Page 1 User Manual Original Instructions PowerFlex 755/755T Integrated Safety Functions Option Module Catalog Number 20-750-S4...
Page 2 Important User Information Read this document and the documents listed in the additional resources section about installation, configuration, and operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards.
Page 3: Table Of Contents
Table of Contents Preface Conventions ........... 9 Terminology .
Page 4 Table of Contents Chapter 3 Safety I/O Safety Inputs..........39 Safety Input Operation .
Page 5 Safety Controller Project ........106 Add an Option Module to a PowerFlex 755 Drive... 108 Generate the Safety Network Number (SNN) .
Page 6 Operation Add a PowerFlex 755 Drive to the Controller Project..144 Understand Module Properties Categories ..... 145 Module Properties>General Category .
Page 7 Table of Contents Safety Supervisor State ........199 Safety Core Fault .
Page 8 Table of Contents Appendix D Parameter Data Parameters and Settings in a Linear List ......253 Device Parameters ........253 Host Config Parameters.
Page 9: Preface
Standard I/O mode. IMPORTANT You must have a basic understanding of electrical circuitry and familiarity with PowerFlex 755 drives and PowerFlex 755T drive products. You must also be trained and experienced in the creation, operation, and maintenance of safety systems.
Page 10: Terminology
Throughout this manual, the PowerFlex 755TL low harmonic drives, PowerFlex 755TR regenerative drives, PowerFlex 755TM drive systems are also referred to as PowerFlex 755T drive products. The PowerFlex 755 drive is used for the examples in this manual. Terminology Table 1 defines the abbreviations that are used in this manual.
Page 11 Preface Table 1 - Abbreviations and Definitions (continued) Abbreviation Full Term Definition System for control, protection, or monitoring based on one or more programmable electronic devices, Programmable Electronic Systems including all elements of the system such as power supplies, sensors and other input devices, data highways and other communication paths, and actuators and other output devices.
Page 12: Product Firmware And Release Notes
Preface Product Firmware and Product firmware and release notes are available online within the Product Compatibility and Download Center. Release Notes 1. From the Search bar on http://www.ab.com, choose Compatibility and Downloads. 2. Search for your product. 3. On the search results page, find the firmware and release notes for your product.
Page 13: Additional Resources
Provides declarations of conformity, certificates, and other certification details. www.rockwellautomation.com/global/certification/overview.page You can view or download publications at http://www.rockwellautomation.com/global/literature-library/overview.page. To order paper copies of technical documentation, contact your local Allen-Bradley distributor or Rockwell Automation sales representative. Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 14 Preface Notes: Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 15: What Is The Integrated Safety Functions Option Module
Chapter About Safe Stop and Safe Monitor Functions This chapter provides information on safety considerations for the Integrated Safety Functions option module. Topic Page What Is the Integrated Safety Functions Option Module? Compatible Drives Compatible Safety Controllers Safety Application Requirements Safety Certification Proof Tests PFD and PFH Definitions...
Page 16 • PowerFlex® 750-Series Safe Torque Off option module (catalog number 20-750-S) • PowerFlex 750-Series Safe Speed Monitor option module (catalog number 20-750-S1) • PowerFlex 755/755T Integrated Safety - Safe Torque Off option module (catalog number 20-750-S3) • PowerFlex 755/755T Integrated Safety Functions option module (catalog number 20-750-S4)
Page 17: Compatible Drives
IMPORTANT Do not use this option module as a control for starting or stopping the drive. Compatible Drives The Integrated Safety Functions option module is compatible with these PowerFlex 755 drives and PowerFlex 755T drive products: • PowerFlex 755 drives (v14.xxx or later) • PowerFlex 755TL low harmonic drives (v4.xxx or later) •...
Page 18: Safety Application Requirements
GuardLogix Controller Systems Safety Reference Manuals that are listed in the Additional Resources on page The TÜV Rheinland group has approved the PowerFlex 755 Integrated Safety Safety Certification Functions option module (catalog number 20-750-S4) as suitable for use in integrated safety applications: •...
Page 19: Stop Category Definitions
About Safe Stop and Safe Monitor Functions Chapter 1 ATTENTION: When designing your system, consider how various personnel can interact with the machine. Additional safeguard devices can be required for your specific application. ATTENTION: In circumstances where external influences (for example, suspended loads that can fall) are present, additional measures (for example, mechanical brakes) can be necessary to help prevent any hazard.
Page 20: Proof Tests
Chapter 1 About Safe Stop and Safe Monitor Functions Proof Tests IEC 61508 requires you to perform various proof tests of the equipment that is used in the system. Proof tests are performed at user-defined times. For example, proof tests can be once a year, once every 15 years, or whatever time frame is appropriate.
Page 21: Pfd And Pfh Data
(STO) or Timed Safe Stop 1 functions. These values apply when Safety Instance is set to ‘Safe Stop Only – No Feedback’ . Table 2 - PFD and PFH for PowerFlex 755 Drives STO and Timed SS1 PowerFlex 755 Drives...
Page 22 Chapter 1 About Safe Stop and Safe Monitor Functions In general, the PFD and PFH values from Table 4 should be added to Table 2 Table 3 when Safety Instance is set to ‘Single Feedback Monitoring’ or ‘Dual Feedback Monitoring’ . When using Dual Feedback Monitoring, enable Discrepancy Testing.
Page 23: Safety Data For Safety I/O
About Safe Stop and Safe Monitor Functions Chapter 1 Safety Data for Safety I/O The Integrated Safety Functions option module provides four safety inputs and two safety outputs. Table 5 provides PFD and PFH values to add for safety functions that use this Safety I/O. Table 5 - PFD or PFH to Add When Safety Functions Use Safety I/O Attribute Single Channel Safety I/O...
Page 24: Safety Reaction Time
Additional Resources on page Table 7 - Safety Reaction Time Drive Family Value, Max PowerFlex 755 drives (firmware revision 13 or later), Frames 1…10 PowerFlex 755TL low harmonic drives, Frames 8…12 15 ms PowerFlex 755TR regenerative drives, Frames 8…12 PowerFlex 755TM drive systems, Frames 8…12 IMPORTANT An input signal condition that is present for less than the reaction time may not result in the safety function being performed.
Page 25: Encoder Considerations
About Safe Stop and Safe Monitor Functions Chapter 1 Encoder Considerations This section describes factors to consider when using an encoder with the Integrated Safety Functions option module. Supported Encoders Table 8 describes the supported encoder types based on the feedback card that is used and the physical terminal it is connected to.
Page 26 Chapter 1 About Safe Stop and Safe Monitor Functions The following voltage monitoring ranges are supported: • 4.75v…5.25v (Recommended setting when using 20-750-DENC-1 card with the 12V Jumper in the ‘Storage’ position) • 11.4v…12.6v (Recommended setting when using 20-750-DENC-1 card with the 12V Jumper in the ‘Enabled’...
Page 27: Digital Aqb Diagnostics
About Safe Stop and Safe Monitor Functions Chapter 1 Dual Encoder Velocity and/or Position Discrepancy The dual encoder velocity and position discrepancy diagnostic helps ensure that the position and/or velocity of the two encoders match within a configurable tolerance. The position and velocity discrepancy limits are individually configurable;...
Page 28 Chapter 1 About Safe Stop and Safe Monitor Functions + Cos Vector Length Monitoring The Sin + Cos vector length monitoring diagnostic helps ensure that the sine and cosine signals are sinusoidal and 90° apart. This diagnostic is meant to detect errors in the wiring of the encoder and problems within the encoder itself.
Page 29: Contact Information If Safety Option Failure Occurs
Chapter 1 Contact Information If Safety If you experience a failure with any safety-certified device, contact your local Allen-Bradley distributor to request any of these actions: Option Failure Occurs • Return the device to Rockwell Automation so the failure is appropriately logged for the catalog number that is affected and a record is made of the failure.
Page 30 Chapter 1 About Safe Stop and Safe Monitor Functions Notes: Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 31: Installation
Chapter Installation This chapter provides installation, jumper settings, and wiring for the Integrated Safety Functions option module. Topic Page Remove Power to the System Access the Control Pod Set the SAFETY and Hardware ENABLE Jumpers Install the Safety Option Module I/O Wiring Cabling ATTENTION: The following information is a guide for proper installation.
Page 32: Remove Power To The System
Chapter 2 Installation Remove Power to the System Before performing any work on the drive, remove all power to the system. ATTENTION: • Electrical Shock Hazard. Verify that all sources of AC and DC power are de- energized and locked out or tagged out in accordance with the requirements of ANSI/NFPA 70E, Part II.
Page 33: Set The Safety And Hardware Enable Jumpers
SAFETY jumper must be removed. If the SAFETY jumper is not removed, a ‘Safety Jumper In’ fault occurs. IMPORTANT PowerFlex 755 drives (frames 8…10) control boards do not have a SAFETY jumper. If the Integrated Safety Functions option module is installed, the control board hardware ENABLE jumper must be installed.
Page 34: Install The Safety Option Module
IMPORTANT Only one safety option module can be installed in a drive. Multiple safety option modules or duplicate safety option module installations are not supported. Figure 4 - PowerFlex 755 Drives, Frames 1…7 Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 35: Feedback Installation Guidelines
Installation Chapter 2 Feedback Installation Guidelines Follow these guidelines for the Integrated Safety Functions option module. Feedback Devices The Integrated Safety Functions option module can be used with one of the following feedback devices when safe feedback monitoring is used: •...
Page 36: I/O Wiring
Chapter 2 Installation I/O Wiring This section describes the onboard safety I/O and wiring considerations. A power supply must be connected between the SP and SC terminals in order for the safety I/O to be used. See Power Supply Requirements on page information on selecting a power supply.
Page 37: Power Supply Requirements
Installation Chapter 2 Power Supply Requirements IMPORTANT The external power supply must conform to the Directive 2006/95/EC Low Voltage by applying the requirements of EN61131-2 Programmable Controllers, Part 2 - Equipment Requirements and Tests, and one of the following: • EN60950 - SELV (Safety Extra Low Voltage) •...
Page 38 Chapter 2 Installation Notes: Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 39: Safety Inputs
Chapter Safety I/O This chapter provides information that is related to the embedded safety inputs and outputs on the Integrated Safety Functions option module. Topic Page Safety Inputs Safety Outputs Safety Inputs Read this section for information about safety inputs and their operation modes.
