Page 1 Safety Manual – Original Instructions IXXAT Safe T100 Product Version 1.x...
Page 2 Fax: +49 751 56146-29 Internet: www.hms-networks.de E-Mail: info-ravensburg@hms-networks.de Support In case of unsolvable problems with this product please contact HMS in written form by: Fax: +49 751 56146-29 E-Mail: support@ixxat.de Further international support contacts can be found on our webpage www.ixxat.com/support...
Page 3: Table Of Contents
1.7 Information on EMC .............. 21 1.8 Product change requests ............. 21 General Description ................22 2.1 Background ................22 2.2 IXXAT Safe T100 ..............22 2.3 The Black Channel Approach ..........24 T100 operation ..................25 3.1 Overview ................25 3.2 Safety Functions ..............
Page 4 3.9 T100 Module identification ........... 60 3.10 Operating states..............61 3.10.1 T100/PS specific states ............61 3.10.2 T100/CS specific states ............63 In-Design ....................65 4.1 Mechanical Specification ............. 65 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 5 5.3.3 Output test ................86 5.3.4 Reset of Output Errors ............88 5.4 Pre-tested configurations ............ 89 5.4.1 PROFIsafe configurations ............89 5.4.1.1 Dual-Channel DI-C ........... 89 5.4.1.2 Dual-Channel DI-S ........... 90 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 6 6.3.1.2 Safety Validator Object (0x3A) ....... 115 6.3.1.2.1 Class Attributes ........115 6.3.1.2.2 Instance Attributes ........ 116 6.3.1.2.3 Services ..........118 6.3.1.3 Safety Discrete Output Point Object (SDOP) (0x3B)119 6.3.1.3.1 Class Attributes ........119 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 7 6.3.4.2 Event-log ..............137 6.3.4.3 Fail-safe errors ............138 6.3.4.4 Configuration data storage errors ......138 6.3.5 Status and diagnostic information ........139 6.3.6 Parameters for Connection Establishment ......140 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 8 Appendix ...................... 152 Safety Integration Rules ..............153 Safety Application Rules ..............157 Applicable Standards ................164 CIP Safety Event and Error Codes ............. 166 Declaration of incorporation ............... 174 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 9: Preface
IXXAT Safe T100 in safety applications. It gives advice on how to integrate the IXXAT Safe T100 into a product with the target to get safe inputs and outputs and connect them to a system using a safety fieldbus such as PROFIsafe or CIP Safety for communication.
Page 10: T100 Safety Precautions
1.1.2 Liability Every care has been taken in the preparation of this manual. Please inform HMS Industrial Networks AB of any inaccuracies or omissions. The data and illustrations found in this document are not binding. We, HMS Industrial Networks AB, reserve the right to modify our products in line with our policy of continuous product development.
Page 11: Intellectual Property Rights
US and other countries. 1.1.4 Trademark Acknowledgements Anybus ® is a registered trademark of HMS Industrial Networks AB. All other trademarks are the property of their respective holders. Warning: This is a class A product according to DIN EN 55022. In...
Page 12: Related And Additional Documents
Anybus Safety Interface Guide SCM-1202- ODVA The CIP Networks Library - Volume 5, CIP Safety Edition 2.14 A list of standards, relevant to this product, can be found in appendix C. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 13: Document History
Integrated Review results of 9.3, TÜV, Clarified SAR-5.4. Appendix Official Released document 2017-07-04 General Correction in T100/PS state diagram and clarification of IDR-4.1. T100/CS with description of CIP Safety specific data added. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 14: Conventions & Terminology
1.2.3 Conventions & Terminology The following conventions are used throughout this manual: • The terms ‘T100’ or ‘module’ refer to the IXXAT Safe T100 in general which describes the safety-protocol independent properties. • The term ‘T100/PS’ refers to the IXXAT Safe T100 module running the PROFIsafe (PS) safety protocol.
Page 15 - Permissions: is allowed need not is not required - Possibility and capability: is able, is possible cannot is not able, is not possible Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 16: Abbreviations
Safety Controller SCID Safety Configuration Identifier SELV Safety Extra Low Voltage Safety Integrity Level T100 IXXAT Safe T100 (generic / protocol independent) T100/CS IXXAT Safe T100 for CIP Safety T100/PS IXXAT Safe T100 for PROFIsafe Test Output TUNID Target Unique Network Identifier...
Page 17 Preface Negative supply voltage; equal to logic ground (GND) potential Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 18: Restrictions
1.3.3 Validity of this Safety Manual This safety manual is valid for the following HMS products: • 1.01.0300.00000, IXXAT Safe T100/PS (Prototype – shall not be used for safety-related applications) • 1.01.0300.00001, IXXAT Safe T100/PS Certified Product Version 1.0: Controller Board V1.3.1...
Page 19: Service And Maintenance
3.5). Please note the regulations for the disposal of electronic equipment after product end of life. 1.3.6 Disclaimer HMS Industrial Networks is not liable and does not provide warranty for damages caused by • violation of safety standards and rules •...
Page 20: Returning Hardware
Preface Returning Hardware If it is necessary to return hardware, please download the relevant RMA form from the home page and follow the instructions on this form. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 21: Ce Pre-Testing
Product change requests Product change requests or any detected product error shall be reported to HMS using the contact form of the support web page under the URL www.ixxat.de/support. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 22: General Description
IXXAT Safe T100 The IXXAT Safe T100 is a pre-certified embedded safety option module which provides device manufacturers with an easy and cost efficient way to integrate conformant safe I/O signals into standard automation devices. It connects via its serial black channel interface to an Anybus CompactCom module.
Page 23 Figure 2-1: Architectural overview of a typical customer safety host device • Safety: The IXXAT Safe T100 is developed in order to be suitable for use in applications up to Category 4 / PL e according to EN ISO 13849- 1 and SIL 3 according to EN 62061 / IEC 61508.
Page 24: The Black Channel Approach
Safe inputs Anybus Safe PLC IXXAT standard Safe T100 Safe outputs comm. Network module module Master Packing/unpacking Black channel the safety container Figure 2-3: Safety container encapsulation Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 25: T100 Operation
T100 deactivates the channel, i.e. set the output to the inactive state or set the status of the input data reported via the safety fieldbus to inactive. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 26: Pinning
The only electrical connectivity between the customer device and the T100 is done using a 30-Pin male connector (see Figure 3-1 and the table below). Pin 30 Pin 1 Figure 3-1: IXXAT Safe T100 Module Pin No. Signal Type Description Name...
Page 27 PWR External connection to EXT_0V ____ Reset (active low signal) Input Output PWR: Power N.C. Not connected External ground connection necessary to exclude undetected direct short-circuit between neighboring connector pins Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 28: Power Supply
A PELV circuit requires protective-separation from all circuits other than SELV/PELV (i.e., all circuits that might carry higher voltages), but it may have connections to other PELV systems and ground. EN 61131-2, table 6 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 29 T100 operation The IXXAT Safe T100 internal power consumption at 24 V does not exceed 1.5 W. Note that a non-resettable fuse limits the T100 internal current to a maximum of 2 A. The digital outputs and the test outputs of the T100 are directly driven from the non-fused 24V SELV/PELV input.
Page 30: Reverse Battery Protection, 24V
Changes to the power supply during runtime are not allowed without explicit re-testing of the overall safety function. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 31: Emc Protection, 24V
EMC levels at the power supply pins of the T100. Si4401DY 1,5 nF Output 10%, 2kV Input BZX84C8V2L SELV/PELV SELV/PELV (protected) 1,5 nF 10%, 2kV Figure 3-3: Complete CDev power supply protection circuits Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 32: Voltage Levels And Power Consumption, Ext_3V3
Parameter Unit Typ. Power supply (3.3 V) DC Current consumption A non-resettable fuse limits the current to a maximum of 50 mA. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 33: Ground Concept
(3, 4, 9, 12, 14, 16, 18, 20, 22, 24, 29) PELV (1, 2) Host Application Protection IXXAT Safe T100 circuits (3.3V) EXT_3V3 (26) EXT_0V (25) 3.3V Figure 3-5: T100 ground concept Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 34: Galvanic Isolation
IEC 61326-3-1. The necessary clamping diodes are already integrated into the T100. There is no need for additional protection circuits at the I/O pins of the T100 module. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 35: Safe Operation
DIL: Digital Input Low This value is not defined by the standard, but can be assumed to be 0 mA due to the reverse current protection Requirement from standard Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 36: Di-C Contact Inputs
PL e Cat. 4 rating. For this reason, the T100 has two test pulse outputs (see section 3.5.2 of this document) which can power up to two different groups of Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 37 T100. The test pulse length shall be configured to a value different than “Always High” (see section 5.2). [PRS_97] Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 38: Di-S Semiconductor Input
DI-S input. [SAR-3.12] Warning: An active sensor, connected to a semiconductor input, must use the same ground level VSS than the IXXAT Safe T100. [IDR-3.14], [SAR-3.13] Warning: If an input is configured as type DI-S,...
Page 39: Digital Input Diagnosis And Safe State
6 ms. In case of an input level change at all 6 safe digital inputs at the same time, the maximum safe application reaction time is 16 ms (approx. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 40: Di Diagnostic Test Interval
The safe digital inputs of the T100 in dual channel mode are equivalent with the reliability block diagrams as shown in Figure 3-8 and Figure 3-6. Figure 3-8: Reliability block diagram of inputs in dual-channel DI-C mode Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 41 COM Interf.: Communication interface (UART) DI-Cx: Digital inputs (contact) of controller x DI-Sx: Digital inputs (semiconductor) of controller x PSU: Power supply unit SCx: Safety Controller TOx: Test output logic Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 42: Test Outputs
0 or “Always High”) in the configuration when using the digital inputs in DI-C mode. [SAR-3.18] Attention: The test output signals are not isolated and use all the same ground potential VSS. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 43 150°C. In case of a TO short to GND parts of the T100 PCB will heat up to 150°C which shall be considered in the design of the overall safety device housing. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 44: Safe Digital Outputs
T100 operation 3.5.3 Safe Digital Outputs The IXXAT Safe T100 has two digital outputs which in combination can be used as one safe output to obtain safety level SIL 3, PL e Cat 4. The module checks the incoming safety telegram. If the telegram is correct, the outputs are set according to the message.
Page 45: Digital Output Diagnosis And Do Diagnostic Test Interval
To detect hardware faults in the digital output section of the T100, the outputs are cyclically disabled when they are in active state. This test pulse length can be configured as described in section 5.3 of this document. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 46: Loss Of Ground At Do
The DO state is controlled by the safety fieldbus protocol. The safe application reaction time for the DOs is therefore defined as the time between receiving a safety telegram on the T100 and setting of the corresponding output. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 47 7.7 ms. [SAR-3.39] Warning: For the T100/CS the maximum time between the reception of a CIP Safety telegram and setting the corresponding safe digital output is 9 ms. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 48: Output Wiring Examples
Figure 3-11 shows a wiring example which is not allowed to be used for SIL 3, PL e Cat. 4 applications SELV/PELV Safety Relay DO1(5,6) DO2 (7,8) IXXAT Safe T100 Module Figure 3-11: Single-channel output wiring Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 49: Reliability Block Diagram
Figure 3-12: Improper connected safety relay 3.5.5 Reliability block diagram Figure 3-13 shows the reliability block diagram of the digital outputs of the T100. Figure 3-13: Reliability block diagram digital output Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 50: Safe State And Reaction Times
T100. In the global fail-safe state: • The IXXAT Safe T100 does not execute safety fieldbus communication such as PROFIsafe or CIP Safety for example. • All DOs are inactive, i.e. high impedance output...
Page 51 See section 6 for more details about the channel specific errors and their protocol specific treatment. The IXXAT Safe T100 leaves the global fail-safe state and resets the microcontrollers only when receiving a reset signal from the host device (pin RST).
Page 52 Invalid pointer 0xA0C6 External reset ADC timeout 0xA151 External reset ADC calibration error 0xA27F External reset PROFIsafe hard error 0xA3E8 External reset Cyclic iPar CRC check error 0xA423 External reset Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 53 Safety fieldbus protocol Safety fieldbus timeout communication restart DO short to VSS or 24V Channel reset command setting output before reactivation DI consistency error Channel reset command Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 54 T100 operation DI-C input errors (external Channel reset short or cross-connections) command Table 3-1: Serial black-channel error codes and error classes Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 55: Hardware Interfaces To Non-Safe Components
For the Rx, Tx and RST pins it is guaranteed that any overvoltage up to 60 VDC will not lead to a safety-critical error of the IXXAT Safe T100. Nevertheless, an Rx signal level above 3.3 V will damage or destroy the serial interface driver of the T100 board permanently.
Page 56: T100 Hardware Reset Conditions
The reset of the T100 becomes active when applying a logic low signal to the RST pin. [HR_282] The IXXAT Safe T100 does not feature any internal reset regulation, which means that the host application is solely responsible for resetting the IXXAT Safe T100.
Page 57: Restart Reset
The restart reset is intended to restart the T100 when it has entered the global fail-safe state. Figure 3-16: Restart reset Parameter Unit Min. Typ. Reset pulse µs width Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 58: Wiring Example
[IDR-3.19] Attention: A 2.2 kOhm pull-up resistor shall be placed on the CDev to the Rx and the Tx signal line. [IDR-3.20] Attention: There shall be a 4.7 kOhm pull-down resistor placed on the CDev to the RST line. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 59: T100 Firmware Update
[IDR-3.21], [SAR-3.33] Warning: Only use officially released and approved T100 firmware files from HMS for the T100 firmware update. Software not approved by HMS can cause damage to the T100 or lead to non-safe behavior of the T100. Approved and released firmware update files are available directly from IXXAT on request (www.ixxat.de/support) together with the corresponding release...
Page 60: T100 Module Identification
0 to 15 Number of dual-channel digital outputs Output 0 to 15 Example: The T100 with 3 dual channel inputs and one dual channel output will have the module identifier 0x0113. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 61: Operating States
This state is subdivided internally into the following states: Wait for F-Address as well as Wait and check F- and I-Parameters. These sub-states are only left if the appropriate data is received and checked successfully. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 62 [ext. Reset / Power OFF/ON] [Application SW with correct CRC available] [Fatal Error] INIT [Self Test Failed] SELFTEST [Fatal Error] PARAM FAIL_SAFE [Reparametrization request Communication loss] [Fatal Error] STOPPED Figure 3-18: T100/PS state-machine Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 63: T100/Cs Specific States
ABORT. This state can only be left by an external reset via RST signal (see 3.7.1). No valid CIP Safety communication ongoing in this state. All DO’s remain in fail-safe or inactive mode. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 64 [from STARTUP, WAIT_TUNID, SELFTEST CONFIG, IDLE, EXECUTING] STARTUP ABORT [Fatal Error from any state] WAIT TUNID FAIL_SAFE CONFIG [from WAIT_TUNID, CONFIG, ABORT, IDLE] WAIT_RESET IDLE EXECUTING Figure 3-19: T100/CS state-machine Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 65: In-Design
4 In-Design Mechanical Specification 4.1.1 T100 dimensions The size of the IXXAT Safe T100 is 70mm x 40mm x 12.6mm. It consists of two stacked PCBs as shown in Figure 4-1. Figure 4-1: T100 dimensions The dimensions shown in Figure 4-1 have a tolerance of +/- 0.1 mm unless otherwise stated.
Page 66: Mounting Recommendations
• 3 mm standoff with integrated M3 thread Example type: Colly SMTSO-M3-3 Host board T100 connector: • 30-Pin, female single row connector with 1.27 mm pitch Example type: Samtec SLM-130-01-L-S Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 67: Clearances
T100 on the base board, there must be at least 3 mm space to any conductive elements on the base board as well. Connecting the mounting points to ground or any other potential is not allowed. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 68: Allowed Mounting Positions
[IDR-4.3]: Attention: If the safety inputs or outputs of the T100 are routed to a user terminal, the provided signals shall be clearly marked according to DIN EN 61310. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 69: Environmental Considerations
[IDR-4.8] Attention: The interface connection between the IXXAT Safe T100 and the Anybus CompactCom module has to be able to handle a data transfer speed of 1020 kbit/s [DR_C_LO_COMM]. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 70: Temperature
4-5 shows the proper location of the temperature sensor to measure the internal environmental temperature of the T100. Note that the temperature sensor shall have an electrical non-conductive surface to avoid damage of the T100 during the tests. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 71: Shock / Vibration
[IDR-4.9] Attention: It must be verified e.g. by test, that under worst case load and mounting position conditions inside the CDev the temperature of the IXXAT Safe T100 is always within the specified limits as listed in Table 4-1. [DR_C_ENV_TEMP], [PRS_481] 4.2.3 Shock / Vibration...
Page 72: Humidity And Pollution Level
[IDR-4.15] Danger: The intrusion protection for the T100 in the end device shall be equal or better than IP 54. 4.2.6 Maximum operation altitude [SAR-4.4] Danger: The maximum operation altitude of 2000m shall not be exceeded. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 73: Emc
(1 s) 150/180 Hz, 10 V continuous Criteria: FS – Fail-Safe Not pre-tested or applicable for the T100 module without CDev Table 4-2: EMC ratings according to EN61326-3-1 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 74 EMC tests of the final CDev with increased test levels in accordance with IEC 61326-3-1 where applicable. Safe functions shall not fail if triggered and the safe state of the outputs shall be kept. [DR_C_ENV_EMC], [PRS_150] Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 75: T100 Radiated Emission
CDev need to be measured and checked to comply with EN 55022 or a higher product norm when applicable. Figure 4-6: Measured radiated emission of the T100 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 76: Configuration And Programming
0 when using CIP Safety. The actual representation and configuration tasks are depending on the configuration tool itself and can therefore not be described in general within this safety manual. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 77: Configuration Of Safety Inputs
SAR-3.13 or IDR-3.14 externally. The type and parameters of the test pulses for the DI-C input settings can be configured as described in section 5.2 of this manual. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 78: Debounce Filter
6 ms + (2 ms * (n - 1)) + t n: number of changed Inputs at a given point of time : Selected debounce filter time extension Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 79 At the time the input signal is physically turned off again, the input debounce filter delays the forwarding of the “off” state to the safety network again. Physical Input High Debounced Signal Figure 5-2: Input debounce filter Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 80: Channel Mode
0: single channel input 1: dual-channel input Note: To achieve SIL 3, PLe Cat 4 rating of the digital inputs the dual-channel mode for the inputs shall be activated. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 81: Consistency Filter
[SAR-5.9] Warning: For a proper operation of the consistency filter, the filter time parameter shall be set to a value which is larger than the input debounce filter time parameter (see section 5.1.3). Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 82: Reset Of Input Errors
ABCC software design guides and network guides (Functional Safety Module Object 0x11). Note that in Dual-Channel mode only the combined safety input value from a channel group can be accessed on the non-safe side. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 83: Configuration Of Test Outputs
Alternatively the test output signal can be set to permanent on (24V) or permanent off (high impedance). High Test Output 1 Test Output 2 High Figure 5-5: Test output signal pulse timings Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 84 1. Modifying TO parameters of input group 2 or 3 will have no effect. [SAR-5.8] Attention: The test pulse duration of 400µs shall be used with an external Test Output load of <= 2 kOhm. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 85: Configuration Of Safety Outputs
T100 outputs at the same time but also faults detected in one channel will lead to a deactivation of the other channel automatically by the T100. Parameter Size Value Output Channel Mode 1 Bit 0: Single Channel 1: Dual-channel Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 86: Enable
* 400µs 11..15 Reserved [SAR-5.6] Warning: Output test pulses are only generated if the output is set active / high. In safe-state (low, high-impedance) no test pulses are generated. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 87 Due to other internal tests of the DO circuits up to three test pulses with a minimum length of 1,2 ms are visible at each output within the overall 1 Hz test repetition frequency. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 88: Reset Of Output Errors
Confirmation” shall be sent via the serial interface from the non-safe communication controller (e.g. ABCC). Conditions and settings for the automatic output error reset using CIP Safety can be found in section 6.3.4.1. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 89: Pre-Tested Configurations
CH5/6: Input Consistency Filter Time (400us steps) CH1/2: Output Enabled Enable CH1/2: Output Channel Mode Dual Channel CH1/2: Output Reset Type Manual CH1/2: Output Test Offset (extension) No Offset iPar CRC 0x3807E28D Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 90: Dual-Channel Di-S
CH5/6: Input Consistency Filter Time (400us steps) CH1/2: Output Enabled Enable CH1/2: Output Channel Mode Dual Channel CH1/2: Output Reset Type Manual CH1/2: Output Test Offset (extension) No Offset iPar CRC 0x72245A9D Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 91: Mixed Di-C Dual/Single Channel
CH5/6: Input Consistency Filter Time (400us steps) CH1/2: Output Enabled Enable CH1/2: Output Channel Mode Dual Channel CH1/2: Output Reset Type Manual CH1/2: Output Test Offset (extension) iPar CRC 0x35B02548 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 92: Cip Safety Configurations
General: Latch Input Error Time (16 Bit, milliseconds) 1000 General: Latch Output Error Time Bit, milliseconds) 1000 Safety Configuration CRC (SCCRC) 0x18012D7A Safety Configuration Time Stamp (SCTS) See section 6.3.2.4 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 93: Dual-Channel Di-S
General: Latch Input Error Time (16 Bit, milliseconds) 1000 General: Latch Output Error Time Bit, milliseconds) 1000 Safety Configuration CRC (SCCRC) 0xDA6A8D34 Safety Configuration Time Stamp (SCTS) See section 6.3.2.4 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 94: Mixed Di-C Dual/Single Channel
General: Latch Input Error Time (16 Bit, milliseconds) 1000 General: Latch Output Error Time (16 Bit, milliseconds) 1000 Safety Configuration CRC (SCCRC) 0x31207F68 Safety Configuration Time Stamp (SCTS) See section 6.3.2.4 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 95: Safety Fieldbus Communication
Processing of Safe IN and OUT control Data Protocol Stack(s) e.g. PROFINET or EtherNet/IP + TCP/IP Network MAC Media Access Controller e.g. Ethernet Figure 6-1: Block diagram of Anybus CompactCom and T100 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 96: Profisafe
T100/PS and its non-safe communication controller (e.g. ABCC running PROFINET) T100/PS configuration check and CRC calculation tool is invoked (see section 6.2.1.4). The tool checks the proper configured values Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 97: F-Parameter Setup
1 .. 2 iParameter set by a configuration tool for example F-Parameter 16 Bit 0 .. 65535 F-Parameter CRC is build across the above F-Parameter values by the engineering tool Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 98: F-Address
Missing update of iParameter CRC within the F-Parameter data block after changes in the iParameter set. iParameter CRC contains the main SW revision of the T100/PS firmware. In case of incompatible configuration values with future Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 99: Iparameter Setup
[SC_100, DR_C_CFG_DEF] Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 100 TO always on Reserved 1 Bit Input Debounce 8 Bit Debounce filter time in 400µs steps filter time 0 .. 255 Input 16 Bit Consistency check time in dual- Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 101 1: dual-channel 0: manual Reset Type 1 Bit 1: automatic - not supported Reserved 1 Bit Output Test Output test pulse length in x*400µs 4 Bit Offset 0 .. 10 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 102: Gsd File
<Ref ValueItemTarget="V_ID_T100_INTYPE" ByteOffset="6" DataType="Bit" BitOffset="2" DefaultValue="1" TextId="T_ID_T100_3DIN1DOUT_IN_2_TYPE"/> <Ref ValueItemTarget="V_ID_T100_IN_RES_TYPE" ByteOffset="6" DataType="Bit" BitOffset="3" DefaultValue="0" TextId="T_ID_T100_3DIN1DOUT_IN_2_RES_TYPE"/> <Ref ValueItemTarget="V_ID_T100_IN_TEST_OUT" DataType="BitArea" ByteOffset="6" BitOffset="4" BitLength="3" DefaultValue="0" AllowedValues="0..7" Changeable="true" Visible="true" TextId="T_ID_T100_3DIN1DOUT_IN_2_TEST_OUT"/> <Ref DataType="Unsigned8" ByteOffset="7" DefaultValue="0" AllowedValues="0..255" TextId="T_ID_T100_3DIN1DOUT_IN_2_CONS_DEBOUNCE"/> Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 103 <F_Check_iPar DefaultValue="NoCheck" Visible="false" Changeable="false"/> <F_SIL DefaultValue="SIL2" AllowedValues="SIL2 SIL3" Visible="true" Changeable="true"/> <F_CRC_Length DefaultValue="3-Byte-CRC" Visible="true"/> <F_Block_ID DefaultValue="1" AllowedValues="1" Changeable="false"/> <F_Par_Version/> <F_Source_Add AllowedValues="1..65534"/> <F_Dest_Add AllowedValues="1..65534"/> <F_WD_Time DefaultValue="150" AllowedValues="20..10000"/> <F_Par_CRC DefaultValue="25685"/> <F_iPar_CRC DefaultValue="66651370"/> </F_ParameterRecordDataItem> </RecordDataList> Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 104: Iparameter Crc Calculation Tool
0x0F 6.2.2 F-Data exchange The IXXAT Safe T100/PS checks the digital inputs. If they are active and no error has been detected, the status “active” will be reported via a PROFIsafe telegram. If any error is detected, T100/PS reports the input as “inactive” via PROFIsafe.
Page 105: Input Process Image
Note, that the input- and output channel qualifiers are operated individually, i.e. the qualifiers show the error state only for the corresponding channel or channel group. Other channels may still operate correctly. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 106 Input channel normal operation. DI_x reflects physical input value QDO_x Output channel status “error”. DO_x is set to safe state / inactive Output channel normal operation. DO_x set/cleared via safety fieldbus protocol Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 107: Output Process Image
(safe state, low) Output channel active (high) ERDI_x Input channel error reset requested Input channel error reset requested ERDO_x Output channel error reset requested Output channel error reset requested Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 108 In this case, the outputs are all reset to their safe value (i.e. turned off). The safe outputs are reset to the safe state whenever the output provider status is set to “Bad”. Refer to the PROFIsafe profile specification for more details. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 109: Error Handling
T100/PS stops Expected cyclic protocol Error PROFIsafe data PROFIsafe message did Watchdog transmission not arrive (in time). expired and waits for restart PROFIsafe reception Table 6-1: PROFIsafe specific errors Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 110: T100/Ps Temperature Sensor Data Access
After replacement a re-testing and re-validation of all safety functions of the CDev is necessary. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 111: Profisafe Certification
PROFIsafe parts of the CDev are tested to comply with the PROFINET and PROFIsafe standards. [SAR-6.5] Attention: Any CDev using the T100/PS shall be tested for PROFINET and PROFIsafe compliance by an accredited test lab. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 112: Cip Safety
2: Idle 3: Self-test exception 4: Executing 5: Abort 6: Critical Fault 7: Configuring 8: Waiting for TUNID Exception BYTE Indicates status Status alarms and warnings for the device. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 113 Propose_TUNID / Apply_TUNID). also section 6.3.2.1. Output Struct of: Connection Point Owners Number UINT Number of OCPUNID struct Array Entries entries (1) Output Array of Owner Struct of: Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 114 The path to the owned resource (20 04 25 00 03) Resource (Assembly Instance 0x300) Proposed 10 octets The UNID value that an TUNID originator/tool is attempting to set in the device. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 115: Services
Access Name Data Type Description Rule Revision UINT Revision Safety Validator Object Class Definition. Safety UINT Diagnostic Counter that is a Connection running count Safety Fault Connection Faults Count Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 116: Instance Attributes
Minimum number of 128 UINT uSec increments it could Multiplier take Time Coordination Message to traverse from the consumer to the producer (0 – 7813) Network Struct of: Time Expectation Multiplier Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 117 Packed Points to the application data attached to this safety Data Path EPATH connection Error Code UINT Reason for error within this instance Producer Struct of: Consumer Fault Counters Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 118: Services
Class Instance Service Name Description Code 0x0E Get_Attribute_Single Used read specified attribute value 0x10 Set_Attribute_Single Used write specified attribute value 0x4B Reset error Used reset class attribute counters instances Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 119: Safety Discrete Output Point Object (Sdop) (0X3B)119
This behavior is due to the cyclic output test pulses which are generated asynchronously to the explicit message requests and which are not filtered out by the T100/CS firmware. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 120: Services
Status (0 = alarm, 1 = ok) Safety BOOL Input point value after safety Input and on/off delay evaluation. Logical (0 = off, 1 = on) Value 6.3.1.4.3 Services Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 121: Safety Discrete Input Group Object (Sdig) (0X3E)
Safety Status correctly in case the inputs are configured as single- channel. 6.3.1.5.3 Services Service Class Instance Service Name Description Code 0x0E Get_Attribute_Single Used read specified attribute value Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 122: Safety Dual Channel Output Object (Sdco) (0X3F)122
Channel safety output pair. Mode (0 = single channel, 1 = dual channel) 6.3.1.6.3 Services Service Class Instance Service Name Description Code 0x0E Get_Attribute_Single Used read specified attribute value Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 123: Diagnostic Object (0X64)
See section 6.3.5 data flash blocks Highest USINT See section 6.3.5 Time Slice 6.3.1.7.3 Services Service Class Instance Service Name Description Code 0x0E Get_Attribute_Single Used read specified attribute value Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 124: Failure Code Object (0X65)
A list of fail-safe error codes can be found in Table 3-1 and Appendix D. Attribute Access Name Data Type Description Rule Failure UINT All attribute values of this Code (fail- object are stored in NV safe) memory. controller Additional UDINT Info controller Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 125: Services
Safety fieldbus communication Failure UINT Code (fail- safe) other controller Additional UDINT Info other controller 6.3.1.8.3 Services Service Class Instance Service Name Description Code 0x0E Get_Attribute_Single Used read specified attribute value Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 126: Cip Safety Configuration Sequence
T100/CS. The first time an Originator is opening a safety data connection (in which the T100/CS is the consumer of safety data) to a newly configured T100/CS device, the Originator unique Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 127 WAIT_TUNID, SELFTEST CONFIG, IDLE, EXECUTING] STARTUP ABORT [Fatal Error from any state] WAIT TUNID FAIL_SAFE CONFIG [from WAIT_TUNID, CONFIG, ABORT, IDLE] WAIT_RESET IDLE EXECUTING Figure 6-3: T100/CS state machine Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 128: Reset Services
Safety Supervisor Object Attributes “Alarm Enable” and “Warning Enable” After the defined reset actions are executed the T100/CS enters the WAIT_RESET state which can only be left by an external reset via signal line RST. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 129: Configuration Data String
Debounce filter time in 400µs steps 0..255 Input Consistency filter time 16 Bit Consistency check time in dual- channel mode given in x*400µs 0: consistency check deactivated 1..216 : x*400µs Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 130 Input Consistency filter time 16 Bit Consistency check time in dual- channel mode given in x*400µs 0: consistency check deactivated 1..216 : x*400µs Output 1,2 Enabled 1 Bit 0: disabled Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 131: Scid Calculation
The Safety Configuration Time Stamp (SCTS) is also part of the identity of the safety configuration data and can be freely assigned by the configuration tool with respect to the format given by the CIP Volume 5 within FRS161. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 132: Safety Data Exchange
The T100/CS input and output data, as well as the Safety Status (qualifier bits), can be accessed in a non-safe way for reading by e.g. the local non-safe CDev host processor via AIC or in general via EtherNet/IP explicit message requests. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 133: Safe Input Data
Note, that the input- and output channel status bits are operated individually, i.e. the qualifiers show the error state only for the corresponding channel or channel group. Other channels may still operate correctly. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 134 [SAR-6.6] Danger: Status-Bits (SDI_x or SDO_x) reported by the T100/CS via CIP Safety messages shall not be used to trigger the safety function of a device or system. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 135: Safe Output Data
The T100/CS outputs can only be operated via the CIP Safety protocol in the EXECUTING state. In all other states the safe outputs are kept in the fail-safe (inactive) state. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 136: Error Handling
T100/CS. Non fail-safe errors are stored in a volatile event log buffer which can be accessed via AIC commands (see message “GetStatus” in HMS document SCM-1202-024). This event log buffer holds the last four error messages (see section 6.3.4.2).
Page 137: Event-Log
0x0319 Unexpected or invalid state transition (wait for config state) 0x031C Unexpected or invalid state transition (invalid config state) 0x031F Unexpected or invalid state transition (wait for TUNID state) Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 138: Fail-Safe Errors
260000 times before end of life. Due to the safe storage of the flash configuration data (CRC and redundant storage), the T100/CS will enter the fail-safe state in case of a flash error. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 139: Status And Diagnostic Information
[SAR-6.7] Warning: The T100/CS internal temperature can only be read out via non-safe explicit message services and shall therefore not be used to control any safe action on the safety controller side. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 140: Parameters For Connection Establishment
6.3.2.4 (Type 2a SafetyOpen) 2b: SCID = 0 Max_Consumer_Number 1 (single-cast) Safety Reset Type 0 Type 1 Parameter Size Unit Typ. RPI (Requested Packet Interval) 32 Bit 1000 Timeout Multiplier 8 Bit Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 141: Led Signaling
LED driver for these status LEDs. Instead, the T100/CS uses AIC messages to send the CIP Safety LED pattern change information to the EtherNet/IP interface whenever the T100/CS changes a MS or NS relevant state. See HMS document “Anybus Interface Guide, SCM-1202-024” section 8.9 for more details. 6.3.8 Device replacement At every startup the Originator as well as the T100/CS itself check the parameter set.
Page 142: Requirements For The End User Manual
Only then can SCIDs from the target be confirmed. [SRS44], [FWTS_2141_7] Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 143 Time & Date of the configuration creation or change [FRS161], [FWTS_2112_14] [SAR-6.28] Warning: The configuration software shall follow the CIP defined Date and Time format (IEC 1131-3) for setting the signature [FRS162], [FWTS_2141_4], [FWTS_2112_14] Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 144: Requirements For The End Device (Cdev)
[FRS14], [FWTS_2141_4] [The physical address is not clearly defined in CIP Vol.5 for EtherNet/IP- based devices. It can be interpreted as being the device’s MAC address.] Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 145: Cip Safety Certification
CIP Safety parts of the CDev are tested to comply with the EtherNet/IP and CIP Safety standards. [SAR-6.24] Attention: Any CDev using the T100/CS shall be tested for EtherNet/IP and CIP Safety compliance by an accredited test lab. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 146: Re-Certification Steps
(e.g. ESD tests with increased levels according to IEC 61131). 6. Do the non-safe and safe fieldbus compliance tests and provide the test results to the certification authority. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 147 CDev especially regarding the safety function. It must be approved by tests that under all valid operating conditions of the CDev the safety functions are not degraded. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 148: Characteristics
- Dual-Channel input DI-C 2.44 * 10 - Dual-Channel Output 2.46 * 10 - Single-Channel input DI-S 4.47 * 10 - Single-Channel Output 1.89 * 10 Diagnostic Coverage DC > 90% Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 149 - Dual-Channel input DI-S 99.60 % - Dual-Channel input DI-C 99.60 % - Dual-Channel Output 99.63 % - Single channel input DI-S 99.67 % - Single-Channel Output 79.78 % Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 150: Compliance
Under preparation. IEC 61508 and EN ISO 13849 The IXXAT Safe T100 is considered to be a component for embedded applications. Thus it is certified as a compliant item type B according to IEC 61508. However, the IXXAT Safe T100 is designed in accordance to IEC 61508 SIL 3 and EN ISO 13849-1:2008 Cat.
Page 151: Fieldbus Compliance
ODVA test lab as part of a sample device. RoHS All components of the IXXAT Safe T100 are RoHS compliant. EMC measurements were done with the T100 in accordance with the increased test levels for functional safety devices given by EN 61326-3-1 (see section 4.2.7).
Page 152: Appendix
Appendix Appendix Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 153: A Safety Integration Rules
Signal VSS. The ground VSS is not supplied to the output loads by the T100, i.e. the inputs and outputs must be connected with low impedance externally to the VSS ground level. [SC_406], [HR_225] Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 154 CDev regarding external sensors and cabling shall be considered as well. [IDR-3.14] Warning: If an input is configured as type DI-S, the following failures cannot be detected by the IXXAT Safe T100 [DR_I_DIS], [SC_319, SC_320, SC_321]: - external short over sensor...
Page 155 Appendix [IDR-3.21] Warning: Only use officially released and approved T100 firmware files from HMS for the T100 firmware update. Software not approved by HMS can cause damage to the T100 or lead to non-safe behavior of the T100. [IDR-4.1] Warning: The minimum clearance around the T100 should be 3 mm.
