manualshive.com logo in svg

Allen-Bradley GuardPLC 1753, Safety Reference Manual

The Allen-Bradley GuardPLC 1753 offers advanced safety features for industrial applications. Ensure proper operation with the Safety Reference Manual, available for free download on manualshive.com. This comprehensive manual provides essential information for maximizing the performance and safety of your GuardPLC 1753 system.

Share
Download
background image

78

Publication 1753-RM002C-EN-P - September 2008

Chapter 7

        GuardPLC Controller Operating System

For the initial start-up of a safety PES or after a modification of the 
application program, the safety of the entire system must be checked 
by a complete functional test. These three steps must be carried out.

1.

Double compilation of the application program followed by 
comparison of the code versions (Configuration CRC of the 
CPU).

2.

Check the correct encoding of the application based on the data 
and control flows. 

3.

Complete functional test of the logic. 

See the next section, Check the Created Application Program.

Check the Application Program

To check your application program for adherence to the specific 
safety function, you must generate a suitable set of test cases covering 
the specification.

As a rule, the independent test of each input and the important links 
from the application side should suffice. RSLogix Guard PLUS! 
software and the measures defined in this safety manual are designed 
to prevent the generation of a semantic and syntactically correct code 
that contains undetected systematic errors.

You must also generate a suitable test set for the numeric evaluation 
of formulas. Equivalent range tests are acceptable. These are tests 
within the defined value ranges, at the range limits, or using invalid 
value ranges. Select the test cases to prove the validity of the 
calculation. The necessary number of test cases depends on the 
formula used and must comprise critical value pairs.

However, active simulation with sources cannot be omitted as it is the 
only means of detecting correct wiring of the sensors and actuators 
and of testing the system configuration.

Summary of Contents for GuardPLC 1753

Page 1: ...Safety Reference Manual Catalog Numbers 1753 1754 and 1755 GuardPLC Controller Systems Allen Bradley Parts...

Page 2: ...ith respect to use of information circuits equipment or software described in this manual Reproduction of the contents of this manual in whole or in part without written permission of Rockwell Automat...

Page 3: ...s to this manual since the last publication To help you find new and updated information in this release of the manual we have included change bars as shown to the right of this paragraph We removed a...

Page 4: ...4 Publication 1753 RM002C EN P September 2008 Summary of Changes...

Page 5: ...GuardPLC Safety Input Modules 29 Safety of Sensors Encoders and Transmitters 29 Digital Inputs 29 Analog Inputs 33 Counter Module 36 Checklist for Safety Inputs 38 Chapter 4 GuardPLC Controller and Gu...

Page 6: ...rs and I O Modules 75 Technical Safety for the Operating System 77 Operating Mode and Functions of the Operating System 77 Technical Safety for Programming 77 Parameters of the Automation System 80 Fo...

Page 7: ...7 Table of Contents Appendix A Specifications Chapter Introduction 107 Climatic Conditions 108 Mechanical Conditions 108 EMC Conditions 109 Power Supply Conditions 110 Appendix B Use in Central Fire...

Page 8: ...8 Publication 1753 RM002C EN P September 2008 Table of Contents...

Page 9: ...ow the GuardPLC Control System including the GuardPLC controllers and distributed I O DeviceNet safety scanner and DeviceNet safety I O can be used in safety applications up to and including SIL 3 acc...

Page 10: ...eck A number derived from and stored or transmitted with a block of data in order to detect corruption EN European Norm The official European Standard EPROM Erasable Programmable Read only Memory HSP...

Page 11: ...UM001 Information on configuration and programming on DeviceNet networks for ArmorBlock and CompactBlock Guard Safety I O Modules GuardPLC Certified Function Blocks Basic Suite Safety Reference Manua...

Page 12: ...12 Publication 1753 RM002C EN P September 2008 Preface...

Page 13: ...0 controller with Modbus Communications 1753 L28BBBP GuardPLC 1600 controller with Profibus DP Communications 1753 L32BBBM 8A GuardPLC 1800 controller with Modbus Communications 1753 L32BBBP 8A GuardP...

Page 14: ...ng Safety Integrated Level SIL 3 according to IEC 61508 and category 3 4 according to EN 954 1 Safety tests are based on the safety standards current at the time of certification These safety tests co...