Page 40 Chapter 3 Safety I/O Table 14 - Typical External Pulse Width and Period Pulse Width Period 500 μs 300 ms Figure 5 - Test Pulse in a Cycle Typical Pulse Typical Pulse Test Period Test Period 300 ms 300ms Typical Typical Pulse Pulse...
Page 41: Latch Input Error Operation In Single Channel Mode
Safety I/O Chapter 3 Latch Input Error Operation in Single Channel Mode The safety input subsystem allows for a configurable time for which an alarm state is held. This is referred to as Input Latch Error Time. In single channel mode, the input latch error time describes the period between when the alarm condition is removed and when the safety input stops reporting the alarm.
Page 42: Single Channel Safety Input Status Data
Chapter 3 Safety I/O Single Channel Safety Input Status Data Figure 8 describes the status and value that is reported by the Safety IO subsystem for normal and alarm states. In normal operation, the Safety Input value reported is the value being read on the input terminal. The Safety Input status is on.
Page 43: Dual-Channel Safety Input Operation
Safety I/O Chapter 3 Dual-channel Safety Input Operation To support redundant safety devices, the consistency between signals on two input points can be evaluated. This is referred to as Dual-channel operation. Two modes are available when using dual-channel inputs: equivalent and complementary.
Page 44: Equivalent Dual-Channel Input Operation
Chapter 3 Safety I/O Equivalent Dual-channel Input Operation In Equivalent mode, both inputs of a pair must typically be in the same (equivalent) state. When a transition occurs in one channel of the pair, before the transition of the second channel of the pair, a discrepancy occurs. If the second channel transitions to the appropriate state before the discrepancy time elapses, the inputs are considered equivalent.
Page 45: Complementary Dual-Channel Input Operation
Safety I/O Chapter 3 Complementary Dual-channel Input Operation In Complementary mode, the inputs of a pair are typically in the opposite (complementary) state. When a transition occurs in one channel of the pair before the transition of the second channel of the pair, a discrepancy occurs. If the second channel transitions to the appropriate state before the discrepancy time elapses, the inputs are considered complementary.
Page 46: Standard Input Operation
Chapter 3 Safety I/O Standard Input Operation When a safety input is configured for standard input operation, no diagnostics are performed on the input. Unlike safety inputs, a standard input cannot be used with pulse testing and can only be used in single channel mode. A standard input can still be configured to have an onoff and offon filter time.
Page 47 Safety I/O Chapter 3 Safety Input Status The safety input status indicates whether an alarm is present in the safety input point. The safety input status is provided in the safety input assembly, as shown Table Table 18 describes the attributes for reading the safety status via CIP messaging.
Page 48 Chapter 3 Safety I/O Table 19 - Safety Input Assembly Tags for Safety Input Values Safety Input Assembly Tag Name Type/[bit] Description (safety controller to S4 option) module :SI.InputStatus SINT A collection of safety input values and status for each safety input module :SI.In00Data Value of Safety Input 0...
Page 49: Safety Input Alarms
Safety I/O Chapter 3 Table 21 - Safety Input Assembly Tags for Safety Input Valid Safety Input Assembly Tag Name Type/[bit] Description (safety controller to S4 option) module :SI.IOSupport SINT A collection of bits describing safety IO functionality Safety Input 0 Valid module :SI.In00Valid 0 = Data invalid 1 = Data valid...
Page 50: Determining Safety Input Alarm Type
Chapter 3 Safety I/O An internal circuit error occurs when an internal pulse test fails. This means that circuitry inside the module has failed. An internal circuit error may not be recoverable; replacing the module may be required. An external circuit error occurs when pulse testing by the safety input’s associated test output fails.
Page 51: Safety Input Alarm Recovery
Safety I/O Chapter 3 Table 23 - MSG Configuration for Safety Input Alarm Type Service Code 0x0E Get attribute single Class 0x3D Safety Discrete Input Point Object Instance i + 1 Where i is the number of the safety input Data Type USINT Attribute...
Page 52: Use With Powerflex 750-Series Atex Option Module
Chapter 3 Safety I/O Figure 11 - Off-on Delay Input Signal Safety Input Value On-delay On-off Delay An input signal is treated as logic 1 during the off-delay time (0…126 ms, in increments of 1 ms) after the falling edge of the input contact. The input only turns off if the input contact remains off after the off delay time has elapsed.
Page 53: Single-Channel Mode
Safety I/O Chapter 3 Figure 13 - Test Pulse in a Cycle Typical Pulse Test Period 300 ms Typical Pulse Width 500 μs Table 24 - Typical External Pulse Width and Period Pulse Width Period 500 μs 300 ms IMPORTANT To help prevent the test pulse from causing the connected device to malfunction, pay careful attention to the input response time of the device that is connected to the output.
Page 54: Latch Output Error Operation In Single Channel Mode
Chapter 3 Safety I/O Figure 14 - Single-channel Setting (not to scale) Normal Operation Safety Output Terminal Safety Output Value Safety Output Status Alarm Operation Safety Output Terminal Safety Output Value Alarm Detected Safety Output Status Latch Output Error Operation in Single Channel Mode The safety output subsystem allows for a latch error time to be configured.
Page 55: Dual-Channel Mode
Safety I/O Chapter 3 Dual-channel Mode When the data of both channels is in the on state, and neither channel has an alarm, the outputs are turned on. The status is normal. If an alarm is detected on one channel, the safety output data and individual safety output status turn off for both channels.
Page 56 Chapter 3 Safety I/O Figure 17 - Dual Channel Output Latch Error Behavior Output Latch Error Time Safety Output 0 Value Safety Output 1 Value Dual Channel Safety Output ALARM Status Dual Channel ALARM Safety Output Status Alarm Cleared Alarm Alarm Detected Condition Removed and...
Page 57: Safety Output Safety Data
Safety I/O Chapter 3 Safety Output Safety Data The Safety Output data of the Integrated Safety Functions module can be monitored through: • Safety Input Assembly • DPI Parameters • CIP Messaging The following Safety Output data is available in the Integrated Safety Functions Module: •...
Page 58 Chapter 3 Safety I/O Safety Output Ready When set, the safety output ready attribute indicates that the safety output is configured for safety use and ready to be commanded. IMPORTANT Check the Safety Output Ready attribute before commanding the safety output.
Page 59: Commanding Safety And Test Outputs
Safety I/O Chapter 3 Table 29 - Safety Input Assembly Tags for Safety Output Monitor Value Safety Input Assembly Tag Name Type/[bit] Description (safety controller to S4 option) module:SI.OutputStatus SINT A collection of safety output status, safety output monitor values, and test output status module:SI.Out00Monitor Output Monitor Value of Safety Output 0 0 = OFF...
Page 60: Safety Output Alarms
Chapter 3 Safety I/O Safety Output Alarms The Safety Output logic can detect the following errors: • Configuration • Circuit • Dual Channel Discrepancy (Dual Channel Configuration Only) • Partner Channel (Dual Channel Configuration Only) When an error is detected, the associated safety output data is put into the safe state and the Alarm Type attribute is set.
Page 61: Determining Safety Output Alarm Type
Safety I/O Chapter 3 Partner Channel Error When the safety outputs are configured for dual channel mode, and one of the safety outputs experiences a circuit or configuration error, the other safety output will report a Partner Channel error. TIP The safety output data will still be placed in the safe state when a Partner Channel error occurs.
Page 62: Safety Output Alarm Recovery
Chapter 3 Safety I/O Safety Output Alarm Recovery If an alarm is detected, the safety outputs are switched to the safe state and remain in the safe state. Follow this procedure to activate the safety output data again. 1. Remove the cause of the alarm. 2.
Page 63: Standard Output Mode
Safety I/O Chapter 3 ATTENTION: Do not use test outputs as safety outputs. Test outputs do not function as safety outputs. Standard Output Mode When a test output is configured for standard output mode, the test output point operates as a general purpose output. The output can be commanded through the safety output assembly.
Page 64: Test Output Status
Chapter 3 Safety I/O The following Test Output data is available in the Integrated Safety Functions module: • Test Output Status • Test Output Ready Each test output point reports its own status and ready attributes. IMPORTANT Test Output data is not safety data and cannot be used for safety applications.
Page 65: Test Output Ready
Safety I/O Chapter 3 Test Output Ready When set, the test output ready attribute indicates that the test output is configured for standard output mode, and is ready to be commanded. In other modes, the test output ready attribute is forced to the safe (alarm) state. IMPORTANT The Test Output Ready attribute should be checked before commanding the test output.
Page 66 Chapter 3 Safety I/O Notes: Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 67: Drive-Based Safe Stop Functions
Chapter Drive-based Safe Stop Functions Use this chapter to learn more about the Safe Torque Off, Timed Safe Stop 1, Monitored Safe Stop 1, and Safe Brake Control stopping functions that are built into the Integrated Safety Functions option module. IMPORTANT The information in this section describes Safety Stop Functions operating in the drive.
Page 68: Safety Input Assembly Safe Stop Function Tags
Chapter 4 Drive-based Safe Stop Functions Table 38 - Safety Output Assembly Tags for Safety Stop Functions (continued) Safety Output Assembly Tag Name Type/[bit] Description (safety controller to S4 option) module :SO.SS1Request If Safe Stop 1 (SS1) is configured: 0 = No Request 1 = Request Safe Stop 1 If Safe Stop 1 is not configured, this tag must be set to 0.
Page 69 Drive-based Safe Stop Functions Chapter 4 Table 39 - Safety Input Assembly Tags for Safety Stop Functions Safety Input Assembly Tag Name Type/[bit] Description (S4 option to safety controller) module :SI.SBCActive Safe Brake Control (SBC) function status: 0 = Release Brake (So0 and So1 ON) 1 = Engage Brake (So0 and So1 OFF) module :SI.SS1Active Safe Stop 1 (SS1) function status:...
Page 70: Safety Function In Response To Connection Event
Chapter 4 Drive-based Safe Stop Functions ATTENTION: Safety I/O connections and produced/consumed connections cannot be automatically configured to fault the controller if a connection is lost and the system transitions to the safe state. If you must detect a device fault so that the system maintains the required SIL level, you must monitor the Safety I/O CONNECTION_STATUS bits and initiate the fault via program logic.
Page 71: Connection Idle Action
Drive-based Safe Stop Functions Chapter 4 parameter is not changed, the safety function that is triggered by the connection loss may fault. Connection Idle Action When the connection idle event is detected, the following attributes will be set: • In Standard Control Mode –...
Page 72: Safe Torque Off Activation
Chapter 4 Drive-based Safe Stop Functions Safe Torque Off Activation Safe Torque Off can be initiated by one or more sources: • STO Output – Setting the Safety Output Assembly Tag (module:SO.STOOutput = 1) • SS1 Complete – Completion of a Safe Stop 1 •...
