1. Manuals
  2. Brands
  3. Allen-Bradley Manuals
  4. Controller
  5. GuardPLC 1754
  6. Safety reference manual

Allen-Bradley GuardPLC 1754 Safety Reference Manual

Controller systems
Hide thumbs Also See for GuardPLC 1754:
Table of Contents

Advertisement

Quick Links

Download this manual
GuardPLC Controller Systems
Safety Reference Manual
1753, 1754, and 1755
(Catalog Numbers
)
Allen-Bradley Parts

Advertisement

Table of Contents
loading

Related Manuals for Allen-Bradley GuardPLC 1754

Summary of Contents for Allen-Bradley GuardPLC 1754

  • Page 1 GuardPLC Controller Systems Safety Reference Manual 1753, 1754, and 1755 (Catalog Numbers Allen-Bradley Parts...
  • Page 2 BURN HAZARD surfaces may reach dangerous temperatures. Rockwell Automation, Allen-Bradley, TechConnect, GuardPLC, CompactBlock Guard I/O, ArmorBlock Guard I/O, RSNetWorx for DeviceNet, RSLogix Guard PLUS!, and RSLinx are trademarks of Rockwell Automation, Inc. Trademarks not belonging to Rockwell Automation are property of their respective companies.
  • Page 3 To help you find new and updated information in this release of the manual, we have included change bars as shown to the right of this paragraph. We removed all references to 1791DS products, and updated the list of additional resources on page Allen-Bradley Parts 3Publication 1753-RM002C-EN-P - September 2008...

  • Page 4: Publication 1753-Rm002C-En-P - September

    Summary of Changes Publication 1753-RM002C-EN-P - September 2008...

  • Page 5: Table Of Contents

    Safety Lock with Password Protection ....60 Allen-Bradley Parts Error Reaction........61...
  • Page 6 Table of Contents Status Indicators ....... . . 62 Reaction Times ........63 Connection Status .
  • Page 7 ..........111 Index Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 8 Table of Contents Publication 1753-RM002C-EN-P - September 2008...

  • Page 9: Purpose Of This Manual

    SIL 3 according to IEC 61508, and applications up to and including Category (CAT) 4, according to EN954-1. You must read and understand the safety concepts and IMPORTANT requirements presented in this manual prior to operating a GuardPLC controller-based safety system. Allen-Bradley Parts 9Publication 1753-RM002C-EN-P - September 2008...

  • Page 10: List Of Abbreviations

    Preface List of Abbreviations The following table defines terms or abbreviations used in this manual. Term Definition 1oo2 One Out of Two Safety Architecture. Consists of 2 channels connected in parallel, such that either channel can process the safety function. Thus, a dangerous failure would have to occur in both channels before a safety function failed on demand 2oo3...

  • Page 11: Additional Resources

    ArmorBlock Guard I/O DeviceNet Installation Instructions, publication Installing ArmorBlock Guard I/O modules on DeviceNet networks 1732DS-IN001 Industrial Automation Wiring and Grounding Guidelines, publication In-depth information on grounding and wiring Allen-Bradley 1770-4.1 programmable controllers Application Considerations for Solid-State Controls, publication A description of important differences between solid-state SGI-1.1...
  • Page 12 Preface Publication 1753-RM002C-EN-P - September 2008...

  • Page 13: Chapter 1

    GuardPLC 2000 Controller 1755-HSC GuardPLC 2000 High-Speed Counter Module 1755-IB24XOB16 GuardPLC 2000 Digital I/O Module 1755-IF8 GuardPLC 2000 Analog Input Module 1755-OF8 GuardPLC 2000 Analog Output Module 1755-PB720 GuardPLC 2000 Power Supply Module Allen-Bradley Parts 13Publication 1753-RM002C-EN-P - September 2008...

