TEST_STOPC "
E13 $A_INSE[13] TEST_STOPD "
E14-E16 $A_INSE[14-16] - "
A1 $A_OUTSE[1] NOT_HALT2K 10392 SAFE_OUT_HW_ASSIGN [0] = 01040201
A2 $A_OUTSE[2] -
A3 $A_OUTSE[3] KL_663_XZ "
A4 $A_OUTSE[4] KL_663_C "
-A8 $A_OUTSE[5-8] - "
- $A_INSI[1] IMP_FREI_XZ 36986 SAFE_PULSE_ENABLE_OUTPUT = 04010101 (X, Z)
- $A_INSI[2] IMP_FREI_C 36986 SAFE_PULSE_ENABLE_OUTPUT = 04010102 (C)
- $A_OUTSI[1] STOP_A_ABWS 36977 SAFE_EXT_STOP_INPUT[0] = 04010101 (C)
- $A_OUTSI [2] STOP_A_ABWA 36977 SAFE_EXT_STOP_INPUT[0] = 04010102 (X, Z)
- $A_OUTSI [3] STOP_C_ABW 36977 SAFE_EXT_STOP_INPUT[1] = 04010103 (X, Z, C)
- $A_OUTSI [4] STOP_D_ABW 36977 SAFE_EXT_STOP_INPUT[2] = 04010104 (X, Z, C)
- $A_OUTSI [5] SBH_ABW 36971 SAFE_SS_DISABLE_INPUT = 04010105 (X, Z, C)
- $A_OUTSI [6] SG_BIT_0 36972 SAFE_VELO_SELECT_INPUT = 04010106 (X, Z, C)
- $A_OUTSI [7] TEST1STOP 36975 SAFE_STOP_REQUEST_INPUT = 04010107 (X, C)
- $A_OUTSI [8] TEST2STOP 36975 SAFE_STOP_REQUEST_INPUT = 04010108 (Z)
- $A_OUTSI [9] STAT_IMP_XZ 36976 SAFE_PULSE_STATUS_INPUT = 04010109 (X, Z)
- $A_OUTSI [10] STAT_IMP_C 36976 SAFE_PULSE_STATUS_INPUT = 0401010A (C)
- $A_MARKERSI [1] MERK1 -
- $A_MARKERSI [2] NOT_HALT -
- $A_MARKERSI [3] QUIT_REQUEST -
- $A_MARKERSI [4] QUIT_MARKER -
- $A_MARKERSI [5] - -
- $A_MARKERSI [6] - -
- $A_MARKERSI [7] STOP_A_A -
- $A_MARKERSI [8] STOP_A_S -
- $A_TIMERSI[1] TIMER1 -
- $A_TIMERSI[2] TIMER2 -
- $A_TIMERSI[3] QUIT_TIMER3 -
- $A_DBB[4] QUIT_PLC -
Variable declaration
NCK
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-373
The external NCK input and outputs are assigned bytewise to the NCK-SPL in
the following machine data
External NCK inputs
MD 10390 SAFE_IN_HW_ASSIGN[0] : $A_INSE[1..8]
MD 10390 SAFE_IN_HW_ASSIGN[1] : $A_INSE[9..16]
External NCK outputs
MD 10392 SAFE_OUT_HW_ASSIGN[0] : $A_OUTSE[1..8]
MD 10392 SAFE_OUT_HW_ASSIGN[1] : $A_OUTSE[9..16]
They are available in the form of system variables $A_INSE and $A_OUTSE
for the SPL program.
Configuration example:
The terminal block has the logical drive number 4 (acc. to the drive
configuration), the input module being used is inserted into slot 1 (sub-
module 1), the output module into slot 2 (sub-module 2).
This results in the following parameterization for the machine data above:
MD 10390 SAFE_IN_HW_ASSIGN[0] : 01 04 01 01 H (LOW-Byte)
MD 10390 SAFE_IN_HW_ASSIGN[1] : 01 04 01 02 H (HIGH-Byte)
MD 10392 SAFE_OUT_HW_ASSIGN[0] : 01 04 02 01 H (LOW-Byte)
MD 10392 SAFE_OUT_HW_ASSIGN[1] : 01 04 02 02 H (HIGH-Byte)
The internal inputs and outputs of the SPL logic are assigned using the
following machine data
Internal SPL inputs
MD36980...MD36990 : SGA -> $A_INSI
The SGAs are output signals of the SI function and can be mapped to the
system variables $A_INSI[n]. These can, in turn, be read in the NCK-SPL and
used as inputs for the logic operations.
Internal SPL outputs
MD36970...MD36978 : $A_OUTSI -> SGE
The SGEs are input signals of SI function and their values are supplied from
the system variables $A_OUTSI[n]. These can be written in the NCK-SPL.
Configuration example: Parameterized machine data as shown in the table
In order to save intermediate states in the SPL logic, markers are defined.
These markers are available in the NCK in system variables $A_MARKERSI[n].
There is no connection with machine data.
Configuration example: Assignment as shown in the table
In order to program timers in the SPL logic, timers are available in the NCK in
system variables $A_TIMERSI[n]. There is no connection with machine data.
Configuration example: Assignment as shown in the table
$A_INSE / $A_OUTSE
NCK
$A_INSI / $A_OUTSI
NCK
$A_MARKERSI
NCK
$A_TIMERSI
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-374 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
At the beginning of the NCK-SPL (standard cycle SAFE.SPF), freely selectable
names are assigned to system variables $A_INSE/$A_OUTSE and $A_INSI/
$A_OUTSI using the "DEFINE" instruction. This makes the program easier to
read and facilitates making changes to the terminal assignment.
The "DEFINE" statements must be placed at the beginning of the NCK-SPL. In
the tabular list, names used in the example program are listed in the column
headed "Symbolic".
NCK-SPL program excerpt
/
;
; ---- External interfaces ----
;
DEFINE NOT_HALTE AS $A_INSE[1]
DEFINE TUERZUVER AS $A_INSE[2]
DEFINE NOT_QUIT AS $A_INSE[4]
DEFINE SCHLUESSEL AS $A_INSE[5]
DEFINE KL_AS12_XZ AS $A_INSE[7]
DEFINE KL_AS12_C AS $A_INSE[8]
DEFINE TESTSTOP1E AS $A_INSE[9]
DEFINE TESTSTOP2E AS $A_INSE[10]
DEFINE TEST_STOPA AS $A_INSE[11]
DEFINE TEST_STOPC AS $A_INSE[12]
DEFINE TEST_STOPD AS $A_INSE[13]
;
DEFINE NOT_HALT2K AS $A_OUTSE[1]
DEFINE KL_663_XZ AS $A_OUTSE[3]
DEFINE KL_663_C AS $A_OUTSE[4]
;
;
; ---- Internal interfaces ----
;
DEFINE IMP_FREI_XZ AS $A_INSI[1]
DEFINE IMP_FREI_C AS $A_INSI[2]
;
DEFINE STOP_A_ABWS AS $A_OUTSI[1]
DEFINE STOP_A_ABWA AS $A_OUTSI[2]
DEFINE STOP_C_ABW AS $A_OUTSI[3]
DEFINE STOP_D_ABW AS $A_OUTSI[4]
DEFINE SBHABW AS $A_OUTSI[5]
DEFINE SG_BIT_O AS $A_OUTSI[6]
DEFINE TEST1STOP AS $A_OUTSI[7]
DEFINE TEST2STOP AS $A_OUTSI[8]
DEFINE STAT_IMP_XZ AS $A_OUTSI[9]
DEFINE STAT_IMP_C AS $A_OUTSI[10]
;
;
; ----- Markers ----
;
DEFINE MERK1 AS $A_MAKERSI[1]
DEFINE NOT_HALT AS $A_MAKERSI[2]
DEFINE QUIT_REQUEST AS $A_MAKERSI[3]
DEFINE QUIT_MARKER AS $A_MAKERSI[4]
DEFINE STOP_A_A AS $A_MAKERSI[7]
DEFINE STOP_A_S AS $A_MAKERSI[8]
;
;
; ----- Timers ----
;
DEFINE TIMER1 AS $A_TIMERSI[1]
DEFINE TIMER2 AS $A_TIMERSI[2]
DEFINE QUIT_TIMER3 AS $A_TIMERSI[3]
;
;
Symbolic
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-375
; ----- Variable Dual Port RAM PLC <-> NCK ----
;
DEFINE QUIT_PLC AS $A_DBB[4]
PLC I/O DB18 variable Symbolic Absolute Associated bit in axis DB
E76.0 $A_INSEP[1] "SPL".NOT_HALTE DB18.DBX38.0 -
E76.1 $A_INSEP[2] "SPL".TUERZUVER DB18.DBX38.1 -
- $A_INSEP[3] - DB18.DBX38.2 -
E76.3 $A_INSEP[4] "SPL".NOT_QUIT DB18.DBX38.3 -
E76.5 $A_INSEP[5] "SPL".SCHLUESSEL DB18.DBX38.4 -
- $A_INSEP[6] - DB18.DBX38.5 -
- $A_INSEP[7] "SPL".KL_AS12_XZ DB18.DBX38.6 -
- $A_INSEP[8] "SPL".KL_AS12_C DB18.DBX38.7 -
- $A_INSEP[9] - DB18.DBX39.0 -
- $A_INSEP[10] - DB18.DBX39.1 -
- $A_INSEP[11] - DB18.DBX39.2 -
- $A_INSEP[12] - DB18.DBX39.3 -
- $A_INSEP[13] - DB18.DBX39.4 -
- $A_INSEP[14-16] - DB18.DBX39.5-7 -
A48.2 $A_OUTSEP[1] "SPL". NOT_HALT1K DB18.DBX46.0 -
- $A_OUTSEP[2] - DB18.DBX46.1 -
- $A_OUTSEP[3] "SPL". KL_663_XZ DB18.DBX46.2 -
- $A_OUTSEP[4] "SPL". KL_663_C DB18.DBX46.3 -
- $A_OUTSEP[5-8] - DB18.DBX46.4-7 -
- $A_INSIP[1] "SPL".IMP_FREI_XZ DB18.DBX54.0 -
- $A_INSIP[2] "SPL".IMP_FREI_C DB18.DBX54.1 -
- $A_OUTSIP[1] "SPL". STOP_A_ABWS DB18.DBX38.0 DB33.DBX 32.2
- $A_OUTSIP[2] "SPL". STOP_A_ABWA DB18.DBX38.1 DB31/32.DBX 32.2
- $A_OUTSIP[3] "SPL". STOP_C_ABW DB18.DBX38.2 DB31/32/33.DBX 32.3
- $A_OUTSIP[4] "SPL". STOP_D_ABW DB18.DBX38.3 DB31/32/33.DBX 32.4
- $A_OUTSI P[5] "SPL". SBH_ABW DB18.DBX38.4 DB31/32/33.DBX 22.1
- $A_OUTSIP[6] "SPL". SG_BIT_0 DB18.DBX38.5 DB31/32/33.DBX 22.3
- $A_OUTSI P[7] - DB18.DBX38.6 -
- $A_OUTSIP[8] - DB18.DBX38.7 -
- $A_OUTSIP[9] "SPL". STAT_IMP_XZ DB18.DBX39.0 -
- $A_OUTSIP[10] "SPL". STAT_IMP_C DB18.DBX39.1 -
- $A_MARKERSIP[1] - DB18.DBX70.0 -
- $A_MARKERSIP[2] "SPL".NOT_HALT DB18.DBX70.1 -
- $A_MARKERSIP[3] - DB18.DBX70.2 -
- $A_MARKERSIP[4] - DB18.DBX70.3 -
- $A_MARKERSIP[5] "SPL".QUIT_MARKER DB18.DBX70.4 -
- $A_MARKERSIP[6] - DB18.DBX70.5 -
- $A_MARKERSIP[7] "SPL".STOP_A_A DB18.DBX70.6 -
- $A_MARKERSIP[8] "SPL".STOP_A_S DB18.DBX70.7 -
PLC I/O PLC variable Symbolic Comment
T20 TIMER1 STOP c-> STOP A (axes)
T21 TIMER2 STOP c-> STOP A (spindle)
T22 T_K_ABFALL Drop-out time of contactors K1, K2
T23 T_VERZUG_1 EMERGENCY STOP on delay time
T24 T_VERZUG_" Acknowledgement delay time
- T30 Teststop_Zeit1 Monitoring duration 2h 40min
- T31 Teststop_Zeit2 Monitoring duration 5h 20min
- T32 Teststop_Zeit3 Monitoring duration 8h
Variable declaration
PLC
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-376 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
On the PLC, the I/O input and output bits must be assigned in SPL interface
DB18.
External PLC inputs
DB18.DBX38.0 ... DB18.DBX41.7 : $A_INSEP[1..32]
DB18.DBX42.0 ... DB18.DBX45.7 : $A_INSEP[33..64]
External PLC outputs
DB18.DBX46.0 ...DB18.DBX49.7 : $A_OUTSEP[1..32]
DB18.DBX50.0 ...DB18.DBX53.7 : $A_OUTSEP[33..64]
They are assigned bitwise in the user program.
Configuration example: Program excerpt FC96 - Assignment as shown in the
table
//
// Supply I/Os ==> SPL_DAT A_INSEP
//
//
U E 76.0 // EMERGENCY STOP switch
= "SPL".NOT_HALTE
//
U E 76.1 // Door switch
= "SPL".TUERZUVER
//
U E 76.3 // EMERGENCY STOP
acknowledgement
= "SPL".NOT_QUIT
//
U E 76.5
= "SPL".SCHLUESSEL // Key-operated swi tch
// (SBH de-selection)
//
// The logic operations are located here (SPL)
//
// Supply SPL_DATA_OUTSEP ==> I/Os
//
U "SPL".NOT_HALT1K // EMERGENCY STOP 1K
= A 48.2 // EMERGENCY STOP contactor K1
//
The same procedure is applied to the internal SPL inputs or outputs:
Internal SPL inputs
DB18.DBX54.0 ... DB18.DBX57.7 : $A_INSIP[1..32]
DB18.DBX58.0 ... DB18.DBX61.7 : $A_INSIP[33..64]
The SGAs are output signals of the SI function and can be mapped to the DB18
variables $A_INSIP[n]. These can be read in the PLC-SPL and used as inputs
for the logic operations.
Internal SPL outputs
DB18.DBX62.0 ...DB18.DBX65.7 : $A_OUTSIP[1..32]
DB18.DBX66.0 ...DB18.DBX69.7 : $A_OUTSIP[33..64]
The SGEs are input signals of the SI function and their values are assigned
from the DB18 variables $A_OUTSIP[n]. These can be written in the PLC-SPL.
$A_INSEP /
$A_OUTSEP PLC
$A_INSIP /
$A_OUTSIP PLC
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-377
Configuration example: : Program excerpt FC96 - Assignment as shown in
the table
//
// Logic operations (SPL) are located here (SPL)
//
// Supply SPL_DATA_OUTSIP ==> DB31, DB32, DB33
//
U "SPL".STOP _A_A BWS // STOP A for Spindle C
= DB33.DBX 32.2 // Drive interface Drive C
//
U "SPL". STOP_A_ABWA // STOP A for Axes X, Z
= DB31.DBX 32.2 // Drive interface Drive X
= DB32.DBX 32.2 // Drive interface Drive Z
//
// Supply SPL_DATA_OUTSIP ==> DB31, DB32, DB33
//
U "SPL". STOP_C_ ABW // STOP C for Drives X,Z,C
= DB31.DBX 32.3 // Drive interface Drive X
= DB32.DBX 32.3 // Drive interface Drive Z
= DB33.DBX 32.3 // Drive interface Drive C
//
U "SPL". STOP_D_ ABW // STOP D for Drives X,Z,C
= DB31.DBX 32.4 // Drive interface Drive X
= DB32.DBX 32.4 // Drive interface Drive Z
= DB33.DBX 32.4 // Drive interface Drive C
//
U "SPL".SBHABW // SBH de-selection
= DB31.DBX 22.1 // SBH de-selection Axis X
= DB32.DBX 22.1 // SBH de-selection Axis Z
= DB33.DBX 22.1 // SBH de-selection Spindle C
//
U "SPL".SG_BIT_0 // SG bit 0 selection
= DB31.DBX 22.3 // SG bit 0 Axis X
= DB32.DBX 22.3 // SG bit 0 Axis Z
= DB33.DBX 22.3 // SG bit 0 Spindle C
This means that the output signals of the SPL are transferred to the axis
interface (and therefore affect the outputs). Just like the systemology used in
the NCK (one $A_OUTSI can be assigned to more than one SGE), one DB18
variable $A_OUTSIP can be assigned to more than one drive to equally supply
SI functions in several axes.
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-378 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
In order to be able to save intermediate states in the SPL logic, markers are
defined. These markers must be supplied on the DB18 in accordance with their
use in the NCK-SPL.
SPL markers
DB18.DBX70.0 ...DB18.DBX73.7 : $A_MARKERSIP[1..32]
DB18.DBX74.0 ...DB18.DBX77.7 : $A_MARKERSIP[33..64]
Configuration example: Assignment as shown in the table
The individual timers can be freely selected in the PLC – there are no
associated DB18 signals in the NCK system variables $A_TIMERSI[n].
Configuration example: Assignment as shown in the table
Note
The individual timers (NCK: $A_TIMERSI; PLC: freely selectable) are not
listed at his point (refer to Chapter 7.3.10 "SPL programs") because they are
not included in the crosswise data and result comparison.
For the PLC-SPL, the name "SPL" or also a variable type (UDT18) can be
assigned to DB18 in the symbol table. A sample module for the UTD18, that
defines the DB18 signals can be obtained on request from the hotline (cf.
Chapter 2.9). The symbolic variable names can then be adapted in this UDT18
and can be adapted to match the user program.
PLC symbol table
Symbol Address Data type Comment
SPL DB18 UDT18 Interface SPL data area
$A_MARKERSIP
PLC
TIMER
PLC
Symbolic
Excerpt from symbol
editor
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-379
7.3.4 Connecting-up the drives
1st alternative
On the NCK side, terminals 663 and AS1/AS2 are supplied via inputs and
outputs that are allocated to the SPL via machine data (MD10390/ MD10392).
These inputs and outputs are monitored by the crosswise data comparison. To
avoid undesirable crosswise data comparison errors, the behavior of the NCK
must be emulated on the DB18 on the PLC side.
Power can be supplied to terminal AS1 either from terminal 9 or an external
+24 V power supply, depending on the cabinet configuration.
SIMODRIVE 611D
Double axis module
Axis X, axis Z
SIMODRIVE 611D
Single axis module
Spindle C
663 AS2 AS1 9
663 AS2 AS1 9
+24V
NCK
I7
I8
NCK
Q4
Q3
Fig. 7-5 Circuit diagram
The NCK SPL contains a copy procedure from the safe output signal pulse
enable (SGA -> INSI) to an output (OUTSE -> terminal 663) and from an input
(terminal AS1/AS2 -> INSE) to the safe input signal (OUTSI -> SGE) "pulses
safely cancelled". INSI/OUTSI system variables are assigned to the SGE/SGA
using axis-specific machine data and is listed in Chapter 7, "Variable
declaration".
NCK-SPL program excerpt
;
; ------------------------------------------- --- ----------
; ------------- Supply, terminals AS1/AS2 and 663 --------
; ------------------------------------------- --- ----------
;
;
N420 IDS=58 DO STAT_IMP_XZ = KL_AS12_XZ STAT_IMP_C =
Description
Description
Program
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-380 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
KL_AS12_C
N430 IDS=60 DO KL_663_XZ = IMP_FREI_XZ KL_663_C =
IMP_FREI_C
;
The PLC SPL cannot directly interrogate the status of terminals AS1/AS2 and
terminal 663 . However, it can interrogate the bit "pulses safely cancelled" at
the axis-specific drive interface. The signal status of the system variables used
in the NCK SPL can be emulated using this signal (or group signal for dual-axis
modules).
This emulation must be programmed for each drive separately.
FC96 program excerpt:
//
// ----- Supply, DB18 (terminals AS1/AS2 and 663) -----
//
Simulation of the NCK input (INSE variable)
U DB31.DBX 108.2 // Pul ses canc elle d Axis X
U DB32.DBX 108.2 // Pul ses canc elle d Axis Z
= "SPL".KL_AS12_XZ // Terminal AS1 / AS2
U DB33.DBX 108.2 // Pul ses canc elle d Axis C
= "SPL". KL_AS12_C // Terminal AS1 / AS2
//
// Assignment INSE (AS1/AS2) -> OUTS I (SGE: Puls es
cancelled)
// Assignment -> INSI (SGA: Pulses
enabled)
// Assignment INSI (SGA Pulses enabled)
-> OUTSE (terminal 663)
U "SPL".KL_AS12_XZ // Terminal AS1 / AS2
= "SPL".STAT_IMP _XZ // Status, pulses can cell ed
NOT
= "SPL".KL_663_XZ // Terminal 663
= "SPL".IMP_FREI_XZ // Pulse enable X,Z
//
U "SPL". KL_AS12_C // Terminal AS1 / AS2
= "SPL". STAT_IMP_C // Status pulses canc elle d
NOT
= "SPL". KL_663_C // Terminal 663
= "SPL". IMP_FREI_C // Pulse enable C
//
2nd alternative
If a separate input and output byte are provided at the MCK I/Os to supply
terminals 663 and AS1/AS2 in the cabinet configuration, then the programming
shown above does not apply.
Example:
The two 663 terminals of the drive modules are connected to the second output
byte of the DMP output module. This byte is not assigned to the NCK-SPL via
machine data:
MD: 10392 SAFE_OUT_HW_ASSIGN[0] = 01040201 H
MD: 10392 SAFE_OUT_HW_ASSIGN[1] = 0 H
Pulse cancellation by Safety Integrated is directly parameterized using the axis-
specific safety machine data at the two outputs 9 and 10:
(mixed operation of safety level 1 and safety level 2 (SPL logic)).
When considering mixed mode for NCK I/Os used in conjunction with Safety
Integrated, two cases must be taken into account.
Description
Program
Description
Mixed mode
NCK I/Os
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-381
Case 1: Mixed mode standard I/Os and SI I/Os
Generally, multiple assignments may be made for NCK inputs, i.e. the input can
be used both as a standard input with an assignment to $A_IN[n] (assignment
in machine data MD 10366), as an input for Safety Integrated level I (axial
assignment in the machine data MD 36970 ... 36978) and also as an input for
Safety Integrated level II (assignment in machine date MD 10390).
However, multiple assignment only makes sense in particular cases. There is
no restriction when assigning hardware to the NCK inputs.
The situation is different for the NCK output devices:
If an NCK output of a sub-module (output word) is assigned for the Safety
Integrated function (Level I : MD 36980 to MD 36990 or Level II : MD 10392),
then the outputs of this sub-module can no longer be used as standard output
(MD 10368). This means that only wordwise mixed mode (per sub-module) is
possible between the standard output devices and SI output devices.
Case 2: Mixed mode SI I/Os (without SPL) and SI I/Os (with SPL)
As described above, NCK inputs can be assigned a multiple number of times,
i.e. the input or its image can be used both for an assignment in the axial
machine data (MD 36970 ... MD 36978) and for the SPL I/Os (MD 10390).
For the NCK outputs, bytewise mixed operation is possible. This means that if a
byte of the sub-module is defined as SPL output (MD 10392), then the output
signals on the second sub-module can be used for an assignment in the axial
machine data (MD 36980 ... MD 36990). This is particularly recommended in
conjunction with the signal "Pulses enabled" (MD 36986) so that there is no
need to make an entry for the logic for this signal.
7.3.5 EMERGENCY STOP
A contactless EMERGENCY STOP function is implemented with the SPL with
the same level of safety as for an EMERGENCY STOP function implemented
using contacts (in the Foreword to DIN EN 60204-1). Terminal 48 then no
longer has to be connected.
Terminals 64 and 63 are permanently connected to 24V (terminal 9). Terminal
48 must be isolated from the 24V supply using a leading contact of the main
switch.
The line contactor can be switched (if required) in the SPL after the drive pulses
have been cancelled. It does not have to be implemented using two channels
(e.g. only by the PLC).
Description
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-382 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
113 111
NS1 NS2 964 63 48 19
of power switch
0V
ER_MODUL.DSF
Leading contact
Fig. 7-6 I/R module
The two main contacts of the Emergency Stop button are supplied with 24 V
(three-terminal concept) via the PLC output. This PLC output is used for the
forced checking procedure of the inputs and outputs (refer to Chapter 7.3.6
"Test stop"). The individual circuits of the Emergency Stop button are
separately connected to the PLC and NCK inputs.
Circuit diagram
Description
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-383
PLC
PLC
NCK
I1
Q48.1
I76.0
11 21
12 22
EMERGENCY STOP
button
NOTAUS1.DSF
Fig. 7-7 EMERGENCY STOP button
The power to the external actuators is disconnected in the cabinet using two
contactors that are controlled redundantly by the PLC and the NC. The power
contacts are connected in series and therefore disconnect the power through
two channels when an EMERGENCY STOP is initiated.
One signaling contact of each of the two contactors is connected in series to
the input of the PLC. This PLC input is also used for the forced checking
procedure of the inputs and outputs (refer to Chapter 7.3.6 "Test stop").
Circuit diagram
Description
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-384 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
NCK
PLC
Q48.2
O1
PLC
I76.4
M
K1
+24V
-230V
13
13
14
14 22
22
21
21
K2
Fig. 7-8 Disconnecting the power
Emergency Stop is acknowledged through two channels using an
acknowledgment button. This is connected to the +24 V power supply. The
safety guidelines published by the German Institute for Occupational Safety
state that this switch must be configured using two channels.
If additional checkback signals (e.g. AS1/AS2) have to be included in the
acknowledgement function, then these contacts should be included in the 24 V
power supply of the two-channel acknowledgement button.
PLC NCK
I4
I76.3
11 21
12 22
Acknowledge-
ment switch
+24V
Fig. 7-9 Emergency Stop acknowledgment
Circuit diagram
Description
Circuit diagram
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-385
The "AND" and "OR" blocks shown in the logic diagram form a latching
element, which is initialized by the acknowledgement button
(NOT_QUIT /"SPL".NOT_QUIT) when the EMERGENCY STOP button
(NOT_AUSE/"SPL".NOT_AUSE) is not actuated and which sets the internal
EMERGENCY STOP signal (NOT_AUS/"SPL".NOT_AUS = "1") to "1".
When the EMERGENCY STOP button is pressed
(NOT_AUSE/"SPL".NOT_AUSE = "0") this initiates the contactless
EMERGENCY STOP (NOT_AUS//"SPL".NOT_AUS = "0"). The "AND" function
ensures that acknowledgement is not possible when an EMERGENCY STOP is
present.
The contactless EMERGENCY STOP brakes all drives with STOP C (nset = 0 ;
STOP_C_ABW/"SPL". STOP_C_ABW = "0") and cancels the pulses for the
axes after 1 second (STOP_A_A/"SPL". STOP_A_A = "0") and for the spindles
after 5 seconds (STOP_A_S/"SPL". STOP_A_S = "0"). These times must be
carefully adapted for each of the drives of the machine.
If the machine configuration does not allow braking of any of the drives with
STOP C (e.g. a grinding wheel), it is possible to make a distinction between the
different types of drive and to brake the drives in question with STOP D (brake
along a path) or STOP A (pulse cancellation).
However, a STOP C is the fastest braking method (analog terminal 64 - I/R
module). A hazard analysis must be conducted to determine whether any other
STOP function is permissible.
The Emergency Stop contactors K1 and K2 (NOT_AUS2K/ "SPL".
NOT_AUS1K) are switched with the internal EMERGENCY STOP signal
(NOT_AUS/"SPL".NOT_AUS = "1").
&
>1
T=8s
OFF
delay
T=3s
OFF
delay
STOP_A_S
"SPL".STOP_A_S
STOP_A_A
"SPL".STOP_A_A
STOP_C_ABW
"SPL".STOP_C_ABW
NOT_HALT2K
"SPL".NOT_HALT1K
NOT_AUSE
"SPL".NOT_HALTE
NOT_QUIT
"SPL".NOT_QUIT
NOTAUS4.DSF
NOT_AUS
"SPL".NOT_HALT
Fig. 7-10 EMERGENCY STOP logic
NCK-SPL program excerpt
;
N100 IDS=08 EVERY QUIT_PLC == 1 DO QUIT_REQUEST = 1
N101 IDS=09 EVERY QUIT_PLC == 0 DO QUIT_REQUEST = 0
N102 IDS=10 DO QUIT_MARKER = 0
N103 IDS=11 EVERY NOT_HALTE == 0 DO QUIT_TIMER = 0
Description
Function diagram
Program
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-386 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
N104 IDS=12 EVERY NOT_HALTE == 1 DO QUIT_TIMER = -1
N105 IDS=13 EVERY QUIT_REQUEST == 1 DO QUIT_MARKER =
(QUIT_TIMER<0.4)
; -------------------------------------------------------
N110 IDS=14 DO NOT_HALT = NOT_HALTE AND (NOT_HALT OR NOT_QUIT
OR QUIT_MARKER)
;
N120 IDS=15 EVERY NOT_HALT == 0 DO TIMER1 = 0
N130 IDS=16 EVERY NOT_HALT == 1 DO STOP_A_A = 1 TIMER1=-1
N140 IDS=17 EVERY (TIMER1 > 1.0) AND NOT NOT_HALT DO
TIMER1 = -1 STOP_A_A = 0
;
N150 IDS=18 EVERY NOT_HALT == 0 DO TIMER2 = 0
N160 IDS=20 EVERY NOT_HALT == 1 DO STOP_A_S = 1 TIMER2=-1
N170 IDS=22 EVERY (TIMER2 > 5.0) AND NOT NOT_HALT DO
TIMER2 = -1 STOP_A_S = 0
;
N180 IDS=24 DO STOP_A_ABWA = STOP_A_A AND NOT TEST_STOPA
;
N200 IDS=28 DO STOP_A_ABWS = STOP_A_S AND NOT TEST_STOPA
;
N210 IDS=30 DO STOP_C_ABW = NOT_HALT AND NOT TEST_STOPC
;
N220 IDS=32 DO STOP_D_ABW = NOT TEST_STOPD
;
N230 IDS=34 DO NOT_HALT2K = NOT_HALT
;
Lines N100–N105 are described in more detail in Chapter 7.3.6 "Test stop".
The programming of the function chart starts in line N110 - where the
acknowledgement button and the EMERGENCY STOP button are logically
combined. They form the internal "EMERGENCY_STOP" signal.
STOP C is selected with "EMERGENCY_STOP=0" (N210) and the timers for
the axes (N120-N140) and the spindles (N150-N170) are started. When each of
the timers has elapsed STOP A is triggered for the axes (N180) and the
spindles (N200). STOP D is not used on the NC side but is combined in the test
stop (refer to Chapter 7.3.6 "Test stop").
The power contactor K2 for the NC side is controlled using instruction line
N 230.
FC96 program excerpt:
//
// ---------- EMERGENCY STOP ---- --- ---
//
U "SPL".NOT_HALTE // EMERGENCY STOP button INSE 1
U(
O "SPL".NOT_HALT // EMERGENCY STOP signal internal
O "SPL".NOT_QUIT // Acknowledgement: Button
O "SPL".QUIT_MARKER // Acknowledgement FC 97
)
= "SPL".NOT_HALT // EMERGENCY STOP signal internal
//
U "SPL".NOT_HALT // After pressing EMERGENCY STOP
L S5T#1S // Load for 1 second
SA T 20 // After pressing
U T 20 // the EMERGENCY STOP
= "SPL".STOP_A_A // STOP A: Axes X, Z
//
U "SPL".NOT_HALT // After pressing EMERGENCY STOP
L S5T#5S // Load for 5 seconds
SA T 21 // After pressing
U T 21 // the EMERGENCY STOP
= "SPL".STOP_A_S // STOP A: Spindle C
//
U "SPL".STOP_A_A // STOP A: Axes X, Z
UN M 216.3 // Test external STOP A (FC 97)
= "SPL".STOP_A_ABWA // De-select STOP A (X/Z)
Program
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-387
//
U "SPL".STOP_A_S // STOP A: Spindle C
UN M 216.3 // Test external STOP A (FC 97)
= "SPL".STOP_A_ABWS // De-select STOP A (C)
//
U "SPL".NOT_HALT // EMERGENCY STOP signal internal
UN M 216.2 // Test: External STOP C (FC 97)
= "SPL".STOP_C_ABW // De-select STOP C (X,Z,C)
//
UN M 216.1 // Test: External STOP D (FC97)
UN M 218.7 // STOP D dynamized (FC 97)
= "SPL".STOP_D_ABW // De-select STOP D (X,Z,C)
//
U "SPL".NOT_HALT // EMERGENCY STOP pressed
= "SPL".NOT_HALT1K // EMERGENCY STOP contactor K1
//
The structure of the PLC program is identical to that of the NCK-SPL. The
additional acknowledgement of the EMERGENCY STOP ("SPL".
QUIT_MARKER /DB18.DBX70.4) and the individual tests of the stop functions
are described in detail in Chapter 7.3.6 "Test stop".
On the PLC side the power contactor K1 is controlled using the last two
instruction lines.
Description
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-388 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
7.3.6 Test stop
The test stop is conducted at a suitable time (e.g. after eight hours have
elapsed and the protective door has been opened). In order to perform various
tests on the NC side, signals must be transferred from the PLC to the NCK.
In this example, this is implemented by connecting the PLC outputs to the NCK
inputs.
PLC
Q49.0 Test stop 1
NCK
Q49.1
Q49.2
Q49.3
Q49.4
I9
I10
I11
I12
I13
Test stop 2
Test: STOP A
Test: STOP C
Test: STOP D
Fig. 7-11 SGE wiring to select test stop
There are two ways of replacing this wiring by internal data transfer between
the PLC and NCK. These two methods are described below.
Version 1: Data transfer via the FC 21
An example using of the FC21 is provided in the FC97 for an automatic
EMERGENCY STOP acknowledgment after test stop phase III. The FC 21 is
used to transfer a byte (the smallest transferable data structure for the FC 21)
from the PLC to the NCK via the dual-port RAM (DPR).
An equivalent method to this is to define for each test stop step (test stop 1, test
stop 2, test STOP A, test STOP C, test STOP D) a byte value that corresponds
to the particular step.
Example:
Excerpt from an SPL program that shows how to proceed (this is not part of the
actual configuration example).
;DEFINITIONS (relevant sections only)
;
; ---- Internal interfaces: OUTSI -> SI-SGE;
;
N6500 DEFINE TESTSTOP_1 AS $A_OUTSI[9] ; vgl. MD 36975
N6600 DEFINE TESTSTOP_2 AS $A_OUTSI[10] ; vgl. MD 36975
;
; ---- Internal interfaces: Markers
;
N8700 DEFINE TEST_STOPA AS $A_MARKERSI[11]
N8800 DEFINE TEST_STOPC AS $A_MARKERSI[12]
N8900 DEFINE TEST_STOPD AS $A_MARKERSI[13]
;
Description
Circuit diagram
Supplying SGE to
select test stop (NCK)
without wiring
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-389
; ----- TEST STOP TRIGGER via PLC
;
N9700 DEFINE TESTST_PLC AS $A_DBB[5]
;
; ----- GENERAL DEFINITIONS
;
N9900 DEFINE BIT_0 AS 1
N10000 DEFINE BIT_1 AS 2
N10100 DEFINE BIT_2 AS 4
N10200 DEFINE BIT_3 AS 8
N10300 DEFINE BIT_4 AS 16
N10400 DEFINE BIT_5 AS 32
N10500 DEFINE BIT_6 AS 64
N10600 DEFINE BIT_7 AS 128
; PROGRAM EXCERPT (relevant sections only)
; Test stop (forced checking procedure / Phase 1/2)
N14000 IDS=41 EVERY TESTST_PLC == BIT_0 DO TESTSTOP_1 = 1
N14100 IDS=42 EVERY TESTST_PLC == BIT_1 DO TESTSTOP_2 = 1
; Test stop (external stops / STOP A/C/D)
N14200 IDS=43 EVERY TESTST_PLC == BIT_2 DO TEST_STOPA = 1
N14300 IDS=44 EVERY TESTST_PLC == BIT_3 DO TEST_STOPC = 1
N14400 IDS=45 EVERY TESTST_PLC == BIT_4 DO TEST_STOPD = 1
; The markers TEST_STOPA, TEST_STOPC, TEST_STOPD are also
combined into the STOP A, STOP C, STOP D de-selection in a similar way to
the SPL program of the configuration examples.
The byte in the dual port RAM ($A_DBB[5] "TESTST_PLC") is assigned the
value for the actual test step via the FC 21 from the PLC program, i.e. the
transfer FC 21 is active for the test stops.
Version 2: Data transfer via the simulated NCK-I/Os
It is also possible to replace the wiring by a bitwise (bit-serial) data transfer via
the DB 10.
Limitations
MD 10350 $MN_FASTIO_DIG_NUM_INPUTS
Number of digital I bytes: 1...5 (standard value 1 - onboard inputs)
MD 10360 $MN_FASTIO_DIG_NUM_OUTPUTS
Number of digital Q bytes: 1...5 (standard value 0)
To use the function for data transfer, MD 10350 and 10360 must be set
depending on how many bytes are to be used for data exchange.
If real inputs and outputs are present, they can be used regardless of SI. In this
case, MD 10366 $MN_HW_ASSIGN_DIG_FASTIN and MD 10368
$MN_HW_ASSIGN_DIG_FASTOUT must be set in accordance with the
hardware configuration.
Data exchange can only be used for bytes for which there are no real inputs
and outputs.
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-390 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Data exchange between NCK -> PLC
$A_IN[1..8] -> DB10.DBB60
$A_IN[9..40] -> DB10.DBB186..189
$A_OUT[1..8] -> DB10.DBB64
$A_OUT[9..40] -> DB10.DBB190..193
$A_OUT variables can be written in the NC program
e.g. $A_OUT[n] = 1
Data exchange between PLC -> NC
$A_IN[1..8] -> DB10.DBB1
$A_IN[9..40] -> DB10.DBB123..129
$A_OUT[1..8] -> DB10.DBB6
$A_OUT[9..40] -> DB10.DBB130..141
$A_IN variables can be read in the NC program
To implement data transfer for the test stop, a bit is allocated to each test stop
step. The further implementation can be seen from the above SPL program
excerpt.
Test stop phase 1
marker 211.1)
Pulses of drives
X, Z, C not
disabled
Start
yes
yes
no
no
Triggering of test stop
on NCK side
Drive X, C: Q89.0
FC 60 internal
Check signal
Pulses safely disabled
Drive X, C:
DB3x.DBX108.2
FC 60 internal
yes
no
Canellation of test stop
on NCK side
FC 60 internal
yes
no
yes
no
End of test stop phase 1
M 216.0
FUNKPLAN.DSF
Cancellation of test stop
on PLC side
FC 60 internal
Cancellation of test stop
on PLC side
FC 60 internal
Cancellation of test stop
on NCK side
FC 60 internal
Checkback signal
Pulses safely
Drive X, C:
DB3x.DBX108.2
FC 60 internal
Checkback signal
Pulses safely disabled
Drive Z:
DB3x.DBX108.2
FC 60 internal
Checkback signal
Pulses safely disabled
Drive Z:
DB3x.DBX108.2
FC 60 internal
Triggering of test stop
on PLC side
Drive Z: DB3x.DBX23.7
FC 60 internal
Triggering of test stop
on NCK side
Drive Z: Q89.1
FC 60 internal
Triggering of test stop
on PLC side
Drive X, C:
DB3x.DBX23.7
FC 60 internal
Fig. 7-12 Function chart
FC97 program excerpt:
//
// ----- Forced checking procedure of the pulse cancellation -----
UN M 211.0 // Monitoring time of 8 hours
L S5T#2H40M // Load for 2 hours and 40 minutes
SE T 30 // Start Timer 30
//
U T 30 // After 160 minutes
L S5T#2H40M // Load for 2 hours and 40 minutes
Test stop step 1
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-391
SE T 31 // Start Timer 31
//
U T 31 // After 160 minutes
L S5T#2H40M // Load for 2 hours and 40 minutes
SE T 32 // Start Timer 32
//
U T 32 // After 540 minutes
UN E 76.1 // Door not closed and interlocked
U N DB31.DBX108.2 // Pulses not cancelled (X)
U N DB32.DBX108.2 // Pulses not cancelled (Z)
U N DB33.DBX108.2 // Pulses not cancelled (C)
U DB3 1.D BX11 0.5 // Axis X stopped
U DB3 2.D BX11 0.5 // Axis Z stopped
U DB33.DBX110.5 // Spindle C stopped
S M 211.1 // Start test step 1
S M 211.0 // Reset monitoring time
//
CALL FC 60
start := M 211.1 // Start test stop 1
reset := E 3.7 // RESET/MCP
n um_a xis := 2 // Number of drives
test_axis_1 := 1 // Drive number Axis X
test_axis_2 := 3 // Drive number Spindle C
After test stop step 1 has been completed, the external STOPs are tested.
The test sequence is implemented by a simple sequence control in which the
external STOPs D, C, A are triggered one after the other in the PLC and then in
the same sequence in the NCK. The STOPs are checked by reading back the
safe output signals "STOP D, C, A active" into the PLC.
The sequence does not wait for the individual stops to be de-selected
before the next stop is tested. This is because the external stop with a
higher priority de-activates the external stop with a lower priority!
Description
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-392 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Test stop phase 2 (M 216.0)
Pulses on drives X, Z, C
not safely disables
STOP D is triggered on
PLC side (M 216.1)
Checkback signal STOP D
active DB3x.DBX111.6
STOP C is triggered on
PLC side (M 216.2)
Checkback signal STOP C
active DB3x.DBX111.5
STOP A is triggered on
PLC side (M 216.3)
Checkback signal STOP A
active DB3x.DBX111.4
STOP D is triggered on
NCK side (M 216.5 / A 49.4)
Checkback signal STOP D
activeDB3x.DBX111.6
STOP C is treiggered on
NCK side (M 216.6 / A 49.3)
Checkback signal STOP C
active DB3x.DBX111.5
STOP A is triggered on
NCK side (M 216. 7/ A 49.2)
Checkback signal STOP A
active DB3x.DBX111.4
End of test stop phase 2
M217.1
No
No
No
TESTS3_00.DSF
Start
No
No
Check STOP A not active
DB3x.DBX111.4 / M 216.4
Check STOP A not active
DB3x.DBX111.4 / M 217.0
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Fig. 7-13 Flowchart
Note
If the sequence control stops at a particular point because a checkback signal
has not been received, STOP D is triggered after the crosswise data
comparison tolerance time. After the error has been corrected, the error can
be acknowledged with a reset and the particular test stop completed.
If the Emergency Stop button is actuated during test stop step 2, the
sequence control stops at its current position. As soon as the Emergency
Stop is acknowledged, the test phase is completed.
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-393
Test stop step 2
FC97 program excerpt
//Forced checking procedure of the external STOPs A ,C and D
//
U M 216.0 // Start test stop step 2
UN DB31.D BX 108.2 // Axis X Pulses not safely cancelled
UN DB32.D BX 108.2 // Axis Z pulses not safely cancelled
UN DB33.DBX 108.2 // Spindle C pulses not safely cancelled
S M 216.1 // Initiate Stop D on PLC FC96
R M 216.0 // Reset Start test stop step 2
//
U M 216.1 // Check Stop D on the PLC side
U DB31.DBX 111.6 // STOP D active Axis X
U DB32.DBX 111.6 // STOP D active Axis Z
U DB 33.D BX 111.6 // STOP D active Spin dle C
S M 216.2 // Initiate Stop C on the PLC side FC96
R M 216.1 // Reset Check Stop D PLC
//
U M 216.2 // Check Stop C on the PLC side
U DB31.DBX 111.5 // STOP C active Axis X
U DB32.DBX 111.5 // STOP C active axis Z
U DB 33.D BX 111.5 // STOP C active Spin dle C
S M 216.3 // Initiate Stop A on the PLC side FC96
R M 216.2 // Reset Check Stop C PLC
//
U M 216.3 // Check Stop A on the PLC side
U DB31.DBX 111.4 // STOP A/B active Axis X
U DB32.DBX 111.4 // STOP A/B active Axis Z
U DB33.DBX 111.4 // STOP A/B active Spindle C
S M 216.4 // Check: STOP A (PLC) not active
R M 216.3 // Reset Check Stop A PLC
//
U M 216.4 // Check: STOP A (PLC) not active
UN DB31.DBX 111.4 // STOP A/B active Axis X
UN DB32.DBX 111.4 // STOP A/B active Axis Z
UN DB33.DBX 111.4 // STOP A/B not active Spindle C
S M 216.5 // Initiate Stop D on the NCK side
R M 216.4 // Reset Check STOP A PLC
//
U M 216.5 // Initiate Stop D on the NCK side
= A 49.4 // See circuit diagram and NCK-SPL
//
U M 216.5 // Check Stop D on the NCK side
U DB31.DBX 111.6 // STOP D active Axis X
U DB32.DBX 111.6 // STOP D active Axis Z
U DB 33.D BX 111.6 // STOP D active Spin dle C
S M 216.6 // Initiate Stop C on the NCK side
R M 216.5 // Reset Check Stop D NCK
//
U M 216.6 // Initiate Stop C on the NCK side
= A 49.3 // See circuit diagram and NCK-SPL
//
U M 216.6 // Check Stop C on the NCK side
U DB31.DBX 111.5 // STOP C active Axis X
U DB32.DBX 111.5 // STOP C active axis Z
U DB 33.D BX 111.5 // STOP C active Spin dle C
S M 216.7 // Initiate Stop A on the NCK side
R M 216.6 // Reset Check Stop C NCK
//
U M 216.7; // Initiate Stop A on the NCK side
= A 49.2; // See circuit diagram and NCK-SPL
//
U M 216.7 // Check Stop A on the NCK side
U DB31.DBX 111.4 // STOP A/B active Axis X
U DB32.DBX 111.4 // STOP A/B active Axis Z
U DB33.DBX 111.4 // STOP A/B active Spindle C
S M 217.0 // Check: STOP A (NCK) not active
R M 216.7 // Reset Check Stop A NCK
//
U M 217.0 // Check: STOP A (NCK) not active//
UN DB31.DBX 111.4 // STOP A/B active Axis X
UN DB32.DBX 111.4 // STOP A/B active Axis Z
UN DB33.DBX 111.4 // STOP A/B not active Spindle C
S M 217.1 // Start forced checking procedure at
inputs
R M 217.0 // Reset check: STOP A NCK
//
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-394 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
After completion of test stop step 2, marker 217.1 is set and the forced
checking procedure for the inputs is started. The forced checking procedure is
performed in the following sequence.
TESTS04.DSF
Forced dormant error detection
of inputs and outputs
Forced dormant error detection output
PLC : Reset Q48.1
Drop-out time
contactors
Check: Checkback input PLC: I76.4
both contactors dropped out
Forced dormant error detection output
PLC : Q48.1 enabled
Check: EMERGENCY STOP
actuated during test phase
Automatic emergency stop
acknowledgment by PLC
Acknowledgment by
PLC-SPL : DB18.DBX70.4
End offset
no
yes
A data byte is transferrred from the
PLC with FC21 and evaluated by the
NCK-SPL
Acknowledgment by
NCK-SPL: QUIT_MARKER
yes
yes
no
no
Backup time
automaticautomatic
without acknowledgment
Start
STOP D triggered on
PLC side
Error diagnostics
RESET ==> error check
Error corrected ?=
Fig. 7-14 Flowchart
Note
If an EMERGENCY STOP is triggered during the forced checking procedure
of the input and outputs, automatic acknowledgement is interrupted and the
test step is terminated.
If an error occurred while checking the checkback input and EMERGENCY
STOP is actuated, acknowledgement is only possible after the error has been
removed (diagnostics) of the checkback input by the RESET button.
FC97 program excerpt
//
// ------ Forced checking procedure of the inputs/outputs ------
//
U M 217.1 // Start forced checking procedure for
M217.1=1
Description
Testing the external
inputs and outputs
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-395
U DB18.DBX 70.1 // Emergency stop not actuated
S M 218.0 // Check Emergency Stop inputs
R M 217.1 // Reset: Start forced checking procedure
R A 48.1 // PLC forced checking procedure output
//
U M 218.0 // Check Emergency Stop inputs
L S5T#120MS // Drop-out time of contactor
SE T 22 // Set Timer 22
//
U T 22 // After drop-out time of contactor
UN A 48.1 // PLC forced checking procedure output
//
UN E 76.4 // Error case, checkback contactor input =
0
S M 218.7 // Initiate Stop D ( see FC96)
S A 48.1 // PLC forced checking procedure output
//
U T 22 // After drop-out time of contactor
UN A 48.1 // PLC forced checking procedure output
//
U E 76.4 // Good case, checkback input of contactor
= 1
S M 218.1 // Start acknowledgement
S A 48.1 // PLC forced checking procedure output
//
R M 218.0 // Check Emergency Stop inputs
U T 22 // After drop-out time of contactor
U E 3.7 // RESET/MCP
U E 76.0 // Emergency Stop (PLC) not actuated
U E 76.4 // Forced checking procedure input E76.4 =
1
S M 218.1 // Start acknowledgement
R M 218.0 // Check EMERGENCY STOP inputs
R M 218.7 // Withdraw Stop D
//
U M 218.1 // Start acknowledgement
L S5T#50MS // Delay time for Emergency Stop inputs
SE T 23 // Set Timer 23
//
U T 23 // Delay time for Emergency Stop inputs
UN E 76.0 // Emergency Stop actuated
R M 218.1 // Reset acknowledgement
//
U T 23 // Delay time for Emergency Stop inputs
U E 76.0 // Emergency stop not actuated
U E 76.4 // Forced checking procedure input E76.4 =
1
S DB18.DBX 70.4 // Acknowledge EMERGENCY STOP PLC
S M 218.2 // Acknowledge EMERGENCY STOP NCK
R M 218.1 // Check: EMERGENCY STOP
//
U DB18.DBX 70.4 // Acknowledge EMERGENCY STOP PLC
L S5T#200MS // Delay time: Acknowledge NCK/PLC
SE T 24 // Set Timer 24
//
U T 24 // Acknowledge EMERGENCY STOP
S M 218.3 // Withdraw acknowledgement NCK
R M 218.2 // Acknowledge EMERGENCY STOP NCK
//
UN M 218.2 // Acknowledge EMERGENCY STOP NCK
SPB QUI1 // Do not acknowledge NCK
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-396 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
//
L 1 // Load 1
T MB 194 // Transfer marker byte 194
//
QUI1: UN M 218.3; // Withdraw NCK acknowledgment
SPB QUI2;
//
L 0; // Load 0
T MB 194; // Transfer marker byte 194
//
QUI2: NOP 0;
//
//
CALL FC 21 (
Enable := DB18.DBX 70.4,
Funct := B#16#4,
S7Var := P#M 194.0 BYTE 1,
IVAR1 := 4,
IVAR2 := -1,
Error := M 218.4,
ErrCode := MW 188);
//
U M 218.3; // Withdraw acknowledgement NCK
U DB18.DBX 70.1; // Acknowledgment EMERGENCY STOP-
PLC o.k.
UN DB18.DBX 110.1; // No difference between NCK/PLC
UN M 218.4; // No error during transfer
R DB18.DBX 70.4; // Acknowledge EMERGENCY STOP PLC
R M 218.3; // Reset: Withdraw acknowledgement NCK
R M 211.0; // Start monitoring time of 8 hours
After the PLC has started the automatic acknowledgement, the EMERGENCY
STOP on the PLC side is acknowledged using the SPL marker
"SPL".QUIT_MARKER/ DB18.DBX70.4. When acknowledgement is started, an
S7 variable (MB194) is transferred using FC21 with a value of "1" and is then
evaluated by the NCK-SPL in lines N100 to N105.
The PLC (FC 21) can only transfer data to the NC with a minimum length of
one byte. This byte can be read in the synchronous actions by system variable
$A_DBB[n]. However, the binary logic operations "AND" and "OR" cannot
combine a bit with a byte so that the byte sent ($A_DBB[4]) must be converted
to a bit ($A_MARKERSI[3] / QUIT_REQUEST) (lines N100/N101).
As a result of lines N102 to 105, automatic acknowledgment is only permitted if
the "1" signal level of the NCK EMERGENCY STOP input is not interrupted for
longer than 400 ms. In order to check this time, a timer is started (line N103)
when the signal level changes from "1" to "0" at the EMERGENCY STOP input.
This is checked when automatic acknowledgment is to be made. An
acknowledgment is only issued if the time is < 400 ms. Otherwise an attempt to
automatically acknowledge an EMERGENCY STOP will be prevented. This
additional safeguard is necessary because at this point EMERGENCY STOP is
acknowledged using a single-channel by the PLC in both SPL programs.
The acknowledgement request on the NCK side
(QUIT_REQUEST/QUIT_MARKER) and the PLC side ("SPL".QUIT_MARKER)
are located at different SPL markers (MARKERSI[3,4,5]) in order to detect the
error that each acknowledgement request has the static status "1".
DEFINE QUIT_PLC AS $A_DBB[4]
;
; -------------------------------------------------------
; --------------------- EMERGENCY STOP ------------------
; -------------------------------------------------------
Description
Program
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-397
;
N100 IDS=08 EVERY QUIT_PLC == 1 DO QUIT_REQUEST = 1
N101 IDS=09 EVERY QUIT_PLC == 0 DO QUIT_REQUEST = 0
N102 IDS=10 DO QUIT_MARKER = 0
N103 IDS=11 EVERY NOT_HALTE == 0 DO QUIT_TIMER3 = 0
N104 IDS=12 EVERY NOT_HALTE == 1 DO QUIT_TIMER3 = -1
N105 IDS=13 EVERY QUIT_REQUEST == 1 DO QUIT_MARKER =
(QUIT_TIMER3<0.4)
; -------------------------------------------------------------
N110 IDS=14 DO NOT_HALT = NOT_HALTE AND (NOT_HALT OR NOT_QUIT
OR QUIT_MARKER)
After 200 ms (T24) has elapsed acknowledgement is cancelled by transferring
the S7 variable with value "0" (MB194): Forced checking procedure of the
inputs and outputs is completed as soon as the variables have been sent in
FC21.
Note
The time for timer 22 must be matched to the drop-out time of the contactors
used. The times for timers 23 and 24 are dependent on the PLC cycle time
and have to be appropriately adapted.
7.3.7 Protective door interlocking
In this example, the two-channel door switch checkback signal "Door closed
and interlocked" is used and connected to one input of the NCK I/Os and one
input of the PLC I/Os. The door switch is monitored through two channels by
the crosswise data comparison of the NCK and PLC inputs. The signal is
available as INSE[2]/TUERZUVER and INSEP[2]/"SPL".TUERZUVER for
programming the NCK-SPL and PLC-SPL.
The door solenoid is enabled by the PLC so that the request to "open door" is
made with a single-channel button (e.g. MCP). The signal "Door closed" from
the door switch is also made available to the PLC to automatically interlock the
door switch with the door solenoid when the protective door is closed.