Page 73: Safe Torque Off Delay
Drive-based Safe Stop Functions Chapter 4 • In Motion Control Mode – axis.SafeTorqueOffActiveStatus = 1 – axis.SafetyResetRequiredStatus = 1 The steps to reset the STO function depend on the cause of STO activation and the Restart/Cold Start Type configured in the module. Safety Fault STO Activation Reset IMPORTANT When the STO function is activated by a Safety Fault, the cause of the safety fault must be removed before STO can be reset, regardless of the configured...
Page 74: Safe Torque Off Operation
Chapter 4 Drive-based Safe Stop Functions to SBC delay. In the case of STO activation by a safety fault, any configured delay is ignored, and torque is disabled instantly. Safe Torque Off Operation The operation of the STO function and its attributes is dependent on the configuration of the STO function and the activation reason.
Page 75 Drive-based Safe Stop Functions Chapter 4 Figure 21 - STO with Delay STO Delay Velocity SO. STO Output Disable Torque 0x00 STO Activation 0x01 = STO Output SI.STO Active STO Active P4 [Safety Status] STO Active STO Active SI.TorqueDisabled Torque Disabled SI.RestartRequired Restart Required SO.ResetRequest...
Page 76: Safe Torque Off Stopping Action And Source
Chapter 4 Drive-based Safe Stop Functions Figure 22 - STO with Safety Fault SI. Safety Fault Safety Fault STO Activation 0x04 = Safety Stop Fault Disable Torque SI.STO Active SI.Torque Disabled Torque Disabled SI.Restart Required Restart Required Always Required to Reset a Fault SO.Reset Request Fault Cleared (1) Safety Output Assembly...
Page 77: Sto Safety Fault
Drive-based Safe Stop Functions Chapter 4 If the STO Stopping Action Source is Controller, or the STO Stopping Action is configured for a non-default value, a STO Delay may need to be specified in order for the Stopping Action to be completed before torque is disabled. See the drive's reference manual for information on its supported stop modes.
Page 78: Safe Stop 1 Function
Chapter 4 Drive-based Safe Stop Functions Safe Stop 1 Function The Safe Stop 1 (SS1) function signals the configured SS1 Stop Action Source to initiate a stopping action, then the safety module monitors the stop. When the Safe Stop 1 is complete, STO is activated and torque is disabled. If the drive does not complete the stop within the limits that are configured in the Safe Stop 1 function, an SS1 Fault is annunciated.
Page 79: Safe Stop 1 Reset
Drive-based Safe Stop Functions Chapter 4 Safe Stop 1 Reset After an SS1 action is complete, the SS1 function must be reset in order to enable torque. When the STO Function needs to be reset, the following attribute values are set: •...
Page 80: Safe Stop 1 Stopping Action And Source
Chapter 4 Drive-based Safe Stop Functions Safe Stop 1 Stopping Action and Source In response to an SS1 activation, the type of stop and the source responsible for controlling the stop is configurable. These configuration attributes are defined • SS1 Stopping Action – Configures what stopping action to perform in response to an SS1 Activation.
Page 81: Monitored Safe Stop 1
Drive-based Safe Stop Functions Chapter 4 timing of SS1 status and torque attributes in response to an SS1 activation, along with the restart type behavior. Figure 24 - Timed Safe Stop 1 SS1 Ext Max Stop Time Velocity SO.SS1Request SS1 Activation 0x00 0x00 0x01 = SS1 Request...
Page 82 Chapter 4 Drive-based Safe Stop Functions After the SS1 Active bit is set, the configured SS1 Decel Monitor Delay timer begins. After the configured Decel Monitor Delay expires, an internal speed ramp value is computed every time that the encoder is sampled. If the magnitude of module:SI.FeedbackVelocity exceeds the sum of the internal ramp plus Decel Speed Tolerance, the SS1 Fault Type attribute is set to ‘Deceleration Rate’...
Page 83 Drive-based Safe Stop Functions Chapter 4 to SBC Delay is negative (and STO Activates SBC = Linked), then the Torque Disabled attribute is set after the configured time delay. Otherwise, the Torque Disabled attribute is set immediately. Figure 27 shows the timing of the Monitored SS1 operation, along with the restart type behavior.
Page 84: Ss1 Safety Fault
Chapter 4 Drive-based Safe Stop Functions SS1 Safety Fault When an SS1 Safety Fault occurs, the STO function is activated immediately and torque is disabled. Figure 27 describes the timing of attributes when an SS1 fault occurs during SS1 execution. Figure 28 describes the operation of SS1 when an SS1 fault is detected.
Page 85: Safe Brake Control Function
Drive-based Safe Stop Functions Chapter 4 Figure 28 - Safe Stop 1 Fault Operation SS1 Max Stop Time Velocity SS1 Max Stop Time Fault Occurs (Feedback Velocity > Expected Velocity) Standstill Speed SO.SS1Request SS1 Request 0x00 SS1 Activation 0x00 0x01 = SS1 Request SI.SS1Active SS1 Active S1.SafetyFault...
Page 86: Safe Brake Control Reset
Chapter 4 Drive-based Safe Stop Functions When SBC is activated, all sources of activation are stored in an attribute as a bit mask, and the attribute can then be read to determine the causes of an SBC activation. Figure 29 shows the operation of the SBC activation attribute.
Page 87: Safe Brake Control Modes
Drive-based Safe Stop Functions Chapter 4 Safety Fault SBC Activation Reset IMPORTANT When the SBC function is activated by a Safety Fault, the cause of the safety fault must be removed before the SBC function can be reset, regardless of the configured restart type.
Page 88: Safe Brake Control Operation
Chapter 4 Drive-based Safe Stop Functions • So1: Safety Discrete Output Point Object Instance 4 • Safety Dual Channel Output Object Instance 2 Used, Test Pulses In ‘Used, Test Pulses’ mode, the associated safety outputs are tested with a 500 μs pulse every 300 ms when the brake is in the released state (outputs energized).
Page 89 Drive-based Safe Stop Functions Chapter 4 SBC Operation when Activated by Safety Output Assembly When the SBC function is activated by clearing the module:SO.SBCOutput tag, the associated safety outputs are deenergized, forcing the brake to engage, and torque is still enabled. Figure 30 shows the timing of SBC attributes when the SBC function is executed independently.
Page 90 Chapter 4 Drive-based Safe Stop Functions Figure 31 - SBC Linked to STO with Positive Delay SI. STO Active Disable Torque Torque Disabled SI.TorqueDisabled 0x00 SBC Activation 0x02 = STO Active SI.SBCActive Engage Brake (STO to SBC Delay) > 0 SI.BrakeEngaged Brake Engaged Brake Engaged...
Page 91 Drive-based Safe Stop Functions Chapter 4 to the safe state changes. The ‘Safe State’ of the SBC function is the ‘Brake Engaged’ state. SBC not Linked to STO Safety Fault Operation When a safety fault is detected in the module (and the SBC function is configured to not be linked to STO activation), the SBC function will be activated with the SBC activation reason being ‘Safety Stop Fault’...
Page 92 Chapter 4 Drive-based Safe Stop Functions Figure 34 - SBC Operation under Safety Fault Condition (linked to STO with positive delay) SI.SafetyFault Safety Fault STO Activation 0x04 = Safety Stop Fault 0x00 Disable Torque SI.STOActive SI.TorqueDisabled Torque Disabled SBC Activation 0x00 0x06 = STO Active, Safety Stop Fault SI.SBCActive...
Page 93: Sbc Safety Fault
Drive-based Safe Stop Functions Chapter 4 SBC Safety Fault When the module experiences an SBC Fault, the module is placed in the safe state and the cause of the fault is recorded. If SBC function detects a fault, it will set: •...
Page 94 Chapter 4 Drive-based Safe Stop Functions The drive-based SBC function does not implement checking of brake feedback; however, the available safety inputs can be used to send the status of brake feedback to the safety controller that is programmed with a diagnostic check.
Page 95: Drive Safety Instructions
GuardLogix 5380 controllers and use the EtherNet/IP™ network to communicate with the safety I/O. Drive Safety instructions use safety feedback, provided by PowerFlex 755/755T drive products to the Safety Task of the controller, to perform safe monitoring functions. Rockwell Automation Publication 750-UM005A-EN-P...
Page 96 Chapter 5 Controller-based Safety Functions Table 40 - Drive Safety Instructions Safety Instruction Description The SFX function scales feedback position into position units and feedback velocity into position units per time unit. SFX is used with Safety Feedback Interface other Drive Safety instructions.SFX also provides unwind for rotary applications and position homing.
Page 97: Before Adding The Safety Instructions
Chapter 5 Before Adding the Safety Instructions Before adding drive safety instructions to your Logix Designer application, you must have PowerFlex 755/755T drive products with 20-750-S4 options installed in your project. Drive Safety Instruction Example Drive Safety instructions provide the following information. In this example, the Safely-limited Speed (SLS) instruction is shown.
Page 98: Pass-Through Data Using Standard I/O Mode
SLS instruction. IMPORTANT Pass-through data is for status information only and does not impact configured safety functions. Figure 39 - Pass-through Data Path (Standard I/O Mode) PowerFlex 755 Drive Safety Task Programming SLS Active status is Safety sent to the drive.
Page 99 Controller-based Safety Functions Chapter 5 Table 42 - SLS Tag Information Safety Output Assembly Tag Axis Tag module :SO.SLSActive Drive: I.SafetyStatus SLSActive module :SO.SLSLimit Drive: I.SafetyStatus SLSLimit module :SO.SLSFault Drive :I.SafetyStatus SLSFault TIP The words module and drive (italic) in these tag names represent the module and drive name that is assigned in the Logix Designer application.
Page 100: Pass-Through Data Using Integrated Motion
SLS instruction. IMPORTANT Pass-through data is for status information only and does not impact configured safety functions. Figure 40 - Pass-through Data Path PowerFlex 755 Drive Safety Task Programming SLS Active status is Safety sent to the drive.
Page 101: Sfx Instruction
The PowerFlex 755/755T drive provides safe position and velocity feedback. Up to SIL 3 PLe safety rating can be achieved by using dual feedback with velocity and/or position discrepancy checking.
Page 102: Sfx Instruction Example
Chapter 5 Controller-based Safety Functions Figure 41 - SFX Instruction Feeds Data to SS1 Instruction Actual Position Feedback Position (position units) (counts) PowerFlex 755/ PowerFlex 755/ 755T Drive 755T Drive Actual Speed Feedback Velocity (position units/second (feedback units/second) or position units/minute)
Page 103 Controller-based Safety Functions Chapter 5 Figure 42 - Effective Resolution Parameter In this example, the motor is used in a rotary application where the unwind is set to roll over each motor revolution. Therefore, the unwind of ‘512 Counts/ Rev’ was added in the SFX instruction appropriately. Figure 43 - Scaling Rockwell Automation Publication 750-UM005A-EN-P...
Page 104 Chapter 5 Controller-based Safety Functions Homing Setting the ‘Actual Position’ output to the ‘Home Position input’ (homing) of the instruction is required if using a position-based drive safety instruction like Safely-limited Position (SLP). If a position-based drive safety instruction is not being used on an axis, homing the SFX instruction is not required.
Page 105: Safety Assembly Tags
The SO.Output00Output, SO.Output01Output, SO.Test00Output, and SO.Test01Output tags are sent from the GuardLogix safety output assembly to the PowerFlex 755 safety output assembly to control the safety and test outputs on the Integrated Safety Functions option module. The SI.StopStatus tags are sent from the PowerFlex 755 to the GuardLogix safety input assembly and indicate the PowerFlex 755 safety control status.