  • Page 14: Certification

    For a listing of TÜV certified product and software versions, refer to: http://www.rockwellautomation.com/products/certification/safety/ Introduction to Safety The Programmable Electronic System (PES) for the Allen-Bradley GuardPLC system is safety-related, based on the 1oo2 microprocessor structure for one central module. These controllers are safety-related up to and including Safety Integrated Level (SIL) 3 according to IEC 61508 and category 3,4 according to EN 954-1.
  • Page 15 Controllers GuardPLC 1800 14.58 5.460105E-05 5.665043E-09 Controllers GuardPLC 2000 SIL-certified MTTF (in years) Module IEC 61508 Chassis 704.66 4.195800E-06 8.10000E-11 44.03 4.884170E-05 4.36713E-09 73.12 1.746768E-05 4.14836E-09 45.33 5.993297E-05 3.28725E-09 IB24XOB16 34.28 3.710908E-05 1.09636E-09 Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 16 Chapter 1 Safety Concept for GuardPLC Controllers and GuardPLC I/O GuardPLC I/O SIL-Certified MTTF (in years) Module IEC 61508 45.02 3.684285E-05 2.772601E-09 1753-IB16 15.22 3.625669E-05 3.902687E-09 1753-OB16 20.48 5.107536E-05 4.247003E-09 1753-IB20XOB8 19.02 4.603845E-05 6.581646E-09 1753-IB8XOB8 12.38 6.655234E-05 6.189071E-09 1753-IB16XOB8 35.01 8.575442E-05 5.159597E-09 1753-IF8XOF4...

  • Page 17: Safety Requirements

    However, they cannot be used to carry out safety tasks. • Use the closed-circuit current principle in all external safety circuits connected to the system. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 18 Chapter 1 Safety Concept for GuardPLC Controllers and GuardPLC I/O Product Dependent Only equipment that can be safely isolated from the main power should be connected to the system. The safe electrical isolation of the power supply must take place in the 24V DC power supply.
  • Page 19 Maintenance Override document from the TÜV Homepage: http://www.tuv-fs.com (TÜV Rheinland). If necessary, the operator must consult the acceptance department responsible for the application to determine the administrative requirements to provide access protection for the system. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 20: Safety Times

    Chapter 1 Safety Concept for GuardPLC Controllers and GuardPLC I/O Safety Times Individual errors that may lead to a dangerous operating condition are detected by the self-tests and trigger defined error reactions which transfer the faulty modules into the Safety state within the safety time of the PES.
  • Page 21 PES. The maximum permitted value is 5000 ms. The default setting for controllers is 50 ms. The default for distributed GuardPLC I/O modules is 10 ms. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 22 Chapter 1 Safety Concept for GuardPLC Controllers and GuardPLC I/O Notes: Publication 1753-RM002C-EN-P - September 2008...

  • Page 23: Chapter Introduction

    In addition, it must fulfill the requirements of IEC 61131-2 and SELV (Safety Extra Low Voltage) or PELV (Protective Extra Low Voltage). Allen-Bradley Parts 23Publication 1753-RM002C-EN-P - September 2008...

  • Page 24: Functional Description Of The Central Processing Unit

    Chapter 2 GuardPLC Central Functions Functional Description of The central processing unit of the GuardPLC controllers consists of the following function blocks. the Central Processing Unit Display of the Function Blocks (Using GuardPLC 2000 Controller) Ethernet Switch μP Module Buffered SRAM μP1 μP2...

  • Page 25: Self-Test Routines

    The watchdog is switched off if it is not triggered by the two CPUs within a defined time window. The same applies if the test of the hardware comparators fails. A separate test determines whether the watchdog signal is able to switch off. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 26: Guardplc Controllers And I/O Modules Error Diagnostics

    Chapter 2 GuardPLC Central Functions Test of the I/O Bus Within the System The connection between the CPU and the related I/O points or I/O modules is checked. Reactions to Detected Errors in the CPU A hardware comparator within the central area constantly compares whether the data of microprocessor system 1 are identical to the data of microprocessor system 2.

  • Page 27: Chapter Introduction

    This chapter gives information about GuardPLC controllers and GuardPLC I/O module input channels. Topic Page Overview General Information on GuardPLC Safety Input Modules Safety of Sensors, Encoders, and Transmitters Digital Inputs Analog Inputs Counter Module Checklist for Safety Inputs Allen-Bradley Parts 27Publication 1753-RM002C-EN-P - September 2008...