Page 15: ...n accordance with IEC 61508 For SIL 3 IEC 61508 1 sets the following minimum PFD and PFH values PFD and PFH Values Type SIL 3 value per IEC 61508 1 PFD 10 4 10 3 PFH 10 8 10 7 per hour GuardPLC Contro...

Page 16: ...fety requirements including PFD and PFH for the DeviceNet Safety I O are in Chapter 6 GuardPLC I O SIL Certified Module IEC 61508 MTTF in years PFD PFH 1753 IB16 1 1 The PFD and PFH data is based on a...

Page 17: ...ation safety Use RSNetWorx for DeviceNet software version 6 0 or later to configure the DeviceNet safety scanner and DeviceNet safety I O module Use RSLogix Guard PLUS programming software according t...

Page 18: ...e time and the safety time Product Dependent You must use RSLogix Guard PLUS software to program the GuardPLC controller You must follow the guidelines listed on page 78 for initial startup or after a...

Page 19: ...ure safe electrical isolation Your application should monitor the status bits associated with safety network connections Since connections often recover automatically make sure this occurrence does no...

Page 20: ...in the process without a dangerous condition occurring If the fault condition lasts longer than the FTT the faulty signals can create a dangerous condition Safety Time of the PES The safety time is t...

Page 21: ...witching times of the inputs and outputs must be taken into account When a network is used for communication data reaction times are affected Refer to Chapter 9 for reaction time calculations Watchdog...

Page 22: ...22 Publication 1753 RM002C EN P September 2008 Chapter 1 Safety Concept for GuardPLC Controllers and GuardPLC I O Notes...

Page 23: ...pply is required The GuardPLC 2000 controller is a modular system in which a power supply module a CPU module and up to 6 local I O modules comprise the system Power Supply Module The power supply tra...

Page 24: ...ate in case of an error Flash EPROMs of the program memory for the operating system and application program suitable for a minimum of 100 000 programming cycles Data memory in SRAM Static RAM Multiple...

Page 25: ...The operating system the application program the constants and parameters and the variable data are stored in every central processing unit in both processor sectors and are tested by a hardware compa...

Page 26: ...GuardPLC Controllers and I O Modules Error Diagnostics Because the GuardPLC 1200 1600 and 1800 controllers are compact systems error diagnostics are summarized in a collective error LED indicator Each...

Page 27: ...ction This chapter gives information about GuardPLC controllers and GuardPLC I O module input channels Topic Page Overview 28 General Information on GuardPLC Safety Input Modules 29 Safety of Sensors...

Page 28: ...ontroller Digital Input 20 X GuardPLC 1800 Controller Digital Input 24 X 24 bit Counter 2 X Analog Input 8 X GuardPLC 16 point DC Input Module 1753 IB16 Digital Input 16 X GuardPLC 20 8 DC I O Module...

Page 29: ...r failures in the module which do not affect the safety function user diagnostic information is not generated Safety of Sensors Encoders and Transmitters In a Safety application the sensors and the PE...

Page 30: ...ed for the digital inputs in case of error See page 14 for an explanation of the closed circuit current system principle Reaction To Error If the test routines detect an error in digital inputs a 0 si...

Page 31: ...ut are set to digital values by configuration of the operating points The test routines and safety functions of analog inputs explained on pages 33 36 also apply to the configurable digital inputs on...

Page 32: ...and must be directly sequential Digital Input Monitoring The FAULT LED indicator on the front plate of the controller module flashes the inputs are set to 0 and an error code is generated when these...

Page 33: ...e safety related accuracy is the guaranteed accuracy of the analog input without error reaction of the module This value should be taken into account when the safety functions are configured Input Val...

Page 34: ...ulting value is not reliable The inputs must be terminated with a 10 K resistor parallel to the sensor The internal resistance of the source must be taken into account Input Values Number of Input Cha...

Page 35: ...ram Reaction In Case of Fault If the test routines for analog inputs detect an error a 0 value is processed for the faulty channel in the application program and the FAULT LED indicator illuminates In...

Page 36: ...channels General Depending on the parameters in the application program the counter can be operated as a fast up down counter with 24 bit resolution or as an encoder in the Gray code When used as a q...

Page 37: ...oftware displays a decimal figure corresponding to the bit pattern Depending on the application this figure can be converted into BCD code Test Routines When the counter is operated as an encoder in t...