Page 106: Configure Safety In The Logix Designer Application
Configure Safety in the Logix This chapter provides instructions for how to add and configure an Integrated Safety Functions option module in a PowerFlex 755/ 755T drive product to an Designer Application existing project in the Logix Designer application. This chapter is specific to safety and does not cover all aspects of drive configuration.
Page 107 2. Select from the following drive products and click Create. • PowerFlex 755 HiPwr EENET • PowerFlex 755 EENET • PowerFlex 755T • PowerFlex 755TM Bus Supply This example uses the PowerFlex 755 EENET. Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 108: Add An Option Module To A Powerflex 755 Drive
Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation Add an Option Module to a PowerFlex 755 Drive 1. In the Device Definition dialog box, enter the connection type that you want to use. Select from one of the following types. The ‘Standard and Safety’...
Page 109 Standard I/O Mode – Configuration, Programming, and Operation Chapter 6 2. When a network safety connection is selected, the 20-750-S3 Network STO option is selected by default. Click the Safety Peripheral pull- down menu and select 20-750-S4. 3. If feedback is being used (indicated by the selection in Safety Instance 1), enter a feedback device for the Safety Feedback Module.
Page 110: Generate The Safety Network Number (Snn)
Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation 4. Scroll down and enter additional Device Definition data for the drive product being used. Generate the Safety Network Number (SNN) The assignment of a time-based SNN is automatic when you create a GuardLogix safety controller project and add new Safety I/O devices.
Page 111 Standard I/O Mode – Configuration, Programming, and Operation Chapter 6 To edit the SNN, follow these steps. 1. To open the Safety Network Number dialog box, click to the right of the Safety Network Number. 2. Select either Time-based or Manual. If you select Manual, enter a value from 1…9999 decimal.
Page 112 Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation Electronic Keying The electronic keying options are for the standard connection to the drive. Electronic Keying Indicates that all keying attributes must match to establish communication. If any attribute Exact Match does not match precisely, communication with the device does not occur.
Page 113 Standard I/O Mode – Configuration, Programming, and Operation Chapter 6 6. Click the Add new peripheral pull-down menu to add any additional peripherals, such as feedback devices to use with the safety option module. In this example, a ‘20-750-UFB-1 Universal Feedback’ option module has been added.
Page 114 Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation The Input and Output tabs are for setting the datalinks between the drive and the controller that is performing control. Add P4 [Safety Status] and P5 [Safety Faults] to provide pass-thru data from the safety task/safety controller to the main task/standard controller.
Page 115 Standard I/O Mode – Configuration, Programming, and Operation Chapter 6 10. Click Create to create the drive and have it added to the I/O Configuration folder. Save the project to save any edits and double-click the drive in the I/O Configuration folder to reopen the drive properties window.
Page 116 Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation For safety output connections, the Max Observed Network Delay displays the value that is generated by the output module. For safety input connections, it displays the value that is generated by the controller.
Page 117 Standard I/O Mode – Configuration, Programming, and Operation Chapter 6 13. Click Actions under Safety Configuration in the navigation tree to open the Actions page. Use the settings on the Actions page to: • Define the action to take when the safety connection is lost. •...
Page 118 Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation 14. Click STO under Safety Configuration in the navigation tree to open the STO page. The Delay value is the time delay between the STO Active condition and Safe Torque Disabled. This allows the drive to bring the motor to a controlled stop before disabling torque.
Page 119 Standard I/O Mode – Configuration, Programming, and Operation Chapter 6 Property Description Specifies the mode of the SS1 function. The Mode selection determines which parameters on the tab are available to configure. The available options are: • Not Used • Timed SS1 Mode •...
Page 120 Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation Property Description The physical input points available for configuration (terminals Si0, Si1, Si2, Point and Si3). Specifies the type of operation for the input. Available options are: • Single Channel Point Operation - Type •...
Page 121 Standard I/O Mode – Configuration, Programming, and Operation Chapter 6 Property Description Point The physical output points available for configuration (terminals So0 and So1). Specifies the type of operation for the output. Available options are: Point Operation - Type • Single Channel •...
Page 122 Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation Property Description Specifies the mode of the SBC function. Available options are: • Not Used Mode • Used, No Test Pulses • Used, Test Pulses Identifies if Safe Torque Off (STO) activation triggers the SBC function. Available options are: STO Activates SBC •...
Page 123 Standard I/O Mode – Configuration, Programming, and Operation Chapter 6 20. Enter the information for the device that is being used for the primary feedback. Red boxes indicate items that must be updated. The properties available on this page are determined by the safety feedback device selected when the drive module was created.
Page 124 Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation 22. Enter the information for the device being used for the secondary feedback. Red boxes indicate items that must be updated. The properties available on this page are determined by the safety feedback device selected when the drive module was created.
Page 125: Safety Configuration Signature And Ownership
Safety Configuration Signature and Ownership The connection between the controller and the drive is based on the following criteria: • Drive catalog number must be for PowerFlex 755 drives • Drive Safety Network Number (SNN) (displayed in drive module General tab) •...
Page 126: Reset Ownership
Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation Configuration Ownership has to be reset to establish a new connection or to reestablish an existing connection. Reset Ownership To reset ownership, see Restore the Drive to Out-of-Box State on page 214.
Page 127: Standard And Safety Tasks
(datalinked parameters) in the Integrated Safety Function option module. The PowerFlex 755/755T drive products, with the Integrated Safety Function option module, provides integrated safety functions. Safety functionality operates independently of the inverters and feedback that is used for motion.
Page 128 Safety I/O Standard I/O Assembly Assembly PowerFlex 755/755T Drive Product 4. The main task controls the drive to bring the motor to a stop within the Monitored SS1 limits for speed and time. 5. While the drive is stopping, the SS1 function (in the motion-safety instance) monitors the motor speed to make sure it remains below the speed limit and maximum stopping time.
Page 129: Pass-Through Data
214 for more information. Replacing an entire PowerFlex 755 drive or PowerFlex 755T drive product on an integrated safety network is more involved than replacing standard devices because of the safety network number (SNN). The device number and SNN is the safety Device ID of the device.
Page 130: Replace An Integrated Safety Drive In A Guardlogix System
Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation integrity on the initial download to the PowerFlex 755 drive or PowerFlex 755T drive product. When the Logix Designer application is online, the Safety tab of the Module Properties dialog box displays the current configuration ownership. When the opened project owns the configuration, Local is displayed.
Page 131 ATTENTION: Enable the Configure Always feature only if the entire integrated safety control system is not being relied on to maintain SIL 3 behavior during the replacement and functional testing of a PowerFlex 755/ 755T drive product. If other parts of the integrated safety control system are being relied upon to maintain SIL 3, make sure that the controller’s Configure Always feature is...
Page 132: Powerflex 755 Io Mode Using Sfx, Ss1, And Sls Instructions
Standard I/O Mode – Configuration, Programming, and Operation PowerFlex 755 IO Mode Using In this example, a PowerFlex 755 drive (equipped with embedded Ethernet) controls an induction motor with a 1024 PPR incremental encoder. A Dual SFX, SS1, and SLS Instructions...
Page 133 Figure 47 - Studio 5000 Connection Set to Standard and Safety Studio 5000 Connection is set to ‘Standard and Safety’ since the GuardLogix controller will provide both in this example. Figure 48 - Studio 5000 Powerflex 755 EENET Configuration Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 134 Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation Figure 49 - Studio 5000 Safety Primary Feedback Configuration Figure 50 - Studio 5000 Safety Scaling Configuration Figure 51 - Studio 5000 Input Configuration • Inputs 0 and 1 are used with an OSSD Estop input from the 800FP. Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 135: Programming Example
Standard I/O Mode – Configuration, Programming, and Operation Chapter 6 • Input 2 is a standard digital input from a push button to safety reset the S4 module. • Input 3 is a standard digital input from a push button to set the SFX home.
Page 136 Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation Safety Input The DCS Instruction is responsible for evaluating the dual-input validity into the GuardLogix safety controller. Figure 53 - DCS Instruction with the S4 is Mapped to the 800FP Safety Logic The Safety Logic is used to configure when a safety reset occurs, the home trigger, and the execution of the SFX instruction (which must have primary...
Page 137 Standard I/O Mode – Configuration, Programming, and Operation Chapter 6 Figure 54 - Safety Logic Example Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 138 Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation Safety Output The Safe Torque Off output must be true in order for any of the preceding safe monitoring functions (namely SFX, SS1, and SLS) to function. Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 139 Chapter 6 Figure 55 - Safety Output Example The PowerFlex 755 S4 safety actions can be configured based on the required reaction to various machine requirements. In this instance, the STO request is executed by the PowerFlex 755 in causing a disable and coast reaction.
Page 140 Figure 57 - The Use of Datalink is Required to Pass Data from the S4 Safety Function to the Standard I/O Routine Figure 58 - Standard I/O Routine That Starts and Stops the PowerFlex 755 Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 141 Standard I/O Mode – Configuration, Programming, and Operation Chapter 6 Figure 59 - Standard I/O Routine That Runs the Drive at Velocity and Changes to Safe Limited Speed Velocity When Requested by the Safety Task Figure 60 - Standard I/O Routine That Commands the Drive to Zero Velocity Once the SS1 Request is Made by the Safety Task Figure 61 - Standard I/O Routine That Monitors When at Zero Speed and Stops the Drive Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 142 Chapter 6 Standard I/O Mode – Configuration, Programming, and Operation Notes: Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 143 The SO.Output00Output, SO.Output01Output, SO.Test00Output, and SO.Test01Output tags are sent from the GuardLogix safety output assembly to the PowerFlex 755 safety output assembly to control the safety and test outputs on the Integrated Safety Functions option module. The SI.StopStatus tags are sent from the PowerFlex 755 to the GuardLogix safety input assembly and indicate the PowerFlex 755 safety control status.
Page 144: Add A Powerflex 755 Drive To The Controller Project
Configure the Integrated This section provides instructions for how to add and configure an Integrated Safety Functions option module in a PowerFlex 755/755T drive product to an Safety Function Option existing project in the Logix Designer application. This chapter is specific to Module in the Logix Designer safety and does not cover all aspects of drive configuration.
Page 145: Understand Module Properties Categories
Integrated Motion – Configuration, Programming, and Operation Chapter 7 The Integrated Safety Function module and its safe speed monitor functions Understand Module are configured in the Studio 5000 Logix Designer® application. Follow these Properties Categories guidelines when configuring your safety application. IMPORTANT For access to Motion Safety module properties, the Connection pull-down menu in the Module Definition dialog box must be configured for Motion and Safety or Safety Only.
Page 146: Module Properties>General Category
Chapter 7 Integrated Motion – Configuration, Programming, and Operation Module Properties Category Page General page 146 Connection and Safety page 149 Motion Safety Actions page 152 Primary Feedback page 153 Secondary Feedback page 155 Scaling page 156 Discrepancy Checking page 157 page 158 page 159 page 160...
Page 147 Integrated Motion – Configuration, Programming, and Operation Chapter 7 Table 44 - Electronic Keying Methods Electronic Keying Indicates that all keying attributes must match to establish communication. If any attribute Exact Match does not match precisely, communication with the device does not occur. Lets the installed device accept the key of the device that is defined in the project when the installed device can emulate the defined device.
Page 148 Chapter 7 Integrated Motion – Configuration, Programming, and Operation 6. When using ‘Single’ or ‘Dual Feedback Monitoring’ mode, use these steps to add a safety feedback device. a. Right-click the drive under Peripheral Devices, and then click New Peripheral Device… to bring up the Peripheral Device Definition dialog box.
Page 149: Module Properties>Connection And Safety Categories
Integrated Motion – Configuration, Programming, and Operation Chapter 7 Table 46 - Motion Safety Instance Definitions Motion Safety Instance Mode Module Connection Options Description Safe Stop Only - STO function and Timed SS1 Safe Stop functions are available. No Feedback Single Feedback Monitoring •...
Page 150 Chapter 7 Integrated Motion – Configuration, Programming, and Operation 3. Click the Configuration tab. The default safety task Period value (and output RPI) is 20 ms. IMPORTANT The ‘Period’ is the interval at which the safety task executes. The ‘Watchdog’ must be less than the period. For more safety task information, see the GuardLogix 5580 and Compact GuardLogix 5380 Controller Systems Safety Reference Manual, publication 1756-RM012.
Page 151 Integrated Motion – Configuration, Programming, and Operation Chapter 7 Table 47 - Advanced Reaction Connection Time Limit Configuration Settings Advanced Reaction Connection Time Description Limit Configuration Settings The RPI specifies the period that data updates over a connection. For example, an input module produces data at the RPI that you assign.
Page 152: Motion Safety>Actions Category
Chapter 7 Integrated Motion – Configuration, Programming, and Operation Motion Safety>Actions Category The Actions category provides fault behavior options. Determine the preferred machine function when a connection loss or connection idle condition occurs. Safe Torque-off (STO) means that the drive immediately disables the motor power outputs causing a coast condition for the motor and load.
Page 153: Motion Safety>Primary Feedback Category
Integrated Motion – Configuration, Programming, and Operation Chapter 7 2. From the Connection Loss Action and Connection Idle Action pull- down menus, choose SS1 or STO as required for your application. 3. From the Restart Type and Cold Start Type pull-down menus, choose Automatic or Manual as required for your application.
Page 154 Chapter 7 Integrated Motion – Configuration, Programming, and Operation Table 49 - Feedback Options Feedback Option 20-750-UFB-1 20-750-DENC-1 Sine/Cosine Primary Digital AqB Hiperface Secondary Digital AqB Digital AqB Table 50 - Safety Feedback Configuration Attributes Attribute Description Specify the units of the encoder. Default value is revolutions (Rev) that supports rotary motors. Units When using a linear encoder, select Meter.
Page 155: Motion Safety>Secondary Feedback Category
Integrated Motion – Configuration, Programming, and Operation Chapter 7 Table 51 - Voltage Monitoring Values for Feedback Device Feedback Devices 20-750-UFB 20-750-DENC Not monitored Not monitored 7V…12V 4.75V…5.25V Primary 4.75V…5.25V 7V…12V 11.4V…12.6V Not monitored Not monitored 7V…12V 4.75V…5.25V Secondary 4.75V…5.25V 7V…12V 11.4V…12.6V Motion Safety>Secondary Feedback Category...
Page 156: Motion Safety>Scaling Category
Chapter 7 Integrated Motion – Configuration, Programming, and Operation Motion Safety>Scaling Category The Primary Feedback category set safety resolution in terms of counts per encoder unit. The Scaling category configures the position and time to be used in terms of counts per position unit in the safe monitoring functions. Figure 63 - Scaling Category (default settings) Table 52 - Scaling Category Attributes Attribute...
Page 157: Motion Safety>Discrepancy Checking Category
Integrated Motion – Configuration, Programming, and Operation Chapter 7 Motion Safety>Discrepancy Checking Category Discrepancy checking is only used in applications where the ‘Module Definition>Safety Instance’ is configured for ‘Dual Feedback Monitoring’ . Its purpose is to perform an evaluation of the speed and position discrepancy between primary and secondary feedback.
Page 158: Motion Safety>Sto Category
Chapter 7 Integrated Motion – Configuration, Programming, and Operation and secondary feedback position. Use the ‘Velocity/Position Check’ mode if position and velocity checking are needed. Follow these steps to configure the Discrepancy Checking attribute. 1. From the Mode pull-down menu, choose the appropriate discrepancy checking mode for your application.
Page 159: Motion Safety>Ss1 Category
Integrated Motion – Configuration, Programming, and Operation Chapter 7 STO becomes active if any of the following inputs to STO are asserted: • STO Output = 0 • Safety Connection Loss and Connection Loss Action = STO • Safety Connection is Idle and Connection Idle Action = STO •...
Page 160: Motion Safety>Sbc Category
Chapter 7 Integrated Motion – Configuration, Programming, and Operation Figure 66 - SS1 Dialog Box (Timed SS1, default) Monitored SS1 is a ramped safe-stop where the motion safety instance monitors the speed ramp to standstill speed, while either the motion task or the drive controls the deceleration to standstill speed.
Page 161: Motion Safety>Input Configuration Category
Integrated Motion – Configuration, Programming, and Operation Chapter 7 of the physical brake outputs are performed. For more information on the drive-based SBC function, see Safe Brake Control Function on page Table 53 for descriptions of the SBC attributes. Table 53 - SBC Attributes Attribute Description Determines if an STO event engages the brake.
Page 162: Motion Safety>Test Output Category
Chapter 7 Integrated Motion – Configuration, Programming, and Operation Error Latch Time attribute configures the time that a discrepancy must exist before a Safety Input alarm is generated. See Latch Input Error Operation in Single Channel Mode on page 41 for more information.
Page 163: Motion Safety>Output Configuration Category
Integrated Motion – Configuration, Programming, and Operation Chapter 7 TIP If a safety input’s Point Mode is configured for ‘Used with Test Output’ , the Test Output indicated by the ‘Test Source’ field must have its ‘Point Mode’ configured as ‘Pulse Test Output’ . Table 56 - Test Output Point Mode Values Value Description...
Page 164: Axis Properties > Actions > Safety Actions
Chapter 7 Integrated Motion – Configuration, Programming, and Operation Table 57 - Point Operation Type Values Value Description The safety output operates in single channel mode. See Single-channel Mode on page Single Channel for more information. The safety output operates in dual channel mode with its partner safety output. See Dual Channel Dual-channel Mode on page...
Page 165: Feedback Device
Integrated Motion – Configuration, Programming, and Operation Chapter 7 Figure 68 on page 165 shows the Actions page. Table 59 on page 165 describes the Safety Action attributes. Figure 68 - Axis Properties > Actions Page Table 59 - Safety Actions Attributes Descriptions Attribute Description Specifies the stopping action that will be executed in response to a STO Activation.
Page 166: Generate The Safety Network Number (Snn)
Chapter 7 Integrated Motion – Configuration, Programming, and Operation Table 60 - Motor/Load Feedback Device Selection Terminal Safety Feedback Device Selection Motor/Load Feedback Device Selection – SN + SN Port X Primary Port X Channel B – CS + SN –...
Page 167: Safety Configuration Signature And Ownership
Safety Configuration Signature and Ownership The connection between the controller and the drive is based on the following criteria: • Drive catalog number must be for PowerFlex 755 drives • Drive Safety Network Number (SNN) (displayed in drive module General tab) •...
Page 168: Reset Ownership
Chapter 7 Integrated Motion – Configuration, Programming, and Operation If any differences are detected, the safety connection between the safety controller and the drive is not established (for a new drive/system) or lost (for an existing drive/system). A yellow icon appears next to the drive in the controller project tree to indicate a lost or unestablished connection.
Page 169: Motion Direct Commands In Motion Control Systems
ATTENTION: Enable the ‘Configure Always’ feature only if the entire integrated safety control system is not being relied on to maintain SIL 3 behavior during the replacement and functional testing of a PowerFlex 755/ 755T drive product. If other parts of the integrated safety control system are being relied upon to maintain SIL 3, make sure that the controller’s ‘Configure Always’...
Page 170 Understand STO Bypass When Using Motion Direct Commands If a Safety-only connection between the GuardLogix safety controller and the PowerFlex 755/755T drive product was established at least once after it was received from the factory, then it does not allow motion while the safety controller is in Program mode by default.
