1. Manuals
  2. Brands
  3. Lenze Manuals
  4. Control Unit
  5. SM302
  6. Manual

Lenze SM302 Manual

Safety module for l-force 9400
Hide thumbs
Table of Contents

Advertisement

Quick Links

EDS94AYAF
.UBo
L−force Drives
Translation
9400
E94AYAF − SM302
Safety module
Manual
l

Advertisement

Table of Contents
loading

Related Manuals for Lenze SM302

Summary of Contents for Lenze SM302

  • Page 1 EDS94AYAF L−force Drives .UBo Manual Translation 9400 E94AYAF − SM302 Safety module...
  • Page 2 Please read these instructions and the documentation of the standard device before you start working! Observe the safety instructions given therein! 0Fig. 0Tab. 0...

  • Page 3: Table Of Contents

    1.2.3 SM302 safety module .........
  • Page 4 ....... 1.7.3 Logbook function in the SM302 ....... . .

  • Page 5: Basics

    Safety engineering Basics Introduction Basics 1.1.1 Introduction With increasing automation, protection of persons against hazardous movements is becoming more important. Functional safety describes the measures needed by means of electrical or electronic equipment to reduce or remove danger caused by failures. During normal operation, safety equipment prevents people accessing hazardous areas.

  • Page 6: Terms And Abbreviations Of The Safety Engineering

    Terms and abbreviations of the safety engineering 1.1.3 Terms and abbreviations of the safety engineering Abbreviation Meaning 9400 Lenze servo controller Cat. Category according to EN ISO 13849−1 (formerly EN 954−1) OSSD Output Signal Switching Device, tested signal output PROFIsafe Pulse width modulation SD−In...

  • Page 7: Registered Trademarks

    Safety engineering Basics Registered trademarks 1.1.4 Registered trademarks Term / logo Information PROFINET® (Process Field Network) is a real−time capable fieldbus system based on Ethernet. PROFINET® is a registered trademark and patented technology, licensed by the PROFIBUS & PROFINET International (PI) user organisation. The certified safety protocol for transmitting safety−oriented data via PROFINET®.

  • Page 8: Important Notes

    Safety engineering Basics Important notes 1.1.5 Important notes The following pictographs and signal words are used in this documentation to indicate dangers and important information: Safety instructions Structure of safety instructions: Danger! (characterises the type and severity of danger) Note (describes the danger and gives information about how to prevent dangerous situations) Pictograph and signal word...

  • Page 9: Safety Instructions

    Safety instructions 1.1.6 Safety instructions Application as directed The safety modules SMx (E94AYAx) may only be used together with Lenze drive controllers of the L−force | 9400 (E94A... / E94B...) series. Any other use shall be deemed inappropriate! Installation/commissioning Danger!
  • Page 10 Safety engineering Basics Safety instructions Danger! When the request for the safety function is deactivated, the drive can restart automatically. The behaviour can be set via the parameter "Restart behaviour" (C15300/1/2). In the case of an automatic restart, you must provide external measures which ensure that the drive only restarts after an acknowledgement (EN 60204).

  • Page 11: Hazard And Risk Analysis

    Safety engineering Basics Hazard and risk analysis 1.1.7 Hazard and risk analysis This documentation can only accentuate the need for hazard analysis. The user of the integrated safety system must read up on standards and the legal situation: Before the launch of a machine, the manufacturer of the machine must conduct a hazard analysis according to Machinery Directive 2006/42/EC to determine the hazards associated with the application of the machine.
  • Page 12 Safety engineering Original − French Warnings! Secondary circuit shall supplied from an external isolating source. ƒ Maximum surrounding air temperature: 55 °C. ƒ EDS94AYAF EN 1.0...

  • Page 13: Overview Of Sensors

    Safety engineering Overview of sensors 1.1.10 Overview of sensors Passive sensors Passive sensors are two−channel switching elements with contacts. The connecting cables and the sensor function must be monitored. The contacts must switch simultaneously (equivalently). Nevertheless, safety functions will be activated as soon as at least one channel is switched. The switches must be wired according to the closed−circuit principle.