Page 38: ...ty inputs It may be used as a planning draft as well as a proof If used as a planning draft the checklist can be saved as a record of the plan To ensure that the requirements are fully and clearly sat...

Page 39: ...5 unipolar 0 10V DC unipolar 0 10V DC 1755 IF8 only 6 unipolar 0 20mA 7 bipolar 10V DC 1755 IF8 only 8 Is the voltage input terminated or programmed for application fault handling 9 Do the ranges of t...

Page 40: ...40 Publication 1753 RM002C EN P September 2008 Chapter 3 GuardPLC Controller and GuardPLC I O Module Input Channels...

Page 41: ...dPLC 2000 output modules Topic Page Overview of GuardPLC Output Modules 42 General Safety Information On GuardPLC Safety Outputs 42 Digital Outputs for Non relay Output Modules 43 Safety related 2 pol...

Page 42: ...tion if an error occurs Output Capabilities Controller Module Type Quantity Safety Related Electrically Isolated GuardPLC 1200 Digital Output 8 X GuardPLC 1600 Controller Digital Output 8 X GuardPLC 1...

Page 43: ...he GuardPLC 2000 System The illustration above does not represent the specifications of the related module Digital Outputs for Non relay Output Modules Non relay output modules have these types of dig...

Page 44: ...shut down The total current draw of the module is monitored If the threshold is exceeded all channels of the output module are set to the Safety state 0 If an error occurs the output in accordance wi...

Page 45: ...max of 200 s The minimum time between two tests is 20 seconds Monitor line at 2 pole connection short circuit to L L short circuit between 2 pole connections 1753 IB16XOB8 only line break in one of th...

Page 46: ...a fault for EN 954 1 Cat 4 applications ATTENTION A short circuit between a negative switching output and L can cause a relay to switch on or another actuator to be switched into another operating st...

Page 47: ...dicator External Short Circuit or Overload Performance If the output is short circuited to L L or an overload condition exists it is still possible to carry out tests on the module A safety shutdown i...

Page 48: ...st the integrated redundant safety shutdown The operating voltage of the entire system is monitored de energizing all outputs at an undervoltage of 13V At the 1753 OW8 module the outputs are equipped...

Page 49: ...ed in the application program There are also reactions to incorrect output values that must be specified Test Routines Both the safety switches for the shutdown of all four outputs of the module are a...

Page 50: ...t in the event of failure Thus the safe condition is achieved at an output current of 0 mA and an output voltage of 0V DC In addition the respective channel status signals can be evaluated in the appl...

Page 51: ...the FAULT LED indicator For the worst case reaction time of the analog outputs add double the watchdog time WDZCPU x 2 of the controller to double the watchdog time of the output module WDZAO C x 2 S...

Page 52: ...Start up of Safety Manual GuardPLC Systems Company Site Loop definition Safety output channels in the GuardPLC 1200 GuardPLC 1800 GuardPLC 1600 GuardPLC 2000 No Requirements Fulfilled Comment Yes No 1...

Page 53: ...Safety Protocol HSP The safety scanner supports standard DeviceNet Master and Slave connections as well as DeviceNet safety originator and target connections In addition there are the following essent...

Page 54: ...rollers The DeviceNet safety scanner and GuardPLC controller interchange safety input and output data and standard input and output data tables Safety application data tables are protected from standa...

Page 55: ...t are safety related Connect Signals Dialogs You must commission all safety devices with the MAC ID and communication rate if necessary before their installation on the safety network MAC ID and commu...

Page 56: ...or Occurrence Time The occurrence time for multiple faults is the period of time in which the probability for the occurrence of multiple faults which in combination are critical to safety is sufficien...

Page 57: ...tion was created The configuration signature is used in several operations During download from a configuration tool the configuration signature provides you with a means to check that the device and...

Page 58: ...to precisely identify the intended target device during configuration and I O connection establishment Any device that originates a safety connection to another safety device must be configured with t...

Page 59: ...testing is complete Complete these steps to guarantee safety 1 Assign SSN and configure devices using RSNetWorx for DeviceNet software 2 Read back and print out the configuration from the device 3 Com...

Page 60: ...eNet software You are responsible for controlling access to the safety system including password use and handling After configuration data has been downloaded and verified the configuration data withi...