Page 171 Logix Designer Application Warning Messages When the controller is in Run mode, executing safety functions, the PowerFlex 755 drive follows the commands that it receives from the safety controller. The controller reports ‘Safety State = Running’ and ‘Axis State = Stopped/Running’...
Page 172 Chapter 7 Integrated Motion – Configuration, Programming, and Operation When you issue a motion direct command to an axis to produce torque in Program mode, for example MSO or MDS, with the safety connection present to the drive, a warning message is presented before the motion direct command is executed, as shown in Figure Figure 72 - STO Bypass Prompt When the Safety Controller is in Program Mode...
Page 173 Integrated Motion – Configuration, Programming, and Operation Chapter 7 Figure 73 - Safety State Indications After Controller Transitions to Program Mode (MDC executing) IMPORTANT The persistent warning message text ‘Safe Torque Off bypassed’ appears when a motion direct command is executed. The warning message persists even after the dialog is closed and reopened as long as the integrated safety drive is in STO Bypass mode.
Page 174 Chapter 7 Integrated Motion – Configuration, Programming, and Operation Warning Icon and Text in Axis Properties In addition to the other warnings that require your acknowledgement, the Logix Designer application also provides warning icons and persistent warning messages in other Axis Properties dialog boxes when the integrated safety drive is in STO Bypass mode.
Page 175 Integrated Motion – Configuration, Programming, and Operation Chapter 7 Figure 77 - Axis and Safe State Indications on the Motion Console Dialog Box Functional Safety Considerations ATTENTION: Before maintenance work can be performed in Program mode, the developer of the application must consider the implications of allowing motion through motion direct commands.
Page 176: Programming
Figure 79 page 179. • The PowerFlex 755 and PowerFlex 755T drives and drive products contain one inverter for control of one motor and one motion axis. • Feedback from position encoders, supplied to the motion tasks, is also associated with the axis.
Page 177 Integrated Motion – Configuration, Programming, and Operation Chapter 7 system applications, an E-stop switch is used to stop the system. In the following example, the switch is used to initiate the process that brings the axis to a controlled stop before removing power. This type of stop is called Stop Category 1.
Page 178 STO by clearing the bit: module:SO.STOOutput tag of the drive motion- safety instance. This figure shows how the safety task and motion tasks communicate with the drive. Figure 78 - Safe Monitor System Communication PowerFlex 755/755T Drive Product CIP Motion™ Motion Protocol...
Page 179: Safe Monitor Network Communication
Motion Axis Motion Safety Motion Core Instance PowerFlex 755/755T Drive Product Motion Connection The motion connection communicates drive motion and safety status to the motion task. The motion connection also receives motion commands from the motion task in the motion controller.
Page 180 Chapter 7 Integrated Motion – Configuration, Programming, and Operation Table 61 - Motion Connection Axis Tags Axis Tag Name Motion Connection Safety Output Assembly Tag Name Data Type Description (motion controller) (safety controller) Attribute # Axis.AxisSafetyState DINT Drive module Safety Supervisor state. See the Safety Supervisor None State...
Page 181 Integrated Motion – Configuration, Programming, and Operation Chapter 7 Table 61 - Motion Connection Axis Tags (continued) Axis Tag Name Motion Connection Safety Output Assembly Tag Name Data Type Description (motion controller) (safety controller) Attribute # Axis.SLSActiveStatus [18] BOOL Indicates that the controller-based SLS function is active. module:SO.SLSActive[inst] 0 = SLS Function is not Active 1 = SLS Function is Active...
Page 182 Chapter 7 Integrated Motion – Configuration, Programming, and Operation Table 61 - Motion Connection Axis Tags (continued) Axis Tag Name Motion Connection Safety Output Assembly Tag Name Data Type Description (motion controller) (safety controller) Attribute # Axis.SafeTorqueOffFault BOOL Indicates a fault occurred within the STO function of the drive- None (use explicit message) module safety instance.
Page 183: Explicit Messages
Integrated Motion – Configuration, Programming, and Operation Chapter 7 The pass-through data includes items such as status and faults for controller- based safety functions. Two general-purpose 32-bit words are provided in the output assembly from the safety controller and appear as AxisSafetyDataA and Axis SafetyDataB in the motion controller associated axis.
Page 184: With Integrated Motion
Running (torque permitted) STO bypass state Integrated In this example, a PowerFlex 755 drive (equipped with embedded Ethernet) Application Example - Using controls a servo motor (catalog number MPL-B430P-M). A Universal Feedback SFX, SS1, and SLS Instructions option module (catalog number 20-750-UFB-1) and an Integrated Safety...
Page 185: Studio 5000 Logix Designer Application Configuration
Integrated Motion – Configuration, Programming, and Operation Chapter 7 A Guard Locking Switch (catalog number TLS-Z GD2) is mapped to one of the S4 Safety Outputs. This switch can be opened when the Safe Stop 1 is complete and when the Safe Limited Speed is below the required speed for an operator to access the machine function.
Page 186 Integrated Motion – Configuration, Programming, and Operation Figure 82 - Peripheral Device Definition This PowerFlex 755 drive is configured with the 20-750-UFB-1 in port 4. The Safe Feedback checkbox must be checked for proper configuration and agreement with the safety switches on the Universal Feedback option module.
Page 187: Programming Example
Integrated Motion – Configuration, Programming, and Operation Chapter 7 Figure 85 - Studio 5000 Safety Input Configuration Example • Inputs 0 and 1 are used with an OSSD Estop input from the 800FP. • Input 2 is a standard digital input from a push button to safety reset the S4 module.
Page 188 Chapter 7 Integrated Motion – Configuration, Programming, and Operation Figure 87 - DCS Instruction with the S4 is Mapped to the 800FP Figure 88 - DCS Instruction Evaluates Dual-input Validity Safety Logic The Safety Logic is used to configure when a safety reset occurs, the home trigger, and the execution of the SFX instruction (which must have primary feedback valid for it to execute properly).
Page 189 Integrated Motion – Configuration, Programming, and Operation Chapter 7 Figure 89 - Safety Logic Example Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 190 (namely SFX, SS1, and SLS) to function. Figure 90 - Safety Output Example The PowerFlex 755 S4 safety actions can be configured based on the required reaction to various machine requirements. In this instance, the STO request is executed by the PowerFlex 755 in causing a disable and coast reaction.
Page 191 Integrated Motion – Configuration, Programming, and Operation Chapter 7 Figure 91 - Safety Output Programming Example The Safe Limited Speed (and any other safe monitoring instruction requests besides STO, SS1, and SS2) are handled with the use of pass-through tags in the GuardLogix Motion Controller.
Page 192 Chapter 7 Integrated Motion – Configuration, Programming, and Operation Figure 93 - Motion Instructions to Run the Motor at a Specific Velocity Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 193 Integrated Motion – Configuration, Programming, and Operation Chapter 7 Figure 94 - Use of the Motion Change Dynamics Instruction to Change from Normal Operating Speed to Safe Limited Speed and Back based on the Safety Task Request Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 194 Chapter 7 Integrated Motion – Configuration, Programming, and Operation Figure 95 - Use of the Motion Axis Stop Instruction to Bring the Motor to 0 Speed Once the SS1 Request is Made From the Safety Task When the stop is complete and 0 speed, the Motion Servo Off is given to open the position loop and stop modulating the drive.
Page 195 Chapter Monitoring and Troubleshooting This chapter provides information for monitoring and troubleshooting the Integrated Safety Functions option module. Topic Page Monitor Status Using Status Indicators Monitor Status with a HIM or Software Monitor Status Using Status The option module has four status indicators to provide status of the module, safety network, and motion output of the drive: Indicators •...
Page 196: Module Status Indicator (Ds1)
Chapter 8 Monitoring and Troubleshooting Module Status Indicator (DS1) Table 65 provides information for the module status indicator. Table 65 - Module Status LED (DS1) For Safety Supervisor State Status Indicator Description or Problem No power No power is applied to drive Device self-test (1) Flashing red/green Device is performing its power-on self-test...
Page 197: Motion Output Status Indicator (Ds3)
Monitoring and Troubleshooting Chapter 8 Motion Output Status Indicator (DS3) Table 67 provides information for the motion output status indicator. Table 67 - Motion Output Status LED (DS3) State Status Indicator Problem Torque disabled Torque is disabled Torque permitted Solid green STO circuit is permitting torque Circuit fault Flashing red...
Page 198 Chapter 8 Monitoring and Troubleshooting Figure 96 - Axis Faults and Status The safety faults named in Table 69 appear as Safety Faults when they occur. In addition, if any of these faults are present, a safety fault appears under the axis fault.
Page 199: Understand Safety Faults
Monitoring and Troubleshooting Chapter 8 Understand Safety Faults To obtain more detailed information about any faults that are detected in the drive, most faults have a corresponding fault-type attribute. These attributes are read by using an MSG instruction in the ladder program to read the specific attribute information, or by reading the corresponding DPI™...
Page 200: Rockwell Automation Publication 750-Um005A-En-P - October
Chapter 8 Monitoring and Troubleshooting Safe Torque Off Fault The Safe Torque Off (STO) function detected a fault. The safe stop function records the specific fault type in the STO Fault Type attribute. The STO Fault Type attribute is also recorded in P7 [STO Fault Type]. Table 71 describes the parameters for an MSG instruction.
Page 201: Safe Stop 1 Fault
Monitoring and Troubleshooting Chapter 8 Safe Stop 1 Fault The Safe Stop 1 (SS1) function detected a fault. The safe stop function records the specific fault type in the Safe Stop Fault attribute. The SS1 Fault Type is also recorded in P10 [SS1 Fault Type]. Table 74 describes the parameters for an MSG instruction.
Page 202: Safe Brake Control Fault
Chapter 8 Monitoring and Troubleshooting Safe Brake Control Fault The Safe Brake Control (SBC) function detected a fault. The safe stop function records the specific fault type in the SBC Fault Type attribute. The SBC fault type is also recorded in P11 [SBC Fault Type]. Table 75 describes the parameters for an MSG instruction.
Page 203: Safety Feedback Faults
Monitoring and Troubleshooting Chapter 8 Safety Feedback Faults When configured for safety feedback, the device performs periodic diagnostics to make sure that the feedback device is operating correctly. Explicit messaging can be used to read the fault type information from the drive. For example, if an error is detected, the Safe Feedback object (class code 0x58) updates the Safe Feedback Fault Type attribute (attribute ID 0x09) with the reason for the fault.
Page 204: Safety Fault Reset