  • Page 14: Device Modules

    Safety engineering Device modules Slot Device modules 1.2.1 Slot The slot for the safety modules is marked in the documentation with M4. It is the lowest slot in the controller (see overview in the documentation of the controller). 1.2.1.1 Mounting E94AYAX001 1.2.1.2 Dismounting...
  • Page 15 Safety engineering Device modules Slot 1.2.1.3 Module exchange Stop! Before mounting/dismounting, switch off the supply voltage to prevent electronic modules from damage. Every module exchange is detected by the standard device and documented in a logbook. When a module is replaced by the same type, no restrictions arise. Depending on the module type it may be necessary to take further measures (e.g.

  • Page 16: Function Mode Of The Safety Modules

    Safety engineering Device modules Function mode of the safety modules 1.2.2 Function mode of the safety modules Disconnecting paths The transmission of the pulse width modulation is safely disconnected by the safety module. Hence the drivers do not create a rotating field. The motor is safely switched to torqueless operation (STO).

  • Page 17: Sm302 Safety Module

    Safety engineering Device modules SM302 safety module 1.2.3 SM302 safety module Validity information This documentation is valid for: SM302 safety module Type E94AYAF from VA As of 1.0 Identification „ Type  ‚ ƒ E94YCEI003C E94AYXX001 ‚ ƒ „ ...
  • Page 18 Safety engineering Device modules SM302 safety module Application range The use of this module is permissible with standard devices of the 9400 product series from nameplate designation Type E94AxHExxxx 13.xx E94BSHExxxx − E94AxPExxxx 07.xx E94BSPExxxx − The use of this module is permissible with the PROFINET® communication module from...
  • Page 19 Safety engineering Device modules SM302 safety module 1.2.3.1 Overview Functions from SM302 V1.0 onwards Safe torque off (STO) ƒ (formerly: safe standstill, protection against unexpected start−up) Safe stop 1 (SS1) ƒ Safe stop 2 (SS2) − see SOS ƒ Safe stop emergency (SSE) ƒ...
  • Page 20 SM302 with a higher firmware version without any changes. – Extended functionalities of the newer firmware version cannot be selected and executed. The safe parameter set of an SM302 with a newer firmware version cannot be loaded into an SM302 with an elder firmware version. 1.2.3.2...
  • Page 21 Safety engineering Device modules SM302 safety module Displays Pos. Colour State Description Drive−based safety has initialised without a fault. Drive−based safety has initialised without a fault. Internal Blinking communication to the standard device is not possible. Green Drive−based safety is in service status.
  • Page 22 Safety engineering Device modules SM302 safety module X82.2 Labelling Description − GND external supply +24 V external supply via a safely separated power supply unit (SELV/PELV) This part of the terminal strip is reserved. GND 24O +24 V external supply for the safe monitor SD−Out1 (SELV/PELV) Error acknowledgement input ("Acknowledge In Error")
  • Page 23 Safety engineering Device modules SM302 safety module 1.2.3.3 Technical data 24 V supply The module and the safe output must be supplied with 24 V from safely separated power supply units. If electrical isolation is required, separate voltage supplies must be used.

  • Page 24: Mission Time

    The mission time) of the used component must be observed and complied with. The given mission time is counted from the manufacturing date. The manufacturing dates can be read out using the Lenze »Engineer« PC software. These can be found in the parameter list within the "Identification" column.
  • Page 25 ‚ X82.3 X82.4 SSP94SM360b Fig. 1−3 Wiring example E94AYAF SM302 safety module Passive sensor with channel A and B higher−level safety control (active sensor) lightgrid (active sensor) 24 V ext. 24−V voltage supply of the module (SELV/PELV)  24−V voltage supply of the output (SELV/PELV) ‚...
  • Page 26 Required settings in the basic device: ƒ – C00214, type of safety module – Implementation of the SM302 into the drive application by evaluating the control information and status information. During commissioning and after the replacement of a module it is vital to check the ƒ...
  • Page 27 EN 60204−1, EN 61800−3, EN 61508 Part 1−7, EN ISO 13849−1, EN 62061, EN 61800−5−2, EN 61800−5−1 Object to be examined SM302, type E94AYAF of the Servo Drives 9400 series Test result The module meets the requirements according to EN 61508, SIL 3 EN ISO 13849−1, category 4/PL e...
  • Page 28 Adjustable speed electrical power drive systems Part 5−2: Safety requirements − Functional EN 62061 ƒ Safety of machinery − Functional safety of safety−related electrical, electronic and programmable electronic control systems Declarations of conformity and certificates can be found on the internet at:http://www.Lenze.com and on the product CD. EDS94AYAF EN 1.0...