Description
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-398 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
13
21 31
14
22 32
I1
I2
PLC
Q 48.1
PLC
NCK
I76.3
I2
I76.1
+24V
I76.2
13
14
Door button
SCHALTPL.DSF
SIGUARD
Door switch
open
closed
Fig. 7-15 Wiring of the door switch
Note
If external devices and equipment (hydraulics, cooling water, etc.) are to be
powered-down/disconnected when the door is opened, then in this case, the
same contactor circuit should be used as for the Emergency Stop (K1/K2).
This means that an output must be supplied, in the PLC-SPL
($A_OUTSEP[n]) as well as in the NCK-SPL ($A_OUTSE[n]) that drops-out
when the door opens. The checkback input must be checked every time the
protective door is opened, or even better, integrated into the forced checking
procedure of the inputs/outputs (error response STOP D from PLC) – if it is
not certain that the door will be opened once within eight hours.
7.3.8 De-selecting SBH via the key-operated switch
The safe operating stop is not active when the protective door is closed. When
the door is open, the operator can switch between safe operating stop and
safely-reduced speed using a key-operated switch. In addition, the switch
setting in the PLC can be used to select one of the NC operating modes.
Circuit diagram
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-399
Circuit diagram
PLC NCK
I5
I76.5
13 23
14 24
+24V
Keyswitch
SBH01.DSF
Fig. 7-16 Wiring of the key-operated switch
> 1SBHABW
DOOR CLOSER
KEYSWITCH
FUNKPL03.DSF
Fig. 7-17 Function chart, SBH de-selection
NCK-SPL program excerpt
;
; ---------------------------------------------------------------------------------------
; ---------SBH DE-SELECTION VIA KEY-OPERATED SWITCH -----
; ---------------------------------------------------------------------------------------
;
;
N380 IDS=50 DO SBHABW = KEY OR DOOR
;
FC96 program excerpt:
//
// -------SBH de-selection using the key-operated switch ------
//
//
U "SPL".SCHLUESSEL // Key-operated switch
O "SPL".TUERZUVER // Door closed and
interlocked
= "SPL".SBHABW // SBH de-selection
The standstill tolerance is saved in the axis-specific machine data and in the
drive machine data (FD/MSD).
36930 / 1330 SAFE_STANDSTILL_TOL
Function chart
Program
Program
Machine data
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-400 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
7.3.9 SG changeover
The SG stage is selected via the status of the protective door. When the
protective door is opened, SG stage 1 (SG1=2 m/min; SG1=50 RPM) is active
and when the protective door is closed, SG stage 2 (SG2=10 m/min; SG2 =
2000 RPM) is active. The speed limits are saved in the axis-specific machine
data and in the drive machine data (FD/MSD).
36931 / 1331 SAFE_VELO_LIMIT[0/1]
&SG-BIT 0DOOR CLOSER
FUNKPL04.DSF
Fig. 7-18 Function chart, SG selection
NCK-SPL program excerpt
;
; -------------------------------------------------------
; ------------- SG selection via protective door ---------
; -------------------------------------------------------
;
;
N390 IDS=52 DO SG_BIT_O = DOOR CLOSED
;
FC96 program excerpt:
//
// ------- SG selection using the key-operated switch --------
//
//
U "SPL".TUERZUVER // Door closed and
interlocked
= "SPL".SG_BIT_0 // SG bit0
//
Description
Machine data
Function chart
Program
Program
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-401
7.3.10 NCK-SPL
%_N_SAFE_SPF
;$PATH=/_N_CST_DIR
; SAFE_CHECKSUM = 000429caH
;
=========================================================
==
; File: safe.spf
; Author:
; Creation date:
; -------------------------------------------------------
; "Drives: one spindle + two feed drives"
; "Contactless EMERGENCY STOP + forced checking procedure
; "Test stop"
; "SBH/SG selection using the key-operated switch when the protective door is open"
; ====================================================
;
; ---- External interfaces ----
;
DEFINE NOT_HALTE AS $A_INSE[1]
DEFINE TUERZUVER AS $A_INSE[2]
DEFINE NOT_QUIT AS $A_INSE[4]
DEFINE SCHLUESSEL AS $A_INSE[5]
DEFINE KL_AS12_XZ AS $A_INSE[7]
DEFINE KL_AS12_C AS $A_INSE[8]
DEFINE TESTSTOP1E AS $A_INSE[9]
DEFINE TESTSTOP2E AS $A_INSE[10]
DEFINE TEST_STOPA AS $A_INSE[11]
DEFINE TEST_STOPC AS $A_INSE[12]
DEFINE TEST_STOPD AS $A_INSE[13]
;
DEFINE NOT_HALT2K AS $A_OUTSE[1]
DEFINE KL_663_XZ AS $A_OUTSE[3]
DEFINE KL_663_C AS $A_OUTSE[4]
;
;
; ---- Internal interfaces ----
DEFINE IMP_FREI_XZ AS $A_INSI[1]
DEFINE IMP_FREI_C AS $A_INSI[2]
;
DEFINE STOP_A_ABWS AS $A_OUTSI[1]
DEFINE STOP_A_ABWA AS $A_OUTSI[2]
DEFINE STOP_C_ABW AS $A_OUTSI[3]
DEFINE STOP_D_ABW AS $A_OUTSI[4]
DEFINE SBHABW AS $A_OUTSI[5]
DEFINE SG_BIT_O AS $A_OUTSI[6]
DEFINE TEST1STOP AS $A_OUTSI[7]
DEFINE TEST2STOP AS $A_OUTSI[8]
DEFINE STAT_IMP_XZ AS $A_OUTSI[9]
DEFINE STAT_IMP_C AS $A_OUTSI[10]
;
;
;
; ---- Marker ----
DEFINE MERK1 AS $A_MARKERSI[1]
DEFINE NOT_HALT AS $A_MARKERSI[2]
DEFINE QUIT_REQUEST AS $A_MARKERSI[3]
DEFINE QUIT_MARKER AS $A_MARKERSI[4]
DEFINE STOP_A_A AS $A_MARKERSI[7]
DEFINE STOP_A_S AS $A_MARKERSI[8]
;
;
; ---- Timer ----
DEFINE TIMER1 AS $A_TIMERSI[1]
DEFINE TIMER2 AS $A_TIMERSI[2]
DEFINE QUIT_TIMER3 AS $A_TIMERSI[3]
;
;
; ---- EMERGENCY STOP acknowledgm ent via PLC --- -
DEFINE QUIT_PLC AS $A_DBB[4]
;
;
; -------------------------------------------------------
N0040 MSG("SPL Start")
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-402 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
; -------------------------------------------------------
;
; -------------------------------------------------------
; --------------------- EMERGENCY STOP ------------------
; -------------------------------------------------------
;
;
N100 IDS=08 EVERY QUIT_PLC == 1 DO QUIT_REQUEST = 1
N101 IDS=09 EVERY QUIT_PLC == 0 DO QUIT_REQUEST = 0
N102 IDS=10 DO QUIT_MARKER = 0
N103 IDS=11 EVERY NOT_HALTE == 0 DO QUIT_TIMER3 = 0
N104 IDS=12 EVERY NOT_HALTE == 1 DO QUIT_TIMER3 = -1
N105 IDS=13 EVERY QUIT_REQUEST == 1 DO QUIT_MARKER = (QUIT_TIMER3<0.4)
; -------------------------------------------------------------
N110 IDS=14 DO NOT_HALT = NOT_HALTE AND (NOT_HALT OR NOT_QUIT OR QUIT_MARKER)
;
N120 IDS=15 EVERY NOT_HALT == 0 DO TIMER1 = 0
N130 IDS=16 EVERY NOT_HALT == 1 DO STOP_A_A = 1 TIMER1 = -1
N140 IDS=17 EVERY (TIMER1 > 1.0) AND NOT NOT_HALT DO TIMER1 = -1 STOP_A_A = 0
;
N150 IDS=18 EVERY NOT_HALT == 0 DO TIMER2 = 0
N160 IDS=20 EVERY NOT_HALT == 1 DO STOP_A_S = 1 TIMER2 = -1
N170 IDS=22 EVERY (TIMER2 > 5.0) AND NOT NOT_HALT DO TIMER2 = -1 STOP_A_S = 0
;
N180 IDS=24 DO STOP_A_ABWA = STOP_A_A AND NOT TEST_STOPA
;
N200 IDS=28 DO STOP_A_ABWS = STOP_A_S AND NOT TEST_STOPA
;
N210 IDS=30 DO STOP_C_ABW = NOT_HALT AND NOT TEST_STOPC
;
N220 IDS=32 DO STOP_D_ABW = NOT TEST_STOPD
;
N230 IDS=34 DO NOT_HALT2K = NOT_HALT
;
;
; ------------------------------------------------------
; ----SBH DE-SELECTION USING THE KEY-OPERATED SWITCH ----
; -------------------------------------------------------
;
;
N380 IDS=50 DO SBHABW = SCHLUESSEL OR TUERZUVER
;
;
; -------------------------------------------------------
; ---------- SG selection via protective door------------
; -------------------------------------------------------
;
;
N390 IDS=52 DO SG_BIT_O = TUERZUVER
;
;
; ------------------------------------------------------
; ------------------ TEST STOP --------------------------
; -------------------------------------------------------
;
;
N400 IDS=54 DO TEST1STOP = TESTSTOP1E
N410 IDS=56 DO TEST2STOP = TESTSTOP2E
;
;
; -------------------------------------------------------
; ----- Supply terminals AS1/AS2 and 663 -------------
; ------------------------------------------------------
;
;
N420 IDS=58 DO STAT_IMP_XZ = KL_AS12_XZ STAT_IMP_C = KL_AS12_C
N430 IDS=60 DO KL_663_XZ = IMP_FREI_XZ KL_663_C = IMP_FREI_C
;
; -----------------------------------------------------
N1040 MSG("SPL active")
; -----------------------------------------------------
N1070 M17
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-403
7.3.11 PLC blocks
FUNCTION FC 95: VOID
TITLE =
VERSION : 0.1
BEGIN
NETWORK
TITLE =
U M 210.0; // ASUB start marker from OB100
U DB10.DBX 108.5; // Drive group and terminal block
// run-up
FP M 210.1; // Start edge marker PI service
= M 210.2; // Start cycle marker PI service
//
U M 210.2; // Start cycle marker PI service
S M 210.3; // Start PI service
//
CALL FB 4 , DB 121 ( // PI service interrupt number and priority
Req := M 210.3,// Start PI service
PI service := P#DB16.DBX 18.0 BYTE 26,// PI service ASUB
Unit := 1,
Addr1 := P#DB120.DBX 34.0 BYTE 34,// Program path
Addr2 := P#DB120.DBX 0.0 BYTE 34,// Program name
WVar1 := W#16#1,// Interrupt number = 1
WVar2 := W#16#1,// Priority = 1
WVar3 := W#16#0,// LIFTFAST = 0
WVar4 := W#16#0,// BLKSYNC
Error := DB120.DBX 68.0,// Error occurred
Done := DB120.DBX 68.1,// Task, error-free
State := DB120.DBW 70); // Error code
//
U DB120.DBX 68.1; // Task successfully (error-free) completed
S M 210.4; // Start ASUB
R M 210.3; // Reset PI service Start ASUB
//
//
CALL FC 9 (
Start := M 210.4,// Start ASUB
ChanNo := 1,// Channel number 1
IntNo := 1,// Interrupt number 1
Active := DB120.DBX 72.0,// ASUB active
Done := DB120.DBX 72.1,// Task completed
Error := DB120.DBX 72.3,// Error occurred
StartErr := DB120.DBX 72.4,// Interrupt number
missing
Ref := DB120.DBW 74);// Memory range internal
//
U DB120.DBX 72.1; // Task completed ==> ASUB running
S M 210.7;
R M 210.0; // Reset ASUB start marker from OB100
R M 210.4; // Reset start ASUB
//
END_FUNCTION
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-404 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
FUNCTION FC 96: VOID
TITLE =
VERSION : 0.1
BEGIN
NETWORK
TITLE =Supply I/Os with signals from/to PLC-SPL
// Supply I/Os ==> SPL_DATA_INSEP
//
U E 76.0; // EMERGENCY STOP button
= "SPL".NOT_HALTE;
//
U E 76.1; // Door switch (closed and interlocked)
= "SPL".TUERZUVER;
//
U E 76.3; // EMERGENCY STOP acknowledgement
= "SPL".NOT_QUIT;
//
U E 76.5;
= "SPL".SCHLUESSEL; // Key-operated switch (SBH de-selection)
NETWORK
TITLE =
// ---------- EMERGENCY STOP ----------
U "SPL".NOT_HALTE; // EMERGENCY STOP button INSE 1
U( ;
O "SPL".NOT_HALT; // EMERGENCY STOP signal internal
O "SPL".NOT_QUIT; // EMERGENCY STOP acknowledgement
O "SPL".QUIT_MARKER; // EMERGENCY STOP acknowledgement forced
checking procedure
) ;
= "SPL".NOT_HALT; // EMERGENCY STOP signal internal
//
U "SPL".NOT_HALT; // After pressing
L S5T#1S; // Load for 1 second
SA T 20; // After pressing
U T 20; // EMERGENCY STOP
= "SPL".STOP_A_A; // Intermediate marker STOP A for axes X,Z
//
U "SPL".NOT_HALT; // EMERGENCY STOP
L S5T#5S; // Load for 5 seconds
SA T 21; // After pressing
U T 21; // EMERGENCY STOP
= "SPL".STOP_A_S; // Intermediate marker STOP A for spindle C
//
U "SPL".STOP_A_A; //Intermediate marker STOP A for axes X,Z
UN M 216.3; // Test external STOP A (see FC97)
= "SPL".STOP_A_ABWA; // STOP A for axes X, Z
//
U "SPL".STOP_A_S; // Intermediate marker STOP A for spindle C
UN M 216.3; // Test: external STOP A (see FC97)
= "SPL".STOP_A_ABWS; // STOP A for spindle C
//
U "SPL".NOT_HALT; // EMERGENCY STOP signal internal
UN M 216.2; // Test: external STOP C (see FC97)
= "SPL".STOP_C_ABW; // De-select STOP C
//
AN M 216.1; // Test: external STOP D (see FC97)
UN M 216.7; // STOP D for forced checking procedure
= "SPL".STOP_D_ABW; // De-select STOP D
//
U "SPL".NOT_HALT; // EMERGENCY STOP
= "SPL".NOT_HALT1K; // EMERGENCY STOP contactor
//
//
// ---- SBH de-selection using the key-operated switch----
//
//
U "SPL".SCHLUESSEL; // Key-operated switch
O "SPL".TUERZUVER; // DOOR LOCKED
= "SPL".SBHABW; // SBH de-selection
//
// ------ SG selection using the protective door----------
//
//
U "SPL".TUERZUVER; // DOOR LOCKED
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-405
= "SPL".SG_BIT_0; // SG bit 0
NETWORK
TITLE =Supply of SGE/SGA signals to/from the PLC-SPL
// Supply of conversion variables to axis data block
//
//
// Supply of SPL_DATA_OUTSEP ==> I/Os
//
U "SPL".NOT_HALT1K;
= A 48.2; // EMERGENCY STOP contactor K4
//
// Supply of SPL_DATA_OUTSIP ==> DB31, DB32, DB33
//
U "SPL".STOP_A_ABWS; // Select STOP A for spindle C
= DB33.DBX32.2; // Drive interface for drive C
//
U "SPL".STOP_A_ABWA; // Select STOP A for axis X
= DB31.DBX32.2; // Drive interface for drive X
= DB32.DBX32.2; // Drive interface for drive Z
//
U "SPL".STOP_C_ABW; // Select STOP C for axes X , Z
= DB31.DBX32.3; // Drive interface for drive X
= DB32.DBX32.3; // Drive interface for drive Z
= DB33.DBX32.3; // Drive interface for drive C
//
U "SPL".STOP_D_ABW; // Select STOP D for axes X , Z
= DB31.DBX32.4; // Drive interface for drive X
= DB32.DBX32.4; // Drive interface for drive Z
= DB33.DBX32.4; // Drive interface for drive C
//
U "SPL".SBHABW; // SBH de-selection
= DB31.DBX22.1; // SBH de-selection axis X
= DB32.DBX22.1; // SBH de-selection axis Z
= DB33.DBX22.1; // SBH de-selection spindle C
//
U "SPL".SG_BIT_0; // SG bit 0 selection
= DB31.DBX22.3; // SG bit 0 axis X
= DB32.DBX22.3; // SG bit 0 axis Z
= DB33.DBX22.3; // SG bit 0 spindle C
NETWORK
TITLE =Terminal 663 ; AS1 / AS2
U DB31.DBX108.2; // Pulses safely cancelled axis X
U DB32.DBX108.2; // Pulses safely cancelled axis Z
= "SPL".KL_AS12_XZ; // Terminal AS1 / AS2
= "SPL".STAT_IMP_XY; // Status, pulses cancelled
NOT ;
= "SPL".KL_663_XZ; // Terminal 663 // Terminal 663
= "SPL".IMP_FREI_XZ; // Pulse enable X, Z
//
A DB33.DBX108.2;
= "SPL".KL_AS12_C; // Terminal AS1 / AS2
= "SPL".STAT_IMP_XY; // Status, pulses cancelled
NOT ;
= "SPL".KL_663_C // Terminal 663
= "SPL".IMP_FREI_C; // Pulse enable C
//
END_FUNCTION
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-406 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
FUNCTION FC 97: VOID
TITLE =Test stop
//Test stop activated after eight hours have elapsed and the protective door
has been opened
VERSION : 0.1
BEGIN
NETWORK
TITLE =Test stop step 1
//Forced checking procedure of the pulse cancellation
UN M 211.0; // Start monitoring time of 8 hours
L S5T#2H40M; // Load 2 hours and 40 minutes
SE T 30; // Start timer 30
//
U T 30; // After 2 hours and 40 minutes have elapsed
L S5T#2H40M; // Load 2 hours and 40 minutes
SE T 31; // Start timer 31
//
U T 31; // After 5 hours and 20 minutes have elapsed
L S5T#2H40M; // Load 2 hours and 40 minutes
SE T 32;
//
U T 32; // After 8 hours have elapsed and
UN E 76.1; // door not closed and interlocked
UN DB31.DBX 108.2; // Pulses not disabled (X)
UN DB32.DBX 108.2; // Pulses not cancelled (Z)
UN DB33.DBX 108.2; // Pulses not cancelled (C)
U DB31.DBX 110.5; // Axis X stopped
U DB32.DBX 110.5; // Axis Z stopped
U DB33.DBX 110.5; // Axis C stopped
S M 211.0; // Reset monitoring time of 8 hours
S M 211.1; // Start test stop 1
//
CALL FC 60 (// Test stop module
start := M 211.1,// Start test stop 1
reset := E 3.7,// Reset by RESET/MCP
num_axis := 2,// Number of drives
test_axis_1 := 1,// Drive number Axis X
test_axis_2 := 3,// Drive number spindle C
test_axis_3 := 0,
test_axis_4 := 0,
test_axis_5 := 0,
test_axis_6 := 0,
test_axis_7 := 0,
test_axis_8 := 0,
servo_test_out := A 49.0, // Test stop 1 NCK by A 49.0
aux_dword := MD 212, // Marker double word internal
ready := M 211.2, // Test stop 1 executed
error := M 211.7);// Error on test stop
//
U M 211.2; // Test stop 1 successfully executed
S M 211.3; // Start test stop 2
R M 211.2; // Test stop 1
//
CALL FC 60 (
start := M 211.3,// Start test stop 2
reset := E 3.7, // Reset by RESET/MCP
num_axis := 1, // 2 Number of drives
test_axis_1 := 2, // Drive number axis Z
test_axis_2 := 0,
test_axis_3 := 0,
test_axis_4 := 0,
test_axis_5 := 0,
test_axis_6 := 0,
test_axis_7 := 0,
test_axis_8 := 0,
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-407
servo_test_out := A 49.1, // Test stop 2 NCK by A 49.1
aux_dword := MD 220, // Marker double word internal
ready := M 211.4, // Test stop 2 executed
error := M 211.6);// Error on test stop
//
U M 211.4; // Test stop 2 successfully executed
R M 211.1; // Start test stop 1
R M 211.3; // Start test stop 2
R M 211.4; // Test stop 2 successfully executed
S M 216.0; // Start test stop step 2
NETWORK
TITLE =Test stop step 2
//Forced checking procedure of external STOPs A and C
U M 216.0; // Start test stop step 2
UN DB31.DBX 108.2; // Axis X: Pulses not safely cancelled
UN DB32.DBX 108.2; // Axis Z: Pulses not safely cancelled
UN DB33.DBX 108.2; // Spindle C: Pulses not safely cancelled
S M 216.1; // Initiate Stop D on the PLC side (FC96)
R M 216.0; // Reset start test stop step 2
//
U M 216.1; // Check stop D on the PLC side
U DB31.DBX 111.6; // STOP D active axis X
U DB32.DBX 111.6; // STOP D active axis Z
U DB33.DBX 111.6; // STOP D active spindle C
S M 216.2; // Initiate Stop C on the PLC side (FC96)
R M 216.1; // Reset check stop D (PLC)
//
U M 216.2; // Check stop C on the PLC side
U DB31.DBX 111.5; // STOP C active axis X
U DB32.DBX 111.5; // STOP C active axis Z
U DB33.DBX 111.5; // STOP C active spindle C
S M 216.3; // Initiate Stop A on the PLC side (FC96)
R M 216.2; // Reset check stop C (PLC)
//
U M 216.3; // Check stop A on the PLC side
U DB31.DBX 111.4; // STOP A/B active axis X
U DB32.DBX 111.4; // STOP A/B active axis Z
U DB33.DBX 111.4; // STOP A/B active spindle C
S M 216.4; // Check: STOP A (PLC) not active
R M 216.3; // Reset check stop A (PLC)
//
U M 216.4; // Check: STOP A (PLC) not active
UN DB31.DBX 111.4; // STOP A/B not active axis X
UN DB32.DBX 111.4; // STOP A/B not active axis Z
UN DB33.DBX 111.4; // STOP A/B not active spindle C
S M 216.5; // Initiate Stop D on the NCK side
R M 216.4; // Reset check: STOP A (PLC)
//
U M 216.5; // Initiate Stop D on the NCK side
= A 49.4; // See circuit diagram and NCK-SPL
//
U M 216.5; // Check Stop D on the NCK side
U DB31.DBX 111.6; // STOP D active axis X
U DB32.DBX 111.6; // STOP D active axis Z
U DB33.DBX 111.6; // STOP D active spindle C
S M 216.6; // Initiate Stop C on the NCK side
R M 216.5; // Reset check Stop D (NCK)
//
U M 216.6; // Initiate Stop C on the NCK side
= A 49.3; // See circuit diagram and NCK-SPL
//
U M 216.6; // Check Stop C on the NCK side
U DB31.DBX 111.5; // STOP C active axis X
U DB32.DBX 111.5; // STOP C active Axis Z
U DB33.DBX 111.5; // STOP C active spindle C
S M 216.7; // Initiate Stop A on the NCK side
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-408 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
R M 216.6; // Reset check Stop C (NCK)
//
U M 216.7; // Initiate Stop A on the NCK side
= A 49.2; // See circuit diagram and NCK-SPL
//
U M 216.7; // Check stop A on the NCK side
U DB31.DBX 111.4; // STOP A/B active axis X
U DB32.DBX 111.4; // STOP A/B active axis Z
U DB33.DBX 111.4; // STOP A/B active spindle C
S M 217.0; // Check: STOP A (NCK) not active
R M 216.7; // Reset check Stop A (NCK)
//
U M 217.0; // Check: STOP A (NCK) not active
UN DB31.DBX 111.4; // STOP A/B not active axis X
UN DB32.DBX 111.4; // STOP A/B not active axis Z
UN DB33.DBX 111.4; // STOP A/B not active spindle C
S M 217.1; // Start forced checking procedure of inputs
R M 217.0; // Reset check: STOP A (NCK)
NETWORK
TITLE =Forced checking procedure of the input and output devices
//The time for performing the forced checking procedure can depend on several
//machine-specific conditions. The solution shown in this example is not
binding.
//
U M 217.1; // Start forced checking procedure for M217.1
= 1
U "SPL".NOT_HALT; // EMERGENCY STOP not actuated
S M 218.0; // Check EMERGENCY STOP inputs
R M 217.1; // Reset: Start forced checking procedure
R A 48.1; // PLC forced checking procedure output
//
U M 218.0; // Check EMERGENCY STOP inputs
L S5T#120MS; // Drop-out time of contactor
SE T 22; // Timer 22
//
U T 22; // After drop-out time of contactor
UN A 48.1; // PLC forced checking procedure output
UN E 76.4; // Error case checkback input contactors = 0
S M 218.7; // Initiate Stop D ( see FC96)
S A 48.1; // PLC forced checking procedure output
//
U T 22; // After drop-out time of contactor
UN A 48.1; // PLC forced checking procedure output
U E 76.4; // Good case checkback input contactors = 1
S M 218.1; // Start acknowledgement
S A 48.1; // PLC forced checking procedure output
R M 218.0; // Check EMERGENCY STOP inputs
//
U T 22; // After drop-out time of contactors
U E 3.7; // RESET MCP
U E 76.0; // EMERGENCY STOP (PLC) not actuated
U E 76.4; // Forced checking procedure input E76.4 = 1
S M 218.1; // Start acknowledgement
R M 218.0; // Check EMERGENCY STOP inputs
R M 218.7; // Withdraw Stop D
//
U M 218.1; // Start acknowledgement
L S5T#50MS; // Delay time EMERGENCY STOP inputs
SE T 23; // Set timer 23
//
U T 23; // Delay time EMERGENCY STOP inputs
UN E 76.0; // EMERGENCY STOP actuated
R M 218.1; // Reset acknowledgement
//
U T 23;
U E 76.0; // EMERGENCY STOP not actuated
U E 76.4; // Forced checking procedure input E76.4 = 1
S "SPL".QUIT_MARKER; // Acknowledge EMERGENCY STOP PLC
S M 218.2; // Acknowledge EMERGENCY STOP NCK
R M 218.1; // Check: EMERGENCY STOP
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-409
R T 23; // Reset timer 23
//
U "SPL".QUIT_MARKER; // Acknowledge EMERGENCY STOP PLC
L S5T#200MS; // Delay time: Acknowledgement NCK/PLC
SE T 24; // Set timer 24
//
U T 24; // Acknowledge EMERGENCY STOP
S M 218.3; // Withdraw acknowledgement NCK
R M 218.2; // Acknowledge EMERGENCY STOP NCK
R T 24; // Reset timer 24
//
UN M 218.2; // Acknowledge EMERGENCY STOP NCK
SPB QUI1; // Do not acknowledge NCK
//
L 1; // Load 1
T MB 194; // Transfer marker byte 194
//
QUI1: UN M 218.3; // Withdraw NCK acknowledgement
SPB QUI2;
//
L 0; // Load 0
T MB 194; // Transfer marker byte 194
//
QUI2: NOP 0;
//
//
CALL FC 21 (
Enable := "SPL".QUIT_MARKER,
Funct := B#16#4,
S7Var := P#M 194.0 BYTE 1,
IVAR1 := 4,
IVAR2 := -1,
Error := M 218.4,
ErrCode := MW 188);
//
U M 218.3; // Withdraw acknowledgement NCK
U "SPL".NOT_HALT; // Acknowledgment EMERGENCY STOP-PLC o.k.
