3 ss1, safe stop 1, 1 explanation, Ss1, safe stop 1 4.3.1 – Festo Контроллеры двигателя CMMS-ST User Manual

Page 88: Explanation

Advertising
background image

4. Functional safety engineering

88

Festo.P.BE-CMMS-ST-G2-HW-EN

1008NH

For “STO” as per EN 61508, SIL 2, a second channel is required, i.e. a restart must be
reliably prevented via two separate, completely independent paths. These two paths for
interrupting the energy supply to the drive with the reliable impulse block are called
switch-off paths:

1st Switch-off path: End stage enable via [X1] (blocking of the PWM signals; the IGBT

drivers no longer receive pulse patterns).

2nd switch-off path: Interruption of the supply for the six end stage IGBTs via[X3] using

a relay (the IGBT optocoupler drivers are removed from the power
supply via a relay, thus preventing the PWM signals from reaching
the IGBTs).
A plausibility check between the relay control for the end stage
driver supply and the monitoring of the driver supply is performed
by the microprocessor. This is used for error detection of the
impulse block and also for suppressing error message
E 05-2 (“Driver supply undervoltage”) which occurs in normal
operation.

Potential-free
acknowledgment
contact:

The integrated “Safe torque off” circuit also has a potential-free
acknowledgment contact ([X3] Pin 5 and 6) for the presence of the
driver supply. This is an N/C contact. It must be connected to the
higher-order controller, for example. The function of switching off
the end stage enable must be checked regularly via the PLC (e.g.
monthly; contact open = driver supply available).
If an error occurs in the plausibility check, the control system must
prevent further operation, for example by switching off the
intermediate circuit voltage or breaking off the output stage enable
by the PLC.

4.3

SS1, Safe Stop 1

4.3.1 Explanation

In the function “Safe Stop 1” (SS1), the drive is run down in a controlled way and, after
that, the power supply to the final output stage is switched off. As a result, the drive
cannot generate torque or any force at standstill and so cannot make any dangerous
movements.

Advertising
Popular Brands
Popular manuals