Page 61: ...DeviceNet safety or standard connection errors do not cause the HSP connection to close and the associated status bit is set to one DeviceNet Connection Loss On the loss of a DeviceNet safety or stan...

Page 62: ...753 UM002 for information on status and error codes Status Indicators The scanner has three status indicators that let you monitor module DeviceNet network and High speed Protocol HSP status The evalu...

Page 63: ...in the safe state until a manual reset occurs This prevents unexpected output transitions from low to high when a connection recovers from a faulted or idle state DeviceNet Scanner Configuration Chec...

Page 64: ...tion After adding one or more connections 4 Are the safety connection timing parameters suitable for the capacity of all CIP safety links traversed 5 Is the reaction time of each DeviceNet safety conn...

Page 65: ...characteristics that do not require HSP retires for example default Controller Resend Timeout of 0 is acceptable Is the Controller Receive Timeout setting on the HSP Properties dialog in RSLogix Guard...

Page 66: ...eater than twice the Watchdog Time Value 20 Is the Scanner Receive Timeout setting on the GuardPLC tab in RSNetWorx for DeviceNet equal to the WDZ time of the controller 21 Is the HSP connection estab...

Page 67: ...onal Resources on page 11 Field safety I O modules can be connected to safety input and output devices allowing these devices to be controlled by a GuardPLC and DeviceNet safety scanner control system...

Page 68: ...The DeviceNet safety I O modules should be used for applications that are in the safety state when the safety output turns OFF and the output data to the network turns OFF Diagnostics DeviceNet safet...

Page 69: ...from a configuration tool the Configuration Signature provides you with a means to check that the device and the configuration tool agree on the information downloaded During connection establishment...

Page 70: ...ne safety device already exists in the DeviceNet network configuration subsequent safety additions to that network configuration are assigned the same SNN as the lowest addressed safety device If no o...

Page 71: ...t The scanner continuously attempts to reestablish the input connection Output Connection If an output connection is lost the connection is reported as faulted by the safety Scanner to the controller...

Page 72: ...ock function with passwords is provided by the Safety Device Verification Wizard in RSNetWorx for DeviceNet software You are responsible for controlling access to the safety system including password...

Page 73: ...the time from when an input signal is changed to when network data is sent The output reaction time is the time from when a network signal is received to when the state of output terminal is changed S...

Page 74: ...llation instructions and precautions to conform to applicable safety standards Have you verified that the electrical specifications of the sensor and input are compatible Have you verified that the el...

Page 75: ...n these three blocks Operating system Application program Programming tool RSLogix Guard PLUS software according to IEC 61131 3 The operating system is loaded in the central unit of the GuardPLC contr...

Page 76: ...cation program are shown in the following table Operating System Functions Functions of the Operating System Connections to the Application Program Cyclical processing of the application program Acts...

Page 77: ...ons of the Operating System The operating systems process the application program in cycles The following functions described in simplified form are executed Read input data Process logic functions pr...

Page 78: ...te a suitable set of test cases covering the specification As a rule the independent test of each input and the important links from the application side should suffice RSLogix Guard PLUS software and...

Page 79: ...ted rootcom config that indicates the overall configuration portion of the COM which is not safety related root config indicates the entire configuration including the remote I O modules CPU and COM 4...

Page 80: ...bound to a certain requirement class However they must be available to the applicable approving board for every implementation of the automation system Operating Behavior Parameters Safety Parameter C...

Page 81: ...he force system A Select All can be effected via the Force Editor in RSLogix Guard PLUS software All displayed signals should be verified in the controller All forced inputs or outputs can be reset by...

Page 82: ...ramming software and PES is not necessary during RUN operation The requirements of the safety and application standards regarding the protection against manipulations must be observed The authorizatio...

Page 83: ...ty signal source correction also via communication reach the user program Is each safety output signal correctly configured and is the output signal connected to a physical output channel After a Modi...

Page 84: ...84 Publication 1753 RM002C EN P September 2008 Chapter 7 GuardPLC Controller Operating System...

Page 85: ...or Windows 2000 operating system RSLogix Guard PLUS software contains these features Input function block editor monitoring and documentation Variables with symbolic names and variable types BOOL and...

Page 86: ...be tested by the user and the PES can initiate safety operation Basis of Programming The application program should be easy to understand easy to trace easy to change easy to test The control task sh...