  • Page 28: Overview

    Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Overview See the table below for an overview of GuardPLC controller input capabilities. Capabilities Controller/Module Type Quantity Safety- Electrically Related Isolated Digital Input — GuardPLC 1200 Controller 24-bit Counter — GuardPLC 1600 Controller Digital Input —...

  • Page 29: General Information On Guardplc Safety Input Modules

    The digital inputs are read once in every cycle and values are stored internally. The inputs are tested cyclically for safety function. Input signals, whose pulse width is shorter than two times the scan time, are not processed. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 30 Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Test Routines The online test routines perform a walking input test to check whether the input channels are able, independent of the pending input signals, to make a through-connection of both signal levels (L- and H- signal).
  • Page 31 GuardPLC 1800 controllers. In addition, digital outputs are connected to the digital inputs of the same system, as shown in Emergency Off Switches on page Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 32 Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Emergency Off Switches Emergency Emergency OFF 1 OFF 2 The digital outputs DO1 and DO2 are pulsed (T1 and T2 below). As a result, the connections to the digital inputs are monitored. The signals for the pulsed outputs must begin at DO1(01) and must be directly sequential.

  • Page 33: Analog Inputs

    By external 250 Ω shunt. By external 500 Ω shunt. Accuracy is the guaranteed accuracy of the analog input without error reaction of the module. This value must be considered when safety functions are configured. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 34 Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels The 1755-IF8 (AI module) can be configured as either eight single-ended channels or four differential channels. No mixing is allowed. The following input values are possible: Input Values Number of Polarity Current/Voltage Value Range In...
  • Page 35 The analog input value must be interlocked with this status information, allowing you to program additional fault handling in the applications and provide a means for evaluating the external wiring of the inputs. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 36: Counter Module

    Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Block Diagram of Analog Inputs of the 1755-IF8 Analog Input Module 8 channels 12-bit resolution Logic Logic 42925 I/O Bus The illustration above does not represent the specifications of the related module.
  • Page 37 The respective channel status signal must be considered. You can configure an error reaction in the logic and trigger it the with the channel status signal. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 38: Checklist For Safety Inputs

    Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Example Block Diagram of Counter Inputs (Using 1755-HSC Module of the GuardPLC 2000 System) I/O Bus Counter channel 2 Counter channel 1 Internal Logic & & 4 channels This display does not represent the specifications of the related module.
  • Page 39 Is this input a counter? Function: Pulse counter? Function: Encoder (Gray code)? Has a safety encoder/sensor been provided for this input? Is the error message processed in the application program? [VALUE=0] and [CHANNEL STATUS≠0] Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 40 Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Publication 1753-RM002C-EN-P - September 2008...

  • Page 41: Chapter Introduction

    General Safety Information On GuardPLC Safety Outputs Digital Outputs for Non-relay Output Modules Safety-related 2-pole Digital Outputs Relay Outputs in the 1753-OW8 Module Analog Outputs in the 1753-IF8XOF4 Analog Outputs in the 1755-OF8 Module Checklist for Safety Outputs Allen-Bradley Parts 41Publication 1753-RM002C-EN-P - September 2008...

  • Page 42: Overview Of Guardplc Output Modules

    Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels Overview of GuardPLC See the table below for an overview of GuardPLC output capabilities. Output Modules Output Capabilities Controller/Module Type Quantity Safety- Electrically Related Isolated GuardPLC 1200 Digital Output — GuardPLC 1600 Controller Digital Output —...

  • Page 43: Digital Outputs For Non-Relay Output Modules

    0 signal is 2V. The diodes provided prevent feedback of signals. • Check the integrated double-safety switches. • Low supply voltage protection. If the supply voltage drops below 13V, you cannot turn on any outputs. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 44 Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels • Digital outputs are turned off for a maximum of 200 μs each (200 x 10E-6 s) at a minimum interval of 20 seconds. Reaction To Error The following conditions may occur as a result of errors. Faults If an output fault is detected, the affected output of the module is set to a safety, de-energized state via the safety switches.

  • Page 45: Safety-Related 2-Pole Digital Outputs

    1-pole / 2-pole Connection The digital outputs can be configured as follows: • Digital output with 2-pole connection with line monitoring • Digital output with 2-pole connection without line monitoring Allen-Bradley Parts • 1-pole positive-switching digital output (DO+) Publication 1753-RM002C-EN-P - September 2008...
  • Page 46 Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels • 1-pole negative-switching digital output (DO-) 2-pole Connection The status signal of the line monitoring must be used to switch ATTENTION off the outputs (DO+, DO-) in case of a fault for EN 954-1 Cat. 4 applications.
  • Page 47 2-pole Digital Outputs in 1753-IB8XOB8 and 1753-IB16XOB8 Modules 2-pole Output Logic & & DO1+ Current Limiter DOx+ Connection to an I/O Logic & & Current Limiter DO1- DOx- (1) switch only on 1753-IB8XOB8 Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 48: Relay Outputs In The 1753-Ow8 Module

    Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels Relay Outputs in the The information in this section applies to the relay outputs of the 1753-OW8 module. 1753-OW8 Module Test Routines The modules are automatically tested during operation. These are the essential test functions.

  • Page 49: Analog Outputs In The 1753-If8Xof4

    Safety (0) state via the safety switches in accordance with the closed-circuit principle. This is also indicated by the FAULT diagnostic LED indicator. The error code signal enables you to provide additional fault handling in the application program. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 50: Analog Outputs In The 1755-Of8 Module

    Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels Analog Outputs in the The information in this section applies to the analog outputs of the 1753-OF8 module. 1755-OF8 Module General The analog outputs on the 1755-OF8 GuardPLC 2000 (AB-AO) module are written once per cycle and stored internally.
  • Page 51 8 output channels This illustration does not represent the specifications of the related module. The value of an analog output depends on the scaling factor selected in RSLogix Guard PLUS!. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 52: Checklist For Safety Outputs

    Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels Checklist for Safety Outputs Use the following checklist for system configuration, programming and start up of safety outputs. It may be used as a planning draft as well as a proof. If used as a planning draft, the checklist can be saved as a record of the plan.

  • Page 53: Chapter Introduction

    Description Installation User Manual Instructions 1753-DNSI DeviceNet Safety 1753-IN009 1753-UM002 Scanner for GuardPLC In addition, there are the following essential functions. • Comprehensive self-tests • Data transfer over DeviceNet Safety Network Allen-Bradley Parts • Diagnostics 53Publication 1753-RM002C-EN-P - September 2008...

  • Page 54: Certification

    Chapter 5 GuardPLC DeviceNet Safety Scanner Certification Certificate No. 968/EZ 200.00/05 TÜV Rheinland Group TÜV Industrie Service GmbH Automation, Software, and Informatinstechnologie Safety Requirements for The DeviceNet Safety Scanner is typed-approved and certified for use in applications up to and including SIL 3 according to IEC 61508, and DeviceNet Safety Scanner applications up to and including CAT 4 according to EN954-1.
  • Page 55 MAC ID and communication rate settings for the DeviceNet safety scanner are made via RSNetWorx for DeviceNet software. A scanner can be configured by only RSNetWorx for DeviceNet software which automatically becomes its configuration owner. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 56 Chapter 5 GuardPLC DeviceNet Safety Scanner PFD and PFH Calculations Component Functional Verification Test Interval 1753-DNSI 10 years 9.3E-06 Component 1753-DNSI 5.61E-10 The Functional Verification Test interval is set at 10 years for the GuardPLC DeviceNet safety scanner. The test does not apply to the DeviceNet safety I/O module.
  • Page 57 • During connection establishment, the originator and the target devices use the Configuration Signature to ensure that both devices are using the expected configuration. Configuration Signature Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 58 Chapter 5 GuardPLC DeviceNet Safety Scanner Safety Network Number The Safety Network Number (SNN) is a unique number that identifies the safety network sub-net. The SNN in conjunction with the target’s node address, enables a target to determine with high integrity whether or not safety connection requests it receives have reached the correct destination.

  • Page 59: User Verification Procedure

    5. Test the application. 6. Lock the device if errors do not occur. 7. Correct the configuration if errors occur. 8. Repeat these steps until all DeviceNet safety nodes are verified and locked. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 60: Safety Lock With Password Protection

    Chapter 5 GuardPLC DeviceNet Safety Scanner Safety Lock with Password The configuration of the safety scanner can be protected by the use of an optional password. Download, Safety-reset, Safety-lock and Protection Safety-unlock are password protected. When applying functional safety, restrict access to qualified, authorized personnel who are trained and experienced.

  • Page 61: Error Reaction

    Protocol connection is terminated. To restore connections, download and verify a new configuration. Failure of Diagnostic Tests If a diagnostic test fails, all application processing is stopped and High-speed Protocol, DeviceNet safety, and standard I/O connections are terminated. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 62: Status Indicators

    Chapter 5 GuardPLC DeviceNet Safety Scanner Status Indicators Options for viewing the DeviceNet safety scanner’s status are listed in the following sections. Status indicators and alphanumeric displays are not reliable IMPORTANT indicators for safety functions. They should be used only for general diagnostics during commissioning or troubleshooting.

  • Page 63: Reaction Times

    To ensure that the requirements are fully and clearly satisfied during system configuration or start-up, an individual checklist for controlling the requirements can be filled in for every single safety output channel in a system. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 64 Chapter 5 GuardPLC DeviceNet Safety Scanner Checklist for Configuration, Programming, and Start-up of DeviceNet Safety Scanner Company: Site: Loop definition: Requirements Fulfilled Comment After adding one or more nodes to the network Is each DeviceNet safety node commissioned with a unique node reference (combination of SNN and MAC ID) that is unique within your entire network? page 58...
  • Page 65 N +1 times the Controller Resend Timeout, where N retries are desired? Is the number of communication time slices reported on the Statistics tab of the RSLogix Guard PLUS! software Control Panel equal to Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 66 Chapter 5 GuardPLC DeviceNet Safety Scanner Checklist for Configuration, Programming, and Start-up of DeviceNet Safety Scanner Is the maximum Communication Time Slice value on the Resource Configuration dialog in RSLogix Guard PLUS! Hardware Management greater than or equal to the maximum Communication Time Slice value reported on the Statistics tab of the RSLogix Guard PLUS! Control Panel?

  • Page 67: Chapter Introduction

    GuardPLC and DeviceNet safety scanner control system. For safety data, I/O communication is performed through safety connections using the DeviceNet Safety Protocol; logic is processed in the GuardPLC controller. Allen-Bradley Parts 67Publication 1753-RM002C-EN-P - September 2008...

  • Page 68: Typical Safety Functions Of Devicenet Safety I/O Modules

    Chapter 6 DeviceNet Safety I/O for the GuardPLC Control System Typical Safety Functions of This section describes the module’s safety functions. DeviceNet Safety I/O Modules Safe State The following is treated as the safety state by safety I/O modules. • Safety outputs: OFF •...
  • Page 69 • During connection establishment, the originator and the target devices use the Configuration Signature to ensure that both devices are using the expected configuration. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 70 Chapter 6 DeviceNet Safety I/O for the GuardPLC Control System The Configuration signature is made up of ID number, Date, and Time. Safety Network Number (SNN) Assignment When a new safety device is added to the network configuration, a default SNN is automatically assigned via the configuration software, as follows: •...
  • Page 71 This prevents unexpected output transitions from low/off to high/on when a connection recovers from a faulted or idle state. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 72: Safety Considerations For I/O Module Replacement

    Chapter 6 DeviceNet Safety I/O for the GuardPLC Control System Safety Considerations for The replacement of safety devices requires that the replacement device be configured properly and that the operation of the I/O Module Replacement replacement device be user-verified. No safety function that includes any portion of the replaced ATTENTION module may be relied upon during the replacement and functional testing of the module.

  • Page 73: Status Indicators

    103 for information on calculating reaction times. For information on determining the input and output reaction times, refer to the product documentation for your specific DeviceNet safety I/O module. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 74: Checklist For Devicenet Safety I/O Modules

    Chapter 6 DeviceNet Safety I/O for the GuardPLC Control System Checklist for DeviceNet For programming or start-up, an individual checklist can be filled in for every single safety input and output channel in a system. This is Safety I/O Modules the only way to make sure that the requirements are fully and clearly implemented.

  • Page 75: Chapter Introduction

    Controllers and I/O Modules • Operating system • Application program • Programming tool (RSLogix Guard PLUS! software) according to IEC 61131-3 The operating system is loaded in the central unit of the GuardPLC controller. Allen-Bradley Parts 75Publication 1753-RM002C-EN-P - September 2008...
  • Page 76 Chapter 7 GuardPLC Controller Operating System The application program must be created by using the RSLogix Guard PLUS! programming tool and must contain the specific equipment functions to be performed by the automation module. Parameters for the operating function are also entered into the system using RSLogix Guard PLUS! software.

  • Page 77: Technical Safety For The Operating System

    The safety concept of RSLogix Guard PLUS! software warranties that: • the programming system works correctly, meaning that programming system errors can be detected. • the user applies the programming system correctly, and therefore, user operating errors can be detected. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 78 Chapter 7 GuardPLC Controller Operating System For the initial start-up of a safety PES or after a modification of the application program, the safety of the entire system must be checked by a complete functional test. These three steps must be carried out. 1.
  • Page 79 To make sure that the backup is unmodified, first compile the backup, and then compare this newly generated code version with the code version of the program loaded in the controller. The comparison can be displayed by using RSLogix Guard PLUS! software. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 80: Parameters Of The Automation System

    Chapter 7 GuardPLC Controller Operating System Parameters of the The following parameters determine the operating behavior of the automation system and are set in RSLogix Guard PLUS! software. Automation System The available options when using RSLogix Guard PLUS! software in the safety operation of the automation system are determined here and in the safety parameter preset.

  • Page 81: Forcing

    Guard Plus! Software with GuardPLC Controllers Programming Manual, publication 1753-PM001. General information about forcing can be found in the TÜV document Maintenance Override. To access the document on the Internet, see these websites. • TÜV-Product-Service, http://www.tuvglobal.com • TÜV-Rheinland, http://www.tuv-fs.com Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 82: Protection Against Manipulation

    Chapter 7 GuardPLC Controller Operating System Protection Against You, in conjunction with the approving board, must define what measures are applied to protect against manipulation. Manipulation Guard PLC Controllers and GuardPLC I/O Modules Protection mechanisms are integrated in the PES and in RSLogix Guard PLUS! software to prevent unintentional or unauthorized modifications to the safety system.

  • Page 83: Checklist For The Creation Of An Application Program

    Was all force information reset before safety operation? Do the settings of enable switches correspond to the default for maximum/specified protection? Verify that the CPU and scanner operating systems and the CRC are official licensed versions approved by TÜV. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 84 Chapter 7 GuardPLC Controller Operating System Publication 1753-RM002C-EN-P - September 2008...

  • Page 85: Introduction

    • Variables with symbolic names and variable types (BOOL and UINT) • Assignment of the controllers (GuardPLC 1200, 1600, 1800, or 2000 controllers) • Code generator (translation of the application program into machine code) • Hardware configuration • Communication configuration Allen-Bradley Parts 85Publication 1753-RM002C-EN-P - September 2008...

  • Page 86: General Procedure

    Chapter 8 Technical Safety for the Application Program General Procedure The general procedure for programming the GuardPLC control systems for technical safety applications is listed below. • Specify the control function. • Write the application program. • Compile the application program with the C-code generator. •...

  • Page 87: Variable Declaration And I/O Naming

    I/O Naming maximum of 256 characters, are assigned to all variables of the application program. Symbolic I/O names, consisting of a maximum of 256 characters, are also used for physical inputs and outputs. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 88 Chapter 8 Technical Safety for the Application Program The use of symbolic names instead of physical addresses has two essential advantages. • The equipment definitions of inputs and outputs can be used in the application program. • Modifications of the signal assignment in the input and output channels have no effect on the application program.

  • Page 89: Functions Of The Application Program

    Flow charts and logic documentation should be included if they are not already required by your documentation procedures. • Any number of negations are permissible. • The programmer must evaluate input, output, and logic module error signals. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 90 Chapter 8 Technical Safety for the Application Program Safety Inputs and Outputs In an analog GuardPLC safety input module, defined values can be further processed in the event of an error. In a digital GuardPLC safety I/O module, the input is set to a 0 and the digital output module is switched off via the integrated safety switch-off.
  • Page 91 Start / Restart allowed TRUE Autostart TRUE The Test Mode switch must never be set to TRUE for ATTENTION safety operation. Allen-Bradley Parts The only distributed I/O module that can be locked is the 1753-IB20XOB8. Publication 1753-RM002C-EN-P - September 2008...
  • Page 92 Chapter 8 Technical Safety for the Application Program Procedure for Unlocking the PES Unlocking the PES means enabling functions and access to allow you to make changes to the safety system. The controller must be in STOP mode in order to set the Main Enable switch to ON.
  • Page 93 After the force time has elapsed, or if forcing is stopped, the signals being forced revert to control by the user program. Allen-Bradley Parts The only distributed I/O module that can be configured for forcing is 1753-IB20XOB8. Publication 1753-RM002C-EN-P - September 2008...
  • Page 94 Chapter 8 Technical Safety for the Application Program If the Stop on Force Timeout switch is set in the controller properties, the controller transitions to the STOP mode when the force time expires, the signals being forced revert to control by the user program. If the Stop on Force Timeout switch is not set in the controller properties, the controller does not stop when the force time expires.

  • Page 95: Program Documentation For Safety Applications

    In order for a signal to be regarded as a safety value in your application, the end device configuration must treat the signal as safety and be transferred over a DeviceNet safety connection. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 96 Chapter 8 Technical Safety for the Application Program Publication 1753-RM002C-EN-P - September 2008...

  • Page 97: Introduction

    9-pin mini DIN RS-485 Ports — 9-pin DIN — 9-pin DIN — — Modbus RTU Slave — — — — PROFIBUS DP Slave — — — — ASCII - Read Only Ethernet IP — — Allen-Bradley Parts 97Publication 1753-RM002C-EN-P - September 2008...

  • Page 98: Standard Protocols

    Chapter 9 Configuring Communication Standard Protocols Apart from the local input/output signals, signal values and statuses can also be exchanged via a data link with another system (for example, Modbus, OPC, and Profibus). To achieve this, the variables are declared in the Protocols area using RSLogix Guard PLUS! software.
  • Page 99 However, the CPU safety is not affected. The maximum permitted value for Receive TMO depends on the application process and is set in the peer-to-peer editor together with the maximum expected response time and the profile. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 100 Chapter 9 Configuring Communication Calculating Worst-case Reaction Time Reaction times are calculated the following ways: • Between PES and GuardPLC distributed I/O modules • Between PES1 and PES2 Between PES and GuardPLC Distributed I/O Modules The worst-case reaction time between changing a transmitter of the first distributed I/O module and the reaction of the outputs of the second distributed I/O module can be calculated as follows.
  • Page 101 The monitoring time after which a transmission is repeated, if its receipt has not been acknowledged. Production Rate The minimum interval between two data transmissions. Watchdog The maximum permissible duration of a run cycle. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 102: High-Speed Safety Protocol

    Chapter 9 Configuring Communication Worst-case Reaction Time The maximum response time from the occurrence of a physical input signal change until the reaction of the physical output signal (see the illustration below). Data transfer is carried out by means of safety protocols.

  • Page 103: Reaction Times For Devicenet Safety Communication

    CRTL is based on 6 ms RPI, timeout multiplier of 2, network delay multiplier of 200%. You can find these values in RSNetWorx Adv. Safety Connections Property tab. = 2 x 50 = 100 ms = 8 ms Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 104: Publication 1753-Rm002C-En-P - September