Page 156 Appendix IXXAT Safe T100 is always within the specified limits as listed in Table 4-1. [DR_C_ENV_TEMP], [PRS_481] [IDR-4.12] Warning: The vibration and shock limits of the final host device shall not exceed the values given in section 4.2.3 of this safety manual [PRS_345].
Page 157: B Safety Application Rules
[SAR-1.2] Danger: No repair or modification of the T100 is allowed. [SAR-1.3] Danger: Safety critical T100 failures which do not lead to the safe state shall be reported to HMS/IXXAT immediately (see section 1.4). [SAR-3.1] Attention: There is no galvanic isolation between the digital inputs, the digital outputs and the T100 board electronic itself.
Page 158 “Always High” (see section 5.2). [PRS_97] [SAR-3.12] Warning: An active sensor, connected to a semiconductor input, must use the same ground level VSS than the IXXAT Safe T100. [SAR-3.13] Warning: If an input is configured as type DI-S, the following...
Page 159 [SAR-3.33] Warning: Only use officially released and approved T100 firmware files from HMS for the T100 firmware update. Software not approved by HMS can cause damage to the T100 or lead to non-safe behavior of the T100. Copyright HMS TC Ravensburg GmbH...
Page 160 [SAR-3.34] Attention: Updated T100 modules shall be tracked or clearly marked by the integrator or end-user to indicate modules with a firmware version different to the one originally shipped by HMS. [SAR-3.35] Warning: After a proper firmware update the safety function shall be checked by the integrator or end-user and documented properly.
Page 161 Safety controller side. [SAR-6.5] Attention: Any CDev using the T100/PS shall be tested for PROFINET and PROFIsafe compliance by an accredited test lab. Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 162 [SAR-6.17] Warning: The user shall be instructed in the safety manual to test safety connection configurations after they are applied in an originator to confirm target connection operating intended. [SRS92], [FWTS_2141_7] Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 163 Date and Time format (IEC 1131-3) for setting the signature [FRS162], [FWTS_2141_4], [FWTS_2112_14] [SAR-6.29] Attention: Each safety device shall have a single physical address that is unique on the devices network segment. [FRS14], [FWTS_2141_4] Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 164: C Applicable Standards
IEC 61000-6-4:2011 Generic standards – Emission standard for industrial environments IEC 61784-3-3 Industrial communication networks – Profiles – Part 3-3: Functional safety fieldbuses – Additional specifications for CPF 3 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 165 IEC 60068-2-27:2008 Environmental Testing - Part 2-27: Tests – Test Ea and guidance: Shock IEC 60068-2-30:2005 Environmental Testing - Part 2-30: Tests – Test Db: Damp heat, cyclic (12 h + 12 h cycle) Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 166: Dcip Safety Event And Error Codes
SafetyOpen checks: Ping Interval EPI mutliplier (0) not within valid range 0x23A5 SafetyOpen checks: Ping_Count_Interval greater than 100 seconds 0x23A6 SafetyOpen checks: Time Coordination Message Min Multiplier (0) greater than 7813 Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 167 SafetyOpen checks: received request is for Extended Format, but this is not supported 0x23D3 SafetyOpen checks: Initial TimeStamp or Initial Rollover Value is invalid (Target Singlecast Consumer) 0x23D4 SafetyOpen checks: Electronic Key contains wildcard: Product Code or Vendor ID Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 168 Failed to join another Consumer: RPI mismatch (CnxnPoint=0) 0x2724 Failed to join another Consumer: Max Consumer Number mismatch (CnxnPoint=0 MaxConsNum=0) 0x2725 Failed to join another Consumer: Ping_Interval_EPI_Multiplier mismatch (CnxnPoint=0 MaxConsNum=0) Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 169 Safety Message Check: Time Correction message Mcast_Byte_2 check error (inst=0) 0x2837 Safety Message Check: Time Correction message Multi_Cast_Active_Idle transitioned to idle (inst=0) 0x2838 Safety Message Check: Time Correction message CRC mismatch (inst=0 expected=0) Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 170 Invalid CCO index detected when trying to get a pointer to Attribute Group2 data (inst=0) 0xF120 Invalid CCO index detected when setting Attribute Group3 data (inst=0) 0xF121 Invalid CCO index detected when trying to get a pointer to Attribute Group3 data (inst=0) Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 171 (0) 0xF176 IXCCO_SetSafeValues() was called with an Output Assembly Instance, but Outputs are not supported (0) 0xF179 Detected an invalid/unsupported message format when calculating CPCRC of one instance (0) Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 172 Invalid Byte - Index detected while trying to set Safe Values in the Consume PI (0) 0xF213 Invalid data length detected while trying to set Safe Values in the Consume PI (0) Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 173 Invalid data length detected while trying to set Safe Values in the Produce PI (0) 0xF216 Check of Consumed Process Image Pointer against stored inverted pointer detected a corruption 0xF217 Check of Produced Process Image Pointer against stored inverted pointer detected a corruption Copyright HMS TC Ravensburg GmbH IXXAT Safe T100 Manual, Version 3.1...
Page 174: E Declaration Of Incorporation
Machinery Directive 2006/42/EC has been approved. HMS Industrial Networks AB, Stationsgatan 37, SE-30250 Halmstad represented by its subsidiary HMS Technology Center Ravensburg GmbH in Helmut-Vetter-Strasse D-88213 Ravensburg...

HMS IXXAT Safe T100 Safety Manual–Original Instructions

1 Preface

2 General Description

3 T100 Operation

4 In-Design

5 Configuration and Programming

6 Safety Fieldbus Communication

7 Re-Certification Steps

8 Characteristics

9 Compliance

Appendix

Quick Links

Need help?

Questions and answers

Related Manuals for HMS IXXAT Safe T100

Summary of Contents for HMS IXXAT Safe T100

Table of Contents