Festo CMMT-AS-C7/12-11A-P3-S1 Скачать руководство пользователя страница 4

Страница: 4 / 16

–

Safe torque off (STO)

–

Safe brake control (SBC)

–

Safe stop 1 (SS1) with use of a suitable external safety relay unit and appro-
priate wiring of the servo drive

–

Diagnostic outputs STA and SBA for feedback of the active safety sub-function

4.4.2

Safety sub-function STO

Function and application of STO
The safety sub-function STO switches off the driver supply for the power semi-
conductor, thus preventing the power output stage from supplying the energy
required by the motor. The power supply to the drive is safely disconnected
when the safety sub-function STO is active. The drive cannot generate torque and
so cannot perform any dangerous movements. With suspended loads or other
external forces, additional measures must be put in place to prevent movements
being performed (e.g. mechanical clamping units). In the STO state, the standstill
position is not monitored.
The machines must be stopped and locked in a safe manner. This especially
applies to vertical axes without automatic locking mechanisms, clamping units or
counterbalancing.

NOTICE

If there are multiple errors in the servo drive, there is a danger that the drive will
move. Failure of the servo drive output stage during the STO status (simultaneous
short circuit of 2 power semiconductors in different phases) may result in a
limited detent movement of the rotor. The rotation angle/travel corresponds to a
pole pitch. Examples:
• Rotating motor, synchronous machine, 8-pin

Movement

45° at the motor

shaft

• Linear motor, pole pitch 20 mm

Movement

20 mm at the moving part

STO request
The safety sub-function STO is requested on 2 channels by simultaneously
switching off the control voltage at both control inputs #STO-A and #STO-B.
STO feedback via STA diagnostic contact
The status of the safety sub-function STO can be reported to the safety relay unit
via the STA diagnostic output.
The STA diagnostic output indicates whether the safe status has been reached for
the safety sub-function STO. The STA diagnostic output switches to high level only
when STO is active on 2 channels via the control inputs #STO-A and #STO-B.

#STO-A

#STO-B

STA

Low level

High level

Low level

High level

Low level

High level

Low level

High level

Low level

Tab. 8: Level of STA
If protective functions are triggered on both channels (STO-A and STO-B), e.g. if
the voltage at STO-A and STO-B is too high, the internal protective functions
switch off and STA also delivers a high level signal.
Recommendation: the safety relay unit should check the status of the diagnostic
output whenever there is a STO request. The level of STA must change according
to the logic table. The safety relay unit can cyclically test the signals #STO-A and
#STO-B for high level with low test pulses and for low level with high test pulses.
4.4.3

Safety sub-function SBC

Function and application of SBC
The safety sub-function SBC provides safe output signals for the control of brakes
(holding brakes or clamping units). The brakes are controlled on 2 channels by
switching off the voltage at the following outputs:

–

Safe output BR+/BR– [X6B] for the holding brake of the motor

–

Safe output BR-EXT/GND [X1C] for the external brake/clamping unit

The holding brake and/or clamping unit engage and slow the motor or axis. The
purpose of this is to slow down dangerous movements by mechanical means. The
braking time is dependent on how quickly the brake engages and how high the
energy level is in the system.
The use of just one brake is only possible when performance requirements are
low

Tab. 53 Safety reference data for the safety sub-function SBC. To do this,

connect the brake either to BR+/BR– or to BR-EXT.

NOTICE

If there are suspended loads, they usually drop if SBC is requested simultane-
ously with STO. This can be traced back to the mechanical inertia of the holding
brake or clamping unit and is thus unavoidable. Check whether safety sub-func-
tion SS1 is better suited to your application.

SBC may only be used for holding brakes or clamping units which engage in the
de-energised state. Ensure the lines are protected when installed.
SBC request
The safety sub-function SBC is requested on 2 channels by simultaneously
switching off the control voltage at both control inputs #SBC-A and #SBC-B:

–

The #SBC-A request switches off the power to the signals BR+/BR-.

–

The #SBC-B request switches off the power to the signal BR-EXT.

In the event of a power failure in the logic voltage supply of the servo drive, power
is also cut off to the brake outputs.

SBC feedback via SBA diagnostic contact
The 2-channel switching of the brake is indicated via the SBA output. SBA is
used to report the status of the safety sub-function SBC for diagnostic purposes,
e.g. by reporting it to an external safety relay unit.
The SBA diagnostic output indicates whether the safe status has been reached for
the safety sub-function SBC. It is set if the following two conditions are fulfilled:

–

Switching off of both brake outputs is requested (#SBC-A = #SBC-B = low level)

–

The internal diagnostic functions have determined that there is no internal error
and both brake outputs are de-energised (switched off).

Testing the safety sub-function SBC
Test inputs #SBC-A and #SBC-B separately from each other and together. The
diagnostic feedback may only be set to high level when inputs #SBC-A and
#SBC-B are both requested. If the signal behaviour does not correspond to
expectations, the system must be set to a safe condition within the reaction time.
It is essential that time monitoring be provided in the safety relay unit.
The safety sub-function SBC with feedback via SBA must be tested at least 1x
within the space of 24 h.
•

Test SBA feedback based on the SBC-A and SBC-B level according to the
following table.

#SBC-A (BR+)

#SBC-B (BR-Ext)

SBA

Low level

High level

Low level

High level

Low level

High level

Low level

High level

Low level

Tab. 9: Testing all SBC levels
While you are testing the safety sub-function SBC, discrepancy error detection
may be activated in the CMMT-AS if the test lasts longer than 200 ms. If a corre-
sponding error message is output by the basic unit, you will need to acknowledge
it.
Evaluation of SBA
Recommendation: evaluation with every actuation.
•

Check SBA feedback whenever there is a request.

Requirements for the brake
Requirements for the brake

Manual Safety sub-function

Brake test
•

Check whether a brake test is required. The DGUV information sheet “Gravity-
loaded axis” provides information on this.

4.4.4

Safety sub-function SS1

Together with a suitable safety relay unit, the following can be achieved:

–

Safe stop 1 time controlled (SS1-t/Safe stop 1 time controlled;) triggering of
motor deceleration and, after an application-specific time delay, triggering of
the safety sub-function STO

Safety sub-function SS1

Manual Safety sub-function

4.4.5

Fault exclusion

Put suitable measures in place to prevent faulty wiring:

–

Exclude wiring faults in accordance with EN 61800-5-2

–

Configure the safety relay unit to monitor the outputs of the safety relay unit
and wiring up to the servo drive

4.4.6

Safety relay unit

Use suitable safety relay units with the following characteristics: