Allen-Bradley 1756-L61S ControlLogix 5561S Скачать руководство пользователя страница 45 | Manualshive

Страница: 45 / 116

background image

Rockwell Automation Publication 1756-RM093J-EN-P - April 2018

45

Characteristics of Safety Tags, the Safety Task, and Safety Programs

Chapter 5

Accessing Safety-related Systems

HMI- related functions consist of two primary activities: reading and writing
data.

Reading Parameters in Safety-related Systems

Reading data is unrestricted because reading doesn’t affect the behavior of the
safety system. However, the number, frequency, and size of the data being read
can impact controller availability. To avoid safety-related nuisance trips, use good
communication practices to limit the impact of communication processing on
the controller. Do not set read rates to the fastest rate possible.

Changing Parameters in SIL-rated Systems

A parameter change in a safety-related loop via an external (that is, outside the
safety loop) device (for example, an HMI) is allowed only with the following
restrictions:

•

Only authorized, specially-trained personnel (operators) can change the
parameters in safety-related systems via HMIs.

•

The operator who makes changes in a safety-related system via an HMI is
responsible for the effect of those changes on the safety loop.

•

You must clearly document variables that are to be changed.

•

You must use a clear, comprehensive, and explicit operator procedure to
make safety-related changes via an HMI.

•

Changes can only be accepted in a safety-related system if the following
sequence of events occurs:

a. The new variable must be sent twice to two different tags; that is, both

values must not be written to with one command.

b. Safety-related code, executing in the controller, must check both tags

for equivalency and make sure they are within range (boundary checks).

c. Both new variables must be read back and displayed on the HMI

device.

d. Trained operators must visually check that both variables are the same

and are the correct value.

e. Trained operators must manually acknowledge that the values are

correct on the HMI screen that sends a command to the safety logic,
which allows the new values to be used in the safety function.

In every case, the operator must confirm the validity of the change before
they are accepted and applied in the safety loop.

•

Test all changes as part of the safety validation procedure.

«
...
43
44
45
46
47
...
»

Содержание 1756-L61S ControlLogix 5561S

Страница 1: ...GuardLogix Controller Systems Catalog Numbers 1756 L61S 1756 L62S 1756 L63S 1768 L43S 1768 L45S RSLogix 5000 Version 20 and earlier Safety Reference Manual OriginalInstructions...

Страница 2: ...nformation circuits equipment or software described in this manual Reproduction of the contents of this manual in whole or in part without written permission of Rockwell Automation Inc is prohibited T...

Страница 3: ...ime 18 Safety Task Period and Safety Task Watchdog 19 Contact Information if Device Failure Occurs 19 Chapter2 GuardLogixControllerSystem 1756 GuardLogix Controller Hardware 21 Primary Controller 22 S...

Страница 4: ...rol in Standard Tasks 1756 GuardLogix controllers only 41 SIL 3 Safety the Safety Task 41 Safety Task Limitations 41 Safety Task Execution Details 43 Use of Human to machine Interfaces 44 Precautions...

Страница 5: ...Faults 69 AppendixA SafetyInstructions Safety Application Instructions 71 Metal Form Safety Application Instructions 72 Safety Instructions 73 Additional Resources 74 AppendixB SafetyAdd OnInstructio...

Страница 6: ...cklist for GuardLogix Controller System 89 Checklist for Safety Inputs 91 Checklist for Safety Outputs 92 Checklist for Developing a Safety Application Program 93 AppendixE GuardLogixSystemsSafetyData...

Страница 7: ...rstand the safety concepts and requirements presented in this manual prior to operating a GuardLogix controller based safety system UnderstandingTerminology The following table defines terms used in t...

Страница 8: ...nstruction set Guard I O DeviceNet Safety Modules User Manual publication 1791DS UM001 Provides information on using Guard I O DeviceNet Safety modules Guard I O EtherNet IP Safety Modules User Manual...

Страница 9: ...ive Logix Import Export Reference Manual publication 1756 RM084 Provides information on using the RSLogix 5000 Import Export utility Industrial AutomationWiring and Grounding Guidelines publication 17...

Страница 10: ...10 Rockwell Automation Publication 1756 RM093J EN P April 2018 Preface Notes...

Страница 11: ...trolLogix in SIL 2 Applications Reference Manual publication 1756 RM001 In either case do not use SIL 2 or standard tasks and variables to build up safety loops of a higher level The safety task is th...

Страница 12: ...e a functional verification test interval of up to 20 years Other components of the system such as safety I O modules sensors and actuators may have shorter functional verification test intervals The...

Страница 13: ...ected while operating outside the function Figure 1 Typical SIL Function 1756 DNB To Plant wide Ethernet Network SIL 3 GuardLogix System Programming Software HMI Read only Access to SafetyTags Overall...

Страница 14: ...ty I O modules on DeviceNet networks Forthemostcurrentlistofcertifiedseriesandfirmwarerevisions seethesafetycertificateathttp www rockwellautomation com products certification safety 1791DS IN001 1791...

Страница 15: ...A N A N A 1784 SD1 1 GB Secure Digital SD Card for 1756 L7xS controllers 1784 SD2 2 GB Secure Digital SD Card for 1756 L7xS controllers 1 This version or later 2 RSLogix 5000 software version 15 does...

Страница 16: ...nce per year in the Low Demand mode or greater than once per year in High Demand Continuous mode The Safety Integrity Level SIL value for a Low Demand safety related system is directly related to orde...

Страница 17: ...u must take into account the specific requirements of your application including proof test and diagnostic test intervals Safety Integrity Level SIL Compliance Distribution and Weight The GuardLogix c...

Страница 18: ...llowing reaction times Each of the times listed above is variably dependent on factors such as the type of I O module and instructions used in the program SafetyTask ReactionTime The safety task react...

Страница 19: ...be less than or equal to the safety task period The safety task watchdog time is set in the task properties window of RSLogix 5000 software This value can be modified online regardless of controller...

Страница 20: ...20 Rockwell Automation Publication 1756 RM093J EN P April 2018 Chapter 1 Safety Integrity Level SIL Concept Notes...

Страница 21: ...create the SIL 3 capable controller They are described in the following sections Both the primary controller and safety partner perform power up and run time functional diagnostic tests of all safety...

Страница 22: ...ther the result is a major non recoverable controller fault For information on how to respond to this situation see article 63983 in the Rockwell Automation Knowledgebase The safety partner is configu...

Страница 23: ...act GuardLogix safety controllers and standard CompactLogix components suitable for safety applications see GuardLogix System Components on page 14 CIP Safety Protocol Safety related communication bet...

Страница 24: ...System GuardLogix System Communication Modules 1756 1756 ENBT 1756 EN2T R 1756 EN2F or 1756 EN3TR EtherNet IP bridge module 1734 AENT POINT I O Ethernet Adapter 1756 DNB DeviceNet bridge module 1756 C...

Страница 25: ...olNetNetwork ControlNet bridge modules let the GuardLogix controller produce and consume safety tags over ControlNet networks to other GuardLogix controllers or remote CIP Safety I O networks Figure 6...

Страница 26: ...used to create test and debug application logic Initially only relay ladder logic is supported in the GuardLogix safety task See Appendix A for information on the set of logic instructions available...

Страница 27: ...nd controlled by the GuardLogix controller For safety data I O communication is performed through safety connections using the CIP Safety protocol safety logic is processed in the GuardLogix controlle...

Страница 28: ...ecific module On or Off delay Function Some CIP Safety I O modules may support On delay and Off delay functions for input signals Depending upon your application you may need to include Off delay On d...

Страница 29: ...controlled by one controller Each safety input module is also owned by a single controller however safety input data can be shared consumed by multiple GuardLogix controllers Safety I O Configuration...

Страница 30: ...ureExists This setting instructs the GuardLogix controller to automatically configure a safety module only when the safety task does not have a safety task signature and the replacement module is in a...

Страница 31: ...oller s configuration ATTENTION EnabletheConfigureAlways featureonlyiftheentireroutableCIP Safety control system is not being relied on to maintain SIL 3 behavior during the replacement and functional...