  • Page 29: Safe Inputs

    Safe inputs 1.2.5 Safe inputs 1.2.5.1 General The following applies to the sensors on the SM302: The sensor type and function can be parameterised. ƒ A local evaluation is executed if corresponding parameters are set. ƒ If a safety bus is activated, the sensor signals are sent as status information to the ƒ...
  • Page 30 Safety engineering Device modules Safe inputs Contact function test Note! Make sure that an internal contact function test is carried out at the safe inputs: Safe input in the ON state A LOW level at one channel puts the input in the OFF state. The discrepancy ƒ...
  • Page 31 Safety engineering Device modules Safe inputs Fig. 1−6 Contact function test − error−free input signals  ‚ ƒ „ SSP94SM358_2 Fig. 1−7 Contact function test − faulty input signals A, B Safe input, channel A and channel B Internal valuation of the safe input Discrepancy monitoring Fault acknowledgement ...
  • Page 32 Safety engineering Device modules Safe inputs 1.2.5.2 Connection of passive sensors The safe sensor inputs I1A ... I4B are suitable for equivalently switching passive sensors. To monitor passive sensors according to EN ISO 13849−1, cat. 3 or cat. 4, the clock outputs CLA and CLB must be wired.
  • Page 33 Safety engineering Device modules Safe inputs 1.2.5.3 Connection of active sensors The safe sensor inputs I1A ... I4B are suitable for active sensors. PN−switched input signals are permissible. The line monitoring must comply with the requirements of the category 3 or category 4. Drive−based safety does not provide for line monitoring.

  • Page 34: Safe Output

    Safety engineering Device modules Safe output 1.2.6 Safe output 1.2.6.1 General Via the safe output O1A/O1B information can be output to a higher−level unit (e.g. safety PLC) or external switching elements (actuators) can be controlled. Note! For an application according to cat. 3 or cat. 4, the use of both output channels (O1A and O1B) is required.

  • Page 35: Further Inputs

    Safety engineering Device modules Further inputs 1.2.6.2 Example circuits  ‚ SSP94SM360 24O, GO 24−V voltage supply for the safe output O1A, O1B, GO Safe output SD−Out1, channel A and B with reference potential  24−V voltage supply − safe output (SELV/PELV) acc. to IEC 61131−2 ‚...

  • Page 36: Safe Speed Measurement And Position Detection

    (C00002=71) or determines the motor parameters (C00002=72), the error message "Safe speed invalid" is displayed. Both functions cannot be completed since the SM302 activates STO. These two states generally occur only once during commissioning. Therefore, these functions should be carried out before the speed monitoring is activated in the SM302.
  • Page 37 Protective measures: Prevent malfunctions by constructive measures. ƒ Use the motors and encoder systems with guaranteed features. Your Lenze ƒ contact partner helps you to find suitable systems. In the event of service, this must also be observed for the motor or the ƒ...
  • Page 38 Device modules Safe speed measurement and position detection Motor−encoder combinations Drive systems with Servo Drives 9400 and safety module SM302 provide speed−dependent safety functions for safe speed monitoring and/or safe position monitoring. Observe permissible motor−encoder combinations during configuration. Permissible motor−encoder combinations for these functions: ƒ...
  • Page 39 Safety engineering Device modules Safe speed measurement and position detection Single−encoder concepts with resolvers Please observe during the configuration of such systems: If only one feedback system is used in connection with these safety applications, the applicable safety standard, IEC 61800−5−2 (Adjustable speed electrical power drive systems, Part 5−2: Safety requirements −...

