- Rockwell Automation
Contents
1. Circuit Reset Circuit Reset SS Te cMScase Faucet Map Fat Rese HM AS Cmd_CMScase_SafetyReset_Map Circuit Reset HMI he Fault_Reset Fault_Reset_PB es E tout andar roo faut stoy Dean CI presse O Bs Y Show all Tags absolutevaluespeed ej analog_output_data_temp blink_outputs blink_timer Blue_PL Circuit_Reset Controller Standard Progam Safet Note that only standard tags are available 12 of 36 3 Click on the pulldown for a new safety tag circled below Safety Tag Mapping Standard Tag Name Safety Tag Name e LJ Circuit Reset Circuit Reset cmd CMscase Faulfieset Map Faut Reset HMI A Cmd _CMScase_SafetyReset Map Circuit Reset HMI LjFaut_Reset Fault Reset PB K300 fault standard K300 fault safey PE fame Test amp Test safey gmn C xi Banana_Jack_IN2 Banana_Jack_IN3 all Banana_Jack_OUTO Banana_Jack_OUT1 all Banana_Jack_OUT2 Banana_Jack_OUT3 all Circuit_Reset_HMl all Circuit_Reset_safety a Circuit Reset SS Controller Standard Program Safety Note that only safety tags are available This tool directly maps a standard tag to a safety tag That safety tag can now be used in the safety task Note that this safety tag must still be considered a standard tag in terms of safety 4 Close the Safety Tag Mapping window using Close Safety Input Instructions The safety input instructions are located in the safety instruction tab2. ole oee 3 218 Offline a q No Forces VA No Edits lg tet te se bes Safety Unlocked Download i LEI Favorites K Bacon X Program Mode Run Mode Test Mode Clear Faults Go To Faults a a Saf Controller Properties i E ao SafetyProgram 23 Unscheduled Programs Phases EI a Motion Groups E3 Ungrouped Axes E 3 Add On Instructions EEE GuardlO_AOI H el Physical_Output_Energize 23 Data Tynes 4 Go online using current communications path 7 When you see the following window select Download 32 of 36 Connected To Go Online xj Options General Date Time Major Faults Minor Faults File Nonvolatile Memory Condition The open project has offline changes that aren t in the controller Connected Controller Controller Name CompactGLX_L455 Controller Type 1768 L43S B CompactLogix53435 Safety Controller Comm Path AB_ETHIP 14192 168 1 36 B ackplane 0 Serial Number 403F2146 Security No Protection Safety Locked Offline Project Controller Name CompactGL _L45S Controller Type 1768 L435 CompactLogix53435 Safety Controller File ngs wewaltz Desktop GREAT DEMOS afetyLockDemo 4CD Serial Number 403F2146 Security No Protection Select File Cancel Help The following prompt appears Download to Controller a x Conditio Unable to download to controller Controller is locked Controller and offline project safety signatures do not match C
3. 31 Cycle the Emergency Stop button flashing To recover from this fault the safety IO module must sense the input channels in the safe state both LO This will require a cycle of the EStop button after the wiring fault has been fixed The Estop channel LEDs 2 and 3 of the IB8S in slot 2 should be yellow since the fault has been cleared 32 Cycle red flashing switch to reset the DCS fault 33 Press flashing green button to reset the safety circuits 34 Close the Controller Tags window using x in top right corner of window 27 of 36 35 Close the safety task RO1_OB8S_O0_O7 using the x in the top right corner of the window Safety Signature 1 While online with RSLogix 5000 place the Compact GuardLogix into Program mode File Edit View Search Logic Communications Tools Window Help gt cx Axis02_Zoneda EN Run Mode sy EA Pan 48_ETHIP 14192168 No Forces Go Offline No Edits Upload 4 HH JE kal dF Vr Safety Unlocked Download D s ef Favorites Addon K controler Orgs Program Mode A Saw Ln 7 a A awe Run Mode yo a Cor Test Mode ad E E Por AA E 3 Tasks Clear Faults E a Mai Go To Faults E S Saf Controller Properties a 3 SafetyProgram 23 Unscheduled Programs Phases 0 3 Motion Groups 2 Ungrouped Axes Add On Instructions B RA GuardiO_AOI G Physical_Output_Energize Nata Tynes 4 Change controller mode to Remote
4. e avoid a hazard e recognize the consequence gt j HOCK HAZARD G sla Labels may becated on or inside the drive tpebpte that dangerous voltage may be present OG Labels may be located on or inside the drivedogitethat surfaces may be dangerous temperatures DE BF Effective Design Methods for Integrating Safety Using Logix Controllers Contents Bolge you De A PUE PO PEA Enri UU PO O OR A 5 Ann Mn 5 TOONS ee DRSTEQUISIM S osea inci 5 E A O e Ue On A 6 3 of 36 A ane ee eR A A 7 o aa a sddeametata sat grec pasa tem nat cas a a aaa a 10 Mapping NOON avers crear e a aida aan aero sesectes 12 Sale Mba 610 14a gts TUCU Sc deca 13 Sy UIT NS LIC HOI Soca ira olas ece aan Wau sella iaa 18 DiagNOSlCS ran aci 20 DISC AUG y QUISE a 23 Channel Cycled Input Fault ccccccooncnncccccnncnnnccnonncnnnnononcnononononcnnnnnnnnncnnnnnnnnnrnnnnnnnnnrnnnnrnnnncnnnnnnannrnnnnnnnnces 25 A sts a a a aa 25 Sale SINUS stc oi 28 oey A gu E feusatatemateces 30 Before you begin This lab assumes a basic understanding of RSLogix 5000 software About this lab In this lab you will see how Rockwell Automation has integrated safety products features and functions into an environment that allows effective and efficient programming for your safety needs Parallel safety processing dedicated safety tasks in the PLC certified safety function blocks and safety I O handling work together allowing you to achieve your safety goals in a m