Chapter 8 Monitoring and Troubleshooting Safety Fault Reset If the drive motion safety instance detects a fault, the input assembly tag module:SI.SafetyFault is set to 1. The associated axis.SafetyFault tag is also set to 1. A Safety Fault can result from the SS1 stopping function, STO function, safety feedback, SBC function, or other safety diagnostics.
Page 205: Monitor Status With A Him Or Software
Monitoring and Troubleshooting Chapter 8 Figure 97 - Reset Safe Stop Fault Diagr Disable Torque SO.SafeTorqueOff (bit 0) Permit Torque Reset Request SO.Reset (bit 7) Torque Disabled SI.TorqueDisabled (bit 0) SI.SafetyFault (bit 6) No Fault Faulted Reset Required SI.ResetRequired (bit 7) Faulted P4 [Host Config] Safety Status (bit 0)--->Safety Fault Reset Request...
Page 206 Chapter 8 Monitoring and Troubleshooting application. After determining the fault type, see the Understand Safety Faults section for more information on the fault. Safety board faults are also stored in the drive fault queue: Figure 98 - Drive Fault Queue Further information on the cause of the fault is also recorded in the Integrated Safety Functions module events queue: Figure 99 - Mobile Events Queue...
Page 207 Monitoring and Troubleshooting Chapter 8 Table 78 through Table 84 for a description of these parameters. Table 78 - P3 [Safety State] Value Display Text Description Testing Device is performing test diagnostics Idle No active connections Test Flt A fault has occurred while executing test diagnostics Executing Normal running state Abort...
Page 208 Chapter 8 Monitoring and Troubleshooting Table 79 - P4 [Safety Status] (continued) Display Text Description SMT OvrTemp Indicates whether the Safe Motor Temperature function has detected a temperature above the limit. 0 = Temp Below Limit 1 = Temp Above Limit SSM Active Indicates if the Safe Speed Monitoring function is active.
Page 209 Monitoring and Troubleshooting Chapter 8 Table 80 - P5 [Safety Faults] Display Text Description Core Fault The module has detected an unrecoverable fault. Fdbk Fault A fault is present in a safety feedback device. STO Fault This bit indicates the fault status of the STO function. 0 = no fault 1 = faulted The cause of the fault is recorded in device P7 [STO Fault Type].
Page 210: Monitor Status Using Integrated Motion
Chapter 8 Monitoring and Troubleshooting Table 82 - P7 [Safe Faults Mfg] Display Text Description SFX Fault The Safety Feedback Interface Add On Instruction has experienced a fault. Table 83 - P8 [Safety Data A] Data Type Display Text Description DWORD Safety Data A User-defined data sent from Safety Controller.
Page 211 Monitoring and Troubleshooting Chapter 8 Table 85 - Motion Connection Axis Tags Axis Tag Name (motion controller) MDAO Attribute Data Type Description or [bit] Axis.CIPStartInhibits DINT A bit map that specifies the current state of all standard conditions that inhibits starting of the axis.
Page 212 Chapter 8 Monitoring and Troubleshooting Table 85 - Motion Connection Axis Tags (continued) Axis Tag Name (motion controller) MDAO Attribute Data Type Description or [bit] Axis.SCAActiveStatus [26] BOOL Indicates the state of the module:SO.SCAActive controller output tag. Axis.SCAStatus [27] BOOL Indicates the state of the module:SO.SCAStatus controller output tag.
Page 213 Monitoring and Troubleshooting Chapter 8 Table 85 - Motion Connection Axis Tags (continued) Axis Tag Name (motion controller) MDAO Attribute Data Type Description or [bit] Axis.SDIFault [19] BOOL Set if the module:SO.SDIFault controller output tag is set. Enters ‘Safely Limited Direction (SDI)’...
Page 214: Out-Of-Box State
PowerFlex® 755 drive at least once, you can follow these steps to restore your PowerFlex 755 drive to the out-of-box state while online. 1. Right-click the PowerFlex 755 drive you created, and choose Properties. Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 215 Monitoring and Troubleshooting Chapter 8 2. Click the Connection tab. 3. Check Inhibit Module. 4. Click Apply. 5. Click the Safety Tab. 6. Click Reset Ownership. 7. Click the Connection tab. 8. Clear the Inhibit Module checkbox. 9. Click Apply. 10.
Page 216 Chapter 8 Monitoring and Troubleshooting Notes: Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 217 Appendix Safety Function Validation Checklist Use this appendix to validate your drive safety instructions. Each instruction has a checklist with test commands and results to verify for normal operation and abnormal operation scenarios. Topic Page Safe Stop 1 (SS1) Safe Stop 2 (SS2) Safe Operating Speed (SOS) Safely-limited Speed (SLS) Safely-limited Position (SLP)
Page 218 Appendix A Safety Function Validation Checklist Safe Stop 1 (SS1) Use this SS1 instruction checklist to verify normal operation and the abnormal operation scenarios. IMPORTANT Perform I/O verification and validation before validating your safety ladder program. SFX instruction must be verified within your application. When possible, use immediate operands for instructions to reduce the possibility of systematic errors in your ladder program.
Page 219 Safety Function Validation Checklist Appendix A Table 1 - SS1 Instruction Checklist (continued) Test Type Test Description Test Status Change the motion deceleration rate within the motion task that is associated with this SS1 function so that the stop delay time is exceeded without triggering a deceleration fault.
Page 220: Checklist Safe Stop 2 (Ss2)
Appendix A Safety Function Validation Checklist Safe Stop 2 (SS2) Use this SS2 instruction checklist to verify normal operation and the abnormal operation scenarios. IMPORTANT Perform I/O verification and validation before validating your safety ladder program. SFX instruction must be verified within your application. When possible, use immediate operands for instructions to reduce the possibility of systematic errors in your ladder program.
Page 221 Safety Function Validation Checklist Appendix A Table 2 - SS2 Instruction Checklist (continued) Test Type Test Description Test Status Change the motion deceleration rate within the motion task that is associated with this SS2 function so that the stop delay time is exceeded without triggering a deceleration fault.
Page 222 Appendix A Safety Function Validation Checklist Table 2 - SS2 Instruction Checklist (continued) Test Type Test Description Test Status Initiate a Start command. • Verify that the machine is in a normal machine run condition • Verify proper machine status and safety application program status Operate the machine at maximum (normal) operating system speed.
Page 223: Safe Operating Speed (Sos)
Safety Function Validation Checklist Appendix A Safe Operating Speed (SOS) Use this SOS instruction checklist to verify normal operation and the abnormal operation scenarios. IMPORTANT Perform I/O verification and validation before validating your safety ladder program. SFX instruction must be verified within your application. When possible, use immediate operands for instructions to reduce the possibility of systematic errors in your ladder program.
Page 224 Appendix A Safety Function Validation Checklist Table 3 - SOS Instruction Checklist (continued) Test Type Test Description Test Status Initiate a Start command. • Verify that the machine is in a normal machine run condition • Verify proper machine status and safety application program status Operate the machine at maximum (normal) operating system speed.
Page 225: Safely-Limited Speed (Sls)
Safety Function Validation Checklist Appendix A Safely-limited Speed (SLS) Use this SLS instruction checklist to verify normal operation and the abnormal operation scenarios. IMPORTANT Perform I/O verification and validation before validating your safety ladder program. SFX instruction must be verified within your application. When possible, use immediate operands for instructions to reduce the possibility of systematic errors in your ladder program.
Page 226: Safely-Limited Position (Slp)
Appendix A Safety Function Validation Checklist Safely-limited Position (SLP) Use this SLP instruction checklist to verify normal operation and the abnormal operation scenarios. IMPORTANT Perform I/O verification and validation before validating your safety ladder program. SFX instruction must be verified within your application. When possible, use immediate operands for instructions to reduce the possibility of systematic errors in your ladder program.
Page 227 Safety Function Validation Checklist Appendix A Table 5 - SLP Instruction Checklist (continued) Test Type Test Description Test Status Initiate a Start command. • Verify that the machine is in a normal machine run condition • Verify proper machine status and safety application program status Operate the machine within the desired position range.
Page 228: Safe Direction (Sdi)
Appendix A Safety Function Validation Checklist Safe Direction (SDI) Use this SDI instruction checklist to verify normal operation and the abnormal operation scenarios. IMPORTANT Perform I/O verification and validation before validating your safety ladder program. SFX instruction must be verified within your application. When possible, use immediate operands for instructions to reduce the possibility of systematic errors in your ladder program.
Page 229: Safe Feedback Interface (Sfx)
Safety Function Validation Checklist Appendix A Safe Feedback Interface Use this SFX instruction checklist to verify normal operation and the abnormal operation scenarios. (SFX) IMPORTANT Perform I/O verification and validation before validating your safety ladder program. SFX instruction must be verified within your application. When possible, use immediate operands for instructions to reduce the possibility of systematic errors in your ladder program.
Page 230 Appendix A Safety Function Validation Checklist Table 7 - SFX Instruction Checklist (continued) Test Type Test Description Test Status Initiate a Start command. • Verify that the machine is in a normal machine run condition • Verify proper machine status and safety application program status Operate the machine within the normal operating range.
Page 231: Safe Brake Control (Sbc)
Safety Function Validation Checklist Appendix A Safe Brake Control (SBC) Use this SBC instruction checklist to verify normal operation and the abnormal operation scenarios. IMPORTANT Perform I/O verification and validation before validating your safety ladder program. When possible, use immediate operands for instructions to reduce the possibility of systematic errors in your ladder program.
Page 232 Appendix A Safety Function Validation Checklist Notes: Rockwell Automation Publication 750-UM005A-EN-P- October 2018...
Page 233 Appendix Specifications, Certifications, and CE Conformity This appendix provides general specifications for the Integrated Safety Functions option module. Topic Page Integrated Safety Functions Option Module Specifications Environmental Specifications Certifications Integrated Safety Functions These specifications apply to the Integrated Safety Functions option module. For additional specifications, see these publications: Option Module Specifications •...
Page 234 Appendix B Specifications, Certifications, and CE Conformity Electrical Requirements Table 10 - Safety Input Specifications Attribute Value Input Type Current Sinking IEC 61131-2 (input type) Type 3 Voltage, on-state 11…30V DC Voltage, off-state -3…5V DC Current, on-state, minimum 2 mA Current, off-state, maximum 1.5 mA Table 11 - Safety Output Specifications...
Page 235: Environmental Specifications
For detailed information on environmental, pollution degree, and drive enclosure rating specifications, see the technical data publication for your drive. • PowerFlex 755 AC Drives Technical Data, publication 750-TD001 • PowerFlex 750-Series Products with TotalFORCE Control Technical...
