Festo CMMP-AS-Series-M0-STO Manual Download Page 16

Page: 16 / 40

Description of the safety function STO

Festo – GDCP-CMMP-AS-M0-S1-EN – 1412a – English

Note

If one of the control ports STO-A or STO-B is deactivated with an active output stage, it

will result in uncontrolled coasting of the drive.

If uncontrolled coasting can result in a hazard or damage, additional measures are

required.

Note

A clamping unit is actuated by the non-safety-relevant firmware of the CMMP-AS-...-M0

motor controller.

The holding brakes used by Festo motors are not suitable for active deceleration - only for

holding a position!

The safe state can be requested when the power semiconductor (PWM) is activated. The two driver

supply voltage states are detected and analysed in 10 ms cycles. If they are unequal over a prolonged

period, an error message is triggered

Section 5.4.2. The safety function presupposes that the two

signals have the same status. Unequal signals are tolerated only during a transition period, the so-

called “discrepancy time”

Section 2.2.3.

The finite state machine in the CMMP-AS-...-M0 motor controller has its own status in parallel to the

integrated protection circuit. Due to the discrepancy time analysis, this finite state machine may reach

the “Safe status” only with a considerable delay. Accordingly, this state can also be signalled via digital

outputs or a fieldbus only with a considerable delay. The power end stage itself is then, however,

“safely switched off ”. This finite state machine is processed within the 10 ms cycle.

This generally results in a graded response speed as per Tab. 2.2:

Function

Response time

Reaction

Switching time from

high to low

T_STO-A/B_OFF

Section A.1.3, Tab. A.5

Switching time from

low to high

T_STO-A/B_ON

Section A.1.3, Tab. A.5

Detection of driver

supply failure

Response



125 μs

Activation of the power semiconductor (PWM)

is switched off

Activation of holding

brake

Response



10 ms

Activation of the holding brake after detection

of the driver supply failure

Signal analysis and

status display

Response



10 ms

Status transitions in the internal finite state

machine, triggering an error message and

showing the status on the display if necessary

Tab. 2.2

Detection and response times of the driver supply voltage

Summary of Contents for CMMP-AS-Series-M0-STO

Page 1: ...Description Safety function STO as per EN 61800 5 2 8042945 1412a CMMP AS M0 STO Motor controller ...

Page 2: ...ath or serious injuries Caution Hazards that can cause minor injuries or serious material damage Other symbols Note Material damage or loss of function Recommendations tips references to other documentation Essential or useful accessories Information on environmentally sound usage Text designations Activities that may be carried out in any order 1 Activities that should be carried out in the order...

Page 3: ...ety function STO 10 2 1 Product overview 10 2 1 1 Purpose 10 2 1 2 Interface 10 2 2 Function and application 11 2 2 1 Description of the safety function STO 11 2 2 2 Overview of interface X40 12 2 2 3 Control ports STO A 0V A STO B 0V B X40 13 2 2 4 Acknowledgment contact C1 C2 X40 14 2 2 5 Auxiliary supply 24 V 0 V X40 15 2 3 Functionality in motor controller CMMP AS M0 15 2 4 Time behaviour 17 2...

Page 4: ...2 Maintenance and care 30 5 3 Protective functions 30 5 3 1 Voltage monitoring 30 5 3 2 Protection against overvoltage and reverse polarity 30 5 4 Diagnostics and troubleshooting 31 5 4 1 Status indicators 31 5 4 2 Error messages 31 6 Modification and replacement of the motor controller 33 6 1 Repair or replacement of the integrated protection circuit 33 6 2 De commissioning and waste management 3...

Page 5: ...egarding safety and the requirements for product use in section 1 2 Product identification This documentation refers to the following versions Motor controller CMMP AS M0 from Rev 04 Firmware 4 0 1501 1 2 and higher The representation on the rating plate can be found in the hardware description GDCP CMMP M0 HW Service Please consult your regional Festo contact if you have any technical problems Sp...

Page 6: ...PP fieldbus safety engineering Description FHPP GDCP CMMP M3 M0 C HP Control and parameterisation of the motor controller via the FHPP Festo profile Description of CiA 402 DS 402 GDCP CMMP M3 M0 C CO Control and parameterisation of the motor controller via the device profile CiA 402 DS 402 Description CAM Editor P BE CMMP CAM SW Cam disc function CAM of the motor controller Description of the safe...

Page 7: ...re mounting and installation work Switch on supply voltage only when mounting and installation work are completely finished Observe the handling specifications for electrostatically sensitive devices 1 1 2 Intended use The CMMP AS M0 motor controller supports the following safety function Safe torque off STO with SIL 3 according to EN 61800 5 2 EN 62061 IEC 61508 or category 4 PL e according to EN...

Page 8: ...fulfils the requirements of Category 4 PL e to EN ISO 13849 1 SIL CL 3 to EN 62061 and can be used in applications up to cat 4 PL e to EN ISO 13849 1 and SIL 3 to EN 61800 5 2 EN 62061 IEC 61508 The achievable safety level depends on the other components used to achieve a safety function 1 2 Requirements for product use Make this documentation available to the design engineer installer and personn...

Page 9: ...nd industrial safety and the documentation for the product 1 2 3 Diagnostic coverage DC Diagnostic coverage depends on the connection between the motor controller and the control loop system as well as the implemented diagnostic measures è Section 5 4 If a potentially dangerous malfunction is recognised during the diagnostics appropriate measures must be taken to maintain the safety level Note Che...

Page 10: ...as In such situations the machine operat or must be protected by drive and internal control measures The functional safety technology integrated in the motor controller provides the conditions required by the controller and drive for optimised realisation of the safety functions Planning and installation com plexity is reduced The use of integrated functional safety technology increases machine fu...

Page 11: ... STO Use the Safe torque off function STO whenever you have to reliably disconnect the energy supply to the motor in your particular application The Safe torque off function switches off the driver supply for the power semiconductor thus preventing the power output stage from supplying the current required by the motor è Fig 2 2 4 3 5 6 2 1 1 dC dC STO A 0V A C1 C2 dC dC STO B 0V B 3x U V W VDC VD...

Page 12: ...s machine 8 pin è movement 45 at the motor shaft Linear motor pole pitch 20 mm è movement 20 mm at the moving part 2 2 2 Overview of interface X40 The front of the motor controller features an 8 pin connection X40 for control ports an acknowledg ment contact and a 24 V auxiliary supply for external sensors è Section 3 2 The safety function STO is requested solely via the two digital control ports ...

Page 13: ...rtains with OSSD signals and of switch contacts safety switching devices with relay outputs passive safety sensors e g forced position switches è e g Sec tion 3 3 1 Fig 3 1 To request the safety function STO safe torque off the 24 V control voltage at both control ports STO A and STO B is switched off 0 V If the two control ports are switched off simultaneously or within a defined discrepancy time...

Page 14: ...ength is dependent upon the control voltage level at inputs STO A and STO B Example Input voltage for STO A and STO B 24 V è OSSD signals with a max test pulse length of 3 5 ms are tolerated 2 2 4 Acknowledgment contact C1 C2 X40 In the event of a non active STO function the acknowledgment contact is open This is the case for example if the control voltage is present at STO A and STO B if only one...

Page 15: ...he integrated protection circuit exclusively controls the provisioning of the driver supply for the CMMP AS M0 motor controller Although input voltage levels are monitored area by area the integ rated protection circuit does not have its own error analysis function and is unable to display errors Note When error messages are acknowledged all acknowledgeable errors regarding functional safety are a...

Page 16: ...achine in the CMMP AS M0 motor controller has its own status in parallel to the integrated protection circuit Due to the discrepancy time analysis this finite state machine may reach the Safe status only with a considerable delay Accordingly this state can also be signalled via digital outputs or a fieldbus only with a considerable delay The power end stage itself is then however safely switched o...

Page 17: ..._V T_STO A B_OFF 10 ms H STO reached Dependent on the operating status STO requested STO reached Standard Standard T_C1 C2_OFF T_STO A B_ON T_DRIVE_V T_STO A B_ON 10 ms Dependent on the operating status STO requested STO Safe torque off active Fig 2 3 Basic time behaviour when activating and deactivating the safety function STO Time Description Value T_STO A B_OFF STO A B Switching time from High ...

Page 18: ...ller enable DIN5 24 V 0 V 1 0 Output stage enable internal T_DIN5_SU T_BRAKE_V_OFF T_DRIVE_V T_BRAKE_V_ON Fig 2 4 Time behaviour when activating the safety function STO with restart Time Description Value T_STO A B_OFF STO A B Switching time from High to Low è Section A 1 3 Tab A 5 T_STO A B_ON STO A B Switching time from Low to High è Section A 1 3 Tab A 5 T_DIN5_LOW Time for which the DIN5 must ...