  • Page 40: Safety Functions

    Safety engineering Safety functions General information Safety functions Detailed information on the safety functions and parameterisation can be found in the software manual and online help for the safety module. The following information is intended for a basic orientation. 1.3.1 General information 1.3.1.1 Stop functions...
  • Page 41 Safety engineering Safety functions General information 1.3.1.3 Restart The restart behaviour of the drive can be parameterised (C15300). The "acknowledged restart" setting requires an acknowledgement to the safety ƒ module. The acknowledgement is made via: – Signal at the AIS input (with a signal time of 0.3 ... 10 s) –...

  • Page 42: Integration Into The Application Of The Controller

    Integration into the application of the controller For the use of the functions, certain settings in the controller are required. Here, the Lenze PC software »Engineer« supports and guides you. When a safety function is required, the safety technology activates the corresponding safe monitoring function.

  • Page 43: Safe Torque Off

    Safety engineering Safety functions Safe torque off 1.3.2.2 Status information The safety module transfers information via the status of safety functions with the SMI_dnState status word. The SMI_dnIoState status word contains information on the status of the safe inputs and the safe output.

  • Page 44: Safe Stop 2

    Safety engineering Safety functions Safe stop 2 1.3.5 Safe stop 2 Safe Stop 2 / SS2 This function corresponds to a "Stop 2" according to EN 60204. This function serves to monitor the reaching of speed n = 0 within an adjustable stopping time (C15305).

  • Page 45: Ramp Monitoring Ss1/Ss2

    Safety engineering Safety functions Ramp monitoring SS1/SS2 1.3.6 Ramp monitoring SS1/SS2 The deceleration ramp can be additionally parameterised and monitored for the stop functions SS1 and SS2 . If the parameterised ramp is not exceeded, the state changes to the parameterised stop function STO or SOS.

  • Page 46: Safe Maximum Speed

    Safety engineering Safety functions Safe maximum speed 1.3.8 Safe maximum speed 1.3.8.1 Description Safe Maximum Speed / SMS This function monitors the maximum motor speed. If a value > 0 is indicated (C15320), the function is activated. If the maximum speed is exceeded, a error stop is caused. STO, SS1 or SS2 (C15321) can be adjusted.
  • Page 47 Safety engineering Safety functions Safe maximum speed SLS‚ ƒ SM301DIA_F Occurrence of the error event Cycle time 2 ms Determining the error event Maximum permissible response time (parameterisable) Response instance to continuous exceedance Stopping time Feedback(s) SLS‚ SLS monitored ƒ According to the error response set: SS2, SS1 or STO Response in case of an error after the max.

  • Page 48: Safely Limited Speed

    Safety engineering Safety functions Safely limited speed 1.3.9 Safely limited speed 1.3.9.1 Description Safely Limited Speed/SLS Safe Maximum Speed / SMS After the speed has fallen below the threshold or the adjustable braking time has elapsed, the function monitors the compliance with the limited speed N Four different speeds can be monitored (SLS1 ...

  • Page 49: Safe Direction

    Furthermore, the set stopping time must be added to the response time until the defined operating status is reached. In the Lenze setting, the error response is set to SS1. EDS94AYAF EN 1.0...

  • Page 50: Safely Limited Position

    Safety engineering Safety functions Safely limited position 1.3.11 Safely limited position 1.3.11.1 Description Safely Limited Position / SLP The safety module monitors the lower and upper position limit. If the drives violates the upper or lower limit value in the course of limit value monitoring, an error response is activated, providing the possibility that the position value monitored is exceeded by the coast−down of the torqueless motor.

  • Page 51: Safe Cam

    Safety engineering Safety functions Safe cam 1.3.13 Safe cam 1.3.13.1 Description Safe CAm / SCA When this function is executed, the current absolute position is compared to the parameterised position limits. This binary state is displayed via status bits which can be provided via the safe output or the safety bus.

  • Page 52: Repair Mode Select

    Safety engineering Safety functions Repair mode select 1.3.15 Repair mode select 1.3.15.1 Description Repair Mode Select / RMS This function moves the drive from a situation that is blocking it ("Deadlock"). In the safety concept, this state is accounted for as a special case for actuating an axis connected, the encoders connected being evaluated in a non−safety−rated fashion.

  • Page 53: Safe Operation Mode Selector

    Safety engineering Safety functions Safe operation mode selector 1.3.16 Safe operation mode selector 1.3.16.1 Description Operation Mode Selector / OMS The function provides a special operation of the drive. In the special operation the drive is stopped (status 2). The drive can be traversed in the special operation via an enable switch (status 3).
  • Page 54 Safety engineering Safety functions Safe operation mode selector Note! If an error (e.g. a discrepancy error) occurs at a safe input to which the OMS function has been assigned, normal operation will be selected. This corresponds to the OFF state. The "ME" LED is blinking and STO is not activated.
  • Page 55 Safety engineering Safety functions Safe operation mode selector SM301OMS01 Operating mode Normal Special Event Impact Impact State  − − Request − OMS special operation via ... Change W State ‚ ... safe input Stop function ..is executed Activated monitoring functions remain active.

  • Page 56: Safe Enable Switch

    Safety engineering Safety functions Safe enable switch 1.3.16.2 Conditions A safe input must be parameterised and interconnected as an operation mode selector. Select the operating mode for the LOW level (C15202) depending on the application. Only one operation mode selector can be connected and parameterised. The OMS bit of the safety bus must be deactivated (C15113).

  • Page 57: Cascading

    Safety engineering Safety functions Cascading 1.3.17.2 Conditions A safe input must be parameterised and interconnected as enable switch. You can only connect and parameterise one enable switch. The ES bit of the safety bus must be deactivated (C15113). The enable switch function can also be selected via the safety bus with the ES bit, unless a safe input is parameterised as enable switch.
  • Page 58 X82.4 X82.3 X82.4 SSP94SM365 302 Fig. 1−11 Wiring example E94AYAF SM302 safety module #1, #2, #n Number of the module 24 V ext. ‚ 24−V voltage supply of the module (SELV/PELV)  24−V voltage supply of the output (SELV/PELV) 1.3.18.2 Conditions The SD−In4 input must be parameterised as active input for the "emergency stop"...

  • Page 59: Safety Address

    Safety engineering Safety address Safety address The safety address serves to the clear assignment of the safety modules of the SM302 type in systems with several drives. The address "0" is not permissible. Address switch The safety address can be set in the left part of the housing by means of the DIP switch 0.

  • Page 60: Safe Bus Interfaces

    PROFIsafe connection 1.5.1.1 Conditions The SM302 supports the transmission of safe information on the PROFIsafe protocol according to the specification "PROFIsafe − Profile for Safety Technology" from version 2.x onwards of the PROFIBUS Nutzerorganisation (PNO). The basic device transmits the PROFIsafe information to the safety module for safe evaluation.
  • Page 61 The GSDML file contains all information on the configuration of the PROFINET system. This makes the integration easy and user−friendly. Tip! You will find the current GSDML file for this Lenze product on the Internet in the "Downloads" area under http://www.Lenze.com...

  • Page 62: Fsoe Connection

    The ESI file contains all information on the configuration of the EtherCAT system. This makes the integration easy and user−friendly. Tip! You will find the current ESI file for this Lenze product on the Internet in the "Downloads" area under http://www.Lenze.com...

  • Page 63: Safe Parameter Setting

    Safe parameter setting is supported by the Lenze PC software »Engineer« as of version 02.23. The parameter setting is described in the Software Manual for the SM302 safety module. Moreover, the software provides a comprehensive Online Help. EDS94AYAF EN 1.0...
  • Page 64 Parameter setting Password For storing a safe parameter set, a password is required. The standard password is: "Lenze SM302". The password can be changed and must have at least six characters. Use "general reset" to delete the safe parameter set in the memory module and the safety module.