Page 87: ...d circuit principle for digital sensors life zero for analog sensors Signals for error Determination of redundancies required for technical safety reasons 1oo2 2oo3 See the Safety of Sensors Encoders...

Page 88: ...e and I O name should be the same The number of channels names per module depends on the type of module or system used The necessary diagnostic routines for safety I O modules or channels are automati...

Page 89: ...g functional requirements may be used with the logic Appropriate logical and or arithmetic functions are used by the application program regardless of the closed circuit principle of the physical inpu...

Page 90: ...tting for Safety Operation 1 1 The setting of the values only applies when you are online Main Enable The following switches parameters can be modified during operation of the programming software ON...

Page 91: ...oading and starting you can modify the following switches in the controller in the following sequence a Start Restart allowed to FALSE and Loading allowed to FALSE b Main Enable to FALSE 1 The only di...

Page 92: ...again See the Procedure for Locking the PES on page 91 Code Generation After input of the application program and completion of the I O assignments the code is generated forming the Configuration CRC...

Page 93: ...elapsed or if forcing is stopped the signals being forced revert to control by the user program 1 The only distributed I O module that can be configured for forcing is 1753 IB20XOB8 ATTENTION Forcing...

Page 94: ...The controller remains in the RUN state because the timeout was not reached and the Stop on Force Timeout switch was not set The force value is saved in the CPU If the CPU moves from RUN to STOP the...

Page 95: ...Safety Data In the HSP Signal Connection dialogs in RSLogix Guard PLUS software signals that are transferred over safety connections are shown in white text on a red background Signals transferred ov...

Page 96: ...96 Publication 1753 RM002C EN P September 2008 Chapter 8 Technical Safety for the Application Program...

Page 97: ...Ethernet 98 High speed Safety Protocol 102 Reaction Times for DeviceNet Safety Communication 103 Available Options Controller GuardPLC 1200 GuardPLC 1600 GuardPLC 1800 GuardPLC 2000 1754 L28BBB 1753 L...

Page 98: ...her and with the programming software via GuardPLC Ethernet network Monitoring of safety communication must be configured in the Peer to peer Editor by specifying the Receive Timeout ReceiveTMO If saf...

Page 99: ...e TR The ReceiveTMO must be calculated and entered via the peer to peer editor If the communication partner does not receive a correct answer within the ReceiveTMO the safety related communication is...

Page 100: ...st distributed I O module and the reaction of the outputs of the second distributed I O module can be calculated as follows TR input path output path where TR Worst Case Reaction Time input path t1 t2...

Page 101: ...ceiveTMO t4 2 x WDZPES2 The Worst Case Reaction Time TR depends on the application and must be coordinated with the approving board TR can be read in the Worst Case column of the Peer to Peer Editor T...

Page 102: ...and the DeviceNet safety scanner The HSP signature is calculated based on the layout of the device signals in RSNetWorx and is passed to RSLogix Guard PLUS software via the Scanner Signals File The H...

Page 103: ...action of the outputs of the second DeviceNet Safety I O module can be calculated as follows TR input path output path where TR Worst Case Reaction Time input path tA tB tC output path tD tE tF WDZ Wa...

Page 104: ...ation is A B C D E F System Reaction Time TR The 2 x WDT term is valid as long as the scanner s Scanner Receive Timeout is set to the same value as the controller s Watchdog Timeout System Reaction Ti...

Page 105: ...eer Reaction Time The basic equation is A B C D System Reaction Time TR The 2 x WDT term is valid as long as the scanner s Scanner Receive Timeout is set to the same value as the controller s Watchdog...

Page 106: ...106 Publication 1753 RM002C EN P September 2008 Chapter 9 Configuring Communication...

Page 107: ...rotection Class II according to IEC EN61131 2 Pollution Degree II Altitude 2000 m IP20 Enclosure for Standard Applications An alternate enclosure may be required depending upon the standards relevant...

Page 108: ...erature 40 85 C 40 185 F Battery only 30 C 22 F 6 3 4 2 Dry heat and cold resistance test 70 C 25 C 158 F 13 F 96h EUT Power supply unconnected 6 3 4 3 Change of temperature resistance and immunity te...