UN DB18.DBX 110.1; // No difference between NCK/PLC
UN M 218.4; // No error on transfer
R "SPL".QUIT_MARKER; // Acknowledge EMERGENCY STOP PLC
R M 218.3; // Reset: Withdraw acknowledgement NCK
R M 211.0; // Start monitoring time of 8 hours
END_FUNCTION
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-410 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
7.3.12 Appendix
Excerpt from symbol table:
Symbol Address Data type Comment
1 Hochlauf_ASUP_Start M 210.0 BOOL Run-up marker for SPL / ASUB start
2 Flanke_FB4_SPL_Start M 210.1 BOOL Edge marker for SPL / FB4 start
3 Zyklus_FB4_SPL_Start M 210.2 BOOL Cycle marker for SPL / FB4 start
4 FB4_Start M 210.3 BOOL Interrupt number and polarity for SPL (FB4)
5 FC9_SPL_Start M 210.4 BOOL Start SPL
6 Teststop_aktiv M 211.0 BOOL Activate test stop
7 Teststop_1_starten M 211.1 BOOL Forced checking procedure of the shutdown paths (X, C)
8 Teststop_1_ready M 211.2 BOOL Test stop1 performed without errors
9 Teststop_2_starten M 211.3 BOOL Forced checking procedure of shutdown paths (Z)
10 Teststop_2_ready M 211.4 BOOL Test stop 2 performed without errors
11 Teststop_2_error M 211.6 BOOL Error for test stop 2 (Z)
12 Teststop_1_error M 211.7 BOOL Error for test stop 1 (X, C)
13 QUIT_NCK_error M 214.4 BOOL Error for transfer using FC21
14 Teststopphase_2_starten M 216.0 BOOL Start test of external stops
15 Test_Stop_D_PLC M 216.1 BOOL Trigger stop D in PLC / FC96
16 Test_Stop_C_PLC M 216.2 BOOL Trigger stop C in PLC / FC96
17 Test_Stop_A_PLC M 216.3 BOOL Trigger stop A in PLC / FC96
18 PLC_Stop_A_nicht_aktiv M 216.4 BOOL Stop A / PLC check not active
19 Test_Stop_D_NCK M 216.5 BOOL Trigger stop D via A 49.4 / PLC in NCK
20 Test_Stop_C_NCK M 216.6 BOOL Trigger stop C via A 49.3 / PLC in NCK
21 Test_Stop_A_NCK M 216.7 BOOL Trigger stop A via A 49.2 / PLC in NCK
22 NCK_Stop_A_nicht_aktiv M 217.0 BOOL Stop A / NCK check not active
23 Test_I/O_Peripherie_1 M 217.1 BOOL Forced checking procedure of the I/O devices
24 Test_I/O_Peripherie_2 M 218.0 BOOL Check Emergency Stop inputs
25 Test_I/O_Peripherie_3 M 218.1 BOOL Start acknowledgement for Emergency Stop
26 Test_I/O_Peripherie_4 M 218.2 BOOL Acknowledge Emergency Stop on the NCK side
27 Test_I/O_Peripherie_5 M 218.3 BOOL Withdraw acknowledgment Emergency Stop on the
NCK side
28 Fehler_Stop_D_PLC M 218.7 BOOL Checkback input of contactors E 76.4 not OK.
29 Teststop_1_intern MD 212 DWORD Run test stop 1 FC60 internally
30 Teststop_2_intern MD 220 DWORD Run test stop 2 FC60 internally
31 QUIT_NCK_error_code MW 188 WORD Error code from FC21
32 TIMER1 T 20 TIMER STOP C -> STOP A (axes)
33 TIMER2 T 21 TIMER STOP C-> STOP A (spindle)
34 T_K_ABFALL T 22 TIMER Drop-out time of contactors K1, K2
35 T_VERZUG_1 T 23 TIMER Delay time EMERGENCY STOP input
36 T_VERZUG_2 T 24 TIMER Delay time, acknowledgment
37 Teststop_Zeit_1 T 30 TIMER Monitoring duration 2h 40min
38 Teststop_Zeit_2 T 31 TIMER Monitoring duration 5h 20min
39 Teststop_Zeit_3 T 32 TIMER Monitoring duration 8h
11.03 7 Configuring example
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-411
The following structure was used for the PLC program of the configuration
example.
Structure of PLC program /
call of user modules
OB1
FC2 : Basic program
FC95 : Start of NCK-SPL
FB4, instance DB 121
data DB 120
FC9, data DB 120
FC96 : PLC-SPL
FC97 : Forced dormant error
detection
FC60, test stop phase I
Remaining
user program
Fig. 7-19 Structure of the user program
The following function overview is used to configure and commission SPL logic
Symbols used in
the PLC program
7 Configuring example 11.03
7.3 Safety Integrated with SPL
© Siemens AG 2003 All Rights Reserved
7-412 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Function overview
SPL logic
Uebersicht_00.DSF
1234 7658
NCK-SPL
$A_INSE
Input
variables SPL
$A_OUTSE
Output
variables SPL
NCK-SGA/SGE signals
$A_INSI
input
variables SPL
$A_OUTSI
Output
variables SPL
NCK I/Os
Machine data
Machine data
Switches, light barriers, display lamps, contactors, etc.
Inputs Outputs
Drive
SGA/SGE signals
Drive SW (on CL)
SIMATIC I/Os
Cross checking of data
and results
Data exchange via drive bus
Cross checking of data
and results
NCK-SW / FB 15
PLC-SPL
DB18
DB18-DB31-61
D
10390
A
FE_IN_HW_ASSIGN[0..7]
tewise assignment of
e
NCK inputs =>
A
_INSE
MD 10392
SAFE_OUT_HW_ASSIGN[0..7]
bytewise assignment of $A_OUTSE
=> NCK outputs
SAFE.SPF
Logic
SAFE.SPF
Logic
g
nment of $A_OUTSI
G
E
3
6970..36978
0
: SBH/SG deselection
1: SBH deselection
2
: SG selection
3
: SE selection
4
: I Transmission ratio sel.
5
: I Test stop selection
6
: I Status pulses reset
7
: I External STOPS
8
: I SG overrid e select.
t of the SI function
SI-KERNEL
DB18 comparison (monitoring 1s -> 10s)
In case of error, STOP D is triggered
if SPL is protected
Monitoring cycles settable in MD
Order of magnitude 81 * MD 10090
Assignment to SPL inputs
INSEP[1...64]
DB18.DBX38.0 to DBX45.7
Assignment of SPL outputs
OUTSEP[1...64]
DB18.DBX46.0 to DBX53.7
FC XXX
Logic
OUTSIP[1..64]
DB18.DBX62.0 to
DB18.DBX69.7
Output variables
SPL
FC XXX
Logik
INSIP[1..64]
DB18.DBX54.0 to
DB18.DBX61.7
Input variables
SPL
DB31...61 (axis interface)
DBX22.0: SBH/SG deselection
DBX22.1: SBH deselection
DBX22.3..4: SG selection
DBX23.4: SE selection
DBX23.0..2: I monit. selection
DBX23.7: I Test stop selection
DBX32.2..4: I External STOPS
DBX33.4..7: I SG override selection
Input of the SI function
MD36980..36990
36980: Q SBH/SG active
36981: Q SBH active
36982: Q SG active
36985: Q n<n x
36986: Q Release pulses
36987: Q Axis safely ref.
36988: Q SN1+ to SN4+
36989: Q SN1- to SN4-
36990: Q active stop
Output of the SI function
In case of error STOP F
* inverted with respect to SGA
Pulses enabled in NCK
not if test stop active (PLC side)
Assignment
SGA => INSIP
DB31..61 ( axis interface)
DBX108.0: Q SBH/SG active
DBX108.2 Q Status pulses reset*
DBX110.1: Q SBH active
DBX110.3..4: Q SG active
DBX110.5: Q n< nx
DBX108.7: Q Axis safely ref.
DBB109: Q SN1+ to SN4+
DBB109: Q SN1- to SN4-
DBX 111.4..6: Q active stop
Output of the SI function
Fig. 7-20 Overview, SPL logic
11.03 7 Configuring example
7.4 Safety Integrated without SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-413
7.4 Safety Integrated without SPL
Contrary to Safety Integrated with SPL, here the program (S7 PLC program)
must be emulated for the NCK using switches and contactors. This has an
impact on the costs associated with the cabinet wiring, and, depending on the
complexity of the machine, is complicated. In addition, the EMERGENCY
STOP buttons and the door switches must be evaluated by safety contactors
which themselves influence the drives of the 611 digital group.
Safety Integrated without SPL Safety Integrated with SPL
1234 7658
NCK-SPL
$A_INSE input
variables SPL
$A_OUTSE
input variables SPL
NCK SGA/
SGE signals
$A_INSI
output
variables SPL
$A_OUTSI
input
variables SPL
1234 7658 NCK I/Os
SGE input
signals
NCK SGA/
SGE signals
Machine data Machine data
Machine data
Combinational logic with
switches and contactors
Switches, light barriers,
indicator lamps, etc.
NCK I/Os
BEI2_02.DSF
Switches, light barriers,
indicator lamps, etc.
SGA output
signals
Fig. 7-21 Function schematic of SI without SPL
7.4.1 Connecting-up the drives
The drives are connected-up exactly in the same way as for the version with
SPL. Pulse enable (terminal 663) and the checkback status of the pulses
(AS1/AS2) are assigned to the NCK-SGE via machine data.
X axis:
36986 SAFE-PULSE_ENABLE_OUTPUT : 01040203H
36976 SAFE_PULSE_STATUS_INPUT : 01040107H
Z axis:
36986 SAFE-PULSE-ENABLE_OUTPUT : 01040203H
36976 SAFE_PULSE_STATUS_INPUT : 01040107H
Spindle C:
36986 SAFE-PULSE-ENABLE_OUTPUT : 01040204H
36976 SAFE_PULSE_STATUS_INPUT : 01040108H
Power can be supplied to terminal AS1 either from terminal 9 or an external
+24 V power supply, depending on the cabinet configuration.
On the PLC side, the pulses must be enabled on the axis-specific drive
interface (DB3x.DBX21.7).
7 Configuring example 11.03
7.4 Safety Integrated without SPL
© Siemens AG 2003 All Rights Reserved
7-414 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
BEI2_01.DSF
SIMODRIVE 611D
Double axis module
Axis X, axis Z
SIMODRIVE 611D
Single axis module
Spindle C
663 AS2 AS1 9
663 AS2 AS1 9
+24V
NCK SGEs
I7
I8
NCK SGAs
Q4
Q3
Fig. 7-22 Circuit example
7.4.2 EMERGENCY STOP and connecting-up the I/R module
For an EMERGENCY STOP, all the drives in the drive group are stopped via
terminal 64 (controller inhibit) on the infeed/regenerative feedback module.
The drives brake with the maximum current (this can be configured).
After a certain delay (if, for example, the spindle has also braked and is
stationary), the internal line contactor in the NE module that is used to
electrically isolate it from the power supply, is opened via terminal 48
(DIN EN 60204-1). The connection between terminals NS1, NS2 is opened as
an additional safety measure to prevent the line contactor from re-closing.
The infeed/regenerative feedback module is supplied from the line supply using
a three-conductor cable.
The line contactor integrated in the infeed/regenerative feedback module is
used to isolate the drives from the line supply (an external line contactor is not
required).
11.03 7 Configuring example
7.4 Safety Integrated without SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-415
Circuit diagram
Kl
. 213
Kl
. 111
. LV1 . LV2 . 9 . 64 . 63 . 48 . 19
Leading contact
from power switch
0V
L1
L2
L3
EMERGENCY STOP
Time relay
Q1
K2
K1
EMERGENCY
STOP
Time relay
K2
EMERGENCY
STOP
BEI2_11.DSF
Fig. 7-23 Connecting-up the infeed/regenerative feedback module without SPL
The EMERGENCY STOP button is monitored using a safety relay K1
(3TK2805). When the EMERGENCY STOP button is pressed, safety relay K1
drops out immediately and opens the NO contacts that are included in the
connection between terminal 9 and terminal 64 on the infeed/regenerative
feedback module and in the supply path for delay module 3TK29.
As soon as the selected delay time has elapsed, delay module K2 (3TK29.3)
also drops out and opens the NO contacts that are included in the connection
between terminal 9 and terminals 48/63 and in the connection between terminal
NS1 and terminal NS2. EMERGENCY STOP can only be acknowledged when
the line contactor in the infeed/regenerative feedback module and the delay
module K2 have dropped out.
7 Configuring example 11.03
7.4 Safety Integrated without SPL
© Siemens AG 2003 All Rights Reserved
7-416 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
+24V
11
12 22
21
EMERGENCY
STOP
button Kl. 111
(I/RF module)
Kl. 213
(I/RF module)
EMERGENCY STOP
acknowledgment
EMERGENCY STOP
time relayK2
T1
K1 K2
Safety relay module
3TK2805
Delay
module 3TK29
S1
L+ X3 X5 X4
L-
A1/L+
0V
EMERGENCY STO
P
K1
schalt03.dsf
A2/L-
Fig. 7-24 Connecting-up the safety relay combination
7.4.3 Test stop
For the test stop, the first section of the test stop test can be taken from the
PLC programming example with SPL. The parameterization of the machine
data directly refers to the DMP input modules:
X axis: 36975 SAFE_STOP_REQUEST_INPUT : 01060809H
Spindle C: 36975 SAFE_STOP_REQUEST_INPUT : 01060809H
Z axis: 36975 SAFE_STOP_REQUEST_INPUT : 0106080AH
PLC NCK
Q49.0 I9
Q49.1 I10
Test stop 1
Test stop 2
SCHALTBI.DSF
Fig. 7-25 Circuit diagram for test stop
Circuit diagram
11.03 7 Configuring example
7.4 Safety Integrated without SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-417
7.4.4 Protective door interlocking
The following circuit is used for monitoring the protective door if external
devices (hydraulics, cooling water etc.) have to be powered-down/disconnected
when the door is opened. The safety relay monitors the door switch and its
contacts are included in the switching logic for the SGEs of the Safety
Integrated functions.
Other contacts of the safety contactor switch all of the external devices (not
shown in this diagram) in the vicinity of the protective door that are potentially
hazardous to the operator.
If the protective door switch only activates and de-activates Safety Integrated
functions of the NC drives in the safety area, and this is clearly confirmed by
the risk analysis, then the contacts of the door switch can be directly integrated
into the switching logic for the SGEs (NCK/SPL) (see Fig. 7-26).
Safety Integrated monitors the door switch using the crosswise data
comparison of the SGEs.
+24V
K3 Safety relay
3TK2805
L+ X3 X5
L-
0V
open
closed
X1 X2
PLC
Type:
TZF
Door switch
Q 48.0
SCHALT01.DSF
Fig. 7-26 Circuit diagram for protective door interlocking
Notes on the diagram
We recommend that a door release solenoid is used with a mechanical
system (as shown) that acts on the contacts of the checkback signals.
The protective door interlocking is evaluated as follows: Terminal X3 of the
safety relay is activated when the door is open and terminal X5 of the safety
relay when the door is closed.
Circuit diagram
7 Configuring example 11.03
7.4 Safety Integrated without SPL
© Siemens AG 2003 All Rights Reserved
7-418 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
7.4.5 De-selecting SBH using the key-operated switch/SG changeover
using the door safety contactor
On the NCK side, "safe operating stop" is de-selected using DMP input 5. The
state shown in the circuit diagram is "protective door open" and "safe operating
stop" was selected using the key-operated switch. Using the key-operated
switch, it is possible to change-over to safely-reduced speed with the protective
door open.
X axis, Z axis, spindle C:
36971 SAFE_SAFE_SS_DISABLE_INPUT: : 01040105H
Safe operating stop is de-selected when the protective door is closed and a
changeover is made from safely-reduced speed 1 (personnel protection) to
safely-reduced speed 2 (machine protection).
X axis, Z axis, spindle C:
36972 SAFE_SAFE_VELO_SELECT_INPUT[0] : 01040106H
On the PLC side, the switching states of the door and the key-operated switch
are logically combined in an S7 program. The safety functions are activated
and de-activated via the PLC drive interface (see Chapter 4, "Interface
signals").
Door locking Keyswitch
13 23 33
14 24 34 14 24
13 23
NCK PLC
I5
I6
I32.5
I32.6
+24V
Safety contactor K3
or door switch
see Section 7.4.4
SCHALT02.DSF
Fig. 7-27 Circuit diagram: SBH de-selection using key-operated switch
SG changeover using the door safety contactor
Circuit diagram
11.03 7 Configuring example
7.4 Safety Integrated without SPL
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-419
Program
Program excerpt:
//
// -------- SBH selection using the protective door and
using the key-operated switch --------
//
U E 32.5 // Door closed and interlocked
O E 32.6 //
= DB31.DBX22.1 // SBH de-selection
= DB32.DBX22.1 // SBH de-selection
= DB33.DBX22.1 // SBH de-selection
//
// -------- SG selection via the protective door --------
//
U E 32.6 // Door closed and interlocked
= DB31.DBX22.3 // SG bit 0
= DB32.DBX22.3 // SG bit 0
= DB33.DBX22.3 // SG bit 0
7 Configuring example 11.03
7.5 External STOPs
© Siemens AG 2003 All Rights Reserved
7-420 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
7.5 External STOPs
This example is based on the configuring example in Section 7 "Safety
Integrated without SPL", although external STOP C is to be used for all the
drives on the example machine. A small SPL has to be written for this problem
because external STOP A must be supplied from a system variable
($A_OUTSI). In this case, no hardware of the NCK-SPL has to be assigned by
the machine data 10390/10392, nor does the machine data parameterized in
Section 7 "Safety Integrated without SPL" have to be changed.
Task/structure:
External STOP C is to be activated for X, Z, C when the light barrier is
triggered. The light barrier is analyzed by an external unit. The light barrier is
also acknowledged by a switch that is connected to this evaluation unit. In order
to test the external STOP C the two switching contacts for the PLC I/Os and the
NCK I/Os are supplied with +24 V by two separate PLC outputs (A36.0/A36.1)
(refer to circuit diagram).
The logical drive number for the terminal block is 4 and the input module used
is inserted into slot 1 in the terminal block.
Commissioning is explained step-by-step with reference to the previous
sections in Chapter 7.
1. Enable the function "SBH/SB monitoring" and "external STOPs" for drives
X, Z, C via the axis-specific machine data
36901: SAFE_FUNCTION_ENABLE = 41 H
2. Set the machine data 11602: ASUP_START_MASK=7: ASUB start in all
operating states of the NC (RESET/JOG/not all axes referenced/read-in
inhibit active).
3. Set machine data 11604: ASUP_START_PRIO_LEVEL=1: (interrupt
priority from which MD $MN_ASUP_START_MASK is active).
4. Enter axis-specific machine data for drives X, Z, C
36977: SAFE_EXT_STOP_INPUT[0]: 04010101H (STOP A is supplied
from $A_OUTSI[1] in the SPL)
36977: SAFE_EXT_STOP_INPUT[1]: 01040101H (first input on the
DMP input module)
36977 SAFE_EXT_STOP_INPUT[2]: 80000000H (STOP D statically
de-selected).
5. The other safety machine data are parameterized as described in
Chapter 7, "Safety Integrated without SPL".
6. The following program has to be written for the PLC:
SET
= DB18.DBX62.0 // Supply OUTSIP[1]
= DB31.DBX32.2 // Supply STOP A for axis X
= DB32.DBX32.2 // Supply STOP A for axis Z
= DB33.DBX32.2 // Supply STOP A for spindle C
//
U I 32.0 // PLC input / light barrier
evaluation unit
= DB31.DBX32.3 // Supply STOP C for axis X
= DB32.DBX32.3 // Supply STOP C for axis Z
= DB33.DBX32.3 // Supply STOP C for spindle C
//
Description
11.03 7 Configuring example
7.5 External STOPs
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-421
7. SET
= DB31.DBX32.4 // Supply STOP D for axis X
= DB32.DBX32.4 // Supply STOP D for axis Z
= DB33.DBX32.4 // Supply STOP D for spindle C
8. In addition, if the light barrier is interrupted, the PLC should trigger an NC
STOP at the channel interface in the automatic mode .
9. Implement the following NCK-SPL in the standard cycle directory CST.DIR
under the name SAFE.SPF
%_N_SAFE_SPF
;$PATH=/_N_CST_DIR
; SAFE_CHECKSUM = 000009C6H
;
N100 IDS=01 DO $A_OUTSI[1] = 1 // Static de-selection
STOP A
;
N110 M17
10. The NCK-SPL start when the control runs-up is described in Chapter 7,
"Starting the NCK-SPL and PLC-SPL.
11. The first part of the test stop described in Chapter 7, "Test stop", can be
used and adapted to the machine configuration. An external STOP C must
be incorporated in each test algorithm in the following form:
7 Configuring example 11.03
7.5 External STOPs
© Siemens AG 2003 All Rights Reserved
7-422 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Test stop phase 2 (marker 216.0)
Pulses for drives X, Z, C
not safely disabled
Trigger STOP C on PLC side
(Q 36.0 = "0")
Checkback signal STOP C active
DB3x.DBX111.4
Start
yes
no
no
yes
Trigger STOP C on NCK side
(Q 36.1 = "0")
Checkback signal STOP C active
DB3x.DBX111.4
yes
no
End of test stop
M 211.0 = "0"
Cancel STOP C NCK side
(Q 36.1 = "1")
Cancel STOP C on PLC side
(Q 36.0 = "1")
Fig. 7-28 Flowchart when testing external STOP C
11.03 7 Configuring example
7.5 External STOPs
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-423
Circuit diagram
PLC NCK
I32.0 I1
11
12 22
21
Light barrier
analysis unit
PLC
Q36.0
PLC
Q36.1
Fig. 7-29 Wiring
Note
The drive cannot be operated until the SPL is started because the external
STOP A is not supplied!
7 Configuring example 11.03
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
7-424 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
The following function elements will be described using this example:
- Wiring options for ET200S PROFIsafe modules
- Parameterization of ET200S PROFIsafe components (hardware
configuration)
- Parameterization of associated machine data
- Effects on NCK and PLC-SPL
(safe programmable logic).
The entire system with all of the required hardware and software settings is not
shown; rather, only the sections that differ when compared to previous SPL
applications with two separate hardware I/O branches (NCK and PLC I/Os).
7.6.1 Functional scope of the application
The safety-relevant input signals read-in from the F-DI module and processed
in the SPL are to be used to change over axis-specific safety functions (SBH,
SG, external stop response, etc.), and output safety-relevant output signals to
actuators (via an F-DO module or PM-E F module).
7.6.2 Connecting-up the sensors and actuators
The diagram below shows the layout of the ET 200S line-up used in the
example
sPROFIsafePROFIsafePROFIsafe
IM 151
High Feature
PM E F-DI F-DO PM-EF DO
BSP_Module.dsf
Cable for:
PROFIBUS-DP
Fig. 7-30 Layout of the DP slave
11.03 7 Configuring example
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-425
The assignment and significance of the signals for the PROFIsafe modules is
explained below:
The safety-relevant I/O input signals are connected to this module. These are
implemented either using two NC contacts (EMERGENCY Stop button and the
position monitoring function for the protective door) with an exclusive OR
function. This means with one NC contact and one NO contact (agreement
button) - or with two NO contacts (<drive ON> button). As a result of these
versions, in some cases, different parameter settings are obtained in the
hardware configuration under STEP 7.
All of the sensor signals are connected through two channels.
EMERGENCY
stop
Type: NC Contact
1
9
5
13
3
11
7
15
VS1 2; 6
4; 8
VS2 10; 14
12; 16
F-DI
BSP_FDI_Verdrahtung.dsf
Channel 4
Channel 0
Channel 6
Channel 2
Channel 7
Channel 3
Channel 5
Channel 1
Protective
door closed
Type: NC Contact
Enable button
Type: NC/NO contact
Drives ON
Type: NO contact
Fig. 7-31 Example: F-DI connections
Significance and use of the individual signals:
F-DI (channel 0.4) : Emergency Stop actuator
Signal status channel 0 = "1" and channel 4 = "1":
Emergency Stop not pressed
Signal status channel 0 = "0" and channel 4 = "0":
Emergency Stop pressed
F-DI (channel 1.5) : Position monitoring function, protective door
Signal status channel 1 = "1" and channel 5 = "1":
Protective door closed
Signal status channel 1 = "0" and channel 5 = "0":
Protective door not closed
Electronic module 4/8
F-DI DC24V PROFIsafe
7 Configuring example 11.03
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
7-426 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
F-DI (channel 2.6) : Agreement button
Signal status channel 2 = "1" and channel 6 = "0"
Agreement button not pressed
Signal status channel 2 = "0" and channel 6 = "1"
Agreement button pressed
F-DI (channel 3,7) : <drive on> key
Signal status channel 3 = "0" and channel 7 = "0"
<drive on> key not pressed
Signal status channel 3 = "1" and channel 7 = "1"
<drive on> key pressed
VS1: Internal encoder supply for channels 0 to 3
VS2: Internal encoder supply for channels 4 to 7
Both of these encoder supplies must be used when the short-circuit test is
activated (cf. Chapter "Configuration and wiring of the ET200S I/Os ->
Components of the node IM151 HF: F-DI module).
The exclusive OR sensor agreement button is an exception. For this type of
wiring, the encoder supply VS1 must be used, in conjunction with the short-
circuit test, for both contacts.
The actuators that must be shut down in a safety-related fashion, are
connected through two channels. Shutdown is possible separately for each
channel.
Two valve units are connected in the sample configuration to control the motion
of supplementary pneumatic axes.
DO 3 P 13
DO 3 M 14
DO 1 P 5
DO 1 M 6
DO 2 P 9
DO 2 M 10
F-DO
DO 0 P 1
DO 0 M 2
BSP_FDO_Verdrahtung.dsf
Valve unit 1
Channel 0
Channel 3
Channel 2
Channel 1
Valve unit 2
Fig. 7-32 Example: F-DO connections
Electronic module
4 F-DO DC24 V/2 A
PROFIsafe
11.03 7 Configuring example
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-427
Significance and use of the individual signals:
F-DO (channel 0) : Valve unit 1
Signal status channel 0 = "0"
Valve in the inhibited/quiescent position
Signal status channel 0 = "1"
Valve open
F-DO (channel 1) : Not used
F-DO (channel 2) : Valve unit 2
Signal status channel 2 = "0"
Valve in the inhibited/quiescent position
Signal status channel 2 = "1"
Valve open
F-DO (channel 3) : Not used
This module combines two functions. On the one hand, all three two-channel
output channels can be connected to individual actuators (cf. functionality of an
F-DO module); on the other hand, the third output channel DO 2 has an
additional function.
Output channel DO2 is used to internally switch-in or switch-out the safety-
relevant (i.e. via two voltage potentials) power supply to or from the
downstream standard DO or standard DI modules. This means that the outputs
on the DO modules can be controlled as single-channel outputs in the PLC for
the "normal" function – after the PM-E F module, all of the DO modules can be
shut down in a safety-related fashion.
DO 0 P 9
DO 0 M 10
DO 1 P 13
DO 1 M 14
DO 2 P 11,15
DO 2 M 12,16
PM-E F
P2 (M)
P1 (P)
BSP_PMEF_ Verdrahtung.dsf
Valve unit 3
Internal disconnection of voltage buses
Channel 2
Channel 1
Channel 0
External wiring for additional actuators possible on DO2
Group disconnection from
standard modules
Fig. 7-33 Example: PM-E F connections
PM-E F power module
7 Configuring example 11.03
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
7-428 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Significance and use of the individual signals:
PM-E F (channel 0) : Valve unit 3
Signal status channel 0 = "0"
Valve in the inhibited/quiescent position
Signal status channel 0 = "1"
Valve open
PM-E F (channel 1) : Not used
PM-E F (channel 2) : Shutting down the supply voltage for subsequent
DO module / external not used
Signal status channel 2 = "0"
The power supply voltage for the subsequent DO module is
disconnected via the two potential rails P1/P2.