Страница 32: ...32 Rockwell Automation Publication 1756 RM093J EN P April 2018 Chapter 3 CIP Safety I O for the GuardLogix Control System Notes...

Страница 33: ...tem The system is isolated such that there are no other connections into the system For example because the system below cannot be interconnected to another CIP Safety system through a larger plant wi...

Страница 34: ...rk subnet must be unique Figure 9 CIP Safety Example with MoreThan One SNN Each CIP Safety device must be configured with an SNN Any device that originates a safety connection to another safety device...

Страница 35: ...allation within the same routable CIP Safety system Considerations for Assigning the Safety Network Number SNN The assignment of the SNN is dependent upon factors including the configuration of the co...

Страница 36: ...afety I O module produces data to two GuardLogix controllers at the same time You can do this for a maximum of 16 controllers Refer to the GuardLogix Controllers User Manual publication 1756 UM020 or...

Страница 37: ...nality as other 1768 L4x CompactLogix controllers What differentiates 1756 and 1768 GuardLogix controllers from standard controllers is that they provide a SIL 3 capable safety task However a logical...

Страница 38: ...afety rated devices is that SIL 2 is generally single channel while SIL 3 is typically dual channel When using Guard safety rated I O red modules which is required in the safety task SIL 2 safety inpu...

Страница 39: ...lers User Manual publication 1768 UM002 SIL2SafetyInputs CompactBlock Guard I O 1791 series ArmorBlock Guard I O 1732 series and POINT Guard I O 1734 series safety input modules support single channel...

Страница 40: ...ettings on theTest Output tab Input DelayTime User input based on field device characteristics IMPORTANT The onboard pulse test outputs T0 Tx are typically used with field devicesthathave mechanicalco...

Страница 41: ...controllers that support the safety task The safety task cannot be deleted GuardLogix controllers support a single safety task Within the safety task you can use multiple safety programs composed of...

Страница 42: ...imum of 500 ms and cannot be modified online Make sure that the safety task has enough time to finish before it is triggered again Safety task watchdog timeout a non recoverable safety fault in the Gu...

Страница 43: ...ng of safety task execution This means that even though the I O RPI can be faster than the safety task period the data does not change during safety task execution The data is read only once at the be...

Страница 44: ...e information on how HMI devices fit into a typical SIL loop see Figure 1 on page 13 Use sound techniques in the application software within the HMI and controller IMPORTANT While safety unlocked and...

Страница 45: ...tor who makes changes in a safety related system via an HMI is responsible for the effect of those changes on the safety loop You must clearly document variables that are to be changed You must use a...

Страница 46: ...ata points only Similar to the controller program the HMI software needs to be secured and maintained for SIL level compliance after the system has been validated and tested Safety Programs A safety p...

Страница 47: ...invalid data type to be included when the user defined or Add On defined type is already referenced directly or indirectly by a safety tag Invalid tags created by using with the New Tag or Tag Propert...

Страница 48: ...chronize standard and safety actions IMPORTANT Any controller scoped safety tag is readable by any standard routine but the update rate is based on the execution of the safety task This means that saf...

Страница 49: ...ontrollers Resource Description Logix5000 Controllers Design Considerations Reference Manual publication 1756 RM094 Provides information on managing tasks and the effects of task execution and timing...

Страница 50: ...50 Rockwell Automation Publication 1756 RM093J EN P April 2018 Chapter 5 Characteristics of SafetyTags the SafetyTask and Safety Programs Notes...

Страница 51: ...gramming and naming rules You perform a critical analysis of the application and use all possible measures to detect a failure You confirm all application downloads via a manual check of the safety ta...

Страница 52: ...2 New forces are not allowed Existing forces are maintained Online editing is not allowed Safety memory is protected read only Safety task logic is scanned Primary and partner controllers process log...

Страница 53: ...Figure 15 Commission the System Specify the Control Function Create Project Online Create Project Offline Attach to Controller and Download Test the Application Program Generate SafetyTask Signature...

Страница 54: ...controlled including the following Input definitions Output definitions I O wiring diagrams and references Theory of operation Matrix or table of stepped conditions and the actuators to be controlled...

Страница 55: ...ogram modes online or offline edits upload and download and informal testing that is required to get an application running properly in preparation for the Project Verification test Generate the Safet...

Страница 56: ...number of test cases depends on the formulas used and must comprise critical value pairs Active simulation with sources field devices must also be included as it is the only way to verify that the sen...

Страница 57: ...n Instruction See Appendix B Safety Add On Instructions for information on creating and using safety Add On Instructions in SIL 3 applications The steps below illustrate one method for confirming the...

Страница 58: ...ns safety I O and safety task signature However safety locking alone does not satisfy SIL 3 requirements No aspect of safety can be modified while the controller is in the safety locked state When the...

Страница 59: ...If there is no safety task signature and the controller is safety unlocked you can perform online edits to your safety routines Pending edits cannot exist when the controller is safety locked or when...

Страница 60: ...the project on the controller If the signatures do not match or the controller is safety locked without a safety task signature you must first unlock the controller before attempting to update the con...

Страница 61: ...orized specially trained personnel make program edits they assume the central safety responsibility while the changes are in progress These personnel must also maintain safe application operation When...

Страница 62: ...fety lock and safety task signature features of the GuardLogix controller See Generate the Safety Task Signature on page 55 and Lock the GuardLogix Controller on page 58 for more information For detai...

Страница 63: ...t Valid No Yes No Yes Online Edit Attach to Controller Test the Application Program Make Desired Modifications to Standard Logic Any Safety Changes Yes No Delete Safety Application Signature Make Desi...

Страница 64: ...64 Rockwell Automation Publication 1756 RM093J EN P April 2018 Chapter 6 Safety Application Development Notes...

Страница 65: ...can view the status of safety tag connections You can also determine current operating status by interrogating various device objects It is your responsibility to determine what data is most appropria...

Страница 66: ...ating system sets the associated output status to faulted The output module de energizes the outputs Table 10 Safety Connection Status RunMode Status ConnectionFaulted Status Safety Connection Operati...

Страница 67: ...ation Instructions Safety Reference Manual publication 1756 RM095 Get System Value GSV and Set SystemValue SSV Instructions The GSV and SSV instructions let you get GSV and set SSV controller system d...

Страница 68: ...fault Standard task and safety task execution stops and Safety I O transitions to the safe state Recovery from a nonrecoverable controller fault requires a download of the application program Nonrecov...

Страница 69: ...the safe state and the producer of safety consumed tags commands the consumers to place them in a safe state If a recoverable safety fault is overridden in the controller scoped fault handler only st...

Страница 70: ...70 Rockwell Automation Publication 1756 RM093J EN P April 2018 Chapter 7 Monitor Status and Handle Faults Notes...

Страница 71: ...h as an E stop light curtain or gate switch DCST Dual Channel Input StopWithTest Monitors dual input safety devices whose main purpose is to provide a stop function such as an E stop light curtain or...

Страница 72: ...porary automatic disabling of the protective function of a light curtain using four sensors arranged sequentially before and after the light curtain s sensing field Table 12 RSLogix 5000 Software Vers...

Страница 73: ...value 14 LEQ LessThan Or EqualTo Test whether one value is less than or equal to a second value 14 LES LessThan Test whether one value is less than a second value 14 MEQ Masked Comparison for Equal Pa...

Страница 74: ...t controller status information 14 1 The length operand must be a constant when the COP instruction is used in a safety routine The length of the source and thedestination must be the same 2 Refer to...

Страница 75: ...gnature of high integrity Add On Instructions and also a SIL 3 safety instruction signature for use in safety related functions up to and including SIL 3 Creating and Using a Safety Add On Instruction...

Страница 76: ...yTask Signature if it exists Go back to original test project To Create a Safety Add On Instruction Create or Open a Project Create modify Application Import Safety Add On Instruction Download To Use...

Страница 77: ...ons and may be required for regulated industries Use it when your application calls for a higher level of integrity The instruction signature consists of an ID number and timestamp that identifies the...

Страница 78: ...s all possible execution paths through the logic including the valid and invalid ranges of all input parameters Development of all safety Add On Instructions must meet IEC 61508 Requirements for softw...