5. 1 Output Status Point_10 3 1CombinedOutputStatus 1 Reset Fault_Reset_Safety 0 CMSS_ Banana_Jack_OUTO CROUT1 01 CROUT1 02 lt Point_10 3 0 Pt00Data gt CMSS Banana_Jack_OUT1 lt Point_10 3 0 Pt01Data gt This CROUT instruction is being used to drive Safety Outputs OO and O1 on the white banana jacks We have already connected cables from those outputs to safety inputs 10 and 11 on the yellow banana jacks These are the feedback signals for the CROUT Since the instruction is configured for POSITIVE feedback the feedback should be LO when the outputs are LO and HI when the outputs are HI 4 Pull off the banana jack cable going to l0 on the 1734 IB8S module to simulate a feedback fault 1734 1 071 if vt UDE AOA O TA TIM M2 T N If either of the feedback signals unexpectedly drops out the CROUT will fault 19 of 36 If vou wish to see the fault code assoclat e vault monitor the CROUT1 FaultCode taa Change the Radix to Hex and vou will see the fault code is 5001h Look at the helo associated with this Instruction to see what thifault code refers to 5001H Feedback 1 turned OFF 0 unexpectedly Check the feedback 1 signal Reset the fault Why did Feedback 2 also go LO Because when the instruction faulted the outputs were dropped out This causes both feedback channels to drop out as well 5 Re attach the banana jack cable to 10 6 Cycle the flashing red fault reset to clear the fault 7 Press th
6. DINT Safety CMSS _EStopInputType 01 DecimalDINT_ Safety HCMSS_EStopDiscrepancyTime 250 Decimal DINT Safety HEMSS_eStopEnableQut Decimal BOL S ey Hemss_EStop01 O DB Saey I OERA ooo o E IO FE CMSS_EStop FautCode A 32 DecimalDINT Safety Geuss Estoe Diagnostico o Decima OMS EStop_Chamnel A DecmalBOOL Saey CMS5_EStop_ Channels Decimal BOL 4 Monitor Tags KI i These instructions have predediggedhianclude fault codes 4 Locate the tag called CMSS_EStop FaultCode and change the style to HEX Click on the window circled below and select Hex from the pulldown DU IL DINT ruihigt eis LU E u CMSS_EStop FaultCode Iwate ee i i Oo OTTO ofh The fault codes in the user s manual and instruction help are shown in Hex 5 If necessary press the flashing green reset button to reset the fault code to 0 Discrepancy Faults 6 Press the EStop wire OFF button to generate a discrepancy fault When the E Stop wire off button is pressed the normally dual equivalent channels go to diverse states one HI and one LO The safety system stops the motor because one of the E Stop channels went LO Note that this is the same condition that would occur if there was a short around one of the contacts when a demand is placed on the device The discrepancy fault code 4000h indicates precisely that channel A was HI while channel B was LO which is correct si
7. Program To generate the safety signature you have to be online and in Program mode 2 Answer Yes to the prompt if performing the mode change using software 3 Call up the controller properties circled below na F Program Mode aa gt E Controller OK a Battery OK gt W 0 OK Rem Prog No Forces No Edits Safety Unlocked 4 Select the Safety tab 28 of 36 Controller Properties CMSS_Core_Demo ioj xj General Serial Port System Protocol User Frotocy Major Faults Minor Faults Date Time Advanced SFC Execution File Nonvolatile Memory Memory Security Safety Application Unlocked Safety Lock Unlock Safety Status Safety Signature ID none Time Delete e Protect Signature in Run Mode When replacing Safety 1 0 Configure Only When No Safety Signature Exists C Configure Always Click on th eneratbutton circled belawed Controller Properties CompactGLX_1455 Joj x General Serial Port System Protocol User Protocol Major Faults Minor Faults Date Time Advanced SFC Execution File Safety Nonvolatile Memory Memory Safety Application Unlocked Safety Lock Unlock Safety Status Safety Task OK ID BCB83344 Date 11 22 2010 Time 10 30 37 264 4M Delete e When replacing Safety 1 0 Safety Signature Configure Only When No Safety Signature Exists Configure Always UL Signature must be delete
8. SFC Execution File Safety Nonvolatile Memory Memory Safety Application Locked Safety Lock Unlock Safety Status Safety Signature Generate ID 68809748 a Date 11 22 2010 py Time 10 50 28 938 AM Delete e When replacing Safety 1 0 Configure Only When No Safety Signature Exists Configure Always G Signature cannot be generated or deleted while safety application is locked 4 Close the ACD file and save the changes when prompted by selecting Yes 31 of 36 File Edit View Search Logic Communications Tools Window Help a New Ctrl N fe Open Ctrl 0 J lalai T mie als cis 117 y lt Favorites A Add On A Safety A Alarms A Bit_ Ted save Save As New Component gt A Import Component gt Compact Page Setup Generate Report Print gt Print Options 1 Copy of cGLX_AF_SafetyLab_StartingPoint ACD 2 SafetyLockDemo 4CD 3 GLX_cube_L625_ 18 4CD 4 cGL _AF_SafetyLab_StartingPoint 4CcD 5 CMS_MY_YFD_7010580 ACD 6 HM1734WM_Demo2008_R1 4CD 7 Jarden_ZIIIGOS ACD 8 cGLX_AF_SafetyLab_StartingPoint ACD Exit H E Trends B E 1 0 Configuration E fi 1768 Bus Close project file 5 Call up the ACD file called GuardLogix_ DCA_SafetyLockDemo ACD located in Lab files folder on desktop 6 Attempt to go online File Edit View Search Logic Communications Tools Window Help alsia
9. These instructions all have one thing in common They assume that the input device has two channels 13 of 36 1 If itis not already open open the GuardLogix_StartingPoint acd file 2 If not already Go online with the controller fo RSLogix 5000 CompactGLX_L455 in CMSS_Safety File Edit View Search Logic Communications Tools alsm S ejej olojf Offline J F RUN z 3 NoForces eomme y NS A Be Download Program Mode E mn PO1_Axis01 Control ob voz An O H B PO3_K3C Ep PO4_PF4 Cut Ctrl X OB POS_PFA BS Copy Ctrl C a Periodic 10 Paste Ctrl V 53 PIO Pro Delete Del z 9 Periodic 50 eH 3 P20_Bat Y Verify 0 Cp P21 Drit Cross Reference Ctrl E el q P22 Mo al CY P23_Saf Browse Logic Ctrl L Lp P24 Sec B 5 SafetyTask Print B 3 SafetyP KR A Prog e E ROO Properties Alt Enter Export Routine B RO2_K300SafeOFF E JB R03_SafetyResets 23 Unscheduled Programs Phases S Motion Groups al 1a Group In rung O there is a DCS safety instruction DCS stands for Dual Channel Stop This instruction monitors the Emergency Stop button labeled Emergency Stop bottom estop button 4 Press the Emergency Stop button bottom E Stop button and note that the DCS output in rung 0 goes LO 14 of 36 DCS Dual Channel Input Stop DCS CMSS_ESto Safety Function EMERGENCY STO input Type EQUIVALENT ACTIVE HIGH FFF Discrepancy Time Msec 3000 Restart
10. Type AUTOMATIC Cold Start Type AUTOMATIC Channel A CMSS_EStop_ChannelA lt Point_10 2 1 Pt02Data 0 Channel B CMSS_EStop_ChannelB lt Point_10 2 1 Pt03Data 0 Input Status Point_10 2 1CombinedinputStatus 1 Reset Fault_Reset_Safety 0 5 Release the lower Emergency Stop button on the demo case When you cycle the Emergency Stop button on the demo case notice that the output O1 simply follows the state of the button This is caused by the AUTOMATIC restart parameter for Restart Type Automatic means a manual reset is not required to energize the DCS output O1 after a normal restart Normal means that there are no faults and this is not the initial power up DCS Dual Channel Input Stop DCS CMSS_EStop 01 Safety Function EMERGENCY STOF input Type EQUIVALENT ACTIVE HIGH FP Discrepancy Time Msec nni Restart Type AUTOMATIC Cold Start Type EOTOMZ Channel A CMSS EStop_ChannelA lt Point_10 2 1 Pt02Data Channel B A lt Point_10 2 1 Pt03Data Input Status da Reset Fault_Reset_Sa ae 0 6 To simulate a discrepancy fault press the E STOP WIRE OFF button on the demo case lt is a maintained button Verify that it remains de pressed 15 of 36 What does pressing this button do ltcauses Channel B of the Emergency Stop button to drop out input 3 on the IB8S in slot 2 E stop sinking sinduj jajes The channels are now in different states and if they remain in different states until the 3 sec
11. red bar under the routines and folders in the safety task indicate these routines perform safety logic 4 Double click RO3_SafetyResets routine in the SafetyProgram to open the routine 8 of 36 g RSLogix 5000 CMSS_Core_Demo in CMSS_Core_Demo_rev2 Copy ACD 1768 L43S 19 11 AA File Edit View Search Logic Communications Tools Window Help as amp dm aims 44 EV QQ 9 Offline J E RUN rE Path AB_ETHIP 1 182 168 1 36 Backplane O E No Forces e FE Ok m BAT No Edits a Evo H to 4h Y 4 Uy Lh Safety Unlocked pS r IN Favorites A Add On Safety Bit Timer Counter Input Output Compare Compute Math Move Logical File Misc Program Con Controller Organizer xX G a SERIE es 2 5 3 Controller CMSS_Core Demo Controller Tags Controller Fault Handler Power Up Handler 0 3 Tasks A MainTask 5 Periodic_1000 L Periodic_50 SafetyTask 2 3 SafetyProgram A Program Tags Eh ROO_Main Ej R01_0B85_00_O1 E RO2_K300SafeOFF E RO3_SafetyResets 2 Unscheduled Programs Phases abeg pe Fault_Reset_HMI Fault_Reset_Safety Fault_Reset_PB Circuit_Reset_HMI Circuit_Reset_safety Circuit_Reset_SS Point_10 1 0 Test03Data 2 E Motion Groups E Add On Instructions E Data Types End Trends H E YO Configuration y R03_SafetyResets Ready Rung 0 of 3 APP VER A If the ladder code looks typical it should The only unique feature of code within the safety ta
12. routine in the safety task Add a rung at the end of the program enter an XIC instruction and select the drop down tag list As you scroll through the tag list what kind of tags are available to select You should be able to select only safety tags 10 of 36 Y v Show All Tags v ChA_ChB_status Circuit_Reset_HMI Circuit_Reset_safety Circut_Reset_SS CMSS_Banana_Jack_IN2 CMSS_Banana_Jack_IN3 CMSS_Banana_Jack_OUTO CMSS_Banana_Jack_OUT1 CMSS Banana Jack OUT2 Standard 6 Cancel the pending rung edits Prior to safety PLCs users would hardwire the auxiliary contacts on all of their safety devices back to the standard PLC for status information This practice is obsolete with the GuardLogix because this status information is readily available for the standard side of the application with the Safety Tags 7 Close any open routines 11 of 36 Mapping Tool 1 Select the Logic pulldown and Map Safety Tags i RSLogix 5000 CompactGLX_1455 in CMSS_Safety_GreatDemo_rev4 ACD 1768 1435 158 11 JS J alaja E ve ajaj fo Monitor Tags ue Edit Tags Produced Tags Map PLC SLC Messages E Controller Organizer py E Controller Co Verify Controller H E Controller I O Forcing C Power Up SFC Forcing E Tasks D A MainTask Online Edits a Map a Standard tag to a Safety tag 2 Click on the pulldown for a new standard tag circled below Safety Tag Mapping xi Standard Tag Name SafetyTagName