    Chapter 9 Configuring Communication = 24 ms fault, 12 ms normal = 6.2 ms + relay response time = 6.2 ms + 0 = 6.2 ms Worst Case Reaction Times System Reaction Time with no faults: = 16.2 + 12 + 100 + 8 + 12 + 6.2 = 154.4 ms System Reaction Time with a single fault: = 16.2 + 24 + 100 + 8 + 12 + 6.2...
  • Page 105 System Reaction Time with a Single Fault 2 x Watchdog Timeout + Max Scanner Reaction Time + Max (CRTL) + 2 x Watchdog Timeout = 2 x 30 + 10 + 40 + 2 x 30 Allen-Bradley Parts = 170 ms Publication 1753-RM002C-EN-P - September 2008...
  • Page 106 Chapter 9 Configuring Communication Publication 1753-RM002C-EN-P - September 2008...
  • Page 107 • Protection Class II, according to IEC/EN61131-2 • Pollution Degree II • Altitude < 2000 m • IP20 Enclosure for Standard Applications An alternate enclosure may be required, depending upon the standards relevant to your application. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 108: Climatic Conditions

    Appendix A Specifications Climatic Conditions The most important parameters and tests for climatic conditions are listed in the following table. IEC/EN 61131-2 Climatic Tests Paragraph 6.3.4 Temperature operating 0…60 °C (32…140 °F) (Test limits -10…70 °C (14…158 °F)) Storage Temperature -40…85 °C (-40…185 °F)) (Battery only -30 °C (-22 °F)) 6.3.4.2 Dry heat and cold resistance test...

  • Page 109: Emc Conditions

    Noise Immunity Tests IEC/EN61000-4-6 Radio frequency common mode, 10V, 150 KHz…80 MHz, AM IEC/EN61000-4-3 900 MHz-Pulses IEC/EN61000-4-5 Surge 1 KV, 0,5 KV IEC/EN 61000-6-4 Noise Emission Tests EN50011 Emission test Class A Radiated, conducted Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...

  • Page 110: Power Supply Conditions

    Appendix A Specifications Power Supply Conditions The most important parameters and tests for power supply conditions are listed in the following table. IEC/EN 61131-2 Verification of DC Power Supply Characteristics Paragraph 6.3.7 6.3.7.1.1 Voltage range test 24V DC, -20%, +25% (19.2…30.0V) 6.3.7.2.1 Momentary interruption immunity test: DC, PS2: 10 ms...
  • Page 111 Analog Input shunt Reference Pole (L-, I-) = Fire alarm = Terminating resistor on the last sensor of the loop = Limitation of the maximum permitted current in the loop Allen-Bradley Parts = Measuring resistor shunt Publication 1753-RM002C-EN-P - September 2008...
  • Page 112 Appendix B Use in Central Fire Alarm Systems For the application, the resistance of R and R should be shunt calculated based on the sensors used and the number of sensors per alarm loop. The required data is contained in the relevant specifications from the sensor manufacturer.
  • Page 113 In the event of an error, zero signals are applied to the channels of faulty safety inputs, and all the channels of faulty safety outputs are switched off. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 114 Appendix B Use in Central Fire Alarm Systems Publication 1753-RM002C-EN-P - September 2008...
  • Page 115 92 block diagram 36 communication general information 33 DeviceNet safety 103 reaction in case of fault 35 high-speed 102 test routines 35 Allen-Bradley Parts peer-to-peer 98 counter module 36 safety-related 19 block diagram 38 Publication 1753-RM002C-EN-P - September 2008...
  • Page 116 Index general 36 power supply 23 reaction in fault condition 37 power supply conditions 110 test routines 37 probability of failure on demand 15 overview 28 probability of failure per hour 15 safety-related digital inputs 29 production rate 101 block diagram 30 Proof Test Interval 56 general 29 pulsed outputs 45...
  • Page 117 25 terminology 10 watchdog-test 25 SFF 56 software GuardPLC 1200/2000 safety-related watchdog time 101 systems 75 worst-case reaction time specifications calculations 101 climatic 108 definition 102 EMC 109 mechanical 108 power supply 110 Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
  • Page 118 Index Publication 1753-RM002C-EN-P - September 2008...
  • Page 119 Allen-Bradley Parts...
  • Page 120 Rockwell Automation Rockwell Automation provides technical information on the Web to assist you in using its products. At http://support.rockwellautomation.com, you can Support find technical manuals, a knowledge base of FAQs, technical and application notes, sample code and links to software service packs, and a MySupport feature that you can customize to make the best use of these tools.

This manual is also suitable for:

Guardplc 1753Guardplc 1755

Table of Contents