Page 19: ...1 The time specifications can be found in Tab 2 5 C1 C2 STO status X40 1 0 on off CMMP AS M0 Holding brake optional T_STO A B_OFF T_DIN5_SU T_STO A B_ON Speed Controller enable DIN5 24 V 0 V 1 0 Output stage enable internal T_BRAKE_V_OFF T_DRIVE_V T_BRAKE_V_ON S1 K1 DIN5 Safety switching device Closed Open 1 0 Closed Open K1_V STO A STO B T_K1 T_K1_V T_K1 STO Safe torque off T_DRIVE_V Fig 2 5 Time...

Page 20: ...b A 5 T_STO A B_ON STO A B Switching time from Low to High è Section A 1 3 Tab A 5 T_DRIVE_V Deceleration of the CMMP AS M0 0 10 ms T_DIN5_SU Time for which the DIN5 must be Low after switching on STO A B again and status change of the integrated protection circuit 20 ms T_BRAKE_V_ON Switch off delay of the holding brake Dependent on the brake 1 T_BRAKE_V_OFF Switch on delay of the holding brake D...

Page 21: ...age in accordance with EN 60204 1 Through the use of PELV circuits protection from electric shock protection from direct and indirect contact in accordance with EN 60204 1 is ensured Electrical equipment of machines General require ments A 24 V power supply unit used in the system must satisfy the requirements of EN 60204 1 for DC power supply behaviour during power interruptions etc The cable is ...

Page 22: ...B 3 STO B 0 V 24 V Control port B for the function STO 2 0V A 0 V Reference potential for STO A 1 STO A 0 V 24 V Control port A for the function STO Tab 3 1 Pin allocation X40 representation of the plug connector on the device To ensure the STO Safe Torque Off functions correctly the control ports STO A and STO B are to be connected in two channels with parallel wiring è Section 3 3 1 Fig 3 1 This...

Page 23: ...CMMP AS 3A M0 motor controller The safety function Safe torque off STO can be requested via various devices Switch 1 can be used e g as an emergency stop switch a light curtain or a safety switching device The safety request is made in 2 channels via switch S1 and routes to the 2 channel switch off of the output stage Once the output stage has been switched off it is output by the floating contact...

Page 24: ...uit is switched off After a time set in the safety switch device the 2 channel output stage is switched off via STO A B Once the output stage has been switched off it is output by the floating contact C1 C2 1 2 3 4 5 L230VAC N230VAC PE DC 24 V T1 CMMP AS 3A M0 1 2 7 8 9 L1 PE 24V GND24V N X9 21 9 DIN 4 DIN 5 X1 1 3 2 4 STO A STO B 0V B 0V A X40 Output PLC output stages enable Output PLC Controller...

Page 25: ...peed via the quick stop ramp in the CMMP AS M0 before STO A B are switched off The electrical installation is executed in accordance with the requirements of EN 60204 1 For ex ample the safety switching device and the motor controller are located in the same control cabinet so that faults can be excluded for a cross circuit or earth fault between the cables acceptance test on the control cabinet f...

Page 26: ... safety function must be tested and a corresponding validation procedure must be carried out prior to intended use è Section 4 3 Incorrect wiring or the use of incorrect external components which have not been selected in accordance with the safety category can result in a loss of the safety function Carry out a risk evaluation for your application and select the circuitry and components according...

Page 27: ... Safety function requested STO A Low Green No safety function requested STO A High Input X40 STO B Display of the input status Grey Safety function requested STO B Low Green No safety function requested STO B High Output X40 C1 C2 Display of the relay contact Orange Safety function active relay contact closed Grey Safety function inactive relay contact open Tab 4 1 Status of the safety function 4 ...

Page 28: ...dditional safety measures 3 User information about the residual risk Yes 0 No 0 0 3 Were the hazards eliminated or the hazard risk reduced as far as practically possible Yes 0 No 0 0 4 Can it be guaranteed that the implemented measures will not pose new hazards Yes 0 No 0 0 5 Have the users been adequately informed and warned about the residual risks Yes 0 No 0 0 6 Can it be guaranteed that the op...

Page 29: ... 0 No 0 0 Pressing the emergency stop button on the unit Is the drive shut down Yes 0 No 0 0 If only STO A is activated is the drive shut down immediately and the discrepancy time violation error Display 52 1 reported in the CMMP AS M0 after the discrepancy time has lapsed Yes 0 No 0 0 If only STO B is activated is the drive shut down immediately and the discrepancy time violation error Display 52...

Page 30: ...MMP AS M0 motor controller with integrated safety function is maintenance free 5 3 Protective functions 5 3 1 Voltage monitoring The input voltages at STO A and STO B are monitored If the input voltage at STO A or STO B is too high or too low the driver supply for the power semiconductors of the motor controller are safely switched off The power output stage PWM is thus switched off 5 3 2 Protecti...