13. 1 General Connection Safety Module Info Input Configuration Test Output Point Point Operation Input r Time ms Test Type Discrepancy Point Mode Source oft 20n Time ms Single E Single Ss UMEO a E i 100 oem None y 03 ea S E Safety xlNone y 03 03 Safety xiiNone y OS 03 Input Error Latch Time 1000 ms Status Running Cancel Apply Help If not already open right click RO1_OB8S_00_ 01 in the safety task and select Open E 3 P24 SequentialControlApp E Sa SafetyTask Be 3 SafetyProgram ons ol Program Tags Sum ROO_Main B Roz Ka005afeOFF ns e S RO3_SafetyResets E kk E Unscheduled Programs Phe d Cut Ctrl a a Motion Groups Copy Ctrl C EG Group E Paste Ctrl V 3 Dp Legh deta Delete Del ASD NO2_Axis02 W Y01_Axis11 CY verity ERE Cross Reference Ctri E po gt O3_Axis13 pn QD v04 _Axis14 Browse Logic Ctrl L QD YOS_Axis15 SAA SCRE Wino Bp C51_MotionProfiler Print gt on Ho C52_Interpolation _ F fw Ungrouped Axes Export Routine a Add On Instructions Se E E RA AlarmHistory_AOT Properties Alt Enter 61 63 DeviceControl_AO1 21 of 36 2 Right click on the tag CMSS_EStop in the DCS instruction on rung 0 and Select Monitor CMSS_EStop DCS 0 Dual Channel Input Stop a SR CMSS_EStop Edit CMSS_EStop Properties EMERGENCY STOP Find All CMSS_EStop ALENT ACTIVE HIGH 250 Go To Cross Reference For CM55_EStop AUTOMATIC A
14. Always G Signature cannot be generated or deleted while safety application is locked OK Cancel Apply Help 16 Select Unlock 17 Select Delete to delete the Safety Signature 18 Answer Yes at the prompt 19 Press Cancel to close the module properties window 20 Go to Run Mode and answer Yes to the prompt 34 of 36 35 of 36 www rockwellautomation com Power Control and Information Solutions Headquarters Americas Rockwell Automation 1201 South Second Street Milwaukee WI 53204 2496 USA Tel 1 414 382 2000 Fax 1 414 382 4444 Europe Middle East Africa Rockwell Automation NV Pegasus Park De Kleetlaan 12a 1831 Diegem Belgium Tel 32 2 663 0600 Fax 32 2 663 0640 Asia Pacific Rockwell Automation Level 14 Core F Cyberport 3 100 Cyberport Road Hong Kong Tel 852 2887 4788 Fax 852 2508 1846 36 of 36
15. L10 Effective Design Methods for Integrating Safety Using Logix Controllers For Classroom Use Only LISTEN ale Rockwell Allen Bradley Rockwell Software Automation Important User Information This documentation whether illustrative printed online or electronic hereinafter Documentation is intended for use only as a learning aid when using Rockwell Automation approved demonstration hardware software and firmware The Documentation should only be used as a learning tool by qualified professionals The variety of uses for the hardware software and firmware hereinafter Products described in this Documentation mandates that those responsible for the application and use of those Products must satisfy themselves that all necessary steps have been taken to ensure that each application and actual use meets all performance and safety requirements including any applicable laws regulations codes and standards in addition to any applicable technical documents In no event will Rockwell Automation Inc or any of its affiliate or subsidiary companies hereinafter Rockwell Automation be responsible or liable for any indirect or consequential damages resulting from the use or application of the Products described in this Documentation Rockwell Automation does not assume responsibility or liability for damages of any kind based on the alleged use of or reliance on this Documentation No patent liabil
16. RUN E ESH Poth AB_ETHIP 1 192 168 1 26 Backplane 0 x Nerocas t No Edits uae 3M Y Atel fie 249 000 Safety Locked Download B fr fx Favorites K Addon A Saey A Alarms A ot AT Program Mode Control A Cor Run Mode Test Mode Clear Faults fa Mai Go To Faults ra AAA EE saf Controller Properties 1 ES SafetyProgram E Unscheduled Programs Phases 2 4 Motion Groups 2 Ungrouped Axes Add On Instructions RE GuardiO_AOI E Ps Physical_Output_Energize E 3 Data Types 41 54 User Defined E oa Strings yh Add On Defined Predefined Module Defined 4 63 Trends E YO Configuration ERA 17AR Rus Go online using current communications path 13 Call up the controller properties window 14 Select Safety tab 15 Select Safety Lock Unlock Controller Properties CMSS_Core_ Demo Bie General SerialPort System Protocol User Protocol Major Faults Minor Faults Date Time Advanced SFC Execution File Safety Nonvolatile Memory Memory Safety Application Locked Safety Lock Unlock Safety Status Safety Task OK Safety Signature Generate ID 62D 9C0B9 c Date 12 13 2010 Time 01 11 19 610 PM Delete e When replacing Safety 1 0 Configure Only When No Safety Signature Exists Configure
17. UTOMATIC Monitor CMSS_EStop X Trend CMSS_EStap db Cut Instruction Copy Instruction A Paste Delete Instruction Add Ladder Element amp Edit Main Operand Description ion Def Circuit Reset safety ONS Safety save Instruction Defaults 1 Fons CMSS_Estop_OutputEnable1 CMSS_EStor E Clear Instruction Defaults Remove Force Go To Instruction Help i O CROUT Feedback Type Ctrl x Ctrl C Ctri Del Alt Ins Ctrl D Ctrl G Fl Configurable Redundant Output SS_EStop_ChannelA lt Point_lO 2 Pt02Data 1 MSS_EStop_ChannelB lt Point_lO 2 Pt03Data 1 Combinedinputstatus 1 Fault_Reset_Safety 0 CMSS_Estop_OutputEnable CROUT1 POSITIVE The instruction used to monitor the Emergency Stop button is a DCS Dual Channel Stop 3 Expand tag CMSS_EStop this is the first tag in the list 22 of 36 Controller Tags CMSS_Core_Demofcontroller Oj x Scope ABICMSS_Core_Der Show all Tags f __ Name zalt Descrip Mi NA EE so A VE e PA EA A De BOO Se Cms EStop Chammel Decimal BOL LJ cms EStop ChammelB 1 DecmalBOOL S ey il Ea YE MSS_EStop InputStatus wl Decimal BOOL CMSS_EStop Reset Decimal BOL FCMSS_EStopRestatType 1 Decima BOOL Sat EMSS EStop ColdStatType DecmalBOOL Saey E CMSS_EStop SafetyFunction 0 Decimal
18. d to change safety application It takes a few seconds to generate the signature When complete the signature will appear in the area circled above in blue The signature consists of the CRC of safety memory along with a time date stamp to the millisecond This guarantees it to be unique Open up any of the safety routines and notice that the code is grayed out To edit the safety task once the signature has been applied you must delete the safety signature make the edits and apply a new signature that has ZERO chance of being the same as the original So as an OEM you can generate a safety signature store the signature in a safe place and years later if there is a safety incident you can determine if the safety task has been changed 29 of 36 7 Close the safety routine 8 Open up any of the standard routines and notice code can still be edited The safety signature only affects the safety memory 9 Close the standard routine One last critical point regarding the safety signature is that to operate as a SIL3 controller the compact GuardLogix must have a safety signature This is because the memory protection units that are used to prohibit writing to safety memory and the memory check between the primary and partner only operate with a signature in place Safety Lock Once you are running with a safety signature you need to avoid someone inadvertently downloading a new project to the controller with a different safety ta
19. e flashing green circuit reset button to turn the CROUT outputs back on 8 Press the flashing yellow button to start drive motion 9 Close the RO1_OB8S_00_01 safety routine and controller tag window if open In summary the CROUT instruction controls dual outputs and monitors up to two 2 feedback channels Diagnostics From a safety perspective it is critical that a safety device operate properly when a demand is placed on it This is typically accomplished using redundancy and diagnostics Redundant channels allow you to tolerate a single fault and diagnostics allow you to detect that fault and keep your machine from restarting with that fault By wiring each individual safety device to a separate channel in the traditional PLC fashion you can provide granular diagnostics for your operators and maintenance personnel If the machine stops HMIs can instantly direct maintenance personnel to the proper device reducing MI TR Mean Time to Repair The Emergency Stop is wired to channels 2 and 3 on the 1734 IB8S PointGuard input module The configuration of this module is shown below Channels 2 and 3 are configured for Single Point Operation as well as pulse testing 20 of 36 If configured for single channel discrepancy faults can be detected by the dual channel safety instructions providing instruction defined tags that make it easy to diagnose and annunciate fault s on your HMI E Module Properties Point_10 2 1734 1B85 1
20. e safety I O module detects this fault because pulse testing is hardware and firmware based within the module itself The EStop channel LEDs 2 and or 3 are solid red indicating a fault When th Stop ch1 to ch2 shatton is pressed a short is created between the two channels tthannel 2 amp 3 in slot2 sinking sinduj jajes The faqalate indicates that channels 2 and 3 are faulted 24 Press the flashing yellow alarm bell on the HMI screen The HMI indicates Estop chB External Test Signal Error which means the pulse test failed on the Estop channels 25 Select the on the right hand side of the menu bar 26 of 36 O A 2A2A The second probable cause a channel to channel short short circuit between input signal lines matches the actual fault 26 Close the IB8S window on the HMI 27 Press the Flashing red Estop DCS icon on the HMI e 28 Press the Fault button on the bottom of the HMI screen The DCS instruction on the other hand monitored the input channel status bit s of the 1734 IB8S module and declared a fault of 20h because at least one of these status bits unexpectedly went LO during normal execution The Input Status input a f 20H transitioned from OWN 1 to OFF 0 while the instruction was execuDng 29 Close the instruction faceplate on the HMI using the X in the top right corner 30 Press the ch ch short button again to fix the fault