  • Page 65: Parameter Sets And Axes

    The clear assignment of the safety address must be configured in the safety PLC. In drive systems without activated safety bus, individuality and correct assignment of the safety address must be checked. For this, use the Lenze »Engineer« PC software or an E94AZK... keypad. EDS94AYAF EN 1.0...

  • Page 66: Error Management

    Safety engineering Error management Error states Error management 1.7.1 Error states Detected errors or maloperation of the drive are assigned to error statuses with definite reactions. The reaction can be co−ordinated with the complete drive via the error statuses. Error status Features System error Trouble...

  • Page 67: Logbook Function In The Controller

    For purposes of diagnostics, a simple logbook with ten entries is implemented in the SM302. Changes with regard to the request of safety functions in the SM302 are logged. The bit coded log status created in a 2−ms cycle serves as a basis for the logbook. A logbook entry is generated when the log status has changed.

  • Page 68: Response Times

    Safety engineering Response times Response times In order to detect the response time to a safety function the entire system must be considered. The following is relevant: Response time of the connected sensors. ƒ Input delay of the safety inputs. ƒ...

  • Page 69: Response Times Of The Inputs

    Safety engineering Response times Response times of the inputs 1.8.1 Response times of the inputs Response time to an event in the sensors Time interval (Fig. 1−13) [ms] Response time of the sensors according to manufacturer information Input delay of the safe inputs C15034: 0 ...

  • Page 70: Response Time Of Encoder Monitoring

    Safety engineering Response times Response time of encoder monitoring Information on how to calculate the processing time and transmission time of the safety bus can be found in the documentation of the safety PLC used. Note! When the safety bus communication is disturbed, it is changed to the fail−safe state after the safety bus monitoring time (F_WD_Time) has elapsed.

  • Page 71: Acceptance

    Safety engineering Acceptance Description Acceptance 1.9.1 Description The machine manufacturer must check and prove the operability of the safety functions used. Inspector The machine manufacturer must authorise a person with expertise and knowledge of the safety functions to carry out the test. Test report The test result of every safety function must be documented and signed by the inspector.

  • Page 72: Periodic Inspections

    Safety engineering Acceptance Periodic inspections Scope of test A complete test comprises the following: Documenting the plant including the safety functions: ƒ – Creating an overview screen of the plant – Describing the plant – Describing the safety equipment – Documenting the safety functions used Checking the function of the safety functions used: ƒ...

  • Page 73: Appendix

    Safety engineering Appendix Module error messages 1.10 Appendix 1.10.1 Module error messages The Parameterisation & Configuration Software Manual provides information on diagnostics & fault analysis and describes the structure of the operating system’s error messages in the logbook. EDS94AYAF EN 1.0...

  • Page 74: Total Index

    Total index 1.11 Total index Logbook function − in the controller, 67 Address code, 59 − in the SM302, 67 Address switch, 59 Application as directed, 9 Application range, 18 Mission time, 24 Application, as directed, 9 Mission time, 24...
  • Page 75 Safety engineering Total index Safe maximum speed, 46 Sensors, Overview ..., 13 Speed Safe operation mode selector, 53 − Safe maximum ..., 46 Safe output, 34 − safely limited ..., 48 Safe parameter setting, 63 speed, position−dependent, 50 Safe position detection, 36 Speed measurement, Safe, 36 Safe referencing , 51 Stop 1...
  • Page 76 ã C Q © 11/2016 Lenze Automation GmbH Service Lenze Service GmbH Postfach 10 13 52, 31763 Hameln Breslauer Straße 3, 32699 Extertal Hans−Lenze−Str. 1, 31855 Aerzen GERMANY GERMANY HR Hannover B 205381 +49 5154 82−0 008000 2446877 (24 h helpline) Ê...

This manual is also suitable for:

E94ayaf

Table of Contents