Page 109: ...discharge 6 3 6 2 2 IEC EN61000 4 3 RFI test 10 V m 26MHz to 1GHz 80 AM 6 3 6 2 3 IEC EN61000 4 4 Burst tests 2 KV Power supply 1 KV Signal lines 6 3 6 2 4 IEC EN61000 4 12 Damped oscillatory wave imm...

Page 110: ...wing standards IEC 61131 2 Safety Extra Low Voltage EN60950 SELV Protective Extra Low Voltage EN60742 PELV IEC EN 61131 2 Paragraph 6 3 7 Verification of DC Power Supply Characteristics 6 3 7 1 1 Volt...

Page 111: ...y the required 1 second safety time error response time can also be achieved if necessary The fire alarms are connected using the open circuit principle with line control for the detection of short ci...

Page 112: ...series connection of a zener diode protects the input over voltage in case of a short circuit For explicit line break monitoring at de energized outputs DO a transmitter supply to the analog inputs is...

Page 113: ...pply Precautions must also be in place to guard against power supply failure Transition between the main and backup power supply must be without interruption Voltage dips of up to 10 ms are permitted...

Page 114: ...114 Publication 1753 RM002C EN P September 2008 Appendix B Use in Central Fire Alarm Systems...

Page 115: ...fety outputs 52 climatic conditions 108 closed circuit principle definition 14 code generation 92 communication DeviceNet safety 103 high speed 102 peer to peer 98 safety related 19 standard 98 102 co...

Page 116: ...calculations 15 56 PFH calculations 15 56 power supply 23 power supply conditions 110 probability of failure on demand 15 probability of failure per hour 15 production rate 101 Proof Test Interval 56...

Page 117: ...SFF 56 software GuardPLC 1200 2000 safety related systems 75 specifications climatic 108 EMC 109 mechanical 108 power supply 110 T technical safety application program 85 functions 89 general procedu...

Page 118: ...118 Publication 1753 RM002C EN P September 2008 Index...

Page 119: ...Allen Bradley Parts...

Page 120: ...support rockwellautomation com Installation Assistance If you experience a problem within the first 24 hours of installation please review the information that s contained in this manual You can also...

Reviews:

No comments

Related manuals for GuardPLC 1753

Nelsen Corporation C Series Programming Manual preview
C Series
Brand: Nelsen Corporation Pages: 16
National Instruments C Series Getting Started preview
C Series
Brand: National Instruments Pages: 34
Echelon Excel 50 Installation Instructions Manual preview
Excel 50
Brand: Echelon Pages: 40
Lakeshore 336 User Manual preview
336
Brand: Lakeshore Pages: 192
QUAD 33 Instruction Book preview
33
Brand: QUAD Pages: 16
TCS Basys Controls QD Series Troubleshooting Worksheet preview
QD Series
Brand: TCS Basys Controls Pages: 2
Danfoss VLT AutomationDrive FC 302 Installation Manual preview
VLT AutomationDrive FC 302
Brand: Danfoss Pages: 128
Danfoss VLT DriveMotor FCP 106 Installation Instructions preview
VLT DriveMotor FCP 106
Brand: Danfoss Pages: 4
IDS X64 Manual preview
X64
Brand: IDS Pages: 2
Lakeshore 332 User Manual preview
332
Brand: Lakeshore Pages: 186
Mamas & Papas Tour Instructions Manual preview
Tour
Brand: Mamas & Papas Pages: 24
Mamas & Papas 03 Sport Owner'S Manual preview
03 Sport
Brand: Mamas & Papas Pages: 24
Eaton S701 Instruction Leaflet preview
S701
Brand: Eaton Pages: 8
Olimpia splendid SHERPA MONOBLOC B0812 Owner'S Manual preview
SHERPA MONOBLOC B0812
Brand: Olimpia splendid Pages: 44
Olimpia splendid B1012 Installation And Maintenance Instruction preview
B1012
Brand: Olimpia splendid Pages: 44
Olimpia splendid Bi2 B0772 Instructions Manual preview
Bi2 B0772
Brand: Olimpia splendid Pages: 16
Fingertips Lab O6 Quick Start Manual preview
O6
Brand: Fingertips Lab Pages: 15
Reliance Foundry R-7651-EM Installation preview
R-7651-EM
Brand: Reliance Foundry Pages: 3

Brands by name

Popular brands

Load more brands