Page 236: Certifications
Up to SIL 3, according to EN 61800-5-2 and IEC 61508, and SIL CL3 according to EN IEC 62061; Up to Performance Level PLe and Category 4, according to EN ISO 13849-1; When used as described in this PowerFlex 755 Integrated Safety Functions User Manual, publication 750-UM004. (1) See the Product Certification link at http://www.rockwellautomation.com/global/certification/overview.page...
Page 237: Emc Directive (2014/30/Eu)
Specifications, Certifications, and CE Conformity Appendix B EMC Directive (2014/30/EU) • EN 61800-3 - Adjustable speed electric power drive systems - Part 3: EMC requirements and specific test methods Waste Electrical and Electronic Equipment (WEEE) At the end of its life, this equipment should be collected separately from any unsorted municipal waste.
Page 238 Appendix B Specifications, Certifications, and CE Conformity Notes: Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 239 Appendix Safety I/O Assemblies and Safety Attributes Controller axis tags are used by the motion controller motion task to read the status of safety functions and coordinator motion. This appendix lists the motion controller tags that are associated with the safety instances and with safety functions operating in the safety task of the controller.
Page 240 Appendix C Safety I/O Assemblies and Safety Attributes Safety Assembly Tags Safety assembly tags are associated with a safety connection from a safety controller to a drive module. The data in these tags are communicated at the configured connection rate. Safety Input Assembly tags contain the data that is transferred from the drive to the GuardLogix®...
Page 241 Safety I/O Assemblies and Safety Attributes Appendix C Table 14 - Safety Input Assembly Tags (continued) Safety Input Assembly Tag Name Type/[bit] Description (input to safety controller) module :SI.MotionPositive 1 = Feedback Velocity > Primary Feedback Standstill Speed module :SI.MotionNegative 1 = Feedback Velocity <...
Page 242 Appendix C Safety I/O Assemblies and Safety Attributes Table 15 - Safety Output Assembly Tags Safety Output Assembly Tag Name Type/[bit] Description (output to safety controller) module: SO.PassThruDataA[ instance ] DINT 32-bit data container holding general-purpose safety data passed from the safety controller. module :SO.PassThruDataB[ instance ] DINT 32-bit data container holding general-purpose safety data passed from the safety controller.
Page 243 Safety I/O Assemblies and Safety Attributes Appendix C Table 15 - Safety Output Assembly Tags (continued) Safety Output Assembly Tag Name Type/[bit] Description (output to safety controller) module :SO.SLSActive[ instance ] Indicates that the controller-based SLS function is active. 0 = SLS Function is not active 1 = SLS Function is active module :SO.SLSLimit[ instance ] Indicates that the controller-based SLS function has detected the monitored axis speed...
Page 244 Appendix C Safety I/O Assemblies and Safety Attributes Table 15 - Safety Output Assembly Tags (continued) Safety Output Assembly Tag Name Type/[bit] Description (output to safety controller) module :SO.SLSFault[ instance ] Controller-based SLS fault. 0 = Normal Operation 1 = Fault module :SO.SDIFault[ instance ] Controller-based SDI fault.
Page 245 Safety I/O Assemblies and Safety Attributes Appendix C Safety Feedback Attributes Safety feedback attributes provide configuration and status information for safety feedback. The module has two safety feedback instances. The safety feedback instances contain safety feedback attributes and safety feedback configuration data.
Page 246 1 = Inverted according to the encoder manufacture specifications. For feedback devices internal to Allen-Bradley® motors, the Normal direction is clockwise rotation of the shaft when facing the end of the motor shaft.
Page 247: Safe Stop Function Attributes
Safety I/O Assemblies and Safety Attributes Appendix C Safe Stop Function Safe-stop function attributes provide configuration and status information for safety feedback. Attributes The module has one safe stop function instance. Safe-stop function attributes provide status and configuration data. All attributes can be read using explicit messages.
Page 248 Appendix C Safety I/O Assemblies and Safety Attributes Table 18 - Safe Stop Function Attributes (Class 0x5A) (continued) Attribute ID Attribute Name Attribute Description Values Decimal (Hex) 50 (0x32) Connection Loss Action Safety Output Connection is lost (or closed) and optional Connection Loss 0 = STO (default) Action is Set to STO (default).
Page 249 Safety I/O Assemblies and Safety Attributes Appendix C Table 18 - Safe Stop Function Attributes (Class 0x5A) (continued) Attribute ID Attribute Name Attribute Description Values Decimal (Hex) 282 (0x11A) SS1 Active Safe Stop 1 function active. 0 = Not Active 1 = Active 283 (0x11B) SS1 Fault...
Page 250 Appendix C Safety I/O Assemblies and Safety Attributes Table 18 - Safe Stop Function Attributes (Class 0x5A) (continued) Attribute ID Attribute Name Attribute Description Values Decimal (Hex) 361 (0x169) SBC Output Commanded state of the SBC Outputs. 0 = Engage Brake (default) 1 = Release Brake Permit 362 (0x16A) SBC Active...
Page 251: Explicit Messages
Safety I/O Assemblies and Safety Attributes Appendix C Explicit Messages Use explicit messages to communicate with a drive and obtain additional fault, status, or configuration information that is not available in the Safety I/O Tag structure. Attribute data is useful for additional diagnostic information. IMPORTANT Explicit messages must not be used for any safety related function.
Page 252 Appendix C Safety I/O Assemblies and Safety Attributes backplane and <port> is the number of the backplane port where the 20-750- S4 option is installed. This can be port 4, 5, or 6. In CIP Motion applications the 20-750-S4 must be installed in port 6. Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 253: Parameters And Settings In A Linear List
Appendix Parameter Data This appendix provides a description of the device parameters and host config parameters. Parameters and Settings in a This section describes the status parameters and their values in numerical order. Linear List Device Parameters Table 20 - Device Config Parameters Display Name Values Description...
Page 254 Appendix D Parameter Data Table 20 - Device Config Parameters (continued) Display Name Values Description Data Type Full Name Description Extended Status “Self Test” (0) A self test is in progress. USINT Detailed description of “FW Update” (1) A firmware update is in progress. the module status based on Identity “IO Faulted”...
Page 255 Parameter Data Appendix D Table 20 - Device Config Parameters (continued) Display Name Values Description Data Type Full Name Description SS1 Fault Type “No Fault” (1) No fault being reported by the Safe Stop BYTE 1 function. The fault reported by the Safe Stop 1 “Config”...
Page 256 Appendix D Parameter Data Table 20 - Device Config Parameters (continued) Display Name Values Description Data Type Full Name Description Input Alarm “No Alarm” (0) No alarm reported by the input instance. BYTE The alarm being “Config” (1) The input instance's configuration is reported by the input invalid.
Page 257 Parameter Data Appendix D Table 20 - Device Config Parameters (continued) Display Name Values Description Data Type Full Name Description Enc1 Accel REAL Primary encoder acceleration in units/ s2. The units of this value are of the type reported by parameter 24 - (En1 Unit).
Page 258 Appendix D Parameter Data Table 20 - Device Config Parameters (continued) Display Name Values Description Data Type Full Name Description Enc2 Velocity REAL Secondary encoder velocity in Units/s. The units of this value are of the type reported by P34 [Enc2 Unit]. Enc2 Accel REAL Secondary encoder...
Page 259: Host Config Parameters
Host Parameters 11…14 configure how the PowerFlex® 755 drive reacts to a change in the status of the safety functions. These configuration parameters are not part of the ‘Safety’ configuration, they are part of the PowerFlex 755 drive configuration. Table 21 - Host Config Parameters...
Page 260 Appendix D Parameter Data Table 21 - Host Config Parameters (continued) Display Name Values Full Name Description Safety Status BOOL[32] Indicates status of the safety functions. Options Default 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 Bit 0 “Safety Fault”...
Page 261 Parameter Data Appendix D Table 21 - Host Config Parameters (continued) Display Name Values Full Name Description Safety Faults BOOL[32] Indicates what type of safety fault has occurred. Options Default 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 Bit 1 “Core Fault”...
Page 262 Appendix D Parameter Data Table 21 - Host Config Parameters (continued) Display Name Values Full Name Description STO Actn Src Default: 0 - Drive RW DWORD Determines whether the drive or the controller initiates a stop when the Safety Status STO Active Options: 0 - Drive bit is set.
Page 263: Index
Index Numerics cycle interpolation 154 20-750-S 16 resolution 154 20-750-S1 16 20-750-S3 16 diagnostic 206 cosine 27 actions 152 encoder 25 hiperface 27 ADC 114 digital AqB encoders 27 additional resources 13 discrepancy 162 assembly tags checking 157 input 240 errors 50 output 242 testing 22...
Page 264 STO bypass 170 warning messages 171 jumper locations MSG command 214 Powerflex 755 drives 33 PowerFlex 755T drive products 33 jumper settings 31 network delay multiplier 151 network status 195 Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 265 100 brake 93 in standard I/O mode 98 category 233 PFD 20 connection 147 control state 214 PowerFlex 755 drives 21 core fault 199 PowerFlex 755T drive products 21 DeviceID 129 PFH 20 digital outputs 52 definition 11...
Page 266 Index edit 111 spurious trip rate 23 output 149 SS1 78 output alarm 60 activation 78 output assembly tag 67 fault 201 output data 57 reset 79 output ready 58 safety fault 84 output status 57 stopping action and source 80 output with test pulse 52 validation checklist 218 performance level 18...
Page 267 Index test output 162 mode 63 ready 65 status 64 test pulse 52 test pulses 164 test pulses mode 88 time 156 timed SS1 80 SS1 definition 10 timeout multiplier 151 TÜV Rheinland 18 type 162 units 154 used as standard input 162 no test pulses mode 87 test pulses mode 88 with test output 162...
Page 268 Index Notes: Rockwell Automation Publication 750-UM005A-EN-P - October 2018...
Page 270 Rockwell Automation maintains current product environmental information on its website at http://www.rockwellautomation.com/rockwellautomation/about-us/sustainability-ethics/product-environmental-compliance.page. Allen-Bradley, Connected Components Workbench, CompactLogix, ControlLogix, DeviceLogix, DPI, Integrated Architecture, Guard I/O, GuardLogix, Logix 5000, PowerFlex, QuickView, Rockwell Automation, Rockwell Software, Studio 5000 Logix Designer, and TotalFORCE are trademarks of Rockwell Automation, Inc.

This manual is also suitable for:

Powerflex 755t

Allen-Bradley PowerFlex 755 User Manual

Preface

Chapter 1

Installation

Chapter 2 Remove Power to the System

Chapter 3 Safety Inputs

Chapter 4 Safety Output Assembly Safe Stop Function Tags

Drive-Based Safe Stop Functions

Chapter 5

Chapter 6

Chapter 7 Add a Powerflex 755 Drive to the Controller Project

Chapter 8

Appendix A

Appendix B

Appendix C

Quick Links

Related Manuals for Allen-Bradley PowerFlex 755

Summary of Contents for Allen-Bradley PowerFlex 755