Signal status channel 2 = "1"
The power supply voltage for the subsequent DO module is switched-
in via the two potential rails P1/P2.
7.6.3 Individual application functions
The <drive on> button is only used to acknowledge the internal Emergency
Stop state. The button has no function in subsequent operation. The table of
functions below shows the logical inter-relationships between the individual
safety-relevant signals and functions. The description starts with the
assumption that the Emergency Stop state has been acknowledged.
Table 7-1 Application functions
Sensor State Axes, spindles/
external devices
Monitor function/
switching status
Emergency Stop Not actuated Axes/spindles SG3 (> maximum speed)
Protective door Closed Valve unit 1 Open position
Agreement button Not applicable Valve unit 2 Open position
Valve unit 3 Open position
Case 1 Supply voltage DO Connected
Emergency Stop Not actuated Axes/spindles SBH
Protective door Open Valve unit 1 Inhibit-quiescent position
Agreement button Not pressed Valve unit 2 Inhibit-quiescent position
Valve unit 3 Inhibit-quiescent position
Case 2 Supply voltage DO Disconnected
Emergency Stop Not actuated Axes/spindles SG1
Protective door Open Valve unit 1 Open position
Agreement button Pressed Valve unit 2 Inhibit-quiescent position
Valve unit 3 Open position
Case 3 Supply voltage DO Disconnected
Emergency Stop Actuated Axes/spindles STOP C -> SBH
Protective door Open Valve unit 1 Inhibit-quiescent position
Agreement button Pressed Valve unit 2 Inhibit-quiescent position
Valve unit 3 Inhibit-quiescent position
Case 4 Supply voltage DO Disconnected
Emergency Stop Actuated Axes/spindles STOP D -> SBH
Protective door Closed Valve unit 1 Inhibit-quiescent position
Agreement button Pressed Valve unit 2 Inhibit-quiescent position
Valve unit 3 Inhibit-quiescent position
Case 5 Supply voltage DO Disconnected
11.03 7 Configuring example
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-429
7.6.4 Configuring and connecting-up the ET200S I/O
Only the part required for the PROFIBUS connection of the ET 200S line is
displayed here:
PROFIsafe: DP master system (1)
SI PLC315-2DP 2AF03
DP
IM 360
2
S7 FM-NCU
X2
3
4
(0) 840D NCU 57x.4
(8) IM 151
HWKonf_Bus.dsf
Fig. 7-34 STEP 7 Hardware configuration: Definition of the PROFIBUS system
The system requirements regarding the NCU hardware and interface module
must be observed (cf. Chapter 3.12 -> SI I/Os using fail-safe modules on
PROFIBUS-DP -> System requirements).
Note
When describing how the F I/Os are configured, the associated parameters
are only described to some extent or only in the form of an overview. More
detailed information is given in the context-sensitive online help and in the
manual ET200S Distributed I/O System, Fail-Safe Modules.
PROFIBUS connection
(overall system)
7 Configuring example 11.03
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
7-430 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Components of the node IM151 HF: F-DI module
The diagram below shows the parameter settings for the F-DI module:
(8) IM 151-1 HF
4 DO 24V/10A
PM-E F DC24V/10A 2 F-DO
4 F-DO DC24V/2A
4/8 F-DI DC24V
PM-E DC24V
6ES7 132-4BD30-0AA0
6ES7 138-4CF00-0AB0
6ES7 138-4FB00-0AA0
6ES7 138-4FA00-0AB0
6ES7 138-4CA00-0AA0
139...143
134...138
128...133
139...143
134...138
128...131
F-Zieladresse 1111111100 (hexadezimal 3FC)
F-Zieladresse 1111111101 (hexadezimal 3FD)
F-Zieladresse 1111111110 (hexadezimal 3FE)
32.0...32.3
Baugruppe Bestellnummer E-Adre..... A-Adres.... D..... Kommentar
F_Überwachungszeit (ms)
DIL-Schalterstellung (9........0)
F_Ziel_Adresse
F_Quell_Adresse
F-Parameter
Parameter
100
1111111110
1022
1: SI PLC315-2DP 2AF03
Eigenschaften - 4/8 F-DI DC24V - (R-/S5)
Parameter
ParameterAdressenAllgemein
Wert
Kanal 0, 4
Baugruppenparameter
Eingangsverzögerung
Kurzschlusstest
Aktiviert
Auswertung der Geber
Art der Geberverschaltung
Diskrepanzzeit (ms)
Kanal 2, 6
Kanal 1, 5
Kanal 3, 7
2v2-Auswertung
Zweikanalsensor
300
Aktiviert
Auswertung der Geber
Art der Geberverschaltung
Diskrepanzzeit (ms)
2v2-Auswertung
Antivalentsensor
300
OK Abbrechen Hilfe
Fig. 7-35 Parameter settings for the F-DI module
The parameters of the F-DO module are explained below:
• F_Source_Address
The parameter F_Source_Address is automatically assigned for the
configured F master (in this case, the NCU 572.4 or NCU 573.4). This
parameter is identical for all PROFIsafe components since they are
associated with the same PROFIsafe master.
• F_Target_Address
The parameter F_Target_Address is automatically assigned for the
relevant F module and displayed in the decimal notation (for the F-DI
module 1022). The DIL switch setting displayed must be set accordingly.
This address is needed later for parameterizing the machine data in the
hexadecimal notation (for the F-DI module 3FE).
• F_Monitoring time
The parameter F_Monitoring time defines the maximum time within which a
new valid F telegram must have been received from the F master.
Generally, the default value can be used.
Explanationen of
parameters
11.03 7 Configuring example
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-431
• Input delay
In order to suppress coupled-in noise and disturbances, it is possible to
define a noise/disturbance pulse length (in ms) for all of the modules using
the input delay parameter. Noise/disturbance pulses from 0 ms up to the
set value are then suppressed.
• Short-circuit test
The short-circuit test parameter activates the short-circuit detection
function for the module. This test only makes sense if a simple switch is
used, which is connected via two encoder supplies in the module (VS1,
VS2). In this context, each input terminal must be assigned a supply
voltage for the test (cf. Chapter: Connecting-up sensors and actuators ->
Electronic module 4/8 F-DI DC24 V PROFIsafe).
• Encoder evaluation
In the example, all of the input sensors are connected through two-
channels (refer to Fig. 7-34). Therefore, the encoder evaluation is set to
2v2 evaluation for all 4 channel pairs.
• Type of encoder connection
The type of encoder connection depends on the encoder design. For NC
and NO contact pairs (channels 0,4; channels 1,5; channels 3,7), the two-
channel sensor version must be set. On the other hand, for the exclusive
OR agreement button (one NC and one NO contact), the exclusive OR
sensor version should be specified.
• Discrepancy time
The discrepancy time parameter is used to enter the monitoring time for
discrepancy analysis (only relevant for 2v2 analysis). If there is still a
difference between the two associated input signals after the discrepancy
time has expired, then this is detected as an error and signaled to the
master. This time should be orientated to the switching duration (both
channels) for the connected sensor.
Only one signal state is transferred to the master via the PROFIsafe
protocol. This means that an internal control crosswise data comparison
error, referred to two different input signal states, can no longer occur. The
discrepancy analysis is executed in a distributed fashion – this means that
the time should be selected to take this into account.
7 Configuring example 11.03
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
7-432 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The diagram below shows the parameter settings for the F-DO module:
(8) IM 151-1 HF
4 DO 24V/10A
PM-E F DC24V/10A 2 F-DO
4 F-DO DC24V/2A
4/8 F-DI DC24V
PM-E DC24V
6ES7 132-4BD30-0AA0
6ES7 138-4CF00-0AB0
6ES7 138-4FB00-0AA0
6ES7 138-4FA00-0AB0
6ES7 138-4CA00-0AA0
139...143
134...138
128...133
139...143
134...138
128...131
F-Zieladresse 1111111100 (hexadezimal 3FC)
F-Zieladresse 1111111101 (hexadezimal 3FD)
F-Zieladresse 1111111110 (hexadezimal 3FE)
Diagnose: Drahtbruch
Aktiviert
DO-Kanal 1
Diagnose: Drahtbruch
Aktiviert
DO-Kanal 0
Baugruppenparameter
F_Überwachungszeit (ms)
DIL-Schalterstellung (9........0)
F_Ziel_Adresse
F_Quell_Adresse
F-Parameter
Parameter
100
1111111101
1021
1: SI PLC315-2DP 2AF03
32.0...32.3
Eigenschaften - PM-E F DC24V/10A 2 F-DO DC24V/2A - (R-/S7)
Parameter
ParameterAdressenAllgemein
Wert
Baugruppe Bestellnummer E-Adre..... A-Adres.... D..... Kommentar
Diagnose: Drahtbruch
Aktiviert
DO-Kanal 3
Diagnose: Drahtbruch
Aktiviert
DO-Kanal 2
OK Abbrechen Hilfe
Fig. 7-36 Parameter settings for the F-DO module
The parameters of the F-DO module are explained below:
• F parameters
The F parameters have already been explained in relation to the F/DI
module (cf. above). The target address for the F-DO module is 3FD in the
hexadecimal notation.
• DO channels
The individual DO channels can be separately activated and de-activated.
• Diagnostics: Wire breakage
Further, using Diagnostics: Wire breakage, it is possible to set as to
whether the connection from the output to the actuator for the particular
channel is checked for wire breakage; if wire breakage is detected, this is
signaled to the master.
Components of the
node IM151 HF:
F-DO module
Explanations of
parameters
11.03 7 Configuring example
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-433
Components of the node IM151 HF: PM-E F module
The diagram below shows the parameter settings for the PM-E F module:
(8) IM 151-1 HF
4 DO 24V/10A
PM-E F DC24V/10A 2 F-DO
4 F-DO DC24V/2A
4/8 F-DI DC24V
PM-E DC24V
6ES7 132-4BD30-0AA0
6ES7 138-4CF00-0AB0
6ES7 138-4FB00-0AA0
6ES7 138-4FA00-0AB0
6ES7 138-4CA00-0AA0
139...143
134...138
128...133
139...143
134...138
128...131
F-Zieladresse 1111111100 (hexadezimal 3FC)
F-Zieladresse 1111111101 (hexadezimal 3FD)
F-Zieladresse 1111111110 (hexadezimal 3FE)
Aktiviert
DO-Kanal 2 (P1/P2)
Diagnose: Drahtbruch
Aktiviert
DO-Kanal 1
Diagnose: Drahtbruch
Aktiviert
DO-Kanal 0
Baugruppenparameter
F_Überwachungszeit (ms)
DIL-Schalterstellung (9........0)
F_Ziel_Adresse
F_Quell_Adresse
F-Parameter
Parameter
100
1111111100
1020
1: SI PLC315-2DP 2AF03
32.0...32.3
Eigenschaften - PM-E F DC24V/10A 2 F-DO DC24V/2A - (R-/S7)
Parameter
ParameterAdressenAllgemein
Wert
OK Abbrechen Hilfe
Baugruppe Bestellnummer E-Adre..... A-Adres.... D..... Kommentar
Fig. 7-37 Parameter settings for the PM-E F module
The parameters of the PM-E F module are explained below:
• F parameters
The F parameters have already been explained in relation to the F/DI
module (cf. above). The target address for the PM-E F module is 3FC in
the in hexadecimal notation.
• DO channel 0 / 1
The parameterization of the individual DO channels has already been
explained in relation to F-DO.
• DO channel 2 (P1/P2)
The third output pair (DO channel 2 (P1/P2)) cannot be de-activated. This
channel is used to internally switch-in or switch-out the safety-relevant
power supply to or from the downstream standard DO or also DI modules
(see Fig. 7-33).
Explanationen of
parameters
7 Configuring example 11.03
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
7-434 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
7.6.5 Parameterizing the Sinumerik 840D NCK
Addressing the PROFIsafe masters (cf. parameter F_Source_Address):
• MD 10385 $MN_PROFISAFE_MASTER_ADRRESS = 05 00 00 01 H
Setting the PROFIsafe clock cycle
• MD 10071 $MN_ IPO_CYCLE_TIME = 0.006 s
• MD 10098 $MN_PROFISAFE_IPO_TIME_RATIO = 3 ( => 0.018 s)
For details on setting the PROFIsafe clock cycle, see:
Chapter 3, SI I/Os via fail-safe module on PROFIBUS-DP
Configuring and parameterizing the ET 200S F I/Os
PROFIsafe clock cycle and DP cycle time
Inputs from the F-DI module to mapped to $A_INSE(P) variables 1..4
• MD 10386 $MN_PROFISAFE_IN_ADDRESS[0] = 05 00 03 FEH
• MD 10388 $MN_PROFISAFE_IN_ASSIGN[0] = 004 001
In the case of an agreement button connected-up in an exclusive OR
configuration, when OK, the signal state is transferred to the SPL defined by
the lower channel (channel 2 in the example).
$A_OUTSE(P) variables 1..4 are output to the F-DO module
• MD 10387 $MN_PROFISAFE_OUT_ADDRESS[0] = 05 00 03 FDH
• MD 10389 $MN_PROFISAFE_OUT_ASSIGN[0 = 004 001
$A_OUTSE(P) variables 5..7 are output to the PM-E F module
• MD 10387 $MN_PROFISAFE_OUT_ADDRESS[1] = 05 00 03 FCH
• MD 10389 $MN_PROFISAFE_OUT_ASSIGN[0] = 007 005
A few definitions are now required in order to explain a safe programmable
logic (SPL). This is the reason that not all of the parameterized machine data
for Safety Integrated will be described. Furthermore, axial machine data are
only specified to represent an axis.
SBH de-selection via $A_OUTSI[1]
• MD 36970 $MA_SAFE_SS_DISABLE_INPUT = 04 01 01 01H
SG selection bit 1 via $A_OUTSI[2]
• MD 36972 $MA_SAFE_VELO_SELECT_INPUT[0] = 04 01 01 02H
STOP A de-selection via $A_OUTSI[3]
• MD 36977 $MA_SAFE_EXT_STOP_INPUT[0] = 04 01 01 03H
STOP C de-selection via $A_OUTSI[4]
• MD 36977 $MA_SAFE_EXT_STOP_INPUT[1] = 04 01 01 04H
STOP D de-selection via $A_OUTSI[5]
• MD 36977 $MA_SAFE_EXT_STOP_INPUT[2] = 04 01 01 05H
These safety-relevant internal input signals are used to implement the functions
described above
General
PROFIsafe
parameterization
Connecting
SPL-SGE-/SGA
($A_INSE(P)/$A_OUTS
E(P) variables)
Additional
SI machine data
11.03 7 Configuring example
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-435
7.6.6 Programming the NCK-SPL
The complete SPL logic is not shown, only the parts needed to understand the
application. The parts not shown include terminal 663 and the forced checking
procedure.
; +---------------------------------------------------------+
; | Safe programmable logic (NCK-SPL) |
; +---------------------------------------------------------+
; File: SAFE.SPF
; Excerpt for explanation of PROFIsafe
; -----------------------------------------------------------
; D e s c r i p t i o n :
; - NCK-SPL
; - Logical combination of SPL input variables
; External (from PROFIsafe) : $A_INSE (MD 10386 10388)
; Internal (from SI kernel) : $A_INSI (MD 36980..36990)
; to output variables of the SPL
; Internal (to SI kernel) : $A_OUTSI (MD 36970..36978)
; External (to PROFIsafe) : $A_INSE (MD 10387 10389)
; E n d D e s c r i p t i o n
; -----------------------------------------------------------
;
;-------------------- Cycle definition ----------------------
; Suppress single block, display
; -----------------------------------------------------------
N100 PROC SAFE SBLOF DISPLOF
; --------------------- Declarations ------------------------
; Definition of symbolic names for SPL variables
; -----------------------------------------------------------
; Addressing of PROFIsafe input modules
; MD 10386 $MN_PROFISAFE_IN_ADDRESS[n]
; Assignment of PROFIsafe signals to SPL
; MD 10388 $MN_PROFISAFE_IN_ASSIGN[n]
;------------------------------------------------------------
;MD 10386[0]/MD 10388[0] : F-DI NCK ; PLC-DB18.
;------------------------------------------------------------
N105 DEFINE IE_EMERGENCY_STOP AS $A_INSE[01] ; DBX38.0
N110 DEFINE IE_PROT.DOOR_CLOSED AS $A_INSE[02] ; DBX38.1
N115 DEFINE IE_AGREEMENT AS $A_INSE[03] ; DBX38.2
N120 DEFINE IE_DRIVES_ON AS $A_INSE[04] ; DBX38.3
;============================================================
;Internal inputs (mapping of SGA 36980..36990) ; PLC-DB18.
;------------------------------------------------------------
;not used for example
N105 DEFINE II_RES_01 AS $A_INSI[01] ; DBX55.0
;============================================================
;Internal outputs (assign ment to SGE 36970..36978); PLC-DB18.
;------------------------------------------------------------
N425 DEFINE OI_SBH_DESEL AS $A_OUTSI[01] ; DBX62.0
N430 DEFINE OI_SG_SEL_B1 AS $A_OUTSI[02] ; DBX62.1
N435 DEFINE OI_STOPA_DESEL AS $A_OUTSI[03] ; DBX62.2
N440 DEFINE OI_STOPC_DESEL AS $A_OUTSI[04] ; DBX62.3
N445 DEFINE OI_STOPD_DESEL AS $A_OUTSI[05] ; DBX62.4
;============================================================
7 Configuring example 11.03
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
7-436 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
; Addressing of PROFIsafe input modules
; MD 10387 $MN_PROFISAFE_OUT_ADDRESS[n]
; Assignment of PROFIsafe signals to SPL
; MD 10389 $MN_PROFISAFE_OUT_ASSIGN[n]
;------------------------------------------------------------
;MD 10387[0]/MD 10389[0] : F-DO NCK ; PLC-DB18.
;------------------------------------------------------------
N585 DEFINE OE_VALVE1 AS $A_OUTSE[01] ; DBX46.0
N590 DEFINE OE_RES_02 AS $A_OUTSE[02] ; DBX46.1
N595 DEFINE OE_VALVE2 AS $A_OUTSE[03] ; DBX46.2
N600 DEFINE OE_RES_04 AS $A_OUTSE[04] ; DBX46.3
;------------------------------------------------------------
;MD 10387[1]/MD 10389[1] : PM-EF NCK ; PLC-DB18.
;------------------------------------------------------------
N605 DEFINE OE_VALVE3 AS $A_OUTSE[05] ; DBX46.4
N610 DEFINE OE_RES_06 AS $A_OUTSE[06] ; DBX46.5
N615 DEFINE OE_P1P2 AS $A_OUTSE[07] ; DBX46.6
;============================================================
;MARKERSI : Internal status marker ; PLC-DB18.
;------------------------------------------------------------
N665 DEFINE MI_NO_E_STOP AS $A_MARKERSI[01] ; DBX70.0
N670 DEFINE MI_AGREEMENT AS $A_MARKERSI[02] ; DBX70.1
;============================================================
;TIMERSI : Internal timer ; PLC timer
;------------------------------------------------------------
N742 DEFINE TI_RES_01 AS $A_TIMERSI[01] ; T xxx
;not used for example
;============================================================
;PLCSIOUT : Single-channel data from PLC -> NCK ; PLC-DB18.
;------------------------------------------------------------
N800 DEFINE IPLC_RES_01 AS $A_PLCSIOUT[01] ; DBX128.0
;not used for example
;============================================================
;PLCSIIN : Single-channel data from NCK -> PLC ; PLC-DB18.
;------------------------------------------------------------
N900 DEFINE OPLC_RES_01 AS $A_PLCSIIN[01] ; DBX132.0
;not used for example
;============================================================
; --------------------- Program section --------------------
; INSE/INSI ---> OUTSI/OUTSE (MARKERSI memory)
; -----------------------------------------------------------
; First static synchronized action : IDS = aa (MD 11500[0])
; Last static synchronized action : IDS = bb (MD 11500[1])
; Static de-select STOP A
IDS=01 DO STOPA_DESEL = 1
; Emergency stop (STOP C if protective door open / STOP D if
closed)
IDS=02 EVERY IE_DRIVES_ON == 1 DO MI_NO_E_STOP = 1 ; Set
status marker
IDS=03 WHENEVER IE_E_STOP == 0 DO MI_DO_NOT_STOP = 0 ; Reset
status marker
11.03 7 Configuring example
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-437
; De-select STOP C
IDS=04 DO STOPC_DESEL = IE_PROT.DOOR_CLOSED OR MI_NO_E_STOP ;
De-select STOP C
; De-select STOP D
IDS=05 DO STOPD_DESEL = NOT IE_PROT.DOOR_CLOSED OR MI_NO_E_STOP ;
Deselect STOP D
; Agreement mode
IDS=06 DO MI_AGREEMENT = NOT IE_PROT.DOOR_CLOSED AND IE_AGREEMENT
; SBH de-selection (if protective door closed or for agreement
mode)
IDS=07 DO OI_SBH_DESEL = IE_PROT.DOOR_CLOSED OR MI_AGREEMENT
; SG changeover (select SG3 if protective door closed)
IDS=08 DO OI_SG_DESEL_B1 = IE_PRO T.D OOR_CLOSED
; Valve unit 1
IDS=09 DO OE_VALVE1 = MI_NO_E_STOP AND (IE_PROT.DOOR_CLOSED OR
MI_AGREEMENT)
; Valve unit 2
IDS=10 DO OE_VALVE2 = MI_NO_E_STOP AND IE_PROT.DOOR_CLOSED
; Valve unit 3
IDS=11 DO OE_VALVE3 = OE_VALVE1
; Supply potential DO
IDS=12 DO OE_P1P2 = OE_VALVE2
N1000 MSG ("SPL OK")
N1005 M30
7 Configuring example 11.03
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
7-438 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
7.6.7 Programming the PLC-SPL
Only data ranges for which a symbol has been defined for the example are
listed.
Table 7-2 Excerpt from symbol definition DB18 "SPL"
Address Name Type Initial value Comment
... ... ... ... ...
+38.0 IEP_NOT_HALT BOOL FALSE $A_INSEP[1]
+38.1 IEP_SCHUTZTUER
_ZU BOOL FALSE $A_INSEP[2]
+38.2 IEP_ZUSTIMMUNG BOOL FALSE $A_INSEP[3]
+38.3 IEP_ANTRIEBE_E
IN BOOL FALSE $A_INSEP[4]
... ... ... ... ...
+46.0 OEP_VENTIL1 BOOL FALSE $A_OUTSEP[01]
+46.1 OEP_RES_02 BOOL FALSE $A_OUTSEP[02]
+46.2 OEP_VENTIL2 BOOL FALSE $A_OUTSEP[03]
+46.3 OEP_RES_04 BOOL FALSE $A_OUTSEP[04]
+46.4 OEP_VENTIL3 BOOL FALSE $A_OUTSEP[05]
+46.5 OEP_RES_06 BOOL FALSE $A_OUTSEP[06]
+46.6 OEP_P1P2 BOOL FALSE $A_OUTSEP[07]
... ... ... ... ...
+62.0 OIP_SBH_ABWAHL BOOL FALSE $A_OUTSIP[01]
+62.1 OIP_SG_AUSW_B1 BOOL FALSE $A_OUTSIP[02]
+62.2 OIP_STOPA_ABW BOOL FALSE $A_OUTSIP[03]
+62.3 OIP_STOPC_ABW BOOL FALSE $A_OUTSIP[04]
+62.4 OIP_STOPD_ABW BOOL FALSE $A_OUTSIP[05]
... ... ... ... ...
+70.0 MIP_KEIN_NOT_H
ALT BOOL FALSE $A_MARKERSIP[0
1]
+70.1 MIP_ZUSTIMMUNG BOOL FALSE $A_MARKERSIP[0
2]
BEGIN
NETWORK
TITLE =map external inputs to $A_INSEP variables
// This step is no longer required for PROFIsafe inputs
// in the user program. The input signals from the
// F-DI module are also transferred via the para met ers of
// the NCK machine data MD 10386[n] and MD 10388[n] to the
// corresponding bits in DB 18, i.e. the associated
// $A_INSEP variables (DB18.DBX38.0 .. DBX 45.7)
// are written inside the system
NETWORK
TITLE =Map status signals from SI (SGA) -> to internal inputs
// cf. MD 36980..MD36990
// SGA signals in axis DB : DBX108.0 ... DBX111.7
// $A_INSIP[01]...$A_INSIP[64] : DB18.DBX54.0 ... DB18.DBX61.7
// No $A_INSIP variables are used for the application
// example
Excerpt from symbol
definitions DB18
"SPL"
PLC-SPL
11.03 7 Configuring example
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-439
NETWORK
TITLE =SPL logic INSEP/INSIP -> map OUTSIP
// cf. SAFE.SPF
// $A_MARKERSIP[1]... $A_M ARKERSIP[64] :
// DB18.DBX70.0 ... DB18.DBX77.7
// $A_OUTSIP[1]......$A_OUTSIP[64] :
// DB18.DBX62.0 ... DB18.DBX69.7
//
// [IDS=01] Static de-select STOP A
SET;
= "SPL".OIP_STOPA_DESEL;
// [IDS=02/03] Emergency Stop (STOP C for open / STOP D for
// closed protective door)
A "SPL".IEP_DRIVES_ON;
FP M 100.0; // Auxiliary edge marker
S "SPL".MIP_NO_E_STOP; // Set status marker
UN "SPL".IEP_EMERGENCY_STOP;
R "SPL".MIP_NO_E_STOP; // Reset status marker
// [IDS=04] STOP C – De-select
U "SPL".IEP_PROT.DOOR_CLOSED;
O "SPL".MIP_NO_E_STOP;
= "SPL".OIP_STOPC_DESEL;
// [IDS=05] STOP D – De-select
UN "SPL".IEP_PROT.DOOR_CLOSED;
O "SPL".MIP_NO_E_STOP;
= "SPL".OIP_STOPD_DESEL;
// [IDS=06] Agreement mode
UN "SPL".IEP_PROT.DOOR_CLOSED;
U "SPL".IEP_AGREEMENT;
= "SPL".MIP_AGREEMENT;
// [IDS=07] SBH de-selection (if pro tect ive door closed or
// for agreement mode)
U "SPL".IEP_PROT.DOOR_CLOSED;
O "SPL".MIP_AGREEMENT;
= "SPL".OIP_SBH_DESEL;
// [IDS=08] SG changeover (select SG3 if protective door closed)
U "SPL".IEP_PROT.DOOR_CLOSED;
= "SPL".OIP_SG_SEL_B1;
NETWORK
TITLE =SPL logic INSEP/INSIP -> map OUTSIP
// cf. SAFE.SPF
// $A_MARKERSIP[1]... $A_M ARKERSIP[64] :
// DB18.DBX70.0 ... DB18.DBX77.7
// $A_OUTSIP[1]......$A_OUTSIP[64] :
// DB18.DBX62.0 ... DB18.DBX69.7
//
// [IDS=09] Valve unit 1
U "SPL".MIP_NO_E_STOP;
U( ;
U "SPL".IEP_PROT.DOOR_CLOSED;
O "SPL".MIP_AGREEMENT;
7 Configuring example 11.03
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
7-440 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
) ;
= "SPL".OEP_VALVE1;
// [IDS=10] Valve unit 2
U "SPL".MIP_NO_E_STOP;
U "SPL".IEP_PROT.DOOR_CLOSED;
= "SPL".OEP_VALVE2;
// [IDS=11] Valve unit 3
U "SPL".OEP_VALVE1;
= "SPL".OEP_VALVE3;
// [IDS=12] Supply potential DO
U "SPL".OEP_VALVE2;
= "SPL".OEP_P1P2;
NETWORK
TITLE =Assign internal outputs (OUTSIP) to SI inputs (SGE)
// cf. MD 36970..MD36978
// SGE signals in axis DB Part 1 : DBX22.0 ... DBX23.7
// SGE signals in axis DB Part 2 : DBX32.0 ... DBX33.7
// The example describes only the interface of axis 1
// De-select SBH
U "SPL".OIP_SBH_DESEL;
= DB31.DBX 22.1;
// SG Changeover bit 1
U "SPL".OIP_SG_SEL_B1;
= DB31.DBX 22.4;
// De-select external STOP A (cf. MD 36977[0])
U "SPL".OIP_STOPA_DESEL;
= DB31.DBX 32.2;
// De-select external STOP C (cf. MD 36977[1])
U "SPL".OIP_STOPC_DESEL;
= DB31.DBX 32.3;
// De-select external STOP D (cf. MD 36977[2])
U "SPL".OIP_STOPD_DESEL;
= DB31.DBX 32.4;
NETWORK
TITLE =Output external output s (OUTS EP) to I/Os
// This step is no longer required for PROFIsafe outputs
// in the user program. The A_OUTSEP[n] vari able s
// used (DB18.DBX46.0 .. DBX54.7) are output via the parameters
// of the NCK machine data MD 10387[n] and MD 10389[n] from the
// interface in DB18 (logically ANDed with the associated
// $A_OUTSE variable) directly to the I/Os. i.e. the output to the
I/O is carried-out within
// the system
END_FUNCTION
11.03 7 Configuring example
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 7-441
7.6.8 Modified limitations with PROFIsafe
When compared to connecting the SPL I/O with two separate hardware
I/O branches (NCK and PLC I/Os), when connected via SPL I/Os using one
safety-relevant bus (PROFIsafe) results in some modified limitations when it
comes to configuring and programming:
• Error in the PROFIsafe input devices (e.g. input signals that differ from one
another) cause the associated SPL-SGEs to be cleared. This initiates a
STOP D/E .