Страница 79: ...re You cannot import a safety Add On Instruction while online If you import an Add On Instruction with an instruction signature into a project where referenced Add On Instructions or User Defined Type...

Страница 80: ...system may be required before the system is approved for operation An independent third party validation is required for IEC 61508 SIL 3 Additional Resources For more information on using Add On Instr...

Страница 81: ...Time The following sections provide information on calculating the Logix System Reaction Time for a simple input logic output chain and for a more complex application using produced consumed safety ta...

Страница 82: ...f the safety input module connection RPI 3 Safety Task Period plus Safety Task Watchdog time 4 Safety Output Connection Reaction Time Limit Read from the Module Properties dialog box in RSLogix 5000 s...

Страница 83: ...ime Limit 5 Safety Task Period plus Safety Task Watchdog time for Controller B 6 Safety Output Connection Reaction Time Limit 7 Safety output module reaction time To aid you in determining the reactio...

Страница 84: ...on time Each input channels On Off and Off On delay settings Safety Input Connection ReactionTime Limit Input module settings for Requested Packet Interval RPI Timeout Multiplier Delay Multiplier The...

Страница 85: ...nnection times out and the input and output data are placed in the safe state OFF To view or configure these settings follow these steps 1 In the configuration tree right click your I O module and cho...

Страница 86: ...safety task is a periodic timed task You select the task priority and watchdog time via the Task Properties Safety Task dialog box in your RSLogix 5000 project To access the safety task period and wa...

Страница 87: ...ing Produced ConsumedTag Data To view or configure safety tag connection data follow these steps 1 In the configuration tree right click Controller Tags and choose Edit tags 2 In the Tag Editor right...

Страница 88: ...ion Also consult the product documentation for your specific module for reaction times associated with CIP Safety I O modules Resource Description GuardLogix Controllers User Manual publication 1756 U...

Страница 89: ...checklists can be saved as a record of the plan The checklists on the following pages provide a sample of safety considerations and are not intended to be a complete list of items to verify Your parti...

Страница 90: ...rate period 4 Is the system response time in proper relation to the process tolerance time 5 Have probability PFD PFH values been calculated according to the system s configuration 6 Have you performe...

Страница 91: ...L Input Channels Number Input Module Requirements Fulfilled Comment Yes No 1 Have you followed installation instructions andprecautions to conform to applicable safety standards 2 Have you performed f...

Страница 92: ...unction Definition SIL Output Channels Number Output Module Requirements Fulfilled Comment Yes No 1 Have you followed installation instructions and precautions to conform to applicable safety standard...

Страница 93: ...tructions listedin Appendix Aas suitablefor safety application programming 5 Does the safety application program clearly differentiate between safety and standard tags 6 Are only safety tags used for...

Страница 94: ...94 Rockwell Automation Publication 1756 RM093J EN P April 2018 Appendix D Checklists for GuardLogix Safety Applications Notes...

Страница 95: ...ules User Manual publication 1791DS UM001 Data for Rockwell Automation machinery safety products is now available in the form of a library file to be used with the Safety Integrity Software Tool for t...

Страница 96: ...Systems Safety Data PFH Values The data in Table 16 applies to proof test intervals up to and including 20 years Table 16 PFH Calculations Cat No Description PFH 1 Hour 1756 L6xS and 1756 LSP GuardLo...

Страница 97: ...a feature of the I O modules called Combined Status which presents the status of all of the input channels in a single boolean variable Another boolean variable represents the status of all the output...

Страница 98: ...to safety state Example Rungs 2 and 3 Are the inputs used to drive safety application instructions Can Circuit Reset be used for operator intervention Is input fault information required for diagnosti...

Страница 99: ...1InputsFaulted U Node31 I Pt00Data U Node31 I Pt01Data 4 Node30InputsFaulted L Node30 I Pt01Data L Node30 I Pt03Data U Node31 I Pt11Data Node 30 is an 8 point input 8 point output combination module N...