21. h your standard and safety code 1 Open the GuardLogix_StartingPoint acd file on the desktop Controller Organizer Controller CM55_Core_Demo A Controller Tags Controller Fault Handler 3 Power Up Handler H S Tasks E tal MainTask E C3 POO_CompactMachine e 3 PO1_AxisO1 Control 8 PO2_AxisO2Control C8 PO3_K300Control O8 PO4_PF40Control OB POS_PF OControl Periodic_1000 G Periodic_50 OS SafetyTask 3 SafetyProgram 3 Unscheduled Programs Phases Motion Groups A single project contains both the standard and safety code 7 of 36 2 Go online with the controller fo RSLogix 5000 CompactGLX_L45S in CMSS_ Safety File Edit View Search Logic Communications Tools alsm S ejej oloJf Offline T F RUN a CA No Fate No Edits Upload Safety Unlocked Download Controller Organizer Program Mode 3 Expand the SafetyProgram in the SafetyTask Controller Organizer 2 3 Controller CM55_Core_Demo A Controller Tags Controller Fault Handler Tasks H A MainTask L8 Periodic_1000 1 L8 Periodic_50 Sean Safety Task ES SafetyProgram A Program Tags Eh ROO_Main JE RO1_0B85_00_01 JE ROZ_K300SafeOFF E RO3_SafetyResets Unscheduled Programs Phases All of the safety code is contained within the Safety Task lt has the same structure as a standard task but it is unique in that it is scanned in both the primary and partner processors The
22. ity is assumed by Rockwell Automation with respect to use of information circuits equipment or software described in the Documentation Except as specifically agreed in writing as part of a maintenance or support contract equipment users are responsible for e properly using calibrating operating monitoring and maintaining all Products consistent with all Rockwell Automation or third party provided instructions warnings recommendations and documentation e ensuring that only properly trained personnel use operate and maintain the Products at all times e staying informed of all Product updates and alerts and implementing all updates and fixes and all other factors affecting the Products that are outside of the direct control of Rockwell Automation Reproduction of the contents of the Documentation in whole or in part without written permission of Rockwell Automation is prohibited Throughout this manual we use the following notes to make you aware of safety considerations Identifies information about practices or circumstances that can cause an explosion in a hazardous environment which may lead to personal injurytlby olegoertvamage or economic loss m A LAU identifies information that is critical for suapetisatlon and understanding of the product SD identifies information about practices or circurtnstacaagead to personal injury or death property damage or economic loss Attentions help you e identify a hazard
23. nce the wire OFF affects channel B 23 of 36 9 10 11 12 13 4000H Channel A and Channel 8 were in an inconsistent state for longer than the Discrepancy Time At the time of the fault Channel A was in the active state Channel B was m the safe state Press the Flashing red EStop DCS icon on the HMI Press the Fault button on the bottom of the HMI screen The DCS instruction faceplate for the Emergency Stop button provides the same information to the operator It provides the exact description of the 4000h code as found in the user s manual Close the instruction faceplate on the HMI using the X in the top right corner Press EStop wire OFF button again to fix the fault When the wire off is fixed the channels both return to HI and are equivalent But the safety system will not allow the motor to restart because it assumes one of the contacts still has a short around tt Cycle flashing red fault reset switch to clear the fault code Cycle the Emergency Stop button flashing You must prove that the short around the contact has been fixed by cycling the safety input through the safe state which occurs when both channels go LO Diagnostic Code 13685 decimal is the indicator that the DCS channels must be cycled Press flashing green circuit reset button to restart the safety outputs The safety system now allows you to restart the motor Note that the 1734 IB8S module in slot 2 detected no faults during
24. ond discrepancy timer expires the DCS declares a fault Note the FP Fault Present output is HI ICS Dual Channel Input Stop DCS CMSS_EStop 01 gt Safety Function EMERGENCY STOP Input Type EQUIVALENT ACTIVE HIGH FP Discrepancy Time Msec 3000 Restart Type AUTOMATIC Cold Start Type AUTOMATIC Channel A CMSS_EStop_ChannelA lt Point_10 2 1Pt0 OT Channel B CMSS EStop_Channelb lt Point_10 2 1 Pt PR 0 Input Status Point_10 2 1CombinedinputStaTU 1 Reset Fault_Reset_Safety 0 7 Fix the fault by pressing the E STOP Wire OFF button again to return it to its normal state 16 of 36 10 11 Input 03 on the 1734 IB8S in slot 2 should be HI Cycle the flashing red selector switch to reset the fault on the DCS instruction Cycle the Emergency Stop button flashing to prove that the fault that caused the discrepancy has been repaired Note that this energizes the output O1 of the DCS Press the flashing green safety reset button to energize the STO outputs enabling the drive to operate Press the flashing yellow motion start button To summarize the DCS instruction monitors dual channel devices and sets the output when both channels are in the active state HI and proper restart actions are completed If the channels are not equivalent for longer than the discrepancy time a fault is declared Many of the other safety input instructions simply build onto this base functionality 17 of 36 Safety Output Instruc
25. ontroller Controller Name CompactGL _L455 Controller Type 1768 L43S B LOGIX5343SA4FETY Comm Path AB_ETHIP 14192 168 1 36 Backplane 0 Serial Number 403F 2146 Firmware Revision 18 11 Security 5 Offline Project Controller Name CompactGLs_L455 Controller Type 1768 L43S CompactLogix53435 Safety Controller File altz Desktop GREAT DEMOS afetyLockDemo 4CD Serial Number 403F2146 Firmware Revision 18 11 Security s Safety Signature M 2E33E598 11 22 2010 11 06 45 056 AM A To download to this controller you must A Unlock and proceed with the download Select File Cancel Help If you try to download a project with a different safety signature you will be prompted to unlock the controller Unlock can be password protected to keep unauthorized users from succeeding A second purpose of the Lock is to prohibit the deletion of the safety signature Now the safety program and memory is truly protected from inadvertent changes 8 Press Cancel to close this window 9 Press Cancel again to close the online connection window 10 Close the GuardLogix_DCA_SafetyLockDemo project 11 Call up your saved GuardLogix_StartingPoint acd file 12 Go online 33 of 36 fe RSLogix 5000 CompactGLX_1455 in Copy of cGLX_AF_SafetyLab_StartingPoint ACD 1760 1495 te File Edit View Search Logic Communications Tools Window Help lajsjaj 2 Pale 2 9 rice zoe RCA Wa ajaj Offline 0 E
26. sk The safety lock provides this protection 1 Click thSafety ock Unlodiutton circled below T ox General Serial Port System Protocol User Protocol Major Faults Minor Faults Date Time Advanced SFC Execution File Safety Nonvolatile Memory Memory Safety Application Unlocked Safety Lock Unlock Safety Status Safety Task OK Safety Signature Generate e ID 344148F6 Co Date 09 30 2010 Es Time 03 16 10 708 PM Delete When replacing Safety 1 0 Configure Only When Wo Safety Signature Exists Configure Alway UL Signature must be deleted to change safety application 2 Press Lock circled below 30 of 36 Safety Lock Locking disables data editing logic editing and forcing in the safety application Lock safety application Enter Password Generate Safety Signature Change Password Cancel Help The following will appear in the controller window fy Safety Signature ID 68809746 Date 11 22 2010 ime 10 50 28 938 AM Rem Prog No Forces No Edits When locked only projects with an identical safety signature can be downloaded to the controller This enables changes to the standard tasks while protecting the safety task 3 Press Cancel to close the controller properties window F Controller Properties CompactGLX_L455 Bhk General Serial Port System Protocol User Protocol Major Faults Minor Faults Date Time Advanced
27. sk is that it is scanned twice by both the primary and partner controllers Notice the Guard safety icon in the bottom right side of the MainRoutine window indicating you are accessing safety code Also notice the red labels on the instructions available in the safety task These instructions are certified for use in the safety task Select some of the other instruction tabs to see what instructions are available within the safety task 5 Close the RO3_SafetyResets routine 9 of 36 Safety Tags A special class of tag called a Safety tag is used within the Safety Task The integrity of a safety tag is protected because they can only be written to by logic within the Safety Task However Safety tags can be read in the Standard or Safety Task 1 Open the ROO_Main standard routine in the POO _CompactMachine program in the continuous task and scroll to the end of the program Add a rung enter an XIC instruction and select the drop down list As you scroll through the tag list what kind of tags are available to select You should be able to select either a standard or safety tag Safety tags have a red bar on the icon to the left of the tag Standard tags do not Y v Show All Tags x CMSS_LampTest CMSS_LampTest_Safety CMSS_LightCurtainFautt_PL CMSS_LineSpeed CMSS_Meter CMSS_MSRS7_Faulted CMSS_MSRS7_K300SafeOFF_chA CMSS_MSRS7_K300SafeOFF_chB CMSS MSR57 SafeStop Cancel the pending rung edits Open the ROO_Main safety
28. this procedure All it knows is that channel 3 went LO when you pressed the Estop Wire OFF button 24 of 36 Channel Cycled Input Fault 14 Press the EStop Wire OFF button note it is a maintained button 15 Press the EStop Wire OFF button again within 3 seconds to generate a Channel Cycled fault The Channel cycle fault code 4003h indicates precisely that channel B cycled while channel A was steady Recall the wire off button affects channel B of the Emergency Stop button 4003H Channel B went to the safe state and back to the active state while Channel A remamed active 16 Press the Flashing red EStop DCS icon on the HMI 17 Press the Fault button on the bottom of the HMI screen The DCS instruction faceplate for the Emergency Stop button provides the exact description of the 4003h code as found in the user s manual Note that the 1734 IB8S module in slot 2 detected no faults during this procedure All it knows is that channel 3 went LO and then back HI 18 Close the instruction faceplate on the HMI using the X in the top right corner 19 Cycle the flashing red selector switch to clear the fault code 20 Cycle the Emergency Stop button flashing 21 Press the flashing green reset push button Pulse Test Fault 22 Press the ch ch short button to create a short between the two Estop channels green button to the right of 25 of 36 EStop Wire OFF This fault is detected by the next pulse test Th
29. tions There actually is only one 1 safety output instruction CROUT The CROUT instruction controls two 2 outputs and monitors feedback When the outputs change state the feedback is expected to follow within a configurable reaction time Essentially the CROUT has similar functionality as a safety relay 1 If not already open open the RO1_OB8S_O0 O14 safety routine Controller CMS5_Core_Demo Controller Tags 9 Controller Fault Handler 23 Power Up Handler E 8 Tasks EH LA MainTask e la Periodic_1000 G La Periodic_50 a a SafetyTask E 3 SafetyProgram A Program Tags e E ROO_Main 7 Ej RO1 OBBS OD Ol ME ro1_088s_o0_c B RO3_SafetyResets Pe gt Unscheduled Programs PF E Cut Ctri x a Motion Groups Ex Copy Ctrl C H E Add On Instructions Paste Ctrl V Data Types Delete Del Trends E I O Configuration Y Verify Cross Reference Ctri E Browse Logic Ctri L Primt b Export Routine Properties Alt Enter 2 Scroll to rung 2 where the CROUT instruction is located 3 If necessary Press the flashing green fault reset button to energize the CROUT outputs circled below 18 of 36 ROUT 2 Configurable Redundant Output a CROUT CROUT 01 Feedback Type POSTITA Feedback Reaction Time Msec 250 0235 Actuate CMSS Estop_OutputEnable1 0 FP Feedback 1 Point_10 1 1 Pt00Data 0 Feedback 2 Point_10 1 1 Pt01Data 0 Input Status Point_10 1 1CombinedinputStatus
30. uch simpler straightforward manner This lab takes approximately 90 minutes to complete Tools amp prerequisites The following software programs hardware and files are required for use with this lab Software Programs RSLinx Classic 2 59 or later RSLogix 5000 Professional v20 or later Hardware Devices Compact Machine Solutions Demo Case Files required Compact GuardLogix GuardLogix_StartingPoint Compact GuardLogix GuardLogix_ DCA_SafetyLockDemo PanelView Plus 1000 CMSS_Demo_DCAfaceplate mer MSR57 CMSS_Core_Demo csf mises sl gt sal E 5 of 36 Getting Started The GuardLogix_StartingPoint ACD file should already be loaded Please verify that the program is running and the case is ready for the lab by performing the following 1 Verify the seven jumper cables are attached as shown 1734 IB8S SLOTI i e jl e 3 3 gt to O i Ups TO TIM M2 TIM IO to OO I1 to 01 I2 to 4 I3 to 6 O2 to 4 O3 to 6 5 to 24VCOM 4VDC 24VCN 2 Set the potentiometer to 5 on the dial The potentiometer controls the speed of the motor The value of 5 is well below the safe speed threshold configured in the MSR57P 3 Verify the MSR57P safe limited speed key switch is set to the RUN position 4 Verify the K300 Drive Power key switch is in the ON position 5 Ifthe Safe Off pushbutton is flashing release it 6 Ifthe Emergency Stop p
31. ushbutton is flashing release it 7 The red selector switch Fault Reset is flashing cycle it from the counter clockwise left position to the clockwise right position and back to the left 8 The green button Safety Circuit Reset is flashing press it to energize the K300 safety enables The K300 Status light should energize The light indicates the K300 Safety inputs are energized You should hear the drive motor energize but the motor is not turning 6 of 36 9 The yellow button Start Drive Motion is flashing press it to start drive motion Safety Task Compact GuardLogix is a CompactLogix with integrated safety certified to be used in safety control systems up to SIL3 IEC61508 CAT4 EN954 1 and PLe 15013849 1 It performs all of the same functions as a standard CompactLogix in addition to performing safety control To achieve these safety ratings GuardLogix uses a 1002 dual controller architecture The two controllers are called the primary left slot and the partner right slot The primary controller runs both the standard and safety tasks The partner controller runs only the safety task The primary and partner controllers compare the outputs generated by the safety task If they ever disagree GuardLogix will go to the safe state de energized Compact GuardLogix is configured with a single software package RSLogix 5000 simplifying your engineering efforts You create a single project to manage bot
Download Pdf Manuals
Related Search