• The external SPL input signals in the DB18 interface for the $A_INSEP
variables are transferred within the system, i.e. programming is no longer
necessary in the user program. The PROFIsafe input I/Os now only
transfer one signal state to the master for both SPL channels, i.e. data
crosswise comparison is no longer performed in the control for the
$A_INSE(P) variables.
• The external SPL output signals of the DB18 interface ($A_OUTSEP
variables) are transferred within the system to the relevant PROFIsafe
output modules. Since only one signal state is transferred via PROFIsafe, it
is no longer possible to temporarily output a signal state for the PLC output
that is different from the NCK output (as implemented previously for
exceptional cases). There is now no PLC branch and no NCK branch for a
safe PROFIsafe output that has a two-channel structure.
• If may be necessary to use single-channel signals (signals that are present
only in the PLC or only in the NCK) to change over external SPL outputs
(e.g. brake control). This fact means that these single-channel signals must
also be made available to the other program channel to align the logic and
program synchronously. Direct communications between the NCK and
PLC-SPL via DB18 is a good way to achieve this.
• In each PROFIsafe cycle, the PROFIsafe layer generates a PROFIsafe
telegram with the logically AND'ed SPL output data as F net (useful) data.
7 Configuring example 11.03
7.6 SI I/Os using fail-safe modules connected to PROFIBUS DP
© Siemens AG 2003 All Rights Reserved
7-442 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Notes
11.03 8 Application examples
8.1 Conventional brake control (single-channel from the PLC)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-443
8 Application examples
8.1 Conventional brake control (single-channel from the PLC) ......................... 8-444
8.2 Two-channel brake control with SI (SPL).................................................... 8-445
8.3 Testing the function of the brake mechanical system.................................. 8-450
8.3.1 Applications .......................................................................................... 8-450
8.3.2 Parameterization .................................................................................. 8-450
8.3.3 Sequence ............................................................................................. 8-452
8.3.4 Limitations ............................................................................................ 8-455
8.3.5 Activating.............................................................................................. 8-455
8.3.6 Examples.............................................................................................. 8-456
8.4 Safe cams at the modulo limit..................................................................... 8-457
8.5 SPL functionality without real drives ........................................................... 8-464
8.6 Direction detection when retracting from SE ............................................... 8-466
8.7 Replacing a motor or encoder..................................................................... 8-469
8.8 Example for combining SI with ESR ........................................................... 8-473
8
8 Application examples 11.03
8.1 Conventional brake control (single-channel from the PLC)
© Siemens AG 2003 All Rights Reserved
8-444 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The application examples listed below are intended to provide support when
engineering and using Safety Integrated. It involves recommended solutions for
applications that are frequently encountered in the field and for which there is
no clear or trivial solution. The examples are intended purely as an aid to
configuration and should not be interpreted as configuration instructions, i.e.
equally suitable alternative solutions may exist.
8.1 Conventional brake control (single-channel from the PLC)
Many brake actuation systems still use a PLC output that switches an additional
hardware relay. The reason for this is that a standard S7 output can only supply
0.5 A and a current of this magnitude is usually insufficient to be able to actuate
a brake.
This circuit has the following disadvantages:
Firstly, control via the PLC does not comply with the safety requirements (in the
worst case, the PLC can crash without resetting the outputs, i.e. the axis could
fall). Secondly, the application time of the holding brake is increased because
the hardware relay has to be controlled and it also has an associated switching
time.
In order to keep the switching time of the contactor as short as possible, neither
an interference suppression diode (6 to 10-fold increase in the switching time)
nor a diode combination (2 to 6-fold increase in the switching time) may be
used for interference suppression of the contactor. The only practical solution in
this case is a varistor (increase of approximately 2–5 ms).
It is better to use an optocoupler or an S7 module, both of which provide an
output current of 2 A.
Holding/service break actuation
Current source/sink version
Holding brake
Holding
brake
Auxiliary relay
Fig. 8-1 Single-channel brake control, P-switching (single-channel from the PLC)
If this type of brake control is used with Safety Integrated, the STOP A/B active
signal (DB3x.DBX 111.4) is available to be logically combined with further
criteria to control the brake (for SI with SPL, a significantly more sophisticated
brake control function can be implemented, that is described further below).
11.03 8 Application examples
8.2 Two-channel brake control with SI (SPL)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-445
The "position controller active" signal (DB3x.DBX 61.5) represents a further
condition to release the brake. The "speed controller active" signal (DB3x.DBX
61.6) should be used in conjunction with Safety Integrated, because when
Stop C is active the position controller is inactive but the speed controller
remains active, which means that the drive would work in opposition to the
brake.
Note
For this type of control, there is a risk that single-channel actuation of the
brake or the holding brake may not operate correctly in the event of a
PLC fault and that, in the worst case, the axis may fall.
8.2 Two-channel brake control with SI (SPL)
In order to increase the safety-relevant quality of the brake control system (for
the holding brake or operating brake), it is necessary to use a two-channel
control system. An NCK output switches the P voltage (24 V) to release the
brake and a PLC output (S7 relay module) switches the M voltage (P/M
control). A checkback contact on the PLC side verifies that the two switching
elements are operating correctly.
Controlling the NCK output (relevant signals – suggestion):
• "STOP A/B active”
• $VA_DPE[machine axis name] (power enable status – axis-specific)
available in software version 5.x and higher
• Alternatively or in addition, system variable $AC_ALARM_STAT
(information about the queued alarm response) (already in
software V4.4.x)
• Application-specific SPL signals such as "EMERGENCY STOP not active”,
"control system not powered-up”, etc.
Connecting these signals to $A_OUTSE (NCK output)
Controlling the PLC output (relevant signals – suggestion):
Equivalent programming measures should be implemented on the PLC side (up
to the $A_OUTSEP variable), i.e. further shutdown conditions can be integrated
to control the output.
• "STOP A/B active”
• SGA "pulses safely cancelled”, axis DB.DBX 108.2
• Status signal "pulses enabled”, axis DB.DBX 93.7
• Status signal "speed controller active”, axis DB.DBX 61.6
• Application-specific SPL signals such as "EMERGENCY STOP not active”,
"control system not powered-up”, etc.
Description
Compare
$VA
_
DPE
8 Application examples 11.03
8.2 Two-channel brake control with SI (SPL)
© Siemens AG 2003 All Rights Reserved
8-446 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Connecting these signals to $A_OUTSEP (DB18 signal)
Signals that are logically combined after $A_OUTSEP to control the PLC output
no longer influence the SPL crosswise data comparison. Additional signals can
include the following:
• User signals, e.g. "test stop active”
• Status signal "position controller active”, axis DB.DBX 61.6
for faster application of the brake
Connecting these signals to the PLC output
NCK part
(1) Machine data
MD 36990[0] SAFE_ACT_STOP_ OUT PUT = 040101 01 (for drive X1)
(2) SPL
DEFINE STOP_A_B_aktiv AS $A_INSI[1]
DEFINE P_BREMSE_X1 AS $A_OUTSE[1]
DEFINE NOT_HALT_nicht_aktiv AS $A_MARKERSI[1]
IDS=1 DO P_BREMSE_X1 = NOT STOP_A_B_aktiv AND $VA_DPE[X1]
AND EMERGENCA_STOP_not_active
PLC part
U DB31.DBX111.4 // STOP A/B active
= DB18.DBX56.0 // $A_INSIP[1]
UN DB18.DBX56.0 // $A_INSIP[1]
UN DB31.DBX108.2 // SGA pulses not safely cancelled
U DB31.DBX93.7 // Pulses enabled
U DB31.DBX61.6 // Speed controller active
U DB18.DBX70.0 // EMERGENCY STOP not active
= DB18.DBX46.0 // $A_OUTSEP[1]
U DB18.DBX46.0 // $A_OUTSE[1]
U DB31.DBX61.5 // Position controller active – from here
onwards, no longer any effect on SPL
crosswise data comparison
.
.
= A2.0 // PLC output, relay module (M voltage)
Example
11.03 8 Application examples
8.2 Two-channel brake control with SI (SPL)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-447
Holding/service brake actuation
Current source/link version with checkback
Holding
brake
Relay outoutput
Fig. 8-2 Two-channel brake control, P/M switching with SI
Unlike the test routine described in Chapter 7.3.6, the test involves separately
controlling the two outputs A1 and A2 and monitoring the resulting level change
at test input E1.
8 Application examples 11.03
8.2 Two-channel brake control with SI (SPL)
© Siemens AG 2003 All Rights Reserved
8-448 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Bremsen3_00.DSF
t2t3t4t6
high
high
high
low
low
low
A1 (NCK)
A2 (PLC)
E1 (PLC)
t1t5
Fig. 8-3 Test routine at power-up
The check can be integrated into the normal test routine (Chapter 7.3.4) or can
be performed separately. The flowchart below shows the test procedure.
Description
11.03 8 Application examples
8.2 Two-channel brake control with SI (SPL)
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-449
Start of test phase
Check test input I1
(time t )
2
Activate output Q1
(time t )
3
Delayed activation of
output Q2 (time t )
5
Output Q2 no longer capable of
operation after test.
End of test phase
Conductor D1 short-circuit to
current source or switching
element Q1 short-circuit to
current source or malfunction.
Test input: level low
Test input:
level high
Check test input I1
(time t )
4
Test input: level high
Conductor D2 short-circuit to
current source or switching
element Q2 short-circuit to
current source or malfunction.
Test input:
level low
Check test input I1
(time t )
6
Test input: level low
Test input:
level high
Error message
Error message / deactivate
output Q1
Error message / deactivate
output Q1/Q2
Delayed pulse disable
New test?
Brake has already been
applied at this point
(e.g. test stop phase 1)
Fig. 8-4 Flowchart for the test routine
With this safe brake control, only the operating brake represents a potential
hazard.
Description
8 Application examples 11.03
8.3 Testing the function of the brake mechanical system
© Siemens AG 2003 All Rights Reserved
8-450 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
8.3 Testing the function of the brake mechanical system
8.3.1 Applications
The brake mechanical system test should be used for all axes which must be
prevented from moving in an uncontrolled manner by a holding brake. This test
function is primarily intended for so-called vertical axes. The brake test fulfills
the requirements of control Category 2 according to EN 954-1.
The functionality is based on "traversing to a fixed endstop" (FXS). The
traversing to fixed endstop can be individually parameterized to test the
function of the brake mechanical system. It is activated and de-selected from
the PLC. For further details on traversing to fixed endstop, refer to /FB1/, F1.
The machine manufacturer can use his PLC user program to close the brake at
a suitable moment in time (nominal value, every 8h similar to the SI test stop)
and initiates the drive to produce an additional torque/additional force
equivalent to the weight of the axis. In a fault-free state, the brake can apply the
necessary force, i.e. the axis will hardly move.
When there is a fault condition, the actual position value leaves the
parameterizable monitoring window. In this case, traversing to fixed endstop is
terminated so that the position controller can prevent the axis falling. The brake
test is then negatively acknowledged.
The brake test must always be started when the axis is at standstill (also refer
to Chapter 8.3.5 "Activation"). The direction in which the drive produces force is
specified by the PLC using a "traversing motion" via FC 18. The destination of
this traversing motion must be able to be reached without incurring any
potential hazard in the case that the brake cannot provide the necessary force.
8.3.2 Parameterization
The following axial NCK machine data are available to the user for
parameterizing the function test of the brake mechanical system:
- $MA_FIXED_STOP_MODE
- $MA_FIXED_STOP_THRESHOLD
- $MA_SAFE_BRAKETEST_TORQUE
- $MA_SAFE_BRAKETEST_POS_TOL
The function test of the mechanical brake system is enabled by setting bit 1 in
$MA_FIXED_STOP_MODE. If the user needs to travel to a fixed stop with this
axis from the part program, bit 0 can also be set. An internal monitoring is
performed to check that only one type of traverse to fixed endstop is active at a
time. In the case of an error, Alarm 20092, "Axis %1 Travel to fixed stop still
active" is issued.
The machinery manufacturer must parameterize the total required brake
holding torque in the axial MD $MA_SAFE_BRAKETEST_TORQUE. Internally,
this is used to calculate the drive torque needed in addition to the weight of the
axis as braking load.
$MA_FIXED_STOP_
MODE
$MA_SAFE_
BRAKETEST_TORQUE
11.03 8 Application examples
8.3 Testing the function of the brake mechanical system
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-451
For SIMODRIVE 611 digital, the drive torque is determined at the time when
the function test is selected. It is thus possible to take into a deviation from the
torque parameterized in the drive machine data 1192 (or force due to the
weight). This ensures that the brake test can also be carried-out with varying
machine loads (e.g. different workpieces or tools). The drive torque to load the
holding brake is limited to the maximum motor torque if the desired braking
torque would require a higher drive torque.
m
t
MD BRAKETEST_TORQUE
0
Measured torque on
selection of brake test
m
Torque limiting in current
controller
611D-MD 1192
mAct
Drive
mDrive
MD 1192 + / - m FXS
mFXS
mFXS
Fig. 8-5 Torque limiting for 611 digital
When selecting the brake test, the holding torque required for the weight of the
axis is measured internally (mAct). The drive must only provide the difference
between this torque and the braking torque specified in MD
$MA_SAFE_BRAKETEST_TORQUE. This torque is designated with a mDrive in
Fig. 8-5. The SIMODRIVE 611 digital drive locates its torque limit symmetrically
around the torque specified in drive machine data 1192. This is the reason that
mFXS from Fig. 8-5 is specified as torque limit. mFXS is the sum of mDrive and MD
1192. If the measured torque mAct coincides with the the parameterization in
MD 1192, then mFXS becomes the value from MD
$MA_SAFE_BRAKETEST_TORQUE
Incorrect parameterization in MD $MA_SAFE_BRAKETEST_TORQUE or drive
machine data 1192 can mean that the drive with reduced torque cannot even
apply the required holding torque. This parameterization is detected when the
brake test is selected and produces Alarm 20095 (refer to Chapter 6). The fact
that the actual torque/force setpoint is displayed in MD 1728 makes it easier to
correctly parameterize drive machine data 1192. If only the force due to the
weight is effective, then this value can be directly transferred into MD 1192.
8 Application examples 11.03
8.3 Testing the function of the brake mechanical system
© Siemens AG 2003 All Rights Reserved
8-452 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
This value must be entered with an additional safety margin in MD
$MA_SAFE_BRAKETEST_TORQUE. The magnitude of the margin is oriented
to the maximum holding force to be tested.
Example:
The weight of the vertical axis is 4000 N, the guaranteed braking force is 6000
N. On account of the weight of the axis, a torque of 32% of the holding torque
of the motor is obtained and displayed in MD 1728. Therefore 32% must be
parameterized in MD 1192. The correct value for $MA_BRAKETEST_TORQUE
is obtained as follows:
$MA_SAFE_BRAKETEST_TORQUE = 32% * 6000N / 4000N = 48%
In addition, the electronic weight equalization should be parameterized in the
axial NCK-MD 32460: $MA_TORQUE_OFFSET. This means that the
necessary holding torque is re-established much faster when the brake is
released (the brake is open).
The monitoring window for the maximum permissible movement in the brake
test is defined in the axial MD $MA_SAFE_BRAKETEST_POS_TOL. The PLC
actively monitors this position window – from the start of the brake test and not
only when it is detected that the fixed endstop has been reached. This is a
difference when compared to activating traversing to the fixed endstop from the
part program.
The contour deviation that is determined is always used in the brake test to
detect that the fixed endstop has been reached. The parameterization in
$MA_FIXED_STOP_BY_SENSOR is therefore irrelevant. The required
threshold value must be set in MD $MA_FIXED_STOP_THRESHOLD. This
means that the traversing distance from the PLC via FC 18 must be greater
than this threshold value. Furthermore, the drive must have reached its torque
limit parameterized via $MA_SAFE_BRAKETEST_TORQUE.
8.3.3 Sequence
The brake test in the PLC is carried out by calling data block FB11 (in the basic
program) from the user program. The brake test comprises the following steps:
Step Expected checkback Monitoring time value
Start brake test DBX 71.0 = 1 TV_BTactiv
Close brake Bclosed = 1 TV_Bclose
Output traversing command DBX 64.6 Or DBX 64.7 TV_FeedCommand
Output traversing command test DBX62.5 = 1 TV_FXSreached
Wait for the holding time DBX62.5 = 1 TV_FXShold
De-select brake test/open brake DBX71.0 = 0 TV_BTactiv
Output test O.K.
Declaration of the function
VAR_INPUT
Start: BOOL ; //Start of the brake test
Quit : BOOL ; //Acknowledge Error
Bclosed : BOOL ; //Brake closed input (single channel - PLC)
Axis : INT ; //Testing axis no.
TimerNo : TIMER ; //Timer from User
TV_BTactiv : S5TIME ; //TimeValue – brake test active
$MA_SAFE_BRAKE
TEST_POS_TOL
Function_Block FB 11
11.03 8 Application examples
8.3 Testing the function of the brake mechanical system
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-453
TV_Bclose : S5TIME ; //TimeValue -> close brake
TV_FeedCommand : S5TIME ; //TimeValue -> force FeedCommand
TV_FXSreached : S5TIME ; //TimeValue -> Fixed stop reached
TV_FXShold : S5TIME ; //TimeValue -> test brake
END_VAR
VAR_OUTPUT
CloseBrake : BOOL ; //Signal close brake
MoveAxis : BOOL ; //do move axis
Done : BOOL ;
Error : BOOL ;
State : BYTE ; //Error byte
END_VAR
The following table lists all of the formal parameters of the brake test function
Signal Type Type Remarks
Start I BOOL Starts the brake test
Quit I BOOL Acknowledgement error
Bclosed I BOOL Checkback input whether close brake is controlled (single-
channel - PLC)
AXIS I INT Axis number of axis to be tested
TimerNo I TIMER Timer from user program
TV_Btactiv I S5TIME Monitoring time value -> close brake. Test the axis signal
DBX71.0
TV_Bclose I S5TIME Monitoring time value -> close brake. Check the input signal
Bclosed after the CloseBrake output was set.
TV_FeedCommand I S5TIME Monitoring time value -> output traversing command. Check
travel command after MoveAxis has been set.
TV_FXSreached I S5TIME Monitoring time value -> fixed endstop reached
TV_FXShold I S5TIME Monitoring time value -> test brake
CloseBrake O BOOL Request, close brake
MoveAxis O BOOL Request, initiate traversing
Done O BOOL Test successfully completed
Error O BOOL Error has occurred
State O BYTE ErrorStatus
Error IDs
State Meaning
0 No error
1 Start conditions not fulfilled, e.g. axis not in closed-loop control/brake
closed/axis inhibited
2 No NC checkback in the "brake test active" signal when the brake
test is selected
3 No checkback signal "brake applied" using the input signal Bclosed
4 No traversing command output (e.g. axis motion has not been
started)
5 Fixed endstop will not be reached - axis RESET was initiated.
6 Traversing inhibit/approach too slow -> fixed endstop cannot be
reached. Monitoring time TV_FXSreached has expired.
7 Brake is not holding at all (end position is reached)/approach speed
is too high
8 Brake opens during the holding period
9 Error when de-selecting the brake test
10 Internal error
11 "PLC-controlled axis" signal not enabled in the user program
8 Application examples 11.03
8.3 Testing the function of the brake mechanical system
© Siemens AG 2003 All Rights Reserved
8-454 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Alarm number 411101
Meaning: Parameter, axis not in the permissible range
Remedy: Use the permissible axis number
Note
The user program must call the block. The user must provide an instance DB
with any number for this purpose. The call is multi-instance-capable.
UN M 111.1; //Request close Z axis brake from FB
= A 85.0; //Control Z axis brake
AUF "Axis3"; //Test, Z axis brake
O E 73.0; //Initiates the brake test, Z axis
O M (GND) 110.7; //Brake test running
FP M (GND) 110.0;
UN M (GND) 111.4; //Fault/error occurred
S M (GND) 110.7; //Brake test running
S M (GND) 110.6; //Next step
S DBX 8.4; //Request neutral axis
U DBX 68.6; //Checkback signal, axis is neutral
U M (GND) 110.6;
FP M (GND) 110.1;
R M (GND) 110.6;
S M (GND) 110.5; //Next step
R DBX 8.4;
S DBX 28.7; //Request PLC monitored axis
U DBX 63.1; //Checkback signal, the PLC is monitoring the axis M (GND)
110.5;
FP M (GND) 110.2;
R M (GND) 110.5;
S M (GND) 111.0; //Start the brake test for FB
CALL FB 11 , DB 211 (//Brake test block
Start := M 111.0, //Start brake test
Quit := E 3.7, //Acknowledge error with Reset key
Bclosed := E 54.0, //Checkback signal, close brake,
controlled
Axis := 3,//Axis number of axis to be tested, Z axis
TimerNo := T 110, //Timer number
TV_Btactiv := S5T#200MS,//Monitoring time value: Brake test
active DBX71.0
TV_Bclose := S5T#1S,//Monitoring time value: Brake closed
TV_FeedCommand := S5T#1S,//Monitoring time value: Traversing
command output
TV_FXSreached := S5T#1S,//Monitoring time value: Fixed endstop
reached
FB11 call
11.03 8 Application examples
8.3 Testing the function of the brake mechanical system
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-455
TV_FXShold := S5T#2S,//Monitoring time value: Test time Brake
CloseBrake := M 111.1,//Request, close brake
MoveAxis := M 111.2,//Request, initiate traversing motion
Done := M 111.3,//Test successfully completed
Error := M 111.4,//Error has occurred
State := MB 112);//Error status
OPEN "Axis3"; //Brake test, Z axis
O M (GND) 111.3; //Test ended successfully
M (GND) 111.4; //Fault/error occurred
FP M (GND) 110.3;
R DBX 28.7; //Request, PLC monitored axis
UN DBX 63.1; //Checkback signal, the PLC is monitoring the axis
M (GND) 111.0; //Start brake test for FB
M (GND) 110.7; //Brake test running
FP M (GND) 110.4;
R M (GND) 111.0; //Start brake test for FB
R M (GND) 110.7; //Brake test running
CALL "SpinCtrl" (//Traverse Z axis
Start = M 111.2, //Start traversing motion
Stop := FALSE,
Funct := B#16#5,//Mode: Axis mode
Mode := B#16#1,//Traversing: Incremental
AxisNo := 3,//Axis number of the axis to be traversed, Z axis
Pos := -5.000000e+000,//Distance: Minus 5 mm
Frate := 1.000000e+003,//Feed rate: 1000 mm/min
InPos := M 113.0,//Position reached
Error := M 113.1,//Error has occurred
State = MB 114); //Error status
8.3.4 Limitations
During the brake test, traversing to fixed endstop and traverse with limited
torque (FOC) may not be active at the same time. In this case, Alarm 20092,
"Axis %1 Travel to fixed stop still active" is triggered.
During the brake test, contour monitoring is not active and also no standstill
monitoring after the PLC has started traversing motion.
The brake test is only possible for SIMODRIVE 611 digital. It cannot be used
for gantry axes.
8.3.5 Activating
The brake test must always be started when the axis is at a standstill. For the
entire duration of the brake test, the enable signals of the parameterized axis
must be set to enable (e.g. the signals, controller inhibit, feed enable).
8 Application examples 11.03
8.3 Testing the function of the brake mechanical system
© Siemens AG 2003 All Rights Reserved
8-456 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The signal "PLC controlled axis" (DB "Axis".DBX28.7) must still be set to state 1
by the user program for the entire duration of the test. Prior to activating the
signal "PLC controlled axis", the axis must be set as "neutral axis", e.g. set
byte 8 in the axis DB to channel 0. Set the activating signal in the same byte.
The block may not be started until the NC checkback signal has been received
via the appropriate bit (DB Axis.DBX 63.1).
For PLC-controlled axis, also refer to:
References: /FB2/ P2 "Autonomous single-axis processes (SW 6.3 and
higher)"
8.3.6 Examples
An example of incorrect parameterization that results in Alarm 20095, "Axis %1
impermissible holding torque, measured torque %2" is shown in the following
diagram: The torque due to weight in the drive machine data 1192 has been
parameterized considerably lower than the measured torque mAct. The
calculated torque limit mFXS symmetrically around this MD would mean that the
drive would not be able to produce the required holding torque for this axis
(MD1192+mFXS is lower than mAct).
m
t
MD BRAKETEST_TORQUE
0
Measured torque on
selection of brake test
m
Torque limiting in current
controller:
611D-MD 1192
mAct Drive
MD 1192 + / - m FXS
mFXS
mDrive
mFXS
Fig. 8-6 Example of incorrect parameterization
To support start-up of the brake test, Alarm 20096, "Axis %1 Brake test
aborted, Additional info %2” can be enabled via bit 5 in machine data
$MN_ENABLE_ALARM_MASK. This alarm supplies detailed information if the
brake test is interrupted.
Commissioning
11.03 8 Application examples
8.4 Safe cams at the modulo limit
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-457
8.4 Safe cams at the modulo limit
A problem frequently encountered with machine tools and production machines
is the reliable detection of the position of a drive. Safe cams (SN) are used for
this purpose, however it should be noted that the signal level of a safe cam
changes at the modulo limit of a rotary axis. The following spindle application
illustrates the problem:
For the rotary axis, the 90° position is to be safely detected. A cam signal is to
be generated for this purpose, that has a high signal level between 89.5° and
90.5° (pulse).
These positions are entered into the machine data
36936 SAFE_CAM_POS_PLUS[0] : 90.5 degrees
36937 SAFE_CAM_POS_M INUS[0] : 89 .5 degrees
36905 SAFE_MODULO _RANGE : 360 degrees
and are subsequently transferred into the FD/MSD machine data. The levels of
the safe cam signals change as follows:
SN1+
SN1-
89.5° 90° 90.5°
Position detection
to be implemented
Fig. 8-7 Safe cam signal characteristics
Safe cams SN1+ to SN4- are individual position signals with a signal change
from "low" to "high" at the saved position. The required cam signal is generated
by negating signal SN1+ and rounding it with signal SN1-.
Description
</Bkmk_Toc473536862>
</Bkmk_Toc473537158>
</Bkmk_Toc473537257>
General position
detection (can be
applied to linear axes)
8 Application examples 11.03
8.4 Safe cams at the modulo limit
© Siemens AG 2003 All Rights Reserved
8-458 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
SN1-
89.5° 0° 90.5°
Modulo
correction
SN1-
Position detection
90 degrees
&
SN1+
SN1+
inverted
Fig. 8-8 Negating a safe cam signal to generate a pulse
The appropriate machine data settings are used to negate SN1+ and round-off
on the NCK side. To implement this, the two cam signals should be
parameterized to an NCK output
36988 SAFE_CAM_PLUS_OUTPUT[0] 81040101
36989 SAFE_CAM_MINUS _OUTPUT[0] 01040101
or a system variable ($A_INSI[1])
36988 SAFE_CAM_PLUS_OUTPUT[0] 84010101
36989 SAFE_CAM_MINUS_OUTPUT[0] 04010101
The minimum logic (Chapter 3.9.19) of the NCK safety channel is used for
multiple assignment to an output or a system variable. This includes the
rounding-off of the assigned signals.
This type of logic is not available in the form of parameter settings on the
PLC side. The negation on the NC side is not effective for the drive (PLC) side,
therefore the position detection has to be programmed as shown below:
UN DB3x.DBX109.0 // SN1+
U DB3x.DBX109.1 // SN1-
= M1.0 // Position detection 90° in
// marker 1.0
= DB18.DBX54.0 // $A_INSIP[1]
// Position detection 90°
At the modulo limit, the cams respond differently to the description in 1)
because of the modulo correction.
The following positions are saved in the machine data:
36936 SAFE_CAM_POS_PLUS[0] : 0.5 Degrees
36937 SAFE_CAM_POS_MINUS[0] : 359.5 Degrees
36905 SAFE_MODULO_RANGE : 360 Degrees
Position detection at
modulo limit with and
without SPL
11.03 8 Application examples
8.4 Safe cams at the modulo limit
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-459
The levels of the SN signals change as follows:
SN1+
SN1-
359.5° 0° 0.5°
Modulo
correction Position detection
to be implemented
SN1-
Position detection
0 degrees
SN1+
&
Fig. 8-9 Signal generation for modulo cam 1
Because of the modulo correction and the associated level changes of the safe
cams, the above method of rounding would have the effect that "position
detection 0 degrees” would always be a low signal.
This problem can be solved by negating signal SN1+ in the machine data
parameterization and OR'ing it with signal SN1-.
8 Application examples 11.03
8.4 Safe cams at the modulo limit
© Siemens AG 2003 All Rights Reserved
8-460 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
SN1-
359.5° 0° 0.5°
Modulo
correction
SN1-
Position detection
0 degrees
1
≥
SN1+
SN1+
inverted
>1
Fig. 8-10 Signal generation for modulo cam 2
However, the OR operation is not integrated in the system and must be
implemented in the SPL or by hardwiring.
With SPL, the two cam signals are parameterized to $A_INSI variables and
logically combined in the SPL.
36988 SAFE_CAM_PLUS_OUTPUT[0] 84010101 ($A_INSI[1])
36989 SAFE_CAM_MINUS_OUTPUT[0] 04010102 ($A_INSI[2])
IDS=1 DO $A_MARKERSI[1] = $A_INSI[1] OR $A_INSI[2]
PLC programming is analogous to that of the NCK SPL.
UN DB3x.DBX109.0 // SN1+ inverted
= DB18.DBX62.0 // $A_INSIP[1]
//
U DB3x.DBX109.1 // SN1-
= DB18.DBX62.1 // $A_INSIP[2]
//
U DB18.DBX62.0 // $A_INSIP[1]
O DB18.DBX62.1 // $A_INSIP[2]
= DB18.DBX72.0 // Position detection 0 degrees
// $A_MARKERSIP[1]
Without SPL, the SN1+ cam is negated and parameterized to an output. The
SN1- cam is also parameterized to a separate output.
36988 SAFE_CAM_PLUS_OUTPUT[0 ] 81040101
36988 SAFE_CAM_MINUS_OUTPUT[0] 01040102
11.03 8 Application examples
8.4 Safe cams at the modulo limit
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-461
NCK
Q1
K1
Q2
+24 V
NCK
I1
Fig. 8-11 Signal generation for modulo cam 3
In this case, the OR operation is implemented by wiring the two outputs to a
contactor whose contacts can be used for further processing or can be logically
combined with other signals.
The signals are logically combined in the PLC in the usual manner:
UN DB3x.DBX109.0 // SN1+
O DB3x.DBX109.1 // SN1-
= M2.0 // Position detection 0°
Cam synchronization can also be activated for position monitoring, in order that
the two safety channels are switched in synchronism (see also Section 3.7).
This synchronization is necessary if the safe cam signals are to be processed
in the SPL.
Consideration should be given to conditions which can affect the parameter
settings and the effect of synchronization on position detection.
The position of the safe cams at the modulo limit must be aligned to the
selected cam tolerance. The calculations shown here are also performed by the
Safety Integrated system and, in the event of a parameter error, Alarm:
27033 Parameterization of machine data 36936/36937 [0-3] invalid
is displayed.
The following machine data is assumed for the calculations below:
36942 SAFE_POS_TOL : 0.1mm
36940 SAFE_CAM_TOL : 0.1mm
Example 1 (rotary axes)
SN1+ ≥ lower modulo value + SAFE_POS_TOL
SN1+ ≥ 359.999° + 0.1°
SN1+ ≥ 0.099°
Cam synchronization
8 Application examples 11.03
8.4 Safe cams at the modulo limit
© Siemens AG 2003 All Rights Reserved
8-462 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Cam SN1+ must be greater than or equal to 0.099°.
SN1- < upper modulo value - SAFE_POS_TOL - SAFE_CAM_POS_TOL
SN1- < 0° - 0.1° – 0.1°
SN1- < 359.8°
Cam SN1- must be less than 359.8°.
When using the cam tolerance, it should be noted that the switching position of
the cam signal generated from switching signals SN1+ and SN1- varies
according to the traversing direction, the magnitude of the tolerance, and the
magnitude of the position deviations.
Example 2 (linear axis, pulse generation)
For a cam position of 100 mm and the following tolerances,
36942 SAFE_POS_TOL: 0.1mm (max. static deviation)
36940 SAFE_CAM_POS_TOL : 0.1mm
36936 SAFE_CAM_POS_PLUS[0]: 100 mm (SN+)
36037 SAFE_CAM_POS_MINUS[0]: 99mm (SN-)
POSITION NCK at 0 mm : 0.000 mm
POSITION drive at 0 mm : 0.040 mm
(static deviations of actual values 0.040 mm)
then when the cam tolerance is active, the following switching characteristics
are obtained for the individual channels and the characteristics of the
synchronized signal.
Further, the following diagram shows how a pulse signal is generated from two
synchronized cam signals (schematic distances).
11.03 8 Application examples
8.4 Safe cams at the modulo limit
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-463
SN_Sync01_00.DSF
SN1+ (K1) + SAFE_CAM_TOL
SN1+ (K1- channel 1
) SAFE_CAM_TOL
Channel 1 (NCK) - unsync..
SN1+ (K2) + SAFE_CAM_TOL
SN1+ (K2 - channel 2)SAFE_CAM_TOL
Channel 2 (drive) - unsync. .
Static deviation of actual values
&
SGA SN1+ synchronized
with hysteresis
Generation of an area cam from SN1+ and SN1- (PULSE)
SGA SN1+ synchronized with hysteresis
(negation of a signal for SN1+ via MD parameters)
SGA SN1- synchronized with hysteresis
(generated in same way as SN1+)
SAFE_CAM_TOL
SAFE_CAM_TOL
Use of cam signals (signal pattern depending on traversing direction)
(by mapping onto same signal HW/INSI)
Traversing
direction +
Traversing
direction -
Cam synchronization SN1+
SAFE_CAM_TOL
SAFE_CAM_TOL
SAFE_CAM_TOL
Fig. 8-12 Signal generation for modulo cam 2
As can be seen in the diagram, the setting of machine data
MD_SAFE_CAM_TOL determines the following variables:
• Magnitude of the hysteresis (for a synchronized cam signal)
• Magnitude of the traversing direction-dependent offset of the pulse
generated from two cam signals
8 Application examples 11.03
8.5 SPL functionality without real drives
© Siemens AG 2003 All Rights Reserved
8-464 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
8.5 SPL functionality without real drives
This example is intended to illustrate how to commission "Safety Integrated”
with SPL functionality using the "parking axis” function (i.e. where a position
measurement system is not active).
The motor and measuring system connections on the drive can remain
disconnected.
This option is suitable for commissioning external peripheral devices (hydraulic
systems, chip conveyors, etc.), which require the safety functions of the SPL
logic, or for a test-set-up, to configure and test the SPL logic in a preliminary
phase (e.g. EMERGENCY STOP).
Note
The SE (safe limit positions) and SN (safe cam) functions cannot be tested in
this example since there are no real actual values.
1. Run-up the NCK with the standard machine data by selecting key position
S3=1 and then activating power on.
2. Switch S3 back to position 0.
3. The password for protection level 2 = "Machine manufacturer” must be
active.
4. Alternative 1: Readiin an NC archive file with an existing drive
configuration => (continue with Point 11)
5. Alternative 2: Commission one or more axes
- Drive configuration softkey
- Insert module softkey (SRM, ARM...)
- Allocate the logical drive number
- Select the power module softkey
6. Commission the NCK DMP modules (inputs and outputs)
- Insert module softkey (DMP-C)
- Allocate the logical drive number
- Switch modules to the active state
7. Power-up the NCK
(The following error appears: 300010 "Axis %1 , Drive %2 active without
NC axis assignment”)
8. Change the axis-specific machine data
-MD30130[0]: CTRLOUT_TYPE = 1
-MD30240[0]: ENC_TYPE = 1
9. Power-up the NCK
(Error 300701 "Axis %1, Drive %2 Start-up required” appears)
10. Enter motor types
- Drive MD softkey
- Motor/controller softkey
- Select motor softkey (e.g. 1PH...)
- Select motor measuring system
- Save the boot file
11. Power-up the NCK
Description
11.03 8 Application examples
8.5 SPL functionality without real drives
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-465
12. If errors occur at this position, for example, 25201,300504,25000 or
300613, then a position measuring system is active at the interface. Both
position measuring systems should be de-activated.
Position measuring system 1 (DB3x.DBX1.5) = 0 ( ? "parking axis" )
Position measuring system 2 (DB3x.DBX1.6) = 0 ( ? "parking axis" )
13. Commission "Safety Integrated” as described in Chapter 7
set MD 36915: SAFE_ENC_TYPE to 1 or 4
If terminals 663 or AS1/AS2 on the control card are already connected-up, then
the supply must be made from the PLC side, as otherwise errors will occur for
the crosswise data comparison.
(Also refer to Chapter 7.3.4 "Connecting the drives")
8 Application examples 11.03
8.6 Direction detection when retracting from SE
© Siemens AG 2003 All Rights Reserved
8-466 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
8.6 Direction detection when retracting from SE
When SE responds, there is no SGA signal to indicate which SE was exceeded
or not reached. In order to only allow retraction from the safe limit position in
the specified direction, it is necessary to develop a retraction logic in the PLC
program. A possible solution is outlined below.
The axis in which the SE has responded is moved into a range in which the
monitoring system no longer responds. This is achieved by canceling the user
enable (the SE monitoring system is then no longer active) or by changing over
to another SE (with a longer traversing range).
The error message output when the safe limit position is exceeded must be
acknowledged in accordance with the configured stop response.
If SE responds, traversing motion in the minus direction must be inhibited; if
SE+ responds, traversing motion in the plus direction must be inhibited. This
prevents damage to the mechanical system and simplifies operation at this
point.
The "safe cam” SI function is used for the solution. A detailed description of this
function is given in Chapter 3.7. The section below only describes how the
function is used.
The retraction logic is based on the following considerations:
1. SI function "Safe cam": The SGA signal assigned to the safe cam is only
used on the PLC side (it is not necessary to configure the machine data).
This meets the needs of the application in question because a fail-safe
function is not required and the traversing inhibit can only be initiated
through one channel.
The following interface signals are relevant in the axis DB
SN1- DBX.109.0 SN1+ DBX.109.1
SN2- DBX.109.2 SN2+ DBX.109.3
SN3- DBX.109.4 SN3+ DBX.109.4
SN4- DBX.109.6 SN4+ DBX.109.7
2. Interface signals for the hardware limit switch function
The following interface signals in the axis DB are relevant
(see Description of Functions /A3/ "Axis Monitoring, Protection Zones")
Hardware limit switch- DBX12.0
Hardware limit switch+ DBX12.1
If the signal is detected as being set, Alarm 21614 "Hardware limit switch +
or –” is output and the axis is immediately braked (this is not necessary
based on the configured stop response). Further traversing motion is only
permitted in the appropriate retraction direction.
Description
Acknowledge and
retract
refer to Chapter 3.6.1
Conditions for
retraction
Development of
retraction logic
11.03 8 Application examples
8.6 Direction detection when retracting from SE
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-467
Fig. 7-40 illustrates the inter-relationships at the machine and is used to explain
the appropriate configuring.
SEFR_00.DSF
Cam signal (SGA) SNx +
Mechanical traversing limit
SE- SE+
SNx - SNx +
Software limit switch - Software limit switch +
Traversing limits / monitoring
Cam signal (SGA) SNx -
Traversing area (program)
Fig. 8-11 Example of retraction logic
The minus cam of a cam pair, for example (cams SN1+ - SN4 can all be used),
is set up in the machine data at the position immediately in front of the left safe
limit position (SE-). It must be ensured that SN- is passed if SE- is passed. This
means that the difference should be kept as low as possible (we recommend
0...0.1 mm).
A cam should be set up in the MD at the position directly behind the right safe
limit position.
The signal characteristics (of the interface signals – SGA) for the two
configured cams is shown in the diagram. These two signals can be used to
supply information to the hardware limit switch +/- interface signals.
8 Application examples 11.03
8.6 Direction detection when retracting from SE
© Siemens AG 2003 All Rights Reserved
8-468 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The interface signal for the hardware limit switch- (DBX12.0) should be
supplied with the inverted cam signal of SNx- and the interface signal for the
hardware limit switch+ (DBX12.1) should be supplied with the cam signal of
SN+. It should be noted that the SGA for the cam signal is not available until
the drive has powered up.
Example (when using the 1st cam pair)
U DB10.DBX108.5 // Drives in cyclic
// mode
L S5T#50ms // Transition period to avoid
// timing problems
SE T100 // Timer as
// input delay
UN T100 // While the time has still not
SPB NOSN // expired, the HW limit switch
// signals are not supplied
UN DB<axis>.DBX109.0 // SN1-
= DB<axis>.DBX12.0 // Hardware limit switch -
U DB<axis>.DBX109.1 // SN1-
= DB<axis>.DBX12.1 // Hardware limit switch +
NOSN: NOP 0
This logic can be used to implement the required interlocking function when
retracting.
Implementation in the
PLC
11.03 8 Application examples
8.7 Replacing a motor or encoder
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-469
8.7 Replacing a motor or encoder
References: /IAD/, Installation and Start-up Guide
/R1/, Reference Point Approach
The following information essentially refers to replacing a motor encoder. The
limitations that apply as well as the procedures are essentially the same when
replacing a direct measuring system.
When service is required (motor defective or encoder defective), it might be
necessary to completely replace the motor or just the motor encoder.
In this case, the motor encoder must be re-calibrated. This affects the behavior
of Safety Integrated if the functionality "Safe limit positions" or "Safe cams" has
been activated for the axis in question, i.e. the axis has the status "safely
referenced". Depending on which motor measuring system is used, it might be
necessary to select a different procedure.
The procedures for replacing a motor with absolute value encoder and to
replace a motor with incremental encoder are described in the following text.
The end of the chapter discusses 2-encoder systems.
As mentioned above, the functionality "Safe limit positions" or "Safe cams" is
active for the axis in question.
The user agreement is set for the axis, i.e. the axis has had the status "safely
referenced" at least once – adjustment between the actual position value of the
NC and the SI actual values (axis/drive) has been carried-out.
"Safe limit positions" or "Safe cams" have been able to be used.
A motor or motor encoder must replaced under these limitations/conditions.
In order to set the encoder, the offset between the machine zero and the zero
of the absolute encoder was determined and saved in the SRAM of the
NC module.
The calibrated state is identified by the control using MD 34210:
ENC_REFP_STATE = 2.
The important factor when replacing a motor (also without Safety Integrated) is
that a defined position reference can be established with respect to the
mechanical parts of the machine. For example, by mounting and removing the
motor at a defined mechanical position or appropriately re-calibrating after the
motor has been replaced.
After the old motor has been removed and the new motor installed, another
actual position value is read by the new absolute value encoder (there is no
longer a defined reference to the correctly calibrated actual position value).
Therefore the following error profile appears when the control runs-up:
Alarm 27001 Axis <name of the axis> fault in a monitoring channel,
Code 1003, values: NCK 0, drive 0
The comparison between the saved standstill position and the actual position
indicates a larger deviation than that specified in MD 36944:
$MA_SAFE_REFP_POS_TOL (actual value comparison tolerance
(referencing)) or
MD 1344: $MD_SAFE_REFP_POS_TOL
References for
SINUMERIK 840D
Description
Limitations
Replacing a motor with
absolute value
encoder
8 Application examples 11.03
8.7 Replacing a motor or encoder
© Siemens AG 2003 All Rights Reserved
8-470 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
The alarm results in a STOP B followed by a STOP A (safe pulse cancellation)
for the axis involved.
The user agreement is also cancelled. This means that the axis loses the status
"safely referenced" in connection with the Alarms 27000/300950 axis <name of
the axis> not safely referenced.
The actual position value supplied by the new motor encoder does not have a
reference to the mechanical system. This means that the absolute value
encoder must be re-aligned and set-up at this point.
Note
An acceptance report is generally not required when a motor has been
replaced.
1. Carry out an NCK reset
Note
After the NCK-Reset, the axis can be traversed again. Alarms 27000/300950
"Axis not safely referenced" are still present and indicate that the functions
"Safe limit positions" and "Safe cams" are not active in this state. For
example, if the "Safe limit positions" as being used as a substitute for
hardware limit switches, then they are not functioning at this time!
2. Move the axis to the reference position after first setting MD 34010
REFP_CAM_DIR_ IS_MINUS according to the approach direction. (MD
34010 should be set to 1 if the axis is moved in the minus direction
to the reference position.)
3. MD 34100: Set REFP_SET_POS to the actual value of the reference
position.
4. MD 34210: Set EN C_ REF P _STA T E = 1 to activa te th e ca lib r ated settings.
5. Select the axis that is to be calibrated on the machine control panel and
press the RESET key on the machine control panel.
6. Select the JOG/REF mode, enable the axis feed.
7. The calibration process must be initiated with traversing key + or -
according to MD 34010: REFP_CAM_DIR_IS_MINUS and the approach
direction to the reference position. (Backlash has been eliminated.)
Re-calibration
procedure
11.03 8 Application examples
8.7 Replacing a motor or encoder
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-471
8. The axis does not traverse. Instead, the offset between the correct actual
value (reference position) and the actual value supplied by the encoder is
entered in MD 34090: REFP_MOVE_DIST_CORR. The current actual
value appears in the basic display and the axis signals "referenced". The
value 2 is entered in MD 34210 as the result.
Example:
MD 34010 = 1 (minus) and the reference position was approached in the
minus (negative) direction. Then, the "-" key must also be pressed on the
machine control panel.
9. When the absolute value encoder has been re-calibrated (MD 34210 from
1 -> 2), the axis changes over into the "referenced" state. At this time, the
new valid actual position is taken over for the safe actual values (axis and
drive).
10. Finally, if the JOG/REF machine mode is active on the MMC, the "user
agreement" softkey must be pressed and the user agreement for the axis
involved must be reset. Alarms 27000/300950 disappear and the functions
"Safe limit positions" and "Safe cams" are safely active again
The same conditions apply as when replacing a motor with absolute value
encoder – these are described first.
To calibrate the encoder, a reference point approach has been set up, e.g. with
reference point cams, i.e. after the zero mark has been passed when leaving
the cam, the reference point is approached according to the offsets in 34080
REFP_MOVE_DIST and 34090 REFP_MOVE_DIST_CORR - and the value of
the reference point is set in MD 34100: REFP_SET_POS. After the referencing
operation, Alarm messages 27000/300950 "Axis not safely referenced"
disappear and the functions "Safe limit positions" and "Safe cams" are safely
active.
The important factor when replacing a motor (also without Safety Integrated) is
that a defined position reference can be established with respect to the
mechanical parts of the machine. This can be achieved by mounting and
removing the motor at a defined mechanical position or appropriately re-
calibrating after the motor has been replaced.
After the old motor has been removed and the new motor installed, the
following procedure is recommended:
1. Run-up the control or carry-out an NCK reset
2. If the JOG/REF machine mode is active on the MMC, the "user agreement"
softkey must be pressed and the user agreement for the axis involved is
withdrawn to avoid Alarm 27001 Axis <name of the axis> fault in a
monitoring channel,
Code 1003, values: NCK 0, drive 0
3. After the system has run-up, the JOG/REF mode is selected and the feed
enable for the axis is issued. Carry-out a reference point approach for the
axis involved.
Replacing a motor with
incremental encoder
Re-calibration
procedure
8 Application examples 11.03
8.7 Replacing a motor or encoder
© Siemens AG 2003 All Rights Reserved
8-472 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Note
The error at a reference point approach is no more then one motor
rotation (difference between two zero marks). This offset is usually not
critical for the mechanical parts of the machine. If problems arise with the
traversing limits because of the type of reference point approach, then for
example, set the offset values in MD 34080 /34090 to non-critical values.
Alarms 27000/300950 "Axis not safely referenced" are still present and
indicate that the functions "Safe limit positions" and "Safe cams" are not
active in this state. For example, if "Safe limit positions" is being
used to substitute hardware limit switches, then it is important to
note that at this time, the safe limit positions are not functional!
After completion of the reference point approach, the axis goes into the
"referenced" status. However, because of the zero mark offset between
the encoders, the reference position still has to be calibrated, i.e. the
position reference with respect to the mechanical system must be re-
established. The system is calibrated after measuring the difference –
usually in MD 34080 REFP_MOVE_DIST or 34090
REFP_MOVE_DIST_CORR.
4. After the reference point has been re-calibrated, the reference point
approach must be re-initiated. The axis changes over into the "referenced"
state. At this time, the reference point value is taken over as the safe
actual value for the axis and drive.
5. Finally, if the JOG/REF machine mode is active on the MMC, the "user
agreement" softkey must be pressed and the user agreement for the axis
involved must be reset. Alarms 27000/300950 disappear and the functions
"Safe limit positions" and "Safe cams" are safely active again
Case A 1st measuring system: Incremental motor measuring system
2nd measuring system: Absolute direct measuring system
The 2nd position measuring system ( (DBX 1.5 = 0, DBX 1.6 =1)
is selected as the active measuring system via the axis interface
In this case, motor replacement is straightforward because the NC reference
point position is supplied with values exclusively from the 2nd measuring
system (DMS). This means that the measuring system does not have to be re-
calibrated.
Case B 1st measuring system: Absolute motor measuring system
2nd measuring system: Incremental direct measuring system
The 1st position measuring system (DBX 1.5 = 1, DBX 1.6 =0)
is selected as the active measuring system via the
axis interface when the system runs-up. This is for monitoring
purposes. A changeover is then made to the 2nd position
measuring system (DBX 1.5 = 0, DBX 1.6 =1) .
In this case, the motor must be replaced carefully observing the Description,
motor with absolute value encoder. This is because it is necessary to re-
calibrate the absolute value encoder. When re-calibrating the system, we
recommend to permanently select the 1st positioning measuring system and to
only traverse the axis using the motor measuring system.
Comments about
2-encoder systems
11.03 8 Application examples
8.8 Example for combining SI with ESR
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-473
8.8 Example for combining SI with ESR
If the ESR functionality (refer to the Description of Functions, Special
Functions) is to be used on a machine together with Safety Integrated, then
frequently, problems are encountered with the responses when a fault or error
develops. The shutdown responses from Safety Integrated (safe state, pulse
cancellation) prevents the required retraction motion or delayed stopping of the
axes. This example shows a possible parameter assignment for Safety
Integrated functionality that still guarantees optimum machine protection in the
automatic mode.
ESR:
If a fault or error situation is detected in the automatic mode, the X axis should
make a retraction movement – the other axes should continue to move for a
short time and then should be braked along the parameterized braking ramp of
the interpolator. If communications to the drive are faulted, then the X axis
should retract – also in the automatic mode. This function is executed directly
and independently in the drive. ESR should not become active if personnel are
in the hazardous zone of the machine.
This is the reason that ESR should be parameterized as follows at the machine
(the following doesn't provide a complete parameterization of the ESR function,
only that part required to obtain an understanding):
Parameterization of the channel-specific ESR machine data (NC controlled
retraction)
MD 21380 $MC_ESR_DELAY_TIME1=0.1; Continue to move for a short time
MD 21381 $MC_ESR_DELAY_TIME2=3.0; Time for the braking ramp
Parameterizing the axis-specific ESR machine data (NC controlled retraction)
MD 37500 $MA_ESR_REACTION[AX1]=21; Retraction motion of the X axis
MD 37500 $MA_ESR_REACTION[AX2]=22; Stopping the Y axis
Parameterizing the drive-specific machine data (retraction that is executed
independently in the drive)
MD 1638 $MD_RETRACT_TIME[DR1]=200 Retraction time, function executed
in the drive, X axis
MD 1639 $MD_RETRACT_SPEED[DR1]=400000 Retraction
speed, X axis
MD 1637 $MD_GEN_STOP_DELAY[DR2]=200 Stopping time
of the Y axis – executed independently in
the drive (drive-based function)
Safety Integrated
The safely-reduced speed should be monitored for the X and Y axes as soon
as anybody has entered or is in the hazardous zone of the machine. This is
detected if the protective door is opened or closed. Further, the safe limit
switches are activated for the Y axis and SPL is also used. SG2 is active in the
automatic mode (with an extremely high limit speed), with protective door SG1
open.
The following hazardous locations can be obtained in the automatic mode that
can be prevented using the required ESR and Safety Integrated:
General
Required configuration
Hazardous locations
8 Application examples 11.03
8.8 Example for combining SI with ESR
© Siemens AG 2003 All Rights Reserved
8-474 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
• The protective door switch fails in one channel. This is the reason that as a
result of the crosswise data comparison of the SPL, a stop D is initiated
after 1 s.
• The protective door switch fails in one channel. This is the reason that as a
result of the crosswise data comparison of the NCK and drive, a stop F
with subsequent Stop B/A is initiated at the earliest after the time specified
in MD $MA_SAFE_MODE_SWITCH_TIME.
• Any other failure results in a crosswise data comparison error for the NCK
and drive and therefore, in turn, to a Stop F/B/A.