Страница 100: ...L Node31Input01 L Node31Input03 Node31 I Pt00Data Node31Input00 Node31Input01 Node31Input11 Node31 I Pt01Data Node31 I Pt11Data Node 30 is an 8 point input 8 point output combination module Node 31 is...

Страница 101: ...ogic to set outputs to a safety state Example Rung 2 Write logic to unlatch output failure Example Rung 1 Write logic to latch output failure Example Rung 0 Done 0 Node30 I OutputStatus L Node30Output...

Страница 102: ...102 Rockwell Automation Publication 1756 RM093J EN P April 2018 Appendix F RSLogix 5000 Software Version 14 and Later Safety Application Instructions Notes...

Страница 103: ...Dual channel Inputs standard side of 1756 GuardLogix controllers You must implement clear and easily identifiable separation between both input channels and adhere to all existing SIL 2 requirements...

Страница 104: ...ence Manual publication 1756 RM001 Follow all rules for 1794 FLEX I O modules as defined in the FLEX I O System with ControlLogix for SIL 2 Safety Reference Manual publication 1794 RM001 TransferringS...

Страница 105: ...as GuardLogix produced safety tags to comply with the dual channel requirements of EN 50156 Create produced safety tags with the SIL 2 outputs that your application requires GuardLogix produced consu...

Страница 106: ...g SIL 2 and SIL 3 safety functions within the safety task All available safety application instructions may be used SIL 3 safety input modules that is Guard I O modules may be used with single channel...

Страница 107: ...ration The configuration signature is made up of an ID number date and time Instruction Signature The instruction signature consists of an ID number and date timestamp that identifies the contents of...

Страница 108: ...nal routines Safety Add On Instruction An Add On Instruction that can use safety application instructions In addition to the instruction signature used for high integrity Add On Instructions safety Ad...

Страница 109: ...eriodic timed task Safety Task Period The period at which the safety task executes Safety Task Reaction Time The sum of the safety task period plus the safety task watchdog This time represents the wo...

Страница 110: ...e programs that execute based on a certain criteria Once a task is triggered activated all of the programs assigned scheduled to the task execute in the order in which they are displayed in the contro...

Страница 111: ...erview 22 checklist GuardLogix controller system 26 88 program development 91 SIL 3 inputs 89 SIL 3 outputs 90 CIP Safety protocol definition 105 overview 23 routable system 33 commissioning life cycl...

Страница 112: ...y task 66 O offline edits 60 online definition 105 online editing 57 60 output delay time 28 overlap definition 105 ownership 29 P partnership definition 105 peer to peer communication 24 pending edit...

Страница 113: ...location 22 safety program 45 definition 107 safety routine 45 definition 107 safety tags 46 definition 107 valid data types 46 safety task definition 107 execution 42 overview 41 priority 84 reactio...

Страница 114: ...114 Rockwell Automation Publication 1756 RM093J EN P April 2018 Index Notes...

Страница 115: ......

Страница 116: ...obal support direct dial page Literature Library Installation Instructions Manuals Brochures and Technical Data http www rockwellautomation com global literature library overview page Product Compatib...

Отзывы:

Нет отзывов

Похожие инструкции для 1756-L61S ControlLogix 5561S

Бренд: J4C Страницы: 4

Бренд: ABB Страницы: 6

Бренд: BEIER-Electronic Страницы: 22

Бренд: Warren Controls Страницы: 16

Harmony Controller 2000

Бренд: A10 Страницы: 27

Бренд: Watts Страницы: 2

Бренд: Hanbay Страницы: 18

Бренд: BabySafe Страницы: 24

Бренд: Eaton Страницы: 6

Бренд: Bard Страницы: 8

Бренд: Bardiani Valvole Страницы: 35

iBox Hub 25020180

Бренд: Hans Grohe Страницы: 36

NOVASTAT EL DIGITAL

Бренд: Taconova Страницы: 7

Бренд: Mitsubishi Страницы: 16

Бренд: SOMFY Страницы: 4

Бренд: National Instruments Страницы: 19

E4KP ENTRYCHECK

Бренд: SDC Страницы: 6

Optidrive Elevator

Бренд: Invertek Страницы: 5

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды