Summary of Contents for Allen-Bradley GuardPLC 1754
Page 1
GuardPLC Controller Systems Safety Reference Manual 1753, 1754, and 1755 (Catalog Numbers Allen-Bradley Parts...
Page 2
BURN HAZARD surfaces may reach dangerous temperatures. Rockwell Automation, Allen-Bradley, TechConnect, GuardPLC, CompactBlock Guard I/O, ArmorBlock Guard I/O, RSNetWorx for DeviceNet, RSLogix Guard PLUS!, and RSLinx are trademarks of Rockwell Automation, Inc. Trademarks not belonging to Rockwell Automation are property of their respective companies.
Page 3
To help you find new and updated information in this release of the manual, we have included change bars as shown to the right of this paragraph. We removed all references to 1791DS products, and updated the list of additional resources on page Allen-Bradley Parts 3Publication 1753-RM002C-EN-P - September 2008...
SIL 3 according to IEC 61508, and applications up to and including Category (CAT) 4, according to EN954-1. You must read and understand the safety concepts and IMPORTANT requirements presented in this manual prior to operating a GuardPLC controller-based safety system. Allen-Bradley Parts 9Publication 1753-RM002C-EN-P - September 2008...
Preface List of Abbreviations The following table defines terms or abbreviations used in this manual. Term Definition 1oo2 One Out of Two Safety Architecture. Consists of 2 channels connected in parallel, such that either channel can process the safety function. Thus, a dangerous failure would have to occur in both channels before a safety function failed on demand 2oo3...
ArmorBlock Guard I/O DeviceNet Installation Instructions, publication Installing ArmorBlock Guard I/O modules on DeviceNet networks 1732DS-IN001 Industrial Automation Wiring and Grounding Guidelines, publication In-depth information on grounding and wiring Allen-Bradley 1770-4.1 programmable controllers Application Considerations for Solid-State Controls, publication A description of important differences between solid-state SGI-1.1...
Page 12
Preface Publication 1753-RM002C-EN-P - September 2008...
For a listing of TÜV certified product and software versions, refer to: http://www.rockwellautomation.com/products/certification/safety/ Introduction to Safety The Programmable Electronic System (PES) for the Allen-Bradley GuardPLC system is safety-related, based on the 1oo2 microprocessor structure for one central module. These controllers are safety-related up to and including Safety Integrated Level (SIL) 3 according to IEC 61508 and category 3,4 according to EN 954-1.
However, they cannot be used to carry out safety tasks. • Use the closed-circuit current principle in all external safety circuits connected to the system. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 18
Chapter 1 Safety Concept for GuardPLC Controllers and GuardPLC I/O Product Dependent Only equipment that can be safely isolated from the main power should be connected to the system. The safe electrical isolation of the power supply must take place in the 24V DC power supply.
Page 19
Maintenance Override document from the TÜV Homepage: http://www.tuv-fs.com (TÜV Rheinland). If necessary, the operator must consult the acceptance department responsible for the application to determine the administrative requirements to provide access protection for the system. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 1 Safety Concept for GuardPLC Controllers and GuardPLC I/O Safety Times Individual errors that may lead to a dangerous operating condition are detected by the self-tests and trigger defined error reactions which transfer the faulty modules into the Safety state within the safety time of the PES.
Page 21
PES. The maximum permitted value is 5000 ms. The default setting for controllers is 50 ms. The default for distributed GuardPLC I/O modules is 10 ms. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 22
Chapter 1 Safety Concept for GuardPLC Controllers and GuardPLC I/O Notes: Publication 1753-RM002C-EN-P - September 2008...
In addition, it must fulfill the requirements of IEC 61131-2 and SELV (Safety Extra Low Voltage) or PELV (Protective Extra Low Voltage). Allen-Bradley Parts 23Publication 1753-RM002C-EN-P - September 2008...
Chapter 2 GuardPLC Central Functions Functional Description of The central processing unit of the GuardPLC controllers consists of the following function blocks. the Central Processing Unit Display of the Function Blocks (Using GuardPLC 2000 Controller) Ethernet Switch μP Module Buffered SRAM μP1 μP2...
The watchdog is switched off if it is not triggered by the two CPUs within a defined time window. The same applies if the test of the hardware comparators fails. A separate test determines whether the watchdog signal is able to switch off. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 2 GuardPLC Central Functions Test of the I/O Bus Within the System The connection between the CPU and the related I/O points or I/O modules is checked. Reactions to Detected Errors in the CPU A hardware comparator within the central area constantly compares whether the data of microprocessor system 1 are identical to the data of microprocessor system 2.
This chapter gives information about GuardPLC controllers and GuardPLC I/O module input channels. Topic Page Overview General Information on GuardPLC Safety Input Modules Safety of Sensors, Encoders, and Transmitters Digital Inputs Analog Inputs Counter Module Checklist for Safety Inputs Allen-Bradley Parts 27Publication 1753-RM002C-EN-P - September 2008...
Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Overview See the table below for an overview of GuardPLC controller input capabilities. Capabilities Controller/Module Type Quantity Safety- Electrically Related Isolated Digital Input — GuardPLC 1200 Controller 24-bit Counter — GuardPLC 1600 Controller Digital Input —...
The digital inputs are read once in every cycle and values are stored internally. The inputs are tested cyclically for safety function. Input signals, whose pulse width is shorter than two times the scan time, are not processed. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 30
Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Test Routines The online test routines perform a walking input test to check whether the input channels are able, independent of the pending input signals, to make a through-connection of both signal levels (L- and H- signal).
Page 31
GuardPLC 1800 controllers. In addition, digital outputs are connected to the digital inputs of the same system, as shown in Emergency Off Switches on page Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 32
Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Emergency Off Switches Emergency Emergency OFF 1 OFF 2 The digital outputs DO1 and DO2 are pulsed (T1 and T2 below). As a result, the connections to the digital inputs are monitored. The signals for the pulsed outputs must begin at DO1(01) and must be directly sequential.
By external 250 Ω shunt. By external 500 Ω shunt. Accuracy is the guaranteed accuracy of the analog input without error reaction of the module. This value must be considered when safety functions are configured. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 34
Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels The 1755-IF8 (AI module) can be configured as either eight single-ended channels or four differential channels. No mixing is allowed. The following input values are possible: Input Values Number of Polarity Current/Voltage Value Range In...
Page 35
The analog input value must be interlocked with this status information, allowing you to program additional fault handling in the applications and provide a means for evaluating the external wiring of the inputs. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Block Diagram of Analog Inputs of the 1755-IF8 Analog Input Module 8 channels 12-bit resolution Logic Logic 42925 I/O Bus The illustration above does not represent the specifications of the related module.
Page 37
The respective channel status signal must be considered. You can configure an error reaction in the logic and trigger it the with the channel status signal. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Example Block Diagram of Counter Inputs (Using 1755-HSC Module of the GuardPLC 2000 System) I/O Bus Counter channel 2 Counter channel 1 Internal Logic & & 4 channels This display does not represent the specifications of the related module.
Page 39
Is this input a counter? Function: Pulse counter? Function: Encoder (Gray code)? Has a safety encoder/sensor been provided for this input? Is the error message processed in the application program? [VALUE=0] and [CHANNEL STATUS≠0] Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 40
Chapter 3 GuardPLC Controller and GuardPLC I/O Module Input Channels Publication 1753-RM002C-EN-P - September 2008...
General Safety Information On GuardPLC Safety Outputs Digital Outputs for Non-relay Output Modules Safety-related 2-pole Digital Outputs Relay Outputs in the 1753-OW8 Module Analog Outputs in the 1753-IF8XOF4 Analog Outputs in the 1755-OF8 Module Checklist for Safety Outputs Allen-Bradley Parts 41Publication 1753-RM002C-EN-P - September 2008...
Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels Overview of GuardPLC See the table below for an overview of GuardPLC output capabilities. Output Modules Output Capabilities Controller/Module Type Quantity Safety- Electrically Related Isolated GuardPLC 1200 Digital Output — GuardPLC 1600 Controller Digital Output —...
0 signal is 2V. The diodes provided prevent feedback of signals. • Check the integrated double-safety switches. • Low supply voltage protection. If the supply voltage drops below 13V, you cannot turn on any outputs. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 44
Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels • Digital outputs are turned off for a maximum of 200 μs each (200 x 10E-6 s) at a minimum interval of 20 seconds. Reaction To Error The following conditions may occur as a result of errors. Faults If an output fault is detected, the affected output of the module is set to a safety, de-energized state via the safety switches.
1-pole / 2-pole Connection The digital outputs can be configured as follows: • Digital output with 2-pole connection with line monitoring • Digital output with 2-pole connection without line monitoring Allen-Bradley Parts • 1-pole positive-switching digital output (DO+) Publication 1753-RM002C-EN-P - September 2008...
Page 46
Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels • 1-pole negative-switching digital output (DO-) 2-pole Connection The status signal of the line monitoring must be used to switch ATTENTION off the outputs (DO+, DO-) in case of a fault for EN 954-1 Cat. 4 applications.
Page 47
2-pole Digital Outputs in 1753-IB8XOB8 and 1753-IB16XOB8 Modules 2-pole Output Logic & & DO1+ Current Limiter DOx+ Connection to an I/O Logic & & Current Limiter DO1- DOx- (1) switch only on 1753-IB8XOB8 Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels Relay Outputs in the The information in this section applies to the relay outputs of the 1753-OW8 module. 1753-OW8 Module Test Routines The modules are automatically tested during operation. These are the essential test functions.
Safety (0) state via the safety switches in accordance with the closed-circuit principle. This is also indicated by the FAULT diagnostic LED indicator. The error code signal enables you to provide additional fault handling in the application program. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels Analog Outputs in the The information in this section applies to the analog outputs of the 1753-OF8 module. 1755-OF8 Module General The analog outputs on the 1755-OF8 GuardPLC 2000 (AB-AO) module are written once per cycle and stored internally.
Page 51
8 output channels This illustration does not represent the specifications of the related module. The value of an analog output depends on the scaling factor selected in RSLogix Guard PLUS!. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 4 GuardPLC Controller and GuardPLC I/O Output Channels Checklist for Safety Outputs Use the following checklist for system configuration, programming and start up of safety outputs. It may be used as a planning draft as well as a proof. If used as a planning draft, the checklist can be saved as a record of the plan.
Description Installation User Manual Instructions 1753-DNSI DeviceNet Safety 1753-IN009 1753-UM002 Scanner for GuardPLC In addition, there are the following essential functions. • Comprehensive self-tests • Data transfer over DeviceNet Safety Network Allen-Bradley Parts • Diagnostics 53Publication 1753-RM002C-EN-P - September 2008...
Chapter 5 GuardPLC DeviceNet Safety Scanner Certification Certificate No. 968/EZ 200.00/05 TÜV Rheinland Group TÜV Industrie Service GmbH Automation, Software, and Informatinstechnologie Safety Requirements for The DeviceNet Safety Scanner is typed-approved and certified for use in applications up to and including SIL 3 according to IEC 61508, and DeviceNet Safety Scanner applications up to and including CAT 4 according to EN954-1.
Page 55
MAC ID and communication rate settings for the DeviceNet safety scanner are made via RSNetWorx for DeviceNet software. A scanner can be configured by only RSNetWorx for DeviceNet software which automatically becomes its configuration owner. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 56
Chapter 5 GuardPLC DeviceNet Safety Scanner PFD and PFH Calculations Component Functional Verification Test Interval 1753-DNSI 10 years 9.3E-06 Component 1753-DNSI 5.61E-10 The Functional Verification Test interval is set at 10 years for the GuardPLC DeviceNet safety scanner. The test does not apply to the DeviceNet safety I/O module.
Page 57
• During connection establishment, the originator and the target devices use the Configuration Signature to ensure that both devices are using the expected configuration. Configuration Signature Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 58
Chapter 5 GuardPLC DeviceNet Safety Scanner Safety Network Number The Safety Network Number (SNN) is a unique number that identifies the safety network sub-net. The SNN in conjunction with the target’s node address, enables a target to determine with high integrity whether or not safety connection requests it receives have reached the correct destination.
5. Test the application. 6. Lock the device if errors do not occur. 7. Correct the configuration if errors occur. 8. Repeat these steps until all DeviceNet safety nodes are verified and locked. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 5 GuardPLC DeviceNet Safety Scanner Safety Lock with Password The configuration of the safety scanner can be protected by the use of an optional password. Download, Safety-reset, Safety-lock and Protection Safety-unlock are password protected. When applying functional safety, restrict access to qualified, authorized personnel who are trained and experienced.
Protocol connection is terminated. To restore connections, download and verify a new configuration. Failure of Diagnostic Tests If a diagnostic test fails, all application processing is stopped and High-speed Protocol, DeviceNet safety, and standard I/O connections are terminated. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 5 GuardPLC DeviceNet Safety Scanner Status Indicators Options for viewing the DeviceNet safety scanner’s status are listed in the following sections. Status indicators and alphanumeric displays are not reliable IMPORTANT indicators for safety functions. They should be used only for general diagnostics during commissioning or troubleshooting.
To ensure that the requirements are fully and clearly satisfied during system configuration or start-up, an individual checklist for controlling the requirements can be filled in for every single safety output channel in a system. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 64
Chapter 5 GuardPLC DeviceNet Safety Scanner Checklist for Configuration, Programming, and Start-up of DeviceNet Safety Scanner Company: Site: Loop definition: Requirements Fulfilled Comment After adding one or more nodes to the network Is each DeviceNet safety node commissioned with a unique node reference (combination of SNN and MAC ID) that is unique within your entire network? page 58...
Page 65
N +1 times the Controller Resend Timeout, where N retries are desired? Is the number of communication time slices reported on the Statistics tab of the RSLogix Guard PLUS! software Control Panel equal to Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 66
Chapter 5 GuardPLC DeviceNet Safety Scanner Checklist for Configuration, Programming, and Start-up of DeviceNet Safety Scanner Is the maximum Communication Time Slice value on the Resource Configuration dialog in RSLogix Guard PLUS! Hardware Management greater than or equal to the maximum Communication Time Slice value reported on the Statistics tab of the RSLogix Guard PLUS! Control Panel?
GuardPLC and DeviceNet safety scanner control system. For safety data, I/O communication is performed through safety connections using the DeviceNet Safety Protocol; logic is processed in the GuardPLC controller. Allen-Bradley Parts 67Publication 1753-RM002C-EN-P - September 2008...
Chapter 6 DeviceNet Safety I/O for the GuardPLC Control System Typical Safety Functions of This section describes the module’s safety functions. DeviceNet Safety I/O Modules Safe State The following is treated as the safety state by safety I/O modules. • Safety outputs: OFF •...
Page 69
• During connection establishment, the originator and the target devices use the Configuration Signature to ensure that both devices are using the expected configuration. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 70
Chapter 6 DeviceNet Safety I/O for the GuardPLC Control System The Configuration signature is made up of ID number, Date, and Time. Safety Network Number (SNN) Assignment When a new safety device is added to the network configuration, a default SNN is automatically assigned via the configuration software, as follows: •...
Page 71
This prevents unexpected output transitions from low/off to high/on when a connection recovers from a faulted or idle state. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 6 DeviceNet Safety I/O for the GuardPLC Control System Safety Considerations for The replacement of safety devices requires that the replacement device be configured properly and that the operation of the I/O Module Replacement replacement device be user-verified. No safety function that includes any portion of the replaced ATTENTION module may be relied upon during the replacement and functional testing of the module.
103 for information on calculating reaction times. For information on determining the input and output reaction times, refer to the product documentation for your specific DeviceNet safety I/O module. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 6 DeviceNet Safety I/O for the GuardPLC Control System Checklist for DeviceNet For programming or start-up, an individual checklist can be filled in for every single safety input and output channel in a system. This is Safety I/O Modules the only way to make sure that the requirements are fully and clearly implemented.
Controllers and I/O Modules • Operating system • Application program • Programming tool (RSLogix Guard PLUS! software) according to IEC 61131-3 The operating system is loaded in the central unit of the GuardPLC controller. Allen-Bradley Parts 75Publication 1753-RM002C-EN-P - September 2008...
Page 76
Chapter 7 GuardPLC Controller Operating System The application program must be created by using the RSLogix Guard PLUS! programming tool and must contain the specific equipment functions to be performed by the automation module. Parameters for the operating function are also entered into the system using RSLogix Guard PLUS! software.
The safety concept of RSLogix Guard PLUS! software warranties that: • the programming system works correctly, meaning that programming system errors can be detected. • the user applies the programming system correctly, and therefore, user operating errors can be detected. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 78
Chapter 7 GuardPLC Controller Operating System For the initial start-up of a safety PES or after a modification of the application program, the safety of the entire system must be checked by a complete functional test. These three steps must be carried out. 1.
Page 79
To make sure that the backup is unmodified, first compile the backup, and then compare this newly generated code version with the code version of the program loaded in the controller. The comparison can be displayed by using RSLogix Guard PLUS! software. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 7 GuardPLC Controller Operating System Parameters of the The following parameters determine the operating behavior of the automation system and are set in RSLogix Guard PLUS! software. Automation System The available options when using RSLogix Guard PLUS! software in the safety operation of the automation system are determined here and in the safety parameter preset.
Guard Plus! Software with GuardPLC Controllers Programming Manual, publication 1753-PM001. General information about forcing can be found in the TÜV document Maintenance Override. To access the document on the Internet, see these websites. • TÜV-Product-Service, http://www.tuvglobal.com • TÜV-Rheinland, http://www.tuv-fs.com Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 7 GuardPLC Controller Operating System Protection Against You, in conjunction with the approving board, must define what measures are applied to protect against manipulation. Manipulation Guard PLC Controllers and GuardPLC I/O Modules Protection mechanisms are integrated in the PES and in RSLogix Guard PLUS! software to prevent unintentional or unauthorized modifications to the safety system.
Was all force information reset before safety operation? Do the settings of enable switches correspond to the default for maximum/specified protection? Verify that the CPU and scanner operating systems and the CRC are official licensed versions approved by TÜV. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 84
Chapter 7 GuardPLC Controller Operating System Publication 1753-RM002C-EN-P - September 2008...
• Variables with symbolic names and variable types (BOOL and UINT) • Assignment of the controllers (GuardPLC 1200, 1600, 1800, or 2000 controllers) • Code generator (translation of the application program into machine code) • Hardware configuration • Communication configuration Allen-Bradley Parts 85Publication 1753-RM002C-EN-P - September 2008...
Chapter 8 Technical Safety for the Application Program General Procedure The general procedure for programming the GuardPLC control systems for technical safety applications is listed below. • Specify the control function. • Write the application program. • Compile the application program with the C-code generator. •...
I/O Naming maximum of 256 characters, are assigned to all variables of the application program. Symbolic I/O names, consisting of a maximum of 256 characters, are also used for physical inputs and outputs. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 88
Chapter 8 Technical Safety for the Application Program The use of symbolic names instead of physical addresses has two essential advantages. • The equipment definitions of inputs and outputs can be used in the application program. • Modifications of the signal assignment in the input and output channels have no effect on the application program.
Flow charts and logic documentation should be included if they are not already required by your documentation procedures. • Any number of negations are permissible. • The programmer must evaluate input, output, and logic module error signals. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 90
Chapter 8 Technical Safety for the Application Program Safety Inputs and Outputs In an analog GuardPLC safety input module, defined values can be further processed in the event of an error. In a digital GuardPLC safety I/O module, the input is set to a 0 and the digital output module is switched off via the integrated safety switch-off.
Page 91
Start / Restart allowed TRUE Autostart TRUE The Test Mode switch must never be set to TRUE for ATTENTION safety operation. Allen-Bradley Parts The only distributed I/O module that can be locked is the 1753-IB20XOB8. Publication 1753-RM002C-EN-P - September 2008...
Page 92
Chapter 8 Technical Safety for the Application Program Procedure for Unlocking the PES Unlocking the PES means enabling functions and access to allow you to make changes to the safety system. The controller must be in STOP mode in order to set the Main Enable switch to ON.
Page 93
After the force time has elapsed, or if forcing is stopped, the signals being forced revert to control by the user program. Allen-Bradley Parts The only distributed I/O module that can be configured for forcing is 1753-IB20XOB8. Publication 1753-RM002C-EN-P - September 2008...
Page 94
Chapter 8 Technical Safety for the Application Program If the Stop on Force Timeout switch is set in the controller properties, the controller transitions to the STOP mode when the force time expires, the signals being forced revert to control by the user program. If the Stop on Force Timeout switch is not set in the controller properties, the controller does not stop when the force time expires.
In order for a signal to be regarded as a safety value in your application, the end device configuration must treat the signal as safety and be transferred over a DeviceNet safety connection. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 96
Chapter 8 Technical Safety for the Application Program Publication 1753-RM002C-EN-P - September 2008...
Chapter 9 Configuring Communication Standard Protocols Apart from the local input/output signals, signal values and statuses can also be exchanged via a data link with another system (for example, Modbus, OPC, and Profibus). To achieve this, the variables are declared in the Protocols area using RSLogix Guard PLUS! software.
Page 99
However, the CPU safety is not affected. The maximum permitted value for Receive TMO depends on the application process and is set in the peer-to-peer editor together with the maximum expected response time and the profile. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 100
Chapter 9 Configuring Communication Calculating Worst-case Reaction Time Reaction times are calculated the following ways: • Between PES and GuardPLC distributed I/O modules • Between PES1 and PES2 Between PES and GuardPLC Distributed I/O Modules The worst-case reaction time between changing a transmitter of the first distributed I/O module and the reaction of the outputs of the second distributed I/O module can be calculated as follows.
Page 101
The monitoring time after which a transmission is repeated, if its receipt has not been acknowledged. Production Rate The minimum interval between two data transmissions. Watchdog The maximum permissible duration of a run cycle. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 9 Configuring Communication Worst-case Reaction Time The maximum response time from the occurrence of a physical input signal change until the reaction of the physical output signal (see the illustration below). Data transfer is carried out by means of safety protocols.
CRTL is based on 6 ms RPI, timeout multiplier of 2, network delay multiplier of 200%. You can find these values in RSNetWorx Adv. Safety Connections Property tab. = 2 x 50 = 100 ms = 8 ms Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Chapter 9 Configuring Communication = 24 ms fault, 12 ms normal = 6.2 ms + relay response time = 6.2 ms + 0 = 6.2 ms Worst Case Reaction Times System Reaction Time with no faults: = 16.2 + 12 + 100 + 8 + 12 + 6.2 = 154.4 ms System Reaction Time with a single fault: = 16.2 + 24 + 100 + 8 + 12 + 6.2...