• If the communications to the drive fail (drive bus failure), then the pulses
are immediately cancelled. This therefore prevents ESR being
autonomously executed in the drive (as drive-based function)
These hazardous locations are removed as follows:
1.) Stop E is activated as response to the speed being exceeded in
SG2 and for SPL crosswise comparison errors:
MD 10097 $MN_SAFE_SPL_STOP_MODE = 4
Default value 3. For errors in the crosswise data comparison of the SPL
(Alarm 27090), with the value 4, a Stop E is initiated instead of a Stop D. At the
same time, bit DB18.DBX36.1 must be set in the PLC:
SET
= DB18.DBX36.1 (enable Stop E)
MD 36901 $MA_SAFE_FUNCTION_ENABLE[AX1]=51;
X axis: SG/SBH + external Stop E
MD 36901 $MA_SAFE_FUNCTION_ENABLE[AX2]=53;
Y axis: SG/SBH + SE + external Stop E
Note: All axes with $MA_SAFE_FUNCTION_ENABLE not equal to 0
must have enabled the external Stop E, if
$MN_SAFE_SPL_STOP_MODE = 4 was parameterized.
MD 36961 $MA_SAFE_VELO_STOP_MODE [AX1]=5;
$MA_SAFE_VELO_STOP_REACTION
MD 36961 $MA_SAFE_VELO_STOP_MODE [AX2]=5;
becomes effective for axes X and Y
MD 36963 $MA_SAFE_VELO_STOP_REACTION [1,AX1]=3;
Stop D for SG1, axis X
MD 36963 $MA_SAFE_VELO_STOP_REACTION [2,AX1]=14;
Stop E for SG2 axis X, pulses are not cancelled when the bus fails
MD 36963 $MA_SAFE_VELO_STOP_REACTION [1,AX2]=3;
Stop D for SG1, axis Y
MD 36963 $MA_SAFE_VELO_STOP_REACTION [2,AX2]=14;
Stop E for SG2 axis Y, pulses are not cancelled when the bus fails
2.) Parameterizing a Stop E:
MD 36954 $MA_SAFE_STOP_SWITCH_TIME_E[AX1] = 3.5;
3.5 s because ESR was parameterized to 3.1 s
MD 36954 $MA_SAFE_STOP_SWITCH_TIME_E[AX2] = 3.5;
3.5 s because ESR was parameterized to 3.1 s
Eliminating the
hazardous locations
11.03 8 Application examples
8.8 Example for combining SI with ESR
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 8-475
Note: The safe operating stop is activated after this time has expired.
This is the reason that this transition time for the Stop E must
correspond to the ESR times
($MC_ESR_DELAY_TIME1 + $MC_ESR_DELAY_TIME2). If this
time is selected to be too short, then the retraction motion will not
be correctly executed and depending on the safe functions, hard
stops will be initiated (Alarm 27024 Stop A/B).
3.) Delaying stops following a stop F
MD 36955 $MA_SAFE_STOP_SWITCH_TIME_F[AX1] = 3.5;
3.5 s because ESR was parameterized to 3.1 s
MD 36955 $MA_SAFE_STOP_SWITCH_TIME_F[AX2] = 3.5;
3.5 s because ESR was parameterized to 3.1 s
An ESR can be initiated in this time. This is the reason that here it makes sense
to use the same time as in $MA_ SAFE_STOP_SWITCH_TIME_E.
4.) Delaying pulse cancellation when the drive bus fails:
MD 10089 $MN_SAFE_PULSE_DIS_TIME_BUS_FAIL[AX1] = 0.5;
0.5 s because ESR was parameterized to 0.2 s
An ESR can be autonomously executed in the drive (drive-based function) in
this time. This time should therefore be adapted to the parameterization of the
drive MD $MD_RETRACT_TIME (in this particular example, 200 ms).
In this example, the system does not wait for this time in the following specific
cases
- active SBH
- when an external Stop A is selected
- active SG1: For SG1, $MA_SAFE_VELO_STOP_REACTION is
parameterized so that when the bus fails, the pulses should be
immediately cancelled.
5.) Input assignment of the SGE "de-select external Stop E"
MD 36977 $MA_SAFE_EXT_STOP_INPUT[3,AX1]=04010109
Assignment to the SPL: OUTSI[09]
MD 36977 $MA_SAFE_EXT_STOP_INPUT[3,AX2]=04010109
Assignment to the SPL: OUTSI[09]
DB axis DBX32.5 De-select the external Stop E from the PLC:
U DB18.DBX63.0 (corresponds to OUTSIP[09])
= DB31.DBX32.5 (ext. Stop E, axis X)
= DB32.DBX32.5 (ext. Stop E, axis Y)
DB axis DBX111.7 includes the checkback signal "Stop E active"
6.) Delay time for the SG/SBH changeover:
MD 36951 $MA_SAFE_VELO_SWITCH_DELAY[AX1]=4.1s
MD 36951 $MA_SAFE_VELO_SWITCH_DELAY[AX2]=4.1s
A value (1 s + retraction time) must be entered, for all axes, in the MD 36951
(delay time SG and SBH). After 1 s, the defective door switch is detected with
Alarm 27090, crosswise data comparison and Stop E is initiated. Depending on
the selected SG stage, retraction motion is executed. If this time is significantly
8 Application examples 11.03
8.8 Example for combining SI with ESR
© Siemens AG 2003 All Rights Reserved
8-476 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
shorter than the required retraction time, then the retraction time, after this time
has expired, is only carried-out at the reduced speed SG1.
7.) Initiating ESR
a) ESR must be enabled in the machining program:
$AA_ESR_ENABLE[X] = 1 ; enables ESR for the X axis
LFPOS ;
POLF[X] = IC(25) ; retraction path, axis X
POLFMASK(X) ; Axis X is declared as retraction axis
b) ESR must be triggered in synchronous actions (e.g. in SAFE.SPF):
An X axis retraction is initiated if at least one axis detects a Stop E:
IDS = 250 WHENEVER ($AC_MARKER[20] == 1) AND ($A_STOPESI<>0) DO
$AC_ESR_TRIGGER=TRUE
The retraction is automatically initiated if safety integrated has detected a
problem associated with the actual value sensing Alarm 27001 with Codes 3 or
44 to 57 has occurred), or a Stop F is present that will result in a subsequent
stop B/A:
ID = 251 WHENEVER ($AC_MARKER[20] == 1) AND ($A_XFAULTSI <> 0)
DO $AC_ESR_TRIGGER=TRUE
Marker 20 is only used to interlock the retraction, e.g. when testing the external
Stop E.
It is possible to respond to fault/error states by using the axis-specific system
variables $VA_STOPSI[ axis name] and $VA_XFAULTSI[ axis name].
8.) Hardware prerequisites
The pulse enable (terminal 663) must be controlled from an onboard output
(MD 36986 $MA_SAFE_PULS_ENABLE_OUTPUT = 1 or 2 or 3 or 4), as
otherwise the pulse cancellation delay time is not effective when the drive fails.
11.03 A Appendix
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 A-477
A Appendix
A.1 Index of abbreviations
Output byte
Starting inhibit ½ (terminals on 611D performance control module)
Asynchronous subroutine
Application Specific Integrated Circuit (semiconductor module developed for
special applications)
Mode group
Stop in corresponding mode group
Professional association (in Germany)
Berufsgenossenschaftliches Institut für Arbeitssicherheit (German Institute for
Occupational Safety)
Configuration telegram
Central Processing Unit
Cyclic Redundancy Check
D/A converter
Data block
A
AB
AS1/AS2
ASUB
ASIC
BAG
BAG-STOP
BG
BI
A
CFG
CPU
CRC
DAC
DB
A Appendix 11.03
© Siemens AG 2003 All Rights Reserved
A-478 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Digital Input
German Electrotechnical Working Committee
Data Left
Distributed machine I/Os
Direct Measuring System
Digital Output
Distributed I/O
DP master
Dual Port RAM
Data Right
Data Word
Number of encoder pulses
Encoder Data (interface for absolute encoder)
Part of an order code for absolute/incremental encoders made by Heidenhain
ElectroStatic Discharge
Extended Stop and Retract
Failsafe...
Failsafe input module
Failsafe output module
DI
DKE-AK
DL
DMP
DMS
DO
DP
DPM
DPR
DR
DW
ENC
ENDAT
EQN/ERN
ESD
ESR
F...
F-DI
F-DO
11.03 A Appendix
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 A-479
Feed drive
Force control, travel with limited torque/force
Failsafe Values
Fixed Stop, travel to fixed stop
Handheld Unit
High-resolution Measuring System
Hardware
Infeed/Regenerative Feedback Unit
Input Byte
Start-up
Pulse cancellation
Indirect Measuring System
Interpolator
Interface signal
Crosswise data comparison
Leadscrew Error Compensation
Least Significant Bit
Fast retraction from contour
Lower limit
FD
FOC
FV
FXS
HHU
HMS
HW
I/RF
IB
IBN
IMP
IMS
IPO
IS
KDV
LEC
LSB
LIFTFAST
LL
A Appendix 11.03
© Siemens AG 2003 All Rights Reserved
A-480 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Machine Data or Marker Doubleword
Machine Data Dialog
I/O module with analog and digital signals
Machinery Directive
Man Machine Communication
(operator interface for man-machine communication)
Most Significant Bit
Main Spindle Drive
Machine Tool
Numerical Control
NC Kernel
Line infeed module
Operator Acknowledge
Organization block
Operator interface
Operator panel
Machine-readable product designation
Programmable Logic Controller
Power Module Electronic Failsafe
MD
MDD
Mixed-IO
MDIR
MMC
MSB
MSD
MT
NC
NCK
NE
O
A
OB
OI
OP
Order No.
PLC
PM-E F
11.03 A Appendix
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 A-481
Power supply
PROFIsafe cycle
Peer-to-peer data transfer
Revolutions Per Minute
Safe operating stop
Safe braking ramp
Safe Limit Switch
Safely-reduced speed
Safety-relevant outputs
Safety-relevant inputs
Safe standstill
SINUMERIK Safety Integrated®
Safety Integrity Level
Softkey
Safe cams
Safe Programmable Logic
Stop response:
In the event of a fault, the system reacts depending on the configured STOP
response
Software
PS
PSC
QVK
RPM
SBH
SBR
SE
SG
SGA
SGE
SH
SI
SIL
SK
SN
SPL
STOP
A, B, C, D, E, F
SW
A Appendix 11.03
© Siemens AG 2003 All Rights Reserved
A-482 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Tool Center Point
Testing Data Active
Gear Ratio
Upper limit
TCP
TEA
Ü
UL
11.03 A Appendix
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 A-483
A.2 List of References.
A.2.1 List of references, general
Low-Voltage Switchgear and Systems
Catalog 1995/1996
Siemens Drives and Standard Products
Order No.: E20002-K1002-A101-A6
Richtlinie 89/392/EWG (Maschinenrichtlinie) Bundesanzeigerverlag, 1993.
Positionspapier des AK 226.03 im DKE: Sicherheitsgerichtete Funktionen
elektrischer Antriebssysteme in Maschinen.
Schäfer, M./Umbreit, M.: Antriebssysteme und CNC-Steuerungen mit
integrierter Sicherheit, BIA-Report Nr. 4/97.
Kategorien für sicherheitsbezogene Steuerungen nach EN 954-1,
BIA-Report 6/97.
ZH1/419. Prüf- und Zertifizierungsordnung der Prüf- und Zertifizierungsstellen
im BG-Prüfzert. (Prüf- und Zertifizierungsordnung), Ausgabe 10/97.
Reinert, D./Schäfer, M./Umbreit, M.: Antriebe und CNC-Steuerungen mit
integrierter Sicherheit (Antriebe und CNC-Steuerungen), in: ETZ-Heft 11/98.
Johannknecht, A./Warlich, H.-J.: Maschinenschutz in Europa - BG
(Maschinenschutz).
Safety Integration: Das Programm für die Industrien der Welt,
Applikations-Handbuch, Ausgabe 03.99
Bestell-Nr. E20001-P285-A733
/ASI/
/1/
/2/
/3/
/4/
/5/
/6/
/7/
/SHB/
A Appendix 11.03
© Siemens AG 2003 All Rights Reserved
A-484 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
A.2.2 List of references for SINUMERIK 840D
SINUMERIK 840D/840Di/810D
Diagnostics Guide
Order No.: 6FC5 298-6AA20-0BP3
SINUMERIK 840D
Configuration Manual NCU 561.2 -573.4
Order No.: 6FC5 297-6AC10-0BP2
SINUMERIK 840D/SIMODRIVE 611D
Installation and Start-Up Guide
Order No.: 6FC5 297-6AB10-0BP2
SINUMERIK 840D/840Di/810D/SIMODRIVE 611D
Lists
Order No.: 6FC5 297-6AB70-0BP3
SINUMERIK 840D/840Di/810D
Description of Functions Basic Machine (Part 1),
Order No.: 6FC5 297-6AC20-0BP2
SINUMERIK 840D/840Di/810D (CCU2)
Description of Functions Extended Functions (Part 2),
Order No.: 6FC5 297-6AC30-0BP2
SINUMERIK 840D/840Di/810D (CCU2)
Description of Functions Special Functions (Part 3),
Order No.: 6FC5 297-6AC80-0BP1
SINUMERIK 840D/840Di/810D
Programming Guide Fundamentals
Order No: 6FC5 298-6AB00-0BP2
SIMATIC S7-300
Manual: Assembly, CPU data (HW Description)
Reference Manual: Module Data
Order No.: 6ES7 398-8FA10-8AA0
/DA/
/PHD/
/IAD/
/LIS/
/FB1/
/FB2/
/FB3/
/PG/
/S7H/
11.03 A Appendix
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 A-485
A.2.3 List of References for SIMODRIVE 611
SIMODRIVE 611-A/611-D
Planning Guide Inverters
Transistor PWM Inverters for AC Feed Drives and
AC Main Spindle Drives
Order No: 6SN1197-0AA00-0BP5
SIMODRIVE
Planning Guide Synchronous Build-in Motors 1FE1
AC Motors for Main Spindle Drives
Order No.: 6SN1 197-0AC00-0BP1
/PJU/
/PJFE/
A Appendix 11.03
© Siemens AG 2003 All Rights Reserved
A-486 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
Notes
11.03 I Index
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Ausgabe 11.03 I-487
I Index
I.1 Keyword index
$
$A_STOPESI.................................................3-76
$MN_INFO_PROFISAFE_CYCLE_TIME...3-190
$VA_STOPSI.................................................3-76
A
Absolute encoder ........................................3-168
Acceptance test............................... 5-279, 5-283
Acceptance test support..............................5-291
Acknowledge/save monitoring data ............5-279
Actual value and measuring circuit
assignment ...............................................5-278
Actual value synchronization.......................3-175
Alarms
for 611 digital ...........................................6-343
for 840D ...................................................6-310
Alteration of SI data.....................................5-281
Axis not referenced .....................................3-170
Axis referenced............................................3-171
Axis safely referenced .................................3-171
Axis, vertical ..................................................2-51
B
Brake test ....................................................8-451
C
Cam signals.................................................3-115
Cam synchronization...................................3-116
Enable for 840D.......................................4-217
Changing the speed limit values ...................3-97
Circuit, safety relay......................................3-149
Clock cycle overruns ...................................3-189
Coding of the output assignment ................4-234
Coding the input assignment.......................4-230
Commissioning 840D
First commissioning .................................5-277
Series commissioning..............................5-280
Communication
NCK and PLC-SPL ................................. 3-158
Comparison clock cycle................................ 2-35
for 840D........................................4-210, 4-215
Configuration for 840D ............................... 5-276
Connection of the drives..................7-381, 7-415
Control category 3 ........................................ 2-32
Control Category 3 ....................................... 2-49
Cross Monitoring........................................... 1-19
Crosswise data comparison .............. 2-34, 3-138
D
D/A converter output................................... 5-283
Data
altering..................................................... 5-281
Delete password......................................... 5-280
Different channel run times ........................ 3-131
Digital PLC inputs/outputs for 840D ........... 3-134
Direct measuring system............................ 3-169
Diverse structure........................................... 2-33
DMP compact modules .............................. 3-132
DMS ............................................................ 3-169
Door safety contactor ................................. 7-420
DP master, Class 1..................................... 3-180
DP master, Class 2..................................... 3-180
Drive with slip.............................................. 3-176
E
EC Directives ................................................ 2-27
EMERGENCY STOP....................... 7-383, 7-416
Enable
of functions for 840D............................... 4-217
Enable option
for 840D................................................... 5-277
Enable, global ............................................... 2-36
Enabling functions ........................................ 2-37
Encoder limit frequency ................................ 3-96
Encoder limit frequency, parameterizable.... 3-96
Encoder replacement ......................3-174, 8-470
Encoder type combinations ........................ 3-168
Encoder types............................................. 3-168
2-encoder system ................................... 3-169
Engineering................................................. 7-362
I
I Index 11.03
© Siemens AG 2003 All Rights Reserved
I-488 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Ausgabe 11.03
Enter monitoring cycle
for 840D ...................................................5-278
Error analysis
General ......................................................2-48
in automatic mode .....................................2-48
in set-up mode ...........................................2-46
in test mode ...............................................2-47
Error code......................................................3-77
Fine error decoding....................................3-77
ESR ...............................................................3-75
ET 200S F I/Os............................................3-183
ET200S PROFIsafe components
Parameterization......................................7-426
ET200S PROFIsafe module
Wiring.......................................................7-426
Example circuits ..........................................7-363
External STOPs
Machine data .............................................3-87
F
F master ......................................................3-179
Fault analysis.................................................2-46
F-DI module.................................................3-186
Parameter settings...................................7-432
F-DO connections .......................................7-428
F-DO module ...............................................3-187
Parameter settings...................................7-434
Forced checking procedure.........................3-164
Forced checking procedure, safety relay....3-151
G
Gantry axis ....................................................2-52
Gearboxes ...................................................3-100
H
Hazard analysis .............................................2-28
HW requirements
PROFIsafe ...............................................3-181
I
I/O modules .................................................3-196
I/O system ET 200 S ...................................3-180
Incremental encoder....................................3-168
Initialization
Safety relay ..............................................3-149
Integrated safety functions ............................1-20
Interface signals ..........................................4-256
from drive .................................................4-261
to drive .....................................................4-257
K
Keyswitch.................................................... 7-400
L
Limit frequency ............................................. 3-96
Limiting the setpoint speed........................... 3-99
Load standard motor data .......................... 4-242
Local inputs on the NCU............................. 4-231
Local outputs on the NCU .......................... 4-234
Logbook ...................................................... 5-279
M
Machine calibration..................................... 3-170
Machine data for 611 digital
Overview ................................................. 4-241
Machine data for 611digital
Description .............................................. 4-243
Machine data for 840D
Description .............................................. 4-209
Overview ................................................. 4-207
Machinery Directive ...................................... 2-49
Master ......................................................... 3-179
Measuring system changeover .................... 2-51
Modulo display............................................ 3-117
Monitoring channel ..................................... 3-128
Monitoring clock cycle
For 611digital .......................................... 4-243
Monitoring cycle............................................ 2-35
for 840D................................................... 4-210
Monitoring devices........................................ 1-19
Motor encoder adjustment.......................... 3-170
Multiple assignment.................................... 3-133
Multiple distribution..................................... 3-133
N
NCK RESET for 840D ................................ 5-276
NCK SGEs/SGAs ....................................... 3-131
NCK-SLP programming.............................. 3-139
NCK-SPL .................................................... 3-137
NCU local inputs ......................................... 4-215
NCU onboard I/Os ...................................... 3-146
NCU terminal block..................................... 3-132
NCU-local inputs/outputs............................ 3-146
Not suppressing alarms.............................. 6-356
11.03 I Index
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Ausgabe 11.03 I-489
O
Objective of safety technology ......................1-19
OEM
Users of 840D............................................2-52
OEM applications ..........................................2-52
Override factor for safely-reduced speed ...3-103
Override factor safely-reduced speed.........4-258
P
Park axis........................................................2-51
Parking an axis..............................................2-51
Parking axes with absolute reference ...........2-51
Performance closed-loop control module .....3-88
Performance control module .......................3-168
PLC SGEs/SGAs.........................................3-132
PM-E F connections ....................................7-429
PM-E F module
Parameter settings...................................7-435
Potential savings ...........................................1-21
Powering-up ..................................................2-45
Powering-up the control ................................2-45
PROFIBUS connection................................7-431
PROFIsafe...................................................3-180
PROFIsafe clock cycle ................................3-189
PROFIsafe clock cycle overruns .................3-189
PROFIsafe communication .........................3-183
PROFIsafe, system prerequisites .................2-40
PROG_EVENT mechanism ........................3-141
PROG_EVENT.SPF....................................3-141
Protective door ............................................7-369
Protective door interlocking.........................7-419
Protective door locking................................7-399
Protective mechanisms ...............................3-140
Pulse cancellation .........................................3-66
R
Reference point reached.............................3-171
Residual risk ..................................................2-49
Response time...............................................2-35
Risk assessment ................................. 2-28, 2-32
Rotary axis....................................... 4-218, 4-243
Cam actual value range...........................3-117
endlessly turning......................................3-117
Modulo display.........................................3-117
Safe software cams .................................3-117
S
Safe braking ramp .......................................3-124
Safe cams....................................................3-115
Safe limit switches.......................................3-114
Safe operating stop .......................................3-89
De-selection ...............................................3-92
Function features .......................................3-89
Machine data............................................. 3-94
Prerequisites ............................................. 3-90
Selecting ................................................... 3-90
Safe operating stop, test............................. 5-287
Safe signal processing ............................... 3-129
Safe software cams
Function features .................................... 3-115
Hysteresis ............................................... 3-116
Machine data........................................... 3-123
Output assignment.................................. 3-117
Prerequisites ........................................... 3-115
Special case............................................ 3-116
Specifying cam positions ........................ 3-116
Synchronization....................................... 3-116
Tolerance ................................................ 3-116
Safe software cams, test ............................ 5-288
Safe software limit switch
Configurable stop responses .................. 3-115
Limit values: ............................................ 3-114
Prerequisites ........................................... 3-114
Safe software limit switch, test ................... 5-288
Safe software limit switches
Function features .................................... 3-114
Machine data........................................... 3-117
Safe speed
Configurable stop responses .................. 3-101
Features of the function ............................ 3-95
Override for ............................................. 4-258
Prerequisites ............................................. 3-95
Selection ................................................... 3-97
Safe standstill ............................................... 3-88
Function features ...................................... 3-88
Machine data............................................. 3-89
Selecting/de-selecting............................... 3-88
Safe standstill – disconnecting the
energy feed................................................ 3-60
Safe standstill - prerequisites ....................... 3-88
Safely-reduced speed................................... 3-95
Changing the limit values.......................... 3-97
Override for ............................................. 3-103
Safely-reduced speed, test......................... 5-287
Safe-reduced speed
machine data........................................... 3-113
Safety relay................................................. 3-148
Safety relay, test ......................................... 3-151
Safety standards........................................... 2-28
Save boot files
for 840D................................................... 5-277
Save data.................................................... 5-280
Save standstill position ................................. 2-45
Saved standstill position ............................. 3-172
SBH............................................................... 3-89
SBR............................................................. 3-124
SE ............................................................... 3-114
Selecting speed limit values ......................... 3-97
Selector gearboxes..................................... 3-100
Series commissioning................................. 5-280
Service display............................................ 3-129
Service displays for 840D........................... 5-295
Servo trace ......................................5-283, 5-302
Set axis monitor .......................................... 5-278
I Index 11.03
© Siemens AG 2003 All Rights Reserved
I-490 SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Ausgabe 11.03
Set password...............................................5-277
Setpoint speed...............................................3-99
SG..................................................................3-95
SGA
SBH active .................................................3-92
SGE/SGA
Function features .....................................3-127
Machine data ...........................................3-135
Signal run times .......................................3-131
What is the minimum number needed? ..3-130
SGE/SGA assignment
for 840D ...................................................5-278
SGE/SGA test..............................................5-287
SGEs
Standstill via STOP....................................3-80
SG-Override .................................... 3-103, 4-258
SG-specific STOPs .....................................3-102
SH..................................................................3-88
Shutdown path of drive CPU.........................3-61
Shutdown path of NCK CPU .........................3-62
Shutdown paths.............................................3-61
Requirements ............................................3-65
Stop responses..........................................3-70
Test ............................................................3-65
Shutdown paths for a dual-axis module........3-68
Shutdown paths with several axes
without SPL ................................................3-68
SIRELAY .....................................................3-151
Slaves ..........................................................3-180
Slip
Between motor and load..........................3-176
Slip for 2-encoder system ...........................3-175
SN................................................................3-115
Softkey
Confirm SI data........................................5-277
Copy SI data ............................................5-277
Specifying cam positions.............................3-116
Speeds and velocities ...................................3-95
SPL ..............................................................3-137
Linking to the I/Os....................................3-145
SPL data on the PLC side...........................3-156
SPL start without axial safety enable ..........3-137
Standard monitoring functions ......................2-46
Standstill tolerance ........................................3-89
Standstill via SGEs........................................3-80
Start SPL .....................................................3-144
STOP A
Description .................................................3-73
STOP B
Description .................................................3-73
STOP C
Description .................................................3-74
STOP D
Description .................................................3-75
STOP F
Description ................................................ 3-76
Stop response
SG-specific.............................................. 3-102
Stop responses
Assignment table ...................................... 3-72
Overview ................................................... 3-71
Priority ....................................................... 3-72
Sequence .................................................. 3-72
Stop responses
machine data........................................... 3-126
Stop responses, configurable....................... 3-72
SW requirements
PROFIsafe .............................................. 3-182
Synchronization of cam signals
Description .............................................. 3-116
Enable ..................................................... 3-116
System variable .......................................... 3-153
System variable $A_XFAULTSI,
$VA_XFAULTSI.......................................... 4-267
System variable $VA_IS............................. 4-267
T
Terminology .................................................. 2-31
Test stop ..........................................7-390, 7-418
for external STOPs ........................ 3-83, 4-259
Sequence .................................................. 3-65
When to carry out...................................... 3-64
Testing the external pulse cancellation........ 3-66
Time response when cam position
is passed.................................................. 3-119
Tolerance for SN......................................... 3-116
Troubleshooting
for 840D................................................... 5-295
Two-channel structure .................................. 2-33
Two-encoder system .................................. 3-169
U
User agreement .................................2-35, 5-279
Interlock..................................................... 2-36
User agreement, saved .............................. 3-171
V
Verification .................................................... 2-29
Vertical axis .................................................. 2-51
To
Siemens AG
Suggestions
Corrections
A&D MC BMS
P.O. Box 3180
For Publication/Manual:
SINUMERIK 840D/SIMODRIVE 611 digital
D-91050 Erlangen
(Tel.: +49 (0)180 5050 - 222 [Hotline]
Fax: +49 (0) 9131 / 98 – 2176
E-mail: motioncontrol.docu@erlf.siemens.de)
SINUMERIK Safety Integrated
Manufacturer Documentation
From
Name:
Description of Functions
Order No.: 6FC5297-6AB80-0BP2
Edition 11.03
Company/Dept.
Address:
Postal code: ____________ City:
Phone: __________ /
Fax: ________ /
Should you come across any printing errors
when reading this publication, please notify us
using this form. Suggestions for improvement
are also welcome.
Suggestions and/or corrections
©
Siemens AG 2003
Subject to change without prior notice
Order No.: 6FC5297-6AB80-0BP2
Printed in the Federal Republic of Germany
Siemens AG
A
utomation and Drives
Motion Control Systems
Postfach 3180, D – 91050 Erlangen
Bundesrepublik Deutschland
www.ad.siemens.de