Page 31: ...yclically in the seven segment display on the front of the motor controller The error message consists of an E for Error a main index xx and a sub index y e g E 5 1 0 Warnings have the same number as an error message The difference is that a warning is displayed with a prefixed and suffixed hyphen e g 1 7 0 Tab 5 2 lists the error messages that are relevant for the functional safety in combination...

Page 32: ...1 2 1 Reserved 51 3 1 Reserved 52 1 Safety function Discrepancy time has elapsed Control ports STO A and STO B are not actuated simultaneously Control ports STO A and STO B are not wired in the same way Check discrepancy time 52 2 Safety function Failure of driver supply with active PWM control The safe status was requested with approved power end stage Check inclusion in the safety oriented inter...

Page 33: ...age blocking of PWM signals The power semiconductor drivers are no longer activated by pulse pat terns 2nd switch off path Interruption of the power supply to the six output stage power semiconductors IGBTs via X3 by means of a relay The driver supply for the power semiconductors IGBT opto couplers is disconnected by means of a relay This prevents the pulse pattern PWM signals reach ing the power ...

Page 34: ... and the CMMP AS M0 exhibit compatible behaviour When the logic supply 24 V is switched off they behave differently CMMP AS Contact closed CMMP AS M0 Contact open Information for configuration The CMMP AS M0 exhibits a higher peak power than the CMMP AS Higher positioning speeds can therefore be reached depending on the application Use of this feature represents an essential modific ation to the m...

Page 35: ... per EN ISO 13849 1 DCavg 97 Average diagnostic coverage HFT 1 Hardware failure tolerance SFF 99 2 Safe failure fraction PFH 1 27x 10 10 Probability of dangerous failure per hour PFD 2 54x 10 5 Probability of dangerous failure on demand T Years 20 Proof test interval Operating life per EN ISO 13849 1 MTTFd Years 1370 Mean time to dangerous failure Tab A 1 Technical data Safety data Safety informat...

Page 36: ...eral Operating and environmental conditions Permissible setup altitude above sea level with rated output m 1000 with power reduction m 1000 2000 Air humidity 0 90 non condensing Protection class IP20 Degree of contamination in accordance with EN 61800 5 1 2 The integrated safety equipment requires compliance with degree of contamination 2 and thus a protected fitting space IP54 This must always be...

Page 37: ...ervals 2 s between impulses Tab A 5 Technical data Electrical data for the inputs STO A and STO B Switch off time to power output stage inactive and maximum tolerance time for test pulse Input voltage STO A B V 19 20 21 22 23 24 25 26 27 28 Typical switch off time STO A B_OFF ms 4 0 4 5 5 0 6 0 6 5 7 0 7 5 8 0 8 5 9 5 Maximum tolerance time for test pulse at 24 V signal ms 2 0 2 0 2 0 2 5 3 0 3 5 ...

Page 38: ...cal data of the auxiliary supply output Galvanic isolation Galvanically isolated potential area STO A 0V A STO B 0V B C1 C2 24 V 0 V Logic supply to the motor controller Tab A 9 Technical data Galvanic isolation Cabling Max cable length m 30 Screening When wiring outside the control cabinet use screened cable Guide screening into the control cabinet attach to the side of the control cabinet Cable ...

Page 39: ...urs with 100 probability in accordance with EN ISO 13849 1 OSSD Output Signal Switching Device Output signals with 24 V cycle rates for error detection PFD Probability of Failure on Demand in accordance with IEC 61508 PFH Probability of Dangerous Failures per Hour in accordance with IEC 61508 PL Performance Level as per EN ISO 13849 1 Stages a e Safety switching device Device for executing safety ...

Page 40: ...tion is prohibited Offenders will be liable for damages All rights re served in the event that a patent utility model or design patent is registered Copyright Festo AG Co KG Postfach D 73726 Esslingen Germany Phone 49 711 347 0 Fax 49 711 347 2144 e mail service_international festo com Internet www festo com Original de ...

Search results

Summary of Contents for CMMP-AS-Series-M0-STO

Reviews:

Related manuals for CMMP-AS-Series-M0-STO

Brands by name

Popular brands

Festo CMMP-AS-Series-M0-STO, Manual

Search results

Summary of Contents for CMMP-AS-Series-M0-STO

Reviews:

Related manuals for CMMP-AS-Series-M0-STO

Brands by name

Popular brands