Page 105
System Reaction Time with a Single Fault 2 x Watchdog Timeout + Max Scanner Reaction Time + Max (CRTL) + 2 x Watchdog Timeout = 2 x 30 + 10 + 40 + 2 x 30 Allen-Bradley Parts = 170 ms Publication 1753-RM002C-EN-P - September 2008...
Page 106
Chapter 9 Configuring Communication Publication 1753-RM002C-EN-P - September 2008...
Page 107
• Protection Class II, according to IEC/EN61131-2 • Pollution Degree II • Altitude < 2000 m • IP20 Enclosure for Standard Applications An alternate enclosure may be required, depending upon the standards relevant to your application. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Appendix A Specifications Climatic Conditions The most important parameters and tests for climatic conditions are listed in the following table. IEC/EN 61131-2 Climatic Tests Paragraph 6.3.4 Temperature operating 0…60 °C (32…140 °F) (Test limits -10…70 °C (14…158 °F)) Storage Temperature -40…85 °C (-40…185 °F)) (Battery only -30 °C (-22 °F)) 6.3.4.2 Dry heat and cold resistance test...
Noise Immunity Tests IEC/EN61000-4-6 Radio frequency common mode, 10V, 150 KHz…80 MHz, AM IEC/EN61000-4-3 900 MHz-Pulses IEC/EN61000-4-5 Surge 1 KV, 0,5 KV IEC/EN 61000-6-4 Noise Emission Tests EN50011 Emission test Class A Radiated, conducted Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Appendix A Specifications Power Supply Conditions The most important parameters and tests for power supply conditions are listed in the following table. IEC/EN 61131-2 Verification of DC Power Supply Characteristics Paragraph 6.3.7 6.3.7.1.1 Voltage range test 24V DC, -20%, +25% (19.2…30.0V) 6.3.7.2.1 Momentary interruption immunity test: DC, PS2: 10 ms...
Page 111
Analog Input shunt Reference Pole (L-, I-) = Fire alarm = Terminating resistor on the last sensor of the loop = Limitation of the maximum permitted current in the loop Allen-Bradley Parts = Measuring resistor shunt Publication 1753-RM002C-EN-P - September 2008...
Page 112
Appendix B Use in Central Fire Alarm Systems For the application, the resistance of R and R should be shunt calculated based on the sensors used and the number of sensors per alarm loop. The required data is contained in the relevant specifications from the sensor manufacturer.
Page 113
In the event of an error, zero signals are applied to the channels of faulty safety inputs, and all the channels of faulty safety outputs are switched off. Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 114
Appendix B Use in Central Fire Alarm Systems Publication 1753-RM002C-EN-P - September 2008...
Page 115
92 block diagram 36 communication general information 33 DeviceNet safety 103 reaction in case of fault 35 high-speed 102 test routines 35 Allen-Bradley Parts peer-to-peer 98 counter module 36 safety-related 19 block diagram 38 Publication 1753-RM002C-EN-P - September 2008...
Page 116
Index general 36 power supply 23 reaction in fault condition 37 power supply conditions 110 test routines 37 probability of failure on demand 15 overview 28 probability of failure per hour 15 safety-related digital inputs 29 production rate 101 block diagram 30 Proof Test Interval 56 general 29 pulsed outputs 45...
Page 117
25 terminology 10 watchdog-test 25 SFF 56 software GuardPLC 1200/2000 safety-related watchdog time 101 systems 75 worst-case reaction time specifications calculations 101 climatic 108 definition 102 EMC 109 mechanical 108 power supply 110 Allen-Bradley Parts Publication 1753-RM002C-EN-P - September 2008...
Page 118
Index Publication 1753-RM002C-EN-P - September 2008...
Page 120
Rockwell Automation Rockwell Automation provides technical information on the Web to assist you in using its products. At http://support.rockwellautomation.com, you can Support find technical manuals, a knowledge base of FAQs, technical and application notes, sample code and links to software service packs, and a MySupport feature that you can customize to make the